The threat actor leaderboard and cybercrime website leaderboard that are in the early access program may stop working every once and a while for the next couple of weeks as I make changes for Threat Feed 3.0. Apologies in advance. Bonk me if I don't notice it.

‼️ New Dark Web Informer Blog Post!

Title: Daily Dose of Dark Web Informer - May 28th, 2026

Link: https://darkwebinformer.com/daily-dose-of-dark-web-informer-may-28th-2026/

🚨🇪🇬 Citex Systems allegedly targeted in database breach

A threat actor on an underground forum is claiming access to databases allegedly originating from Citex Systems, a major integrated telecom and business solutions provider headquartered in Giza, Cairo, Egypt, founded in 2003. The company provides telecom and ICT, smart card and banking payment systems, GIS projects, and customized software.

The actor claims access to employee, project, and mailing databases covering around 800 personnel.

𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:

• Employee management database (names list, positions, ~800 persons)
• Projects management database (available projects, responsible parties, worker names, dates, and locations)
• Mailing data (all mails and contacts in the mailing system)

𝗗𝗲𝘁𝗮𝗶𝗹𝘀:

𝗧𝗮𝗿𝗴𝗲𝘁: Citex Systems
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Egypt 🇪🇬
𝗦𝗲𝗰𝘁𝗼𝗿: Telecom / ICT
𝗔𝗰𝘁𝗼𝗿: Keymous
𝗖𝗹𝗮𝗶𝗺: Database access
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: Employee, project, and mailing databases (~800 personnel)
𝗣𝗿𝗶𝗰𝗲: Free
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 28, 2026

💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

🚨 Allianz allegedly targeted in ~500 internal Docker images leak

A threat actor on an underground forum is claiming to release a full dump of roughly 500 Docker images, totaling around 40 GB, allegedly originating from Allianz internal infrastructure.

The actor claims the images contain exposed configuration files, source code, credentials, and private keys.

𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:

• Exposed configuration files with API keys, DB passwords, and service tokens
• Internal microservices with source code
• Hardcoded credentials for staging and prod environments
• TLS private keys and internal CA certs

𝗗𝗲𝘁𝗮𝗶𝗹𝘀:

𝗧𝗮𝗿𝗴𝗲𝘁: Allianz
𝗦𝗲𝗰𝘁𝗼𝗿: Insurance / Financial Services
𝗔𝗰𝘁𝗼𝗿: hackformetome
𝗖𝗹𝗮𝗶𝗺: Full dump of internal Docker images
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: ~500 Docker images (~40 GB)
𝗣𝗿𝗶𝗰𝗲: 10 Points
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 28, 2026

💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

Cyberattack News Alert
━━━━━━━━━━━━━━━━━━━━━━━━━

Victim: Landeszentrale für politische Bildung
Domain: lpb.rlp.de

Country: 🇩🇪 DE
Date: May 28th, 2026

Summary:
The Landeszentrale für politische Bildung has fallen victim to a cyberattack, according to its own statements. The institution was forced to isolate its websites as well as those of its memorials, rendering them currently inaccessible. The organization is investigating whether subscriber and customer data may have been exfiltrated as a result of the incident.

Source: https://www.rheinpfalz.de/lokal/pfalz-ticker_artikel,-landeszentrale-und-gedenkstätten-komplett-offline-_arid,5894846.html

‼️ New Dark Web Informer Blog Post!

Title: French Real-Estate Co-op Platform Amepi Hit by Alleged 6K-Record Leak

Link: https://darkwebinformer.com/french-real-estate-co-op-platform-amepi-hit-by-alleged-6k-record-leak/

‼️ New Dark Web Informer Blog Post!

Title: Argentine Healthcare Provider Swiss Medical Listed in Alleged 458K-Record Member Data Sale

Link: https://darkwebinformer.com/argentine-healthcare-provider-swiss-medical-listed-in-alleged-458k-record-member-data-sale/

‼️🇳🇱 BCD Travel has been named a victim on ShinyHunters Pay or Leak dark web portal

BCD Travel is a global corporate travel management company that helps businesses manage travel programs, bookings, meetings, and traveler support.
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

🚨🇧🇷 Autoline allegedly targeted in 812K automotive contacts database sale

A threat actor on an underground forum is claiming to sell a dataset allegedly originating from Autoline, a Brazilian automotive organization. The actor says the data is organized across 3 interconnected sections covering contacts, vehicle inquiries, and service requests.

The actor claims the dataset contains roughly 812K records of automotive contacts, inquiries, and service data.

𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:

• Contacts (names, emails, primary/secondary phones, city, state, address, lead source, account tier, birth date, industry segment, LinkedIn/Twitter handles, vehicles owned)
• Vehicle inquiries (vehicle model, client message, contact details, status, priority, assigned staff, pipeline stage, vehicle condition, campaign data, case reference numbers)
• Service requests (requested service, descriptions, customer contact details, technician assignments, payment status, account IDs, contract type, warranty coverage, cost estimates)

𝗗𝗲𝘁𝗮𝗶𝗹𝘀:

𝗧𝗮𝗿𝗴𝗲𝘁: Autoline
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Brazil 🇧🇷
𝗦𝗲𝗰𝘁𝗼𝗿: Automotive
𝗔𝗰𝘁𝗼𝗿: Rupert
𝗖𝗹𝗮𝗶𝗺: Automotive contacts database sale
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: ~812K records
𝗣𝗿𝗶𝗰𝗲: $1,000
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 28, 2026

💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

STIX endpoints for API customers are now available. The docs page and sandbox have been updated with the information needed to make requests.
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

🚨🇨🇴 Punto Vital allegedly targeted in patient records leak

A threat actor on an underground forum is claiming to have leaked patient records allegedly originating from Punto Vital, a private healthcare provider (IPS) in Colombia. The actor says the data spans from 2019 to 2026.

The actor claims the leak contains over 3K patient expedientes (case files) including personal and medical record data.

𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:

• Full names
• Dates of birth
• Phone numbers
• Addresses
• Place of birth
• Patient signatures
• Patient photos
• Additional record data

𝗗𝗲𝘁𝗮𝗶𝗹𝘀:

𝗧𝗮𝗿𝗴𝗲𝘁: Punto Vital
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Colombia 🇨🇴
𝗦𝗲𝗰𝘁𝗼𝗿: Healthcare
𝗔𝗰𝘁𝗼𝗿: Bytedope157sp
𝗖𝗹𝗮𝗶𝗺: Leaked patient expedientes (2019 to 2026)
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: +3K records
𝗣𝗿𝗶𝗰𝗲: Free
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 28, 2026

💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

🚨🇭🇷 Croatian government site (*.gov.hr) allegedly targeted in 60K records leak

A threat actor on an underground forum, claiming affiliation with a group called INFGRUPA, says they have breached a *.gov.hr (Croatian government) website and are releasing the data for free.

The actor claims the leak contains roughly 60,000 people records including national identification numbers.

𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:

• First and last names
• OIB (Personal Identification Number)
• JMBG (Unique Citizen Identification Number)
• Dates of birth

𝗗𝗲𝘁𝗮𝗶𝗹𝘀:

𝗧𝗮𝗿𝗴𝗲𝘁: *.gov.hr (Croatian government website)
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Croatia 🇭🇷
𝗦𝗲𝗰𝘁𝗼𝗿: Government
𝗔𝗰𝘁𝗼𝗿: vvvv (INFGRUPA)
𝗖𝗹𝗮𝗶𝗺: Breached government website, data released for free
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: ~60,000 records
𝗣𝗿𝗶𝗰𝗲: Free
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 28, 2026

💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

🚨🇲🇽 CECyTE Coahuila allegedly targeted in database leak

A threat actor on an underground forum is claiming to have leaked databases allegedly originating from CECyTE Coahuila, a public technical education institution in Coahuila, Mexico.

The actor claims the leak contains over 30K records covering suppliers, students, teachers, and administrators.

𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:

• Suppliers (proveedores)
• Students (alumnos)
• Teachers (docentes)
• Administrators (administrativos)
• Usernames and passwords (hashed)
• Full names, emails, phone numbers
• Employee numbers and bank account fields

𝗗𝗲𝘁𝗮𝗶𝗹𝘀:

𝗧𝗮𝗿𝗴𝗲𝘁: CECyTE Coahuila
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Mexico 🇲🇽
𝗦𝗲𝗰𝘁𝗼𝗿: Education
𝗔𝗰𝘁𝗼𝗿: hackstage
𝗖𝗹𝗮𝗶𝗺: Leaked databases
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: +30K records
𝗣𝗿𝗶𝗰𝗲: Free
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 28, 2026

💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

🚨🇷🇸 BeotelNet (Telekom Serbia) allegedly targeted in customer database breach

A threat actor on an underground forum is claiming to have breached BeotelNet, a Telekom company in Serbia, and extracted customers' sensitive information. The actor says customers using ADSL, fixed broadband, Wi-Fi, fiber/Ethernet, business internet, IPTV/TV, VoIP telephony, web hosting, VPS/cloud, data center, and carrier services may be affected.

The actor claims to hold over 150,000 records spanning 2020 to 2026, and threatens to publish the database on June 1, 2026 if no agreement is reached.

𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:

• First and last names
• JMBG (Unique Master Citizen Number)
• Addresses
• Cities
• Postal codes
• Phone numbers
• Cell phone numbers
• Email addresses

𝗗𝗲𝘁𝗮𝗶𝗹𝘀:

𝗧𝗮𝗿𝗴𝗲𝘁: BeotelNet (Telekom Serbia)
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Serbia 🇷🇸
𝗦𝗲𝗰𝘁𝗼𝗿: Telecom
𝗔𝗰𝘁𝗼𝗿: QilinZeus
𝗖𝗹𝗮𝗶𝗺: Breached customer database, threatening publication
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: 150,000+ records (2020 to 2026)
𝗣𝗿𝗶𝗰𝗲: Extortion (publication threatened June 1, 2026)
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 29, 2026

💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations