βΌοΈπ¨π΄ Hospital Universitario Nacional de Colombia (hun.edu.co), a major Colombian university hospital, has allegedly been breached, with a full database dump (8 DBs, 197 tables) being sold along with confirmed live access to the production server.
β
β£ Threat Actor: macaroni
β£ Category: Data Leak / Network Access
β£ Victim: Hospital Universitario Nacional de Colombia
β£ Industry: Healthcare / Education
β
The actor claims the data was extracted on May 2, 2026 from a production server that remains running and accessible on the internet. The listing emphasizes an open MySQL port (3306) exposed publicly, presenting an immediate lateral movement opportunity for any buyer looking to pivot into the internal network. Price is set at $1,500 XMR.
β
What's in it:
β
βͺοΈ 8 databases / 197 tables (full schema + real data)
βͺοΈ REDCap clinical research platform: 639 user accounts, SHA-512 hashes with 100-char salts, TOTP seeds in plaintext, 10K+ patient records, clinical notes, research project files
βͺοΈ Hospital pharmacy system: 22 users with plaintext passwords, 10K drug transactions with prices and suppliers
βͺοΈ Employee directory: 583 staff members with full names, national ID numbers, job titles, personal emails
βͺοΈ WordPress multisite intranet: internal communications, API keys, admin PII, login logs with timestamps
βͺοΈ Server fingerprint: Apache 2.4.17 / PHP 5.6.23 on Windows
βͺοΈ Live proof: open MySQL port 3306, valid SSL cert until October 2026, active phpMyAdmin (IP-restricted)
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
β
β£ Threat Actor: macaroni
β£ Category: Data Leak / Network Access
β£ Victim: Hospital Universitario Nacional de Colombia
β£ Industry: Healthcare / Education
β
The actor claims the data was extracted on May 2, 2026 from a production server that remains running and accessible on the internet. The listing emphasizes an open MySQL port (3306) exposed publicly, presenting an immediate lateral movement opportunity for any buyer looking to pivot into the internal network. Price is set at $1,500 XMR.
β
What's in it:
β
βͺοΈ 8 databases / 197 tables (full schema + real data)
βͺοΈ REDCap clinical research platform: 639 user accounts, SHA-512 hashes with 100-char salts, TOTP seeds in plaintext, 10K+ patient records, clinical notes, research project files
βͺοΈ Hospital pharmacy system: 22 users with plaintext passwords, 10K drug transactions with prices and suppliers
βͺοΈ Employee directory: 583 staff members with full names, national ID numbers, job titles, personal emails
βͺοΈ WordPress multisite intranet: internal communications, API keys, admin PII, login logs with timestamps
βͺοΈ Server fingerprint: Apache 2.4.17 / PHP 5.6.23 on Windows
βͺοΈ Live proof: open MySQL port 3306, valid SSL cert until October 2026, active phpMyAdmin (IP-restricted)
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
βΌοΈπ³π΄ Fredrikstad Municipality of Norway (fredrikstad.kommune.no) has allegedly been breached, with an Active Directory user dump leaked containing employee information from the government sector.
β
β£ Threat Actor: kaya
β£ Category: Data Leak
β£ Victim: Fredrikstad Municipality
β£ Industry: Government / Public Sector
β
The actor claims to have uploaded an active directory dump from the Norwegian municipality, exposing general information about all employees working in the government sector.
β
What's in it:
β
βͺοΈ Active Directory entries (LDAP / DirectoryEntry)
βͺοΈ User IDs, CN (Common Name), DN (Distinguished Name)
βͺοΈ Employee names
βͺοΈ Organizational unit (OU) information
βͺοΈ Account enabled status
βͺοΈ UPN (User Principal Name) and email addresses
βͺοΈ Department, role, and job titles
βͺοΈ Phone and mobile numbers
βͺοΈ Manager and ManagerDN information
βͺοΈ Street addresses
βͺοΈ SIP information
βͺοΈ hasChildren and isOU flags
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
β
β£ Threat Actor: kaya
β£ Category: Data Leak
β£ Victim: Fredrikstad Municipality
β£ Industry: Government / Public Sector
β
The actor claims to have uploaded an active directory dump from the Norwegian municipality, exposing general information about all employees working in the government sector.
β
What's in it:
β
βͺοΈ Active Directory entries (LDAP / DirectoryEntry)
βͺοΈ User IDs, CN (Common Name), DN (Distinguished Name)
βͺοΈ Employee names
βͺοΈ Organizational unit (OU) information
βͺοΈ Account enabled status
βͺοΈ UPN (User Principal Name) and email addresses
βͺοΈ Department, role, and job titles
βͺοΈ Phone and mobile numbers
βͺοΈ Manager and ManagerDN information
βͺοΈ Street addresses
βͺοΈ SIP information
βͺοΈ hasChildren and isOU flags
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
βΌοΈπ¬πΉ Universidad Da Vinci de Guatemala has allegedly been breached, with a massive student database leaked containing PII and student photos.
β
β£ Threat Actor: Dianna
β£ Category: Data Leak
β£ Victim: Universidad Da Vinci de Guatemala
β£ Industry: Education / University
β
The actor claims to have exploited a poorly configured WAF security system to extract student data via exposed APIs (one for photos, one for personal information). The leak includes 98,099 JSON files and 16,000 student photos.
β
What's in it:
β
βͺοΈ 98,099 JSON files containing student records
βͺοΈ 16,000 photos of students
βͺοΈ IDU (student ID)
βͺοΈ Full names (Nombre, Apellidos)
βͺοΈ Identification / CIF numbers
βͺοΈ Civil status (Estado Civil)
βͺοΈ Date of birth (Fecha Nacimiento)
βͺοΈ Place of birth (Lugar Nacimiento)
βͺοΈ Address (Direccion)
βͺοΈ Department, Municipality, Zone
βͺοΈ Cellular and home phone numbers
βͺοΈ Additional phone numbers
βͺοΈ Email addresses (Correo)
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
β
β£ Threat Actor: Dianna
β£ Category: Data Leak
β£ Victim: Universidad Da Vinci de Guatemala
β£ Industry: Education / University
β
The actor claims to have exploited a poorly configured WAF security system to extract student data via exposed APIs (one for photos, one for personal information). The leak includes 98,099 JSON files and 16,000 student photos.
β
What's in it:
β
βͺοΈ 98,099 JSON files containing student records
βͺοΈ 16,000 photos of students
βͺοΈ IDU (student ID)
βͺοΈ Full names (Nombre, Apellidos)
βͺοΈ Identification / CIF numbers
βͺοΈ Civil status (Estado Civil)
βͺοΈ Date of birth (Fecha Nacimiento)
βͺοΈ Place of birth (Lugar Nacimiento)
βͺοΈ Address (Direccion)
βͺοΈ Department, Municipality, Zone
βͺοΈ Cellular and home phone numbers
βͺοΈ Additional phone numbers
βͺοΈ Email addresses (Correo)
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
βΌοΈ 4VPS[.]su a Russian service provider since 2017 used by forums, the com, ransomware groups, and many other cybercrime websites is allegedly exit-scamming.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
π4β€1
βΌοΈπ¨π A threat actor known as NearLeVrai/PwndLeVrai claims to have exploited a SQL vulnerability on samaritermuensingen.ch, a Swiss samaritan/first aid organization website.
The actor has made the extracted SQL database dump freely available for download.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
The actor has made the extracted SQL database dump freely available for download.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
Bro lost over $16,000 to his own mistake and thinks people will help him. π¬
Dread: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad[.]onion/post/d4906fcf849a26ddc027
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
Dread: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad[.]onion/post/d4906fcf849a26ddc027
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
π1
After 25 years, Ask Jeeves (ask.com) has shut down as of yesterday.
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
π6
This probably doesn't apply to any of you, but this thread on Dread goes into if you have gotten a package seized, received a love letter from the Postal Inspector, different scenarios and what to do.
This relates to buying/selling on Darknet Markets.
Dread: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad[.]onion/post/dd338bf888d14d1cbd6b
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
This relates to buying/selling on Darknet Markets.
Dread: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad[.]onion/post/dd338bf888d14d1cbd6b
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
Someone was gracious enough to check out the VECT Ransomware decryptor I found. Go read their findings! π
https://x.com/DarkWebInformer/status/2050680990822011209
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
https://x.com/DarkWebInformer/status/2050680990822011209
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
X (formerly Twitter)
Dark Web Informer (@DarkWebInformer) on X
Someone was gracious enough to check out the VECT Ransomware decryptor I found. Go read their findings! π
βΌοΈ New Dark Web Informer Blog Post!
Title: The cPanel Situation Is Spiraling Fast
Link: https://darkwebinformer.com/the-cpanel-situation-is-spiraling-fast/
Title: The cPanel Situation Is Spiraling Fast
Link: https://darkwebinformer.com/the-cpanel-situation-is-spiraling-fast/
Dark Web Informer
The cPanel Situation Is Spiraling Fast
On April 29, CVE-2026-41940 was disclosed: a critical pre-authentication bypass in cPanel/WHM that lets remote attackers skip the login flow entirely and gain elevated access. Within 24 hours, it was already being weaponized. Censys watched the fallout inβ¦
βΌοΈ cPanelSniper: CVE-2026-41940 - cPanel & WHM Authentication Bypass via Session-File CRLF Injection
GitHub: https://github.com/ynsmroztas/cPanelSniper
CVE-2026-41940 - cPanel & WHM Authentication Bypass via Session-File CRLF Injection
4-stage exploit chain Β· Interactive WHM Shell Β· Bulk scanner Β· Pipeline ready Β· stdlib only
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
GitHub: https://github.com/ynsmroztas/cPanelSniper
CVE-2026-41940 - cPanel & WHM Authentication Bypass via Session-File CRLF Injection
4-stage exploit chain Β· Interactive WHM Shell Β· Bulk scanner Β· Pipeline ready Β· stdlib only
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
β€2π₯2
CVE-2026-41940: WebPros cPanel and WHM Authentication Bypass via Login Flow PoC
https://github.com/adriyansyah-mf/cve-2026-41940-poc
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
https://github.com/adriyansyah-mf/cve-2026-41940-poc
________________________________________
Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations
GitHub
GitHub - adriyansyah-mf/cve-2026-41940-poc
Contribute to adriyansyah-mf/cve-2026-41940-poc development by creating an account on GitHub.
β€2