A threat actor using the alias dezetat is advertising a database from Malaysia's Inland Revenue Board (LHDN / IRBM), taken from the MyTax portal, for $20,000.
A threat actor using the alias EvaN47 claims to have breached the Libyan Ministry of Education (moe.gov.ly) and is threatening to publish a 287GB dataset of students' data if the ministry does not make contact.
How a coordinated strike against a 2-million-device botnet exposes the hidden economy of residential proxies, and what it means for anyone with a connected device at home.
A threat actor using the alias Straightonumberone is selling what they describe as data stolen from Grupo ATC, a Mexican logistics conglomerate (comprising TLE, TLEA, and PHES), for $1,000 after a ransom negotiation reportedly failed.
A threat actor using the alias EvaN47 has posted what they describe as a breach of the Libyan Civil Aviation Authority (caa.gov.ly), advertising a roughly 300GB dataset spanning 2015 to 2026 with a contact for acquisition.
A threat actor using the alias lucy is advertising a private, one-time sale of what they describe as comprehensive data from Netim.com, a French domain registrar and hosting provider, for $5,000 in cryptocurrency.
CVE-2026-33017 is a critical unauthenticated remote code execution flaw in Langflow, the popular open-source visual framework for building AI agents and RAG pipelines.
A threat actor using the alias misere, crediting collaborators (ChimeraZ and NightBroker), has posted what they describe as a complete database breach of Pachatours (pachatours.fr / pachatours.pro), a French tour operator specializing in Hajj packages and Tunisian beach holidays.
A threat actor using the alias ChimeraZ has posted what they title “the EPM of the Le Pontet city,” framing it as a database from a juvenile penitentiary for minors aged 13 to 17, and claiming 62,172 lines (about 8.4MB) in CSV format.
Qilin ransomware has listed Musashino University in Japan on its leak site and posted sample documents allegedly stolen from the institution. Unverified.
DragonForce ransomware has published 8.67 GB of data allegedly stolen from VIP Imaging, a U.S. cardiac imaging provider in Anaheim, California. Unverified.
A threat actor using the alias pl4t0v has posted what they describe as a database from DETRAN SP, the motor-vehicle and identity authority of São Paulo state in Brazil, claiming 13 million lines (about 1.59GB) in SQLite format, and is sharing it for free.
A threat actor using the alias Saturne has posted what they describe as an 860MB data leak from Avícola El Madroño S.A. (avicolaelmadrono.com), a Colombian poultry and prepared-foods company based in Bucaramanga, and is sharing it for free.
A threat actor using the alias Kazu is extorting WELL Health Kensington Medical Centres (kmc.cortico.ca), a community medical clinic in Canada that provides family medicine, same-day appointments, virtual care, and specialist referrals to patients of all ages, operating as part of WELL Health Technologies on the Cortico platform.
A threat actor using the alias 0xSec has posted what they describe as the database of Flawireless, a US-based wholesaler of mobile phone accessories and refurbished electronics that also trades as Techy Extra.
A threat actor using the alias NormalLeVrai has posted a “comeback” teaser headlined as a leak of GOV.CO, the official digital platform of the Colombian government, claiming 4,300,002 records.
A threat actor using the alias D3spair157 (operating as “Sociedad Privada 157”) has posted what they describe as a data leak from the Secretaría de Educación del Estado de Durango (SEED), Mexico's Durango state education department, reportedly obtained using administrator credentials to its student-management portal.
A threat actor using the alias Saturne has posted what they describe as the customer database of leroymerlin.es, the official Spanish e-commerce site of Leroy Merlin, a major home-improvement and DIY retail chain.
Dark Web Informer
Checked
2 hours 31 minutes ago
A real-time cyber threat intelligence platform that monitors the dark web and clearnet for data breaches, ransomware campaigns, darknet market activity, leaked databases, and active threat actors.