🚨 GoldenBullet cracking tool advertised on underground forum
A threat actor on an underground forum marketplace is advertising GoldenBullet, an automation and web testing framework being promoted as a credential-stuffing and account-checking tool. The post markets version 2.1 with a refreshed UI and updated libraries.
The actor is promoting the tool's account-cracking, proxy, and config management capabilities to other forum users.
𝗪𝗵𝗮𝘁'𝘀 𝗯𝗲𝗶𝗻𝗴 𝗮𝗱𝘃𝗲𝗿𝘁𝗶𝘀𝗲𝗱:
• Multi-run job engine with bot/proxy stats and hit outputs to database
• Netflix cookie checker with auto-add to hits
• ULP to Combo extraction and Logs to ULP conversion
• Keyword remover for trimming ULP files
• Proxy checker with auto type/country detection
• Config manager supporting .tic, .opk, .loli, .svb formats
• Captcha-solving blocks (ReCaptcha, Slide, PoW)
• Hashing and utility blocks (MD5, SHA256, GenerateGUID, Unix time)
• Multipart HTTP request builder and TLS bypass options
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: N/A (offensive tooling)
𝗦𝗲𝗰𝘁𝗼𝗿: Cybercrime Tooling
𝗔𝗰𝘁𝗼𝗿: ticnico
𝗖𝗹𝗮𝗶𝗺: Selling/advertising GoldenBullet cracking tool (v2.1)
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: Credential-stuffing and account-checking framework
𝗣𝗿𝗶𝗰𝗲: Listed in forum marketplace (sellers section)
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 30, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor on an underground forum marketplace is advertising GoldenBullet, an automation and web testing framework being promoted as a credential-stuffing and account-checking tool. The post markets version 2.1 with a refreshed UI and updated libraries.
The actor is promoting the tool's account-cracking, proxy, and config management capabilities to other forum users.
𝗪𝗵𝗮𝘁'𝘀 𝗯𝗲𝗶𝗻𝗴 𝗮𝗱𝘃𝗲𝗿𝘁𝗶𝘀𝗲𝗱:
• Multi-run job engine with bot/proxy stats and hit outputs to database
• Netflix cookie checker with auto-add to hits
• ULP to Combo extraction and Logs to ULP conversion
• Keyword remover for trimming ULP files
• Proxy checker with auto type/country detection
• Config manager supporting .tic, .opk, .loli, .svb formats
• Captcha-solving blocks (ReCaptcha, Slide, PoW)
• Hashing and utility blocks (MD5, SHA256, GenerateGUID, Unix time)
• Multipart HTTP request builder and TLS bypass options
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: N/A (offensive tooling)
𝗦𝗲𝗰𝘁𝗼𝗿: Cybercrime Tooling
𝗔𝗰𝘁𝗼𝗿: ticnico
𝗖𝗹𝗮𝗶𝗺: Selling/advertising GoldenBullet cracking tool (v2.1)
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: Credential-stuffing and account-checking framework
𝗣𝗿𝗶𝗰𝗲: Listed in forum marketplace (sellers section)
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 30, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤1
‼️🇺🇸 Genesis Ransomware Claims 5 Victims
🇺🇸 A Roettgers - Fuel distributor and gas station operator.
🇺🇸 Cedar Street Capital - Private investment entity associated with Cynvestors Limited Partnership.
🇺🇸 Green Resource - Distributor of professional fertilizers, chemicals, and seeds for turf, lawn, and landscaping markets.
🇺🇸 Wentworth - DC Metro area design-build firm.
🇺🇸 Cavalier Flooring Systems Inc. - Flooring and tile contractor.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🇺🇸 A Roettgers - Fuel distributor and gas station operator.
🇺🇸 Cedar Street Capital - Private investment entity associated with Cynvestors Limited Partnership.
🇺🇸 Green Resource - Distributor of professional fertilizers, chemicals, and seeds for turf, lawn, and landscaping markets.
🇺🇸 Wentworth - DC Metro area design-build firm.
🇺🇸 Cavalier Flooring Systems Inc. - Flooring and tile contractor.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🚨 Bumble allegedly targeted in massive 32 million user database sale
A threat actor on an underground forum is claiming to sell a dataset allegedly originating from Bumble, the dating app. The actor describes it as a clean JSON dump of fresh records.
The actor claims the dataset contains roughly 32 million records including authentication hashes and detailed profile data.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• Email addresses
• Authentication credentials (bcrypt hashed)
• Phone numbers
• Full bios (name, date of birth, work, education)
• Location data
• Habits and lifestyle fields (drinking, smoking, exercise)
• Political and religious affiliations
• Linked Instagram/Spotify accounts
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: Bumble
𝗦𝗲𝗰𝘁𝗼𝗿: Technology / Dating
𝗔𝗰𝘁𝗼𝗿: Euphoric_Reply_5727
𝗖𝗹𝗮𝗶𝗺: User database sale (clean JSON dump)
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: ~32,105,822 records
𝗣𝗿𝗶𝗰𝗲: $999
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 30, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor on an underground forum is claiming to sell a dataset allegedly originating from Bumble, the dating app. The actor describes it as a clean JSON dump of fresh records.
The actor claims the dataset contains roughly 32 million records including authentication hashes and detailed profile data.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• Email addresses
• Authentication credentials (bcrypt hashed)
• Phone numbers
• Full bios (name, date of birth, work, education)
• Location data
• Habits and lifestyle fields (drinking, smoking, exercise)
• Political and religious affiliations
• Linked Instagram/Spotify accounts
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: Bumble
𝗦𝗲𝗰𝘁𝗼𝗿: Technology / Dating
𝗔𝗰𝘁𝗼𝗿: Euphoric_Reply_5727
𝗖𝗹𝗮𝗶𝗺: User database sale (clean JSON dump)
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: ~32,105,822 records
𝗣𝗿𝗶𝗰𝗲: $999
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 30, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤1🔥1
🚨🇺🇸 HungerRush allegedly targeted in breach exposing 26.8M+ customers
A threat actor on an underground forum is claiming to have leaked a dataset allegedly originating from HungerRush, a U.S.-based restaurant technology company headquartered in Houston that provides cloud-based point-of-sale (POS) and restaurant management software for quick-service, fast-casual, and pizza restaurants.
The actor claims the breach contains over 26.8M customer records across two datasets.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• Full names
• Addresses (line 1, line 2, city, state, zip, country)
• Phone numbers and fax numbers
• Email addresses
• Dates of birth
• Owner and domain names
• Twilio phone numbers
• Account status and modification dates
• Marketing, conversion, and survey report data
• Brand and order source metadata
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: HungerRush
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: United States 🇺🇸
𝗦𝗲𝗰𝘁𝗼𝗿: Technology / Restaurant POS
𝗔𝗰𝘁𝗼𝗿: 2019
𝗖𝗹𝗮𝗶𝗺: Leaked customer database
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: 26.8M+ records (2 datasets)
𝗣𝗿𝗶𝗰𝗲: Free
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 30, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor on an underground forum is claiming to have leaked a dataset allegedly originating from HungerRush, a U.S.-based restaurant technology company headquartered in Houston that provides cloud-based point-of-sale (POS) and restaurant management software for quick-service, fast-casual, and pizza restaurants.
The actor claims the breach contains over 26.8M customer records across two datasets.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• Full names
• Addresses (line 1, line 2, city, state, zip, country)
• Phone numbers and fax numbers
• Email addresses
• Dates of birth
• Owner and domain names
• Twilio phone numbers
• Account status and modification dates
• Marketing, conversion, and survey report data
• Brand and order source metadata
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: HungerRush
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: United States 🇺🇸
𝗦𝗲𝗰𝘁𝗼𝗿: Technology / Restaurant POS
𝗔𝗰𝘁𝗼𝗿: 2019
𝗖𝗹𝗮𝗶𝗺: Leaked customer database
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: 26.8M+ records (2 datasets)
𝗣𝗿𝗶𝗰𝗲: Free
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 30, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🚨🇦🇺 Melbourne International Film Festival allegedly targeted in breach exposing 340K+ customers
A threat actor on an underground forum is claiming to sell a dataset allegedly originating from the Melbourne International Film Festival (MIFF), Australia's largest and one of the world's oldest film festivals, running annually in Melbourne since 1952.
The actor claims the breach contains over 340K customer records across two datasets.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• Full names (first and surname)
• Company names
• Email addresses
• Phone and mobile numbers
• Addresses (street, suburb, state, post code)
• Booking totals and registration dates
• Member numbers and membership status
• Unit price, membership type, and suspension status
• Purchase dates and membership period dates
• Shipping data
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: Melbourne International Film Festival (MIFF)
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Australia 🇦🇺
𝗦𝗲𝗰𝘁𝗼𝗿: Entertainment / Events
𝗔𝗰𝘁𝗼𝗿: 2019
𝗖𝗹𝗮𝗶𝗺: Leaked customer database
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: 340K+ records (2 datasets)
𝗣𝗿𝗶𝗰𝗲: Offer / one-time sale (BTC, ETH, XMR)
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 30, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor on an underground forum is claiming to sell a dataset allegedly originating from the Melbourne International Film Festival (MIFF), Australia's largest and one of the world's oldest film festivals, running annually in Melbourne since 1952.
The actor claims the breach contains over 340K customer records across two datasets.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• Full names (first and surname)
• Company names
• Email addresses
• Phone and mobile numbers
• Addresses (street, suburb, state, post code)
• Booking totals and registration dates
• Member numbers and membership status
• Unit price, membership type, and suspension status
• Purchase dates and membership period dates
• Shipping data
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: Melbourne International Film Festival (MIFF)
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Australia 🇦🇺
𝗦𝗲𝗰𝘁𝗼𝗿: Entertainment / Events
𝗔𝗰𝘁𝗼𝗿: 2019
𝗖𝗹𝗮𝗶𝗺: Leaked customer database
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: 340K+ records (2 datasets)
𝗣𝗿𝗶𝗰𝗲: Offer / one-time sale (BTC, ETH, XMR)
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 30, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🚨🇦🇺 RIC Publications allegedly targeted in breach exposing 116K+ customers
A threat actor on an underground forum is claiming to sell a dataset allegedly originating from RIC Publications, an Australian educational publishing company that develops teaching resources, student workbooks, lesson plans, and curriculum-aligned classroom content for schools.
The actor claims the breach contains over 116K customer records.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• First and last names
• Email addresses
• Telephone numbers
• Street addresses (city, state, post code)
• IP addresses
• Order IDs, order codes, and store codes
• Payment method and payment details
• Full price, paid price, and amounts
• School and product names
• POS codes and signature-required flags
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: RIC Publications
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Australia 🇦🇺
𝗦𝗲𝗰𝘁𝗼𝗿: Education / Publishing
𝗔𝗰𝘁𝗼𝗿: 2019
𝗖𝗹𝗮𝗶𝗺: Leaked customer database
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: 116K+ records
𝗣𝗿𝗶𝗰𝗲: Offer / one-time sale (BTC, ETH, XMR)
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 30, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor on an underground forum is claiming to sell a dataset allegedly originating from RIC Publications, an Australian educational publishing company that develops teaching resources, student workbooks, lesson plans, and curriculum-aligned classroom content for schools.
The actor claims the breach contains over 116K customer records.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• First and last names
• Email addresses
• Telephone numbers
• Street addresses (city, state, post code)
• IP addresses
• Order IDs, order codes, and store codes
• Payment method and payment details
• Full price, paid price, and amounts
• School and product names
• POS codes and signature-required flags
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: RIC Publications
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Australia 🇦🇺
𝗦𝗲𝗰𝘁𝗼𝗿: Education / Publishing
𝗔𝗰𝘁𝗼𝗿: 2019
𝗖𝗹𝗮𝗶𝗺: Leaked customer database
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: 116K+ records
𝗣𝗿𝗶𝗰𝗲: Offer / one-time sale (BTC, ETH, XMR)
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 30, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🚨 Security researchers are now handing over vulnerabilities to Nightmare Eclipse after he was banned on both GitLab and GitHub.
It should be a fun month, because man has it been boring the last couple of weeks.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
It should be a fun month, because man has it been boring the last couple of weeks.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🚨 FalkonC2 Windows RAT advertised on a Russian speaking underground forum
A threat actor on an underground forum is advertising FalkonC2, a private Windows remote access trojan (RAT) written in C++ and assembly. The seller markets two payload variants, one aimed at consumer systems and one at corporate environments, and claims the malware operates in memory and is designed to evade common antivirus and EDR products.
The listing promotes the tool to other forum members on a paid monthly subscription basis.
𝗪𝗵𝗮𝘁'𝘀 𝗯𝗲𝗶𝗻𝗴 𝗮𝗱𝘃𝗲𝗿𝘁𝗶𝘀𝗲𝗱:
• A private Windows RAT (DLL and EXE payloads)
• Two variants: one targeting consumer systems, one targeting corporate systems
• Claimed antivirus and EDR/XDR evasion
• Remote shell and remote management capabilities
• Reconnaissance, persistence, and privilege escalation features
• Multiple architecture outputs (x32, x64, arm64)
• Claimed support across modern Windows desktop and server versions
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: N/A (offensive malware)
𝗦𝗲𝗰𝘁𝗼𝗿: Cybercrime Tooling / Malware-as-a-Service
𝗔𝗰𝘁𝗼𝗿: DarkFalcon
𝗖𝗹𝗮𝗶𝗺: Selling private Windows RAT (FalkonC2)
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: Remote access trojan with claimed AV/EDR evasion
𝗣𝗿𝗶𝗰𝗲: Monthly subscription (consumer tier €249, corporate tier €1,499)
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 23, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor on an underground forum is advertising FalkonC2, a private Windows remote access trojan (RAT) written in C++ and assembly. The seller markets two payload variants, one aimed at consumer systems and one at corporate environments, and claims the malware operates in memory and is designed to evade common antivirus and EDR products.
The listing promotes the tool to other forum members on a paid monthly subscription basis.
𝗪𝗵𝗮𝘁'𝘀 𝗯𝗲𝗶𝗻𝗴 𝗮𝗱𝘃𝗲𝗿𝘁𝗶𝘀𝗲𝗱:
• A private Windows RAT (DLL and EXE payloads)
• Two variants: one targeting consumer systems, one targeting corporate systems
• Claimed antivirus and EDR/XDR evasion
• Remote shell and remote management capabilities
• Reconnaissance, persistence, and privilege escalation features
• Multiple architecture outputs (x32, x64, arm64)
• Claimed support across modern Windows desktop and server versions
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: N/A (offensive malware)
𝗦𝗲𝗰𝘁𝗼𝗿: Cybercrime Tooling / Malware-as-a-Service
𝗔𝗰𝘁𝗼𝗿: DarkFalcon
𝗖𝗹𝗮𝗶𝗺: Selling private Windows RAT (FalkonC2)
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: Remote access trojan with claimed AV/EDR evasion
𝗣𝗿𝗶𝗰𝗲: Monthly subscription (consumer tier €249, corporate tier €1,499)
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 23, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
1
🚨🇨🇴 CNE (National Electoral Council) allegedly targeted by EsqueleSquad
A threat actor on an underground forum, attributing the leak to a group called EsqueleSquad, is claiming to have obtained confidential material directly from the CNE (Consejo Nacional Electoral), Colombia's National Electoral Council, and related sources. The actor timed the post to coincide with Colombia's elections.
The actor claims to hold internal confidential documents and campaign financing records.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• CNE internal confidential documents (internal reports, audit findings, formal complaints about electoral irregularities)
• Sensitive correspondence between CNE officials and campaign teams
• Documents showing weaknesses and anomalies in the voter registry and polling stations
• 2026 campaign financing records (declared and hidden donor lists)
• Alleged dark money movements and suspicious transfers
• Ghost companies and large contracts awarded to campaign donors
• Discrepancies between official reports and actual financial movements
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: CNE (Consejo Nacional Electoral)
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Colombia 🇨🇴
𝗦𝗲𝗰𝘁𝗼𝗿: Government / Elections
𝗔𝗰𝘁𝗼𝗿: Hydr0gen (EsqueleSquad)
𝗖𝗹𝗮𝗶𝗺: Confidential electoral documents and campaign financing records
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: Internal documents and financial records
𝗣𝗿𝗶𝗰𝗲: Free
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 30, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor on an underground forum, attributing the leak to a group called EsqueleSquad, is claiming to have obtained confidential material directly from the CNE (Consejo Nacional Electoral), Colombia's National Electoral Council, and related sources. The actor timed the post to coincide with Colombia's elections.
The actor claims to hold internal confidential documents and campaign financing records.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• CNE internal confidential documents (internal reports, audit findings, formal complaints about electoral irregularities)
• Sensitive correspondence between CNE officials and campaign teams
• Documents showing weaknesses and anomalies in the voter registry and polling stations
• 2026 campaign financing records (declared and hidden donor lists)
• Alleged dark money movements and suspicious transfers
• Ghost companies and large contracts awarded to campaign donors
• Discrepancies between official reports and actual financial movements
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: CNE (Consejo Nacional Electoral)
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Colombia 🇨🇴
𝗦𝗲𝗰𝘁𝗼𝗿: Government / Elections
𝗔𝗰𝘁𝗼𝗿: Hydr0gen (EsqueleSquad)
𝗖𝗹𝗮𝗶𝗺: Confidential electoral documents and campaign financing records
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: Internal documents and financial records
𝗣𝗿𝗶𝗰𝗲: Free
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 30, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤1
🚨🇮🇳 Mydukaan allegedly targeted in massive breach exposing 100M users
A threat actor on an underground forum is claiming to sell a full database dump allegedly originating from Mydukaan, an e-commerce platform (described as similar to Shopify) widely used in India.
The actor claims the dump contains roughly 100M users, including purchase history and encrypted payment API keys.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• Usernames, first and last names
• Email addresses
• Phone numbers
• Passwords and account status fields
• Full buyer addresses (line, city, state, pin, country)
• Purchase and transaction history
• Order, store lead, and seller data
• Encrypted payment API keys
• Activity logs and reseller SKU mapping
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: Mydukaan
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: India 🇮🇳
𝗦𝗲𝗰𝘁𝗼𝗿: Retail / E-commerce
𝗔𝗰𝘁𝗼𝗿: stalker8083
𝗖𝗹𝗮𝗶𝗺: Full database dump
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: ~100M users
𝗣𝗿𝗶𝗰𝗲: $10,000 (open to negotiation)
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor on an underground forum is claiming to sell a full database dump allegedly originating from Mydukaan, an e-commerce platform (described as similar to Shopify) widely used in India.
The actor claims the dump contains roughly 100M users, including purchase history and encrypted payment API keys.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• Usernames, first and last names
• Email addresses
• Phone numbers
• Passwords and account status fields
• Full buyer addresses (line, city, state, pin, country)
• Purchase and transaction history
• Order, store lead, and seller data
• Encrypted payment API keys
• Activity logs and reseller SKU mapping
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: Mydukaan
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: India 🇮🇳
𝗦𝗲𝗰𝘁𝗼𝗿: Retail / E-commerce
𝗔𝗰𝘁𝗼𝗿: stalker8083
𝗖𝗹𝗮𝗶𝗺: Full database dump
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: ~100M users
𝗣𝗿𝗶𝗰𝗲: $10,000 (open to negotiation)
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🚨🇮🇩 Ratakan allegedly targeted in free database leak exposing 80K records
A threat actor on an underground forum is claiming to have published a database allegedly originating from Ratakan, an Indonesian digital marketplace and affiliate sales platform. The actor is releasing the data for free.
The actor claims the leak contains roughly 80K records across user and sales data.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• Usernames and full names
• Email addresses
• Phone numbers
• Passwords (plaintext and hashed)
• Login tokens and device IDs
• Account verification status
• Profile, avatar, and banner image paths
• Linked social media handles (Facebook, Instagram, Twitter, Google)
• Sales, vendor, buyer, and affiliate commission data
• Purchase status and payment account fields
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: Ratakan
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Indonesia 🇮🇩
𝗦𝗲𝗰𝘁𝗼𝗿: Retail / E-commerce
𝗔𝗰𝘁𝗼𝗿: Bambi
𝗖𝗹𝗮𝗶𝗺: Free database leak
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: ~80K records
𝗣𝗿𝗶𝗰𝗲: Free
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 30, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor on an underground forum is claiming to have published a database allegedly originating from Ratakan, an Indonesian digital marketplace and affiliate sales platform. The actor is releasing the data for free.
The actor claims the leak contains roughly 80K records across user and sales data.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• Usernames and full names
• Email addresses
• Phone numbers
• Passwords (plaintext and hashed)
• Login tokens and device IDs
• Account verification status
• Profile, avatar, and banner image paths
• Linked social media handles (Facebook, Instagram, Twitter, Google)
• Sales, vendor, buyer, and affiliate commission data
• Purchase status and payment account fields
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: Ratakan
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Indonesia 🇮🇩
𝗦𝗲𝗰𝘁𝗼𝗿: Retail / E-commerce
𝗔𝗰𝘁𝗼𝗿: Bambi
𝗖𝗹𝗮𝗶𝗺: Free database leak
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: ~80K records
𝗣𝗿𝗶𝗰𝗲: Free
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 30, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🚨🇺🇸 Bridges Bay Resort allegedly targeted in database leak
A threat actor on an underground forum is claiming to have leaked a database allegedly originating from Bridges Bay Resort, a lakeside resort and waterpark located in Okoboji, Iowa. The actor is releasing the data for free.
The actor claims the leak contains 52,744 visitors and 85 users.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• Visitor and user names
• Email addresses
• Phone numbers
• Visitor consent and signature fields
• Room numbers
• Document/PDF links (hosted on S3)
• User agents and source data
• Account creation and update timestamps
• Approval status and member counts
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: Bridges Bay Resort
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: United States 🇺🇸
𝗦𝗲𝗰𝘁𝗼𝗿: Hospitality / Tourism
𝗔𝗰𝘁𝗼𝗿: MirrorShell
𝗖𝗹𝗮𝗶𝗺: Leaked database
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: 52,744 visitors and 85 users
𝗣𝗿𝗶𝗰𝗲: Free
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 31, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor on an underground forum is claiming to have leaked a database allegedly originating from Bridges Bay Resort, a lakeside resort and waterpark located in Okoboji, Iowa. The actor is releasing the data for free.
The actor claims the leak contains 52,744 visitors and 85 users.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• Visitor and user names
• Email addresses
• Phone numbers
• Visitor consent and signature fields
• Room numbers
• Document/PDF links (hosted on S3)
• User agents and source data
• Account creation and update timestamps
• Approval status and member counts
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: Bridges Bay Resort
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: United States 🇺🇸
𝗦𝗲𝗰𝘁𝗼𝗿: Hospitality / Tourism
𝗔𝗰𝘁𝗼𝗿: MirrorShell
𝗖𝗹𝗮𝗶𝗺: Leaked database
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: 52,744 visitors and 85 users
𝗣𝗿𝗶𝗰𝗲: Free
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 31, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations