‼️🇵🇦 Clinica Hospital Panamericano (ch-panamericano.com), a Panamanian hospital, has allegedly been breached, with a database containing patient and medical data leaked for free.
⠀
‣ Threat Actor: ohmydays (Waxx Org.)
‣ Category: Data Leak
‣ Victim: Clinica Hospital Panamericano
‣ Industry: Healthcare / Hospital
⠀
The actor claims the database was pulled from an unsecured system, marking the second Panamanian medical leak released by the same threat actor.
⠀
What's in it:
⠀
▪️ 16,884 patient records with full PII (name, national ID, sex, date of birth)
▪️ 25,893 medical appointments linking patients to specific studies and schedules
▪️ 570 doctor records with national ID, user ID, full names, and additional information
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🇪🇨 Banco de Machala, an Ecuadorian bank, has allegedly been breached, with over 100,000 biometric customer records leaked for free.
⠀
‣ Threat Actor: GondorPe
‣ Category: Data Leak
‣ Victim: Banco de Machala
‣ Industry: Banking / Finance
⠀
The actor claims the bank's biometric authentication system was compromised, granting full access to the customer database and image repository, which was reportedly stored without proper protection.
⠀
What's in it:
⠀
▪️ 100,000+ biometric records of customers
▪️ Biometric photographs (full face) of all customers as of May 1, 2026
▪️ Photographs of identity cards
▪️ Full names
▪️ ID numbers
▪️ Face photos linked to each ID number
▪️ Files distributed in JPG format
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️ A threat actor is allegedly selling YouTube Society Award Play Button codes for $160. The nature of how these codes were obtained is unclear, but the listing suggests unauthorized acquisition and resale of official YouTube creator award redemption codes.
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️ QuimaRAT v2.0.0, a new cross-platform Java-based RAT, is allegedly being sold on a hacking forum, targeting Windows, macOS, and Linux systems.
⠀
‣ Threat Actor: QuimaCORE
‣ Category: Malware / RAT Sale
‣ Product: QuimaRAT v2.0.0
‣ Industry: Cybercrime / Malware-as-a-Service
⠀
The actor is advertising a Java 17 + JavaFX based remote access trojan claiming FUD (Fully Undetectable) output, end-to-end encryption (Mutual TLS + AES-256-GCM), and no Java requirement on target machines.
⠀
What's advertised:
⠀
▪️ 70+ Windows modules / 44+ macOS & Linux modules
▪️ Surveillance: keylogger, clipboard logger, screenshot/screen recorder, hidden VNC, webcam/microphone capture, hidden browser
▪️ Credential theft: browser recovery (Chromium/Firefox/Edge), email clients, LSASS dump, RDP/VPN credentials, crypto wallet artifacts, token stealer
▪️ Evasion: AMSI bypass, ETW patcher, UAC bypass, Defender/Firewall disable, process hollowing, DLL injection, shellcode loader, rootkit module
▪️ Network: scanner, SOCKS5/reverse proxy, port forwarding, lateral movement, AD enumerator
▪️ Builder output formats: JAR, EXE (Launch4j), BAT, VBS, NATIVE formats with embedded JRE
▪️ ProGuard obfuscation with 15,600+ runtime classes
⠀
Pricing: $200 (1 month) / $400 (3 months) / $600 (6 months) / $800 (12 months) / $2,400 (lifetime)
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🇨🇴 Hospital Universitario Nacional de Colombia (hun.edu.co), a major Colombian university hospital, has allegedly been breached, with a full database dump (8 DBs, 197 tables) being sold along with confirmed live access to the production server.
⠀
‣ Threat Actor: macaroni
‣ Category: Data Leak / Network Access
‣ Victim: Hospital Universitario Nacional de Colombia
‣ Industry: Healthcare / Education
⠀
The actor claims the data was extracted on May 2, 2026 from a production server that remains running and accessible on the internet. The listing emphasizes an open MySQL port (3306) exposed publicly, presenting an immediate lateral movement opportunity for any buyer looking to pivot into the internal network. Price is set at $1,500 XMR.
⠀
What's in it:
⠀
▪️ 8 databases / 197 tables (full schema + real data)
▪️ REDCap clinical research platform: 639 user accounts, SHA-512 hashes with 100-char salts, TOTP seeds in plaintext, 10K+ patient records, clinical notes, research project files
▪️ Hospital pharmacy system: 22 users with plaintext passwords, 10K drug transactions with prices and suppliers
▪️ Employee directory: 583 staff members with full names, national ID numbers, job titles, personal emails
▪️ WordPress multisite intranet: internal communications, API keys, admin PII, login logs with timestamps
▪️ Server fingerprint: Apache 2.4.17 / PHP 5.6.23 on Windows
▪️ Live proof: open MySQL port 3306, valid SSL cert until October 2026, active phpMyAdmin (IP-restricted)
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🇳🇴 Fredrikstad Municipality of Norway (fredrikstad.kommune.no) has allegedly been breached, with an Active Directory user dump leaked containing employee information from the government sector.
⠀
‣ Threat Actor: kaya
‣ Category: Data Leak
‣ Victim: Fredrikstad Municipality
‣ Industry: Government / Public Sector
⠀
The actor claims to have uploaded an active directory dump from the Norwegian municipality, exposing general information about all employees working in the government sector.
⠀
What's in it:
⠀
▪️ Active Directory entries (LDAP / DirectoryEntry)
▪️ User IDs, CN (Common Name), DN (Distinguished Name)
▪️ Employee names
▪️ Organizational unit (OU) information
▪️ Account enabled status
▪️ UPN (User Principal Name) and email addresses
▪️ Department, role, and job titles
▪️ Phone and mobile numbers
▪️ Manager and ManagerDN information
▪️ Street addresses
▪️ SIP information
▪️ hasChildren and isOU flags
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🇬🇹 Universidad Da Vinci de Guatemala has allegedly been breached, with a massive student database leaked containing PII and student photos.
⠀
‣ Threat Actor: Dianna
‣ Category: Data Leak
‣ Victim: Universidad Da Vinci de Guatemala
‣ Industry: Education / University
⠀
The actor claims to have exploited a poorly configured WAF security system to extract student data via exposed APIs (one for photos, one for personal information). The leak includes 98,099 JSON files and 16,000 student photos.
⠀
What's in it:
⠀
▪️ 98,099 JSON files containing student records
▪️ 16,000 photos of students
▪️ IDU (student ID)
▪️ Full names (Nombre, Apellidos)
▪️ Identification / CIF numbers
▪️ Civil status (Estado Civil)
▪️ Date of birth (Fecha Nacimiento)
▪️ Place of birth (Lugar Nacimiento)
▪️ Address (Direccion)
▪️ Department, Municipality, Zone
▪️ Cellular and home phone numbers
▪️ Additional phone numbers
▪️ Email addresses (Correo)
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations