Dark Web Informer - Cyber Threat Intelligence

A threat actor using the alias Sorb claims to be selling a database allegedly belonging to Tripocity, a UK B2B transport-management company specializing in coach and minibus travel across the UK and Europe.

A threat actor using the alias Sorb claims to be selling a database allegedly belonging to EcoAssist, a Brazilian reverse-logistics and ESG (waste management) company.

A threat actor using the alias Sorb claims to be selling a full database allegedly belonging to Koufu, a Singaporean food and beverage company operating food courts, coffee shops, and casual eateries.

A threat actor using the alias ChimeraZ claims to have leaked a database allegedly belonging to Socotec, a French testing, inspection, certification, and technical-consulting company serving construction, infrastructure, real estate, and industrial projects.

A threat actor using the alias kr0x6 claims to hold live access to an administrative portal of an unnamed Spanish public-management entity, covering 371 accounts where employee bank details for payroll deposits can allegedly be modified.

A threat actor using the alias sxcfox claims to have leaked a database allegedly belonging to ManoMano, a major French online marketplace for DIY, home improvement, and gardening.

A threat actor using the alias azazeljakel claims to have leaked the full database of DCI Group Mexico, described as an intermediary working with Mexican entities including the tax authority (SAT), social security institute (IMSS), and mortgage company Zéndere.

A threat actor group calling itself NCO Group (alias nco) claims to have leaked a MySQL database dump allegedly belonging to Vigorbuy.com, described as a Chinese B2C online retail marketplace.

A threat actor using the alias Edric is advertising a Mercedes automobile customer database said to contain 130,000+ records in Excel/CSV format.

Threat actors using the aliases PescobarLegado and NyxarGroup claim to be selling internal access and employee data allegedly belonging to ContactMaster BPO, described as a strategic partner of Claro Móvil Colombia.

A threat actor using the alias henrymartin claims to have leaked a database allegedly belonging to La Redoute, a major French multichannel retailer specializing in ready-to-wear apparel and home decor.

A threat actor using the alias yeblan claims to be selling private customer data from an unnamed AI chatting platform, offered in a structured format containing user and customer emails, the last four digits of payment cards, and subscription IDs.

A threat actor using the alias EbonCherub claims to be selling sensitive internal documentation allegedly belonging to MCI, Iran's largest mobile operator, covering systems described as mymci, ewano, shop mci and Developer_asset.

A threat actor using the alias MagoSpeak claims to have leaked a database allegedly belonging to Universidad Tecnológica de la Sierra Hidalguense, a public technological university in Hidalgo, Mexico.

A threat actor using the alias somewhere claims to have leaked a full database allegedly belonging to EduSal, described as a Romanian national educational platform used by teachers, school inspectors, and county education authorities to manage academic records and user accounts.

A threat actor using the alias giorggios claims to be selling 2.8 million records allegedly belonging to Parkingpay, described as the official digital platform widely used for paying and managing parking across Switzerland.

A threat actor using the alias zSenior claims that Ramen Kuroda, a Japanese ramen restaurant chain in the Philippines, suffered a cyber intrusion in May 2026 resulting in the full compromise of its customer database.

A threat actor using the alias sta6 claims to be selling a full source-code and database leak allegedly belonging to Sisplan Sistemas, a Brazilian ERP software house based in Indaial/SC operating since 1996.

A ransomware group is claiming to have collected data allegedly belonging to Mecanizados y Montajes Aeronáuticos, a Spanish aerospace manufacturing company serving major Tier 1 and OEM programs.

A threat actor on an underground forum is claiming to leak databases allegedly belonging to Avea Vacances, a French organization offering holiday camps and educational stays for children and teenagers.