‼️ New Dark Web Informer Blog Post!

Title: One Forged Header: Unauthenticated Authentication Bypass in Fortinet FortiClient EMS (CVE-2026-35616)

Link: https://darkwebinformer.com/one-forged-header-unauthenticated-authentication-bypass-in-fortinet-forticlient-ems-cve-2026-35616/

‼️ New Dark Web Informer Blog Post!

Title: US Student Mental-Health Provider Mindpath College Health Listed on Ransomware Leak Site

Link: https://darkwebinformer.com/us-student-mental-health-provider-mindpath-college-health-listed-on-ransomware-leak-site/

🚨🇫🇷 Groupe IMA allegedly targeted in 6.2GB data leak

A threat actor on an underground forum is claiming to have leaked data allegedly originating from Groupe IMA (Inter Mutuelles Habitat), a major French assistance provider that delivers 24/7 emergency support services, including roadside assistance, medical aid, and home repairs, on behalf of insurance companies and mutuals.

The actor claims the leak contains roughly 6.2 GB of data including invoices and other customer information.

𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:

• Invoices
• Customer information

𝗗𝗲𝘁𝗮𝗶𝗹𝘀:

𝗧𝗮𝗿𝗴𝗲𝘁: Groupe IMA (Inter Mutuelles Habitat)
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: France 🇫🇷
𝗦𝗲𝗰𝘁𝗼𝗿: Insurance / Assistance Services
𝗔𝗰𝘁𝗼𝗿: NightLeVrai
𝗖𝗹𝗮𝗶𝗺: Leaked data
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: ~6.2 GB
𝗣𝗿𝗶𝗰𝗲: Free
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 28, 2026

💥 Stop guessing what's redacted. Subscribers see everything: darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

🚨🇪🇨 Ecuadorian Armed Forces allegedly targeted in confidential insurance document leak

A threat actor on an underground forum is claiming to have leaked confidential insurance policy information allegedly originating from the Armed Forces of Ecuador (Fuerzas Armadas del Ecuador).

The actor claims the documents cover insurance policies worth more than $200,000,000 and include sensitive military data.

𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:

• Confidential insurance policy information
• Inventories
• Armament data
• Military vehicles
• Combat aircraft
• Warship details

𝗗𝗲𝘁𝗮𝗶𝗹𝘀:

𝗧𝗮𝗿𝗴𝗲𝘁: Fuerzas Armadas del Ecuador (Armed Forces of Ecuador)
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Ecuador 🇪🇨
𝗦𝗲𝗰𝘁𝗼𝗿: Military / Defense
𝗔𝗰𝘁𝗼𝗿: V0lt4r0x
𝗖𝗹𝗮𝗶𝗺: Leaked confidential insurance documents
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: Insurance policies valued over $200,000,000
𝗣𝗿𝗶𝗰𝗲: Free
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 28, 2026

💥 Stop guessing what's redacted. Subscribers see everything: darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

The threat actor leaderboard and cybercrime website leaderboard that are in the early access program may stop working every once and a while for the next couple of weeks as I make changes for Threat Feed 3.0. Apologies in advance. Bonk me if I don't notice it.

‼️ New Dark Web Informer Blog Post!

Title: Daily Dose of Dark Web Informer - May 28th, 2026

Link: https://darkwebinformer.com/daily-dose-of-dark-web-informer-may-28th-2026/

🚨🇪🇬 Citex Systems allegedly targeted in database breach

A threat actor on an underground forum is claiming access to databases allegedly originating from Citex Systems, a major integrated telecom and business solutions provider headquartered in Giza, Cairo, Egypt, founded in 2003. The company provides telecom and ICT, smart card and banking payment systems, GIS projects, and customized software.

The actor claims access to employee, project, and mailing databases covering around 800 personnel.

𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:

• Employee management database (names list, positions, ~800 persons)
• Projects management database (available projects, responsible parties, worker names, dates, and locations)
• Mailing data (all mails and contacts in the mailing system)

𝗗𝗲𝘁𝗮𝗶𝗹𝘀:

𝗧𝗮𝗿𝗴𝗲𝘁: Citex Systems
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Egypt 🇪🇬
𝗦𝗲𝗰𝘁𝗼𝗿: Telecom / ICT
𝗔𝗰𝘁𝗼𝗿: Keymous
𝗖𝗹𝗮𝗶𝗺: Database access
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: Employee, project, and mailing databases (~800 personnel)
𝗣𝗿𝗶𝗰𝗲: Free
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 28, 2026

💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

🚨 Allianz allegedly targeted in ~500 internal Docker images leak

A threat actor on an underground forum is claiming to release a full dump of roughly 500 Docker images, totaling around 40 GB, allegedly originating from Allianz internal infrastructure.

The actor claims the images contain exposed configuration files, source code, credentials, and private keys.

𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:

• Exposed configuration files with API keys, DB passwords, and service tokens
• Internal microservices with source code
• Hardcoded credentials for staging and prod environments
• TLS private keys and internal CA certs

𝗗𝗲𝘁𝗮𝗶𝗹𝘀:

𝗧𝗮𝗿𝗴𝗲𝘁: Allianz
𝗦𝗲𝗰𝘁𝗼𝗿: Insurance / Financial Services
𝗔𝗰𝘁𝗼𝗿: hackformetome
𝗖𝗹𝗮𝗶𝗺: Full dump of internal Docker images
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: ~500 Docker images (~40 GB)
𝗣𝗿𝗶𝗰𝗲: 10 Points
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 28, 2026

💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

Cyberattack News Alert
━━━━━━━━━━━━━━━━━━━━━━━━━

Victim: Landeszentrale für politische Bildung
Domain: lpb.rlp.de

Country: 🇩🇪 DE
Date: May 28th, 2026

Summary:
The Landeszentrale für politische Bildung has fallen victim to a cyberattack, according to its own statements. The institution was forced to isolate its websites as well as those of its memorials, rendering them currently inaccessible. The organization is investigating whether subscriber and customer data may have been exfiltrated as a result of the incident.

Source: https://www.rheinpfalz.de/lokal/pfalz-ticker_artikel,-landeszentrale-und-gedenkstätten-komplett-offline-_arid,5894846.html

‼️ New Dark Web Informer Blog Post!

Title: French Real-Estate Co-op Platform Amepi Hit by Alleged 6K-Record Leak

Link: https://darkwebinformer.com/french-real-estate-co-op-platform-amepi-hit-by-alleged-6k-record-leak/

‼️ New Dark Web Informer Blog Post!

Title: Argentine Healthcare Provider Swiss Medical Listed in Alleged 458K-Record Member Data Sale

Link: https://darkwebinformer.com/argentine-healthcare-provider-swiss-medical-listed-in-alleged-458k-record-member-data-sale/

‼️🇳🇱 BCD Travel has been named a victim on ShinyHunters Pay or Leak dark web portal

BCD Travel is a global corporate travel management company that helps businesses manage travel programs, bookings, meetings, and traveler support.
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

🚨🇧🇷 Autoline allegedly targeted in 812K automotive contacts database sale

A threat actor on an underground forum is claiming to sell a dataset allegedly originating from Autoline, a Brazilian automotive organization. The actor says the data is organized across 3 interconnected sections covering contacts, vehicle inquiries, and service requests.

The actor claims the dataset contains roughly 812K records of automotive contacts, inquiries, and service data.

𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:

• Contacts (names, emails, primary/secondary phones, city, state, address, lead source, account tier, birth date, industry segment, LinkedIn/Twitter handles, vehicles owned)
• Vehicle inquiries (vehicle model, client message, contact details, status, priority, assigned staff, pipeline stage, vehicle condition, campaign data, case reference numbers)
• Service requests (requested service, descriptions, customer contact details, technician assignments, payment status, account IDs, contract type, warranty coverage, cost estimates)

𝗗𝗲𝘁𝗮𝗶𝗹𝘀:

𝗧𝗮𝗿𝗴𝗲𝘁: Autoline
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Brazil 🇧🇷
𝗦𝗲𝗰𝘁𝗼𝗿: Automotive
𝗔𝗰𝘁𝗼𝗿: Rupert
𝗖𝗹𝗮𝗶𝗺: Automotive contacts database sale
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: ~812K records
𝗣𝗿𝗶𝗰𝗲: $1,000
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 28, 2026

💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

STIX endpoints for API customers are now available. The docs page and sandbox have been updated with the information needed to make requests.
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

🚨🇨🇴 Punto Vital allegedly targeted in patient records leak

A threat actor on an underground forum is claiming to have leaked patient records allegedly originating from Punto Vital, a private healthcare provider (IPS) in Colombia. The actor says the data spans from 2019 to 2026.

The actor claims the leak contains over 3K patient expedientes (case files) including personal and medical record data.

𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:

• Full names
• Dates of birth
• Phone numbers
• Addresses
• Place of birth
• Patient signatures
• Patient photos
• Additional record data

𝗗𝗲𝘁𝗮𝗶𝗹𝘀:

𝗧𝗮𝗿𝗴𝗲𝘁: Punto Vital
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Colombia 🇨🇴
𝗦𝗲𝗰𝘁𝗼𝗿: Healthcare
𝗔𝗰𝘁𝗼𝗿: Bytedope157sp
𝗖𝗹𝗮𝗶𝗺: Leaked patient expedientes (2019 to 2026)
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: +3K records
𝗣𝗿𝗶𝗰𝗲: Free
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 28, 2026

💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

🚨🇭🇷 Croatian government site (*.gov.hr) allegedly targeted in 60K records leak

A threat actor on an underground forum, claiming affiliation with a group called INFGRUPA, says they have breached a *.gov.hr (Croatian government) website and are releasing the data for free.

The actor claims the leak contains roughly 60,000 people records including national identification numbers.

𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:

• First and last names
• OIB (Personal Identification Number)
• JMBG (Unique Citizen Identification Number)
• Dates of birth

𝗗𝗲𝘁𝗮𝗶𝗹𝘀:

𝗧𝗮𝗿𝗴𝗲𝘁: *.gov.hr (Croatian government website)
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Croatia 🇭🇷
𝗦𝗲𝗰𝘁𝗼𝗿: Government
𝗔𝗰𝘁𝗼𝗿: vvvv (INFGRUPA)
𝗖𝗹𝗮𝗶𝗺: Breached government website, data released for free
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: ~60,000 records
𝗣𝗿𝗶𝗰𝗲: Free
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 28, 2026

💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations