🚨 FalkonC2 Windows RAT advertised on a Russian speaking underground forum
A threat actor on an underground forum is advertising FalkonC2, a private Windows remote access trojan (RAT) written in C++ and assembly. The seller markets two payload variants, one aimed at consumer systems and one at corporate environments, and claims the malware operates in memory and is designed to evade common antivirus and EDR products.
The listing promotes the tool to other forum members on a paid monthly subscription basis.
𝗪𝗵𝗮𝘁'𝘀 𝗯𝗲𝗶𝗻𝗴 𝗮𝗱𝘃𝗲𝗿𝘁𝗶𝘀𝗲𝗱:
• A private Windows RAT (DLL and EXE payloads)
• Two variants: one targeting consumer systems, one targeting corporate systems
• Claimed antivirus and EDR/XDR evasion
• Remote shell and remote management capabilities
• Reconnaissance, persistence, and privilege escalation features
• Multiple architecture outputs (x32, x64, arm64)
• Claimed support across modern Windows desktop and server versions
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: N/A (offensive malware)
𝗦𝗲𝗰𝘁𝗼𝗿: Cybercrime Tooling / Malware-as-a-Service
𝗔𝗰𝘁𝗼𝗿: DarkFalcon
𝗖𝗹𝗮𝗶𝗺: Selling private Windows RAT (FalkonC2)
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: Remote access trojan with claimed AV/EDR evasion
𝗣𝗿𝗶𝗰𝗲: Monthly subscription (consumer tier €249, corporate tier €1,499)
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 23, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor on an underground forum is advertising FalkonC2, a private Windows remote access trojan (RAT) written in C++ and assembly. The seller markets two payload variants, one aimed at consumer systems and one at corporate environments, and claims the malware operates in memory and is designed to evade common antivirus and EDR products.
The listing promotes the tool to other forum members on a paid monthly subscription basis.
𝗪𝗵𝗮𝘁'𝘀 𝗯𝗲𝗶𝗻𝗴 𝗮𝗱𝘃𝗲𝗿𝘁𝗶𝘀𝗲𝗱:
• A private Windows RAT (DLL and EXE payloads)
• Two variants: one targeting consumer systems, one targeting corporate systems
• Claimed antivirus and EDR/XDR evasion
• Remote shell and remote management capabilities
• Reconnaissance, persistence, and privilege escalation features
• Multiple architecture outputs (x32, x64, arm64)
• Claimed support across modern Windows desktop and server versions
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: N/A (offensive malware)
𝗦𝗲𝗰𝘁𝗼𝗿: Cybercrime Tooling / Malware-as-a-Service
𝗔𝗰𝘁𝗼𝗿: DarkFalcon
𝗖𝗹𝗮𝗶𝗺: Selling private Windows RAT (FalkonC2)
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: Remote access trojan with claimed AV/EDR evasion
𝗣𝗿𝗶𝗰𝗲: Monthly subscription (consumer tier €249, corporate tier €1,499)
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 23, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
1
🚨🇨🇴 CNE (National Electoral Council) allegedly targeted by EsqueleSquad
A threat actor on an underground forum, attributing the leak to a group called EsqueleSquad, is claiming to have obtained confidential material directly from the CNE (Consejo Nacional Electoral), Colombia's National Electoral Council, and related sources. The actor timed the post to coincide with Colombia's elections.
The actor claims to hold internal confidential documents and campaign financing records.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• CNE internal confidential documents (internal reports, audit findings, formal complaints about electoral irregularities)
• Sensitive correspondence between CNE officials and campaign teams
• Documents showing weaknesses and anomalies in the voter registry and polling stations
• 2026 campaign financing records (declared and hidden donor lists)
• Alleged dark money movements and suspicious transfers
• Ghost companies and large contracts awarded to campaign donors
• Discrepancies between official reports and actual financial movements
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: CNE (Consejo Nacional Electoral)
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Colombia 🇨🇴
𝗦𝗲𝗰𝘁𝗼𝗿: Government / Elections
𝗔𝗰𝘁𝗼𝗿: Hydr0gen (EsqueleSquad)
𝗖𝗹𝗮𝗶𝗺: Confidential electoral documents and campaign financing records
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: Internal documents and financial records
𝗣𝗿𝗶𝗰𝗲: Free
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 30, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor on an underground forum, attributing the leak to a group called EsqueleSquad, is claiming to have obtained confidential material directly from the CNE (Consejo Nacional Electoral), Colombia's National Electoral Council, and related sources. The actor timed the post to coincide with Colombia's elections.
The actor claims to hold internal confidential documents and campaign financing records.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• CNE internal confidential documents (internal reports, audit findings, formal complaints about electoral irregularities)
• Sensitive correspondence between CNE officials and campaign teams
• Documents showing weaknesses and anomalies in the voter registry and polling stations
• 2026 campaign financing records (declared and hidden donor lists)
• Alleged dark money movements and suspicious transfers
• Ghost companies and large contracts awarded to campaign donors
• Discrepancies between official reports and actual financial movements
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: CNE (Consejo Nacional Electoral)
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Colombia 🇨🇴
𝗦𝗲𝗰𝘁𝗼𝗿: Government / Elections
𝗔𝗰𝘁𝗼𝗿: Hydr0gen (EsqueleSquad)
𝗖𝗹𝗮𝗶𝗺: Confidential electoral documents and campaign financing records
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: Internal documents and financial records
𝗣𝗿𝗶𝗰𝗲: Free
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 30, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤1
🚨🇮🇳 Mydukaan allegedly targeted in massive breach exposing 100M users
A threat actor on an underground forum is claiming to sell a full database dump allegedly originating from Mydukaan, an e-commerce platform (described as similar to Shopify) widely used in India.
The actor claims the dump contains roughly 100M users, including purchase history and encrypted payment API keys.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• Usernames, first and last names
• Email addresses
• Phone numbers
• Passwords and account status fields
• Full buyer addresses (line, city, state, pin, country)
• Purchase and transaction history
• Order, store lead, and seller data
• Encrypted payment API keys
• Activity logs and reseller SKU mapping
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: Mydukaan
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: India 🇮🇳
𝗦𝗲𝗰𝘁𝗼𝗿: Retail / E-commerce
𝗔𝗰𝘁𝗼𝗿: stalker8083
𝗖𝗹𝗮𝗶𝗺: Full database dump
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: ~100M users
𝗣𝗿𝗶𝗰𝗲: $10,000 (open to negotiation)
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor on an underground forum is claiming to sell a full database dump allegedly originating from Mydukaan, an e-commerce platform (described as similar to Shopify) widely used in India.
The actor claims the dump contains roughly 100M users, including purchase history and encrypted payment API keys.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• Usernames, first and last names
• Email addresses
• Phone numbers
• Passwords and account status fields
• Full buyer addresses (line, city, state, pin, country)
• Purchase and transaction history
• Order, store lead, and seller data
• Encrypted payment API keys
• Activity logs and reseller SKU mapping
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: Mydukaan
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: India 🇮🇳
𝗦𝗲𝗰𝘁𝗼𝗿: Retail / E-commerce
𝗔𝗰𝘁𝗼𝗿: stalker8083
𝗖𝗹𝗮𝗶𝗺: Full database dump
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: ~100M users
𝗣𝗿𝗶𝗰𝗲: $10,000 (open to negotiation)
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🚨🇮🇩 Ratakan allegedly targeted in free database leak exposing 80K records
A threat actor on an underground forum is claiming to have published a database allegedly originating from Ratakan, an Indonesian digital marketplace and affiliate sales platform. The actor is releasing the data for free.
The actor claims the leak contains roughly 80K records across user and sales data.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• Usernames and full names
• Email addresses
• Phone numbers
• Passwords (plaintext and hashed)
• Login tokens and device IDs
• Account verification status
• Profile, avatar, and banner image paths
• Linked social media handles (Facebook, Instagram, Twitter, Google)
• Sales, vendor, buyer, and affiliate commission data
• Purchase status and payment account fields
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: Ratakan
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Indonesia 🇮🇩
𝗦𝗲𝗰𝘁𝗼𝗿: Retail / E-commerce
𝗔𝗰𝘁𝗼𝗿: Bambi
𝗖𝗹𝗮𝗶𝗺: Free database leak
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: ~80K records
𝗣𝗿𝗶𝗰𝗲: Free
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 30, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor on an underground forum is claiming to have published a database allegedly originating from Ratakan, an Indonesian digital marketplace and affiliate sales platform. The actor is releasing the data for free.
The actor claims the leak contains roughly 80K records across user and sales data.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• Usernames and full names
• Email addresses
• Phone numbers
• Passwords (plaintext and hashed)
• Login tokens and device IDs
• Account verification status
• Profile, avatar, and banner image paths
• Linked social media handles (Facebook, Instagram, Twitter, Google)
• Sales, vendor, buyer, and affiliate commission data
• Purchase status and payment account fields
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: Ratakan
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Indonesia 🇮🇩
𝗦𝗲𝗰𝘁𝗼𝗿: Retail / E-commerce
𝗔𝗰𝘁𝗼𝗿: Bambi
𝗖𝗹𝗮𝗶𝗺: Free database leak
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: ~80K records
𝗣𝗿𝗶𝗰𝗲: Free
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 30, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🚨🇺🇸 Bridges Bay Resort allegedly targeted in database leak
A threat actor on an underground forum is claiming to have leaked a database allegedly originating from Bridges Bay Resort, a lakeside resort and waterpark located in Okoboji, Iowa. The actor is releasing the data for free.
The actor claims the leak contains 52,744 visitors and 85 users.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• Visitor and user names
• Email addresses
• Phone numbers
• Visitor consent and signature fields
• Room numbers
• Document/PDF links (hosted on S3)
• User agents and source data
• Account creation and update timestamps
• Approval status and member counts
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: Bridges Bay Resort
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: United States 🇺🇸
𝗦𝗲𝗰𝘁𝗼𝗿: Hospitality / Tourism
𝗔𝗰𝘁𝗼𝗿: MirrorShell
𝗖𝗹𝗮𝗶𝗺: Leaked database
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: 52,744 visitors and 85 users
𝗣𝗿𝗶𝗰𝗲: Free
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 31, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor on an underground forum is claiming to have leaked a database allegedly originating from Bridges Bay Resort, a lakeside resort and waterpark located in Okoboji, Iowa. The actor is releasing the data for free.
The actor claims the leak contains 52,744 visitors and 85 users.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• Visitor and user names
• Email addresses
• Phone numbers
• Visitor consent and signature fields
• Room numbers
• Document/PDF links (hosted on S3)
• User agents and source data
• Account creation and update timestamps
• Approval status and member counts
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: Bridges Bay Resort
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: United States 🇺🇸
𝗦𝗲𝗰𝘁𝗼𝗿: Hospitality / Tourism
𝗔𝗰𝘁𝗼𝗿: MirrorShell
𝗖𝗹𝗮𝗶𝗺: Leaked database
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: 52,744 visitors and 85 users
𝗣𝗿𝗶𝗰𝗲: Free
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 31, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
‼️ New Dark Web Informer Blog Post!
Title: Australian Workplace Catering Platform Hampr Hit by Alleged 360K+ Record Leak
Link: https://darkwebinformer.com/australian-workplace-catering-platform-hampr-hit-by-alleged-360k-record-leak/
Title: Australian Workplace Catering Platform Hampr Hit by Alleged 360K+ Record Leak
Link: https://darkwebinformer.com/australian-workplace-catering-platform-hampr-hit-by-alleged-360k-record-leak/
Dark Web Informer
Australian Workplace Catering Platform Hampr Hit by Alleged 360K+ Record Leak
A threat actor using the alias 2019 claims to have leaked a database allegedly belonging to Hampr, an Australian workplace food and catering management platform used by businesses to organise office meals, corporate catering, pantry supplies, and workplace…
🚨🇺🇸 MoniCare allegedly targeted in breach exposing 40K+ consumers
A threat actor on an underground forum is claiming to sell a dataset allegedly originating from MoniCare, a Chicago-based domestic staffing agency that places professional nannies, babysitters, housekeepers, household managers, personal assistants, and caregivers.
The actor claims the breach contains over 40K consumer records along with a collection of identity documents.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• Full names
• Email addresses
• Phone numbers
• Addresses
• Ages
• PDF document attachments (driver's licenses, identification cards, passports, resumes, reference letters, vaccination cards)
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: MoniCare
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: United States 🇺🇸
𝗦𝗲𝗰𝘁𝗼𝗿: Staffing / Domestic Services
𝗔𝗰𝘁𝗼𝗿: 2019
𝗖𝗹𝗮𝗶𝗺: Leaked consumer database and identity documents
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: 40K+ records (2 datasets)
𝗣𝗿𝗶𝗰𝗲: Free
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 31, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor on an underground forum is claiming to sell a dataset allegedly originating from MoniCare, a Chicago-based domestic staffing agency that places professional nannies, babysitters, housekeepers, household managers, personal assistants, and caregivers.
The actor claims the breach contains over 40K consumer records along with a collection of identity documents.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• Full names
• Email addresses
• Phone numbers
• Addresses
• Ages
• PDF document attachments (driver's licenses, identification cards, passports, resumes, reference letters, vaccination cards)
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: MoniCare
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: United States 🇺🇸
𝗦𝗲𝗰𝘁𝗼𝗿: Staffing / Domestic Services
𝗔𝗰𝘁𝗼𝗿: 2019
𝗖𝗹𝗮𝗶𝗺: Leaked consumer database and identity documents
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: 40K+ records (2 datasets)
𝗣𝗿𝗶𝗰𝗲: Free
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 31, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🚨🇫🇷 Air Austral allegedly targeted in database leak
A threat actor on an underground forum is claiming to have leaked a database allegedly originating from Air Austral, a French airline specializing in flights between the Indian Ocean, metropolitan France, southern Africa, and certain Asian destinations. The actor is releasing the data for free.
The actor claims the leak contains roughly 1K records in JSON format (~125 KB), appearing to be employee/staff data.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• First and last names
• Email addresses
• Job titles (fonction)
• Department/service
• Location (localisation)
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: Air Austral
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: France 🇫🇷
𝗦𝗲𝗰𝘁𝗼𝗿: Aviation / Airline
𝗔𝗰𝘁𝗼𝗿: ChimeraZ
𝗖𝗹𝗮𝗶𝗺: Leaked database
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: ~1K records (~125 KB)
𝗣𝗿𝗶𝗰𝗲: Free
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 31, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor on an underground forum is claiming to have leaked a database allegedly originating from Air Austral, a French airline specializing in flights between the Indian Ocean, metropolitan France, southern Africa, and certain Asian destinations. The actor is releasing the data for free.
The actor claims the leak contains roughly 1K records in JSON format (~125 KB), appearing to be employee/staff data.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• First and last names
• Email addresses
• Job titles (fonction)
• Department/service
• Location (localisation)
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: Air Austral
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: France 🇫🇷
𝗦𝗲𝗰𝘁𝗼𝗿: Aviation / Airline
𝗔𝗰𝘁𝗼𝗿: ChimeraZ
𝗖𝗹𝗮𝗶𝗺: Leaked database
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: ~1K records (~125 KB)
𝗣𝗿𝗶𝗰𝗲: Free
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 31, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🚨🇬🇧🇮🇪 Nando's allegedly targeted in employee database breach
A threat actor on an underground forum is claiming to sell an employee database allegedly originating from Nando's, the restaurant chain. The actor says the breach occurred as of May 30, 2026, and the data consists mainly of UK and Irish employees.
The actor claims the database contains 87,000 records of past and current "Nandoca" employees.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• Full names
• Job titles and supervisory groups
• Business and personal email addresses
• Mobile and landline phone numbers
• Employment locations
• Employee roles
• Business locations and numbers
• Cost center information
• Job listing information including salaries
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: Nando's
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: United Kingdom 🇬🇧 / Ireland 🇮🇪
𝗦𝗲𝗰𝘁𝗼𝗿: Retail / Restaurant
𝗔𝗰𝘁𝗼𝗿: failing2
𝗖𝗹𝗮𝗶𝗺: Leaked employee database
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: 87,000 records
𝗣𝗿𝗶𝗰𝗲: $1,000
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 31, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor on an underground forum is claiming to sell an employee database allegedly originating from Nando's, the restaurant chain. The actor says the breach occurred as of May 30, 2026, and the data consists mainly of UK and Irish employees.
The actor claims the database contains 87,000 records of past and current "Nandoca" employees.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• Full names
• Job titles and supervisory groups
• Business and personal email addresses
• Mobile and landline phone numbers
• Employment locations
• Employee roles
• Business locations and numbers
• Cost center information
• Job listing information including salaries
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: Nando's
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: United Kingdom 🇬🇧 / Ireland 🇮🇪
𝗦𝗲𝗰𝘁𝗼𝗿: Retail / Restaurant
𝗔𝗰𝘁𝗼𝗿: failing2
𝗖𝗹𝗮𝗶𝗺: Leaked employee database
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: 87,000 records
𝗣𝗿𝗶𝗰𝗲: $1,000
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 31, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🚨 FedEx account checker tool advertised on underground forum
A threat actor on an underground forum is advertising a FedEx "mail pass" account checker, a credential-stuffing tool designed to validate stolen email/password combinations against FedEx accounts. The seller markets it as request-based with updated API handling and anti-bot bypass.
The listing promotes the tool to other forum members and claims it can pull account profile data from validated logins.
𝗪𝗵𝗮𝘁'𝘀 𝗯𝗲𝗶𝗻𝗴 𝗮𝗱𝘃𝗲𝗿𝘁𝗶𝘀𝗲𝗱:
• A request-based credential checker targeting FedEx accounts
• Claimed anti-bot / WAF bypass handling
• Automated validation of email:password combolists
• Capture of account profile details from valid logins (name, contact info, address, account balance fields)
• Marketed throughput of several hundred checks per minute
• Sold as a single GO script copy
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: FedEx (account checker tooling)
𝗦𝗲𝗰𝘁𝗼𝗿: Cybercrime Tooling
𝗔𝗰𝘁𝗼𝗿: DataKernel
𝗖𝗹𝗮𝗶𝗺: Selling FedEx credential-checking tool
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: Account-validation / credential-stuffing tool
𝗣𝗿𝗶𝗰𝗲: Single copy (middleman accepted)
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 31, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor on an underground forum is advertising a FedEx "mail pass" account checker, a credential-stuffing tool designed to validate stolen email/password combinations against FedEx accounts. The seller markets it as request-based with updated API handling and anti-bot bypass.
The listing promotes the tool to other forum members and claims it can pull account profile data from validated logins.
𝗪𝗵𝗮𝘁'𝘀 𝗯𝗲𝗶𝗻𝗴 𝗮𝗱𝘃𝗲𝗿𝘁𝗶𝘀𝗲𝗱:
• A request-based credential checker targeting FedEx accounts
• Claimed anti-bot / WAF bypass handling
• Automated validation of email:password combolists
• Capture of account profile details from valid logins (name, contact info, address, account balance fields)
• Marketed throughput of several hundred checks per minute
• Sold as a single GO script copy
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: FedEx (account checker tooling)
𝗦𝗲𝗰𝘁𝗼𝗿: Cybercrime Tooling
𝗔𝗰𝘁𝗼𝗿: DataKernel
𝗖𝗹𝗮𝗶𝗺: Selling FedEx credential-checking tool
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: Account-validation / credential-stuffing tool
𝗣𝗿𝗶𝗰𝗲: Single copy (middleman accepted)
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 31, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🚨🇫🇷 Avantages Enseignants allegedly targeted in 126K database leak
A threat actor on an underground forum is claiming to have leaked a database allegedly originating from Avantages Enseignants, a French platform dedicated to education professionals (teachers and staff in the National Education system).
The actor claims the leak contains roughly 126K records across customer and account data.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• First and last names
• Email addresses
• Passwords (hashed)
• Telephone numbers
• IP addresses
• Fax and cart data
• Tokens and codes
• Account status and approval fields
• Wishlist and custom field data
• Profile pictures and newsletter status
• Account creation and reminder timestamps
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: Avantages Enseignants
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: France 🇫🇷
𝗦𝗲𝗰𝘁𝗼𝗿: Education
𝗔𝗰𝘁𝗼𝗿: kvantize
𝗖𝗹𝗮𝗶𝗺: Leaked database
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: ~126K records
𝗣𝗿𝗶𝗰𝗲: 1 Point
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 31, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor on an underground forum is claiming to have leaked a database allegedly originating from Avantages Enseignants, a French platform dedicated to education professionals (teachers and staff in the National Education system).
The actor claims the leak contains roughly 126K records across customer and account data.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• First and last names
• Email addresses
• Passwords (hashed)
• Telephone numbers
• IP addresses
• Fax and cart data
• Tokens and codes
• Account status and approval fields
• Wishlist and custom field data
• Profile pictures and newsletter status
• Account creation and reminder timestamps
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: Avantages Enseignants
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: France 🇫🇷
𝗦𝗲𝗰𝘁𝗼𝗿: Education
𝗔𝗰𝘁𝗼𝗿: kvantize
𝗖𝗹𝗮𝗶𝗺: Leaked database
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: ~126K records
𝗣𝗿𝗶𝗰𝗲: 1 Point
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 31, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🚨🇨🇴 GamaSoft allegedly targeted in 150GB+ data breach
A threat actor on an underground forum is claiming to have exfiltrated data allegedly originating from GamaSoft, a Colombian company specializing in POS software for the food and beverage sector. The actor notes the company has over 25 years of experience, more than 4,200 installations across Colombia, and generates over 6 million invoices monthly.
The actor claims to have exfiltrated over 150 GB of data including software installers, databases, backups, invoices, and inventory information.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• Client and contact names
• Email addresses
• Phone and mobile numbers
• Addresses and municipality data
• Representative names and identity documents
• Business/owner details and roles
• Tax and franchise data
• Software installers and client databases
• MySQL dumps (.csv, .sql) and backups from 2015 to 2017
• PDF and XML invoices (facturas)
• Support folder, activators, and software backups
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: GamaSoft
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Colombia 🇨🇴
𝗦𝗲𝗰𝘁𝗼𝗿: Technology / POS Software
𝗔𝗰𝘁𝗼𝗿: tillthaend
𝗖𝗹𝗮𝗶𝗺: Exfiltrated databases, clients, and software
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: 150 GB+ of data
𝗣𝗿𝗶𝗰𝗲: Free (reply to unlock)
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 31, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor on an underground forum is claiming to have exfiltrated data allegedly originating from GamaSoft, a Colombian company specializing in POS software for the food and beverage sector. The actor notes the company has over 25 years of experience, more than 4,200 installations across Colombia, and generates over 6 million invoices monthly.
The actor claims to have exfiltrated over 150 GB of data including software installers, databases, backups, invoices, and inventory information.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• Client and contact names
• Email addresses
• Phone and mobile numbers
• Addresses and municipality data
• Representative names and identity documents
• Business/owner details and roles
• Tax and franchise data
• Software installers and client databases
• MySQL dumps (.csv, .sql) and backups from 2015 to 2017
• PDF and XML invoices (facturas)
• Support folder, activators, and software backups
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: GamaSoft
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Colombia 🇨🇴
𝗦𝗲𝗰𝘁𝗼𝗿: Technology / POS Software
𝗔𝗰𝘁𝗼𝗿: tillthaend
𝗖𝗹𝗮𝗶𝗺: Exfiltrated databases, clients, and software
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: 150 GB+ of data
𝗣𝗿𝗶𝗰𝗲: Free (reply to unlock)
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 31, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
🚨🇮🇷 Hajj and Pilgrimage Organization allegedly targeted in breach exposing 168M+ records for $80,000 BTC
A threat actor on an underground forum is claiming to sell a database allegedly originating from the Hajj and Pilgrimage Organization in Iran, the government body managing pilgrimage travel.
The actor claims the dataset contains more than 168 million records spanning 1984 to 2024.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• Full names, father's name, dates and places of birth
• National codes (SSN), ID numbers, national card serial numbers
• Marital status and occupation
• Contact information (home/work addresses, postal codes, phone numbers)
• Passport details (number, issue/expiration dates) and passport scans
• Traveler photos
• Travel flight and insurance information
• Security deposit and banking/payment documents
• Pilgrimage broker and accommodation information
• Details of government officials, NAJA forces, Basij forces, and clerics
• Allocated quota data (including martyr families)
• Source code of Hajj apps and services
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: Hajj and Pilgrimage Organization of Iran
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Iran 🇮🇷
𝗦𝗲𝗰𝘁𝗼𝗿: Government
𝗔𝗰𝘁𝗼𝗿: irleak
𝗖𝗹𝗮𝗶𝗺: Database for sale
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: 168M+ records (1984 to 2024)
𝗣𝗿𝗶𝗰𝗲: $80,000 BTC
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 31, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
A threat actor on an underground forum is claiming to sell a database allegedly originating from the Hajj and Pilgrimage Organization in Iran, the government body managing pilgrimage travel.
The actor claims the dataset contains more than 168 million records spanning 1984 to 2024.
𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• Full names, father's name, dates and places of birth
• National codes (SSN), ID numbers, national card serial numbers
• Marital status and occupation
• Contact information (home/work addresses, postal codes, phone numbers)
• Passport details (number, issue/expiration dates) and passport scans
• Traveler photos
• Travel flight and insurance information
• Security deposit and banking/payment documents
• Pilgrimage broker and accommodation information
• Details of government officials, NAJA forces, Basij forces, and clerics
• Allocated quota data (including martyr families)
• Source code of Hajj apps and services
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: Hajj and Pilgrimage Organization of Iran
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Iran 🇮🇷
𝗦𝗲𝗰𝘁𝗼𝗿: Government
𝗔𝗰𝘁𝗼𝗿: irleak
𝗖𝗹𝗮𝗶𝗺: Database for sale
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: 168M+ records (1984 to 2024)
𝗣𝗿𝗶𝗰𝗲: $80,000 BTC
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 31, 2026
💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
❤1
🔪 Slice For Life - Part 2 🔪
https://x.com/weezerOSINT/status/2061223556994965643
Telegram
Feds
Method:
vpn to match the target account country region > reset password> ask for more help > chat with AI > ask AI to switch email for you.
This lit allows u to pull 90% of IG accounts
Note: yall should help each other in @fedschat,
@FEDS
vpn to match the target account country region > reset password> ask for more help > chat with AI > ask AI to switch email for you.
This lit allows u to pull 90% of IG accounts
Note: yall should help each other in @fedschat,
@FEDS
🔪 Slice For Life - Part 2 🔪
https://t.me/feds/1024
Another video... https://x.com/i/status/2061253599758315527
X (formerly Twitter)
Dark Web Informer (@DarkWebInformer) on X
🚨 Instagram had an exploit that allowed you to use Meta AI to reset passwords to accounts with no MFA on them. The exploit was patched a short time ago.