Dark Web Informer

‼️🇺🇸 A threat actor claims to be selling a Snapchat ATO (account takeover) method alongside a full account dump containing PII for $350,000. The post advertises the exploit as working on any device and interaction method, allegedly providing access to legitimate Snapchat domains. Claimed capabilities include capturing authentication tokens, API responses, partial card details, client IDs, session data, user identifiers, timestamps, keystroke data from payment forms, and stored session/local storage information.

‼️ Handala Hack just released a statement in response to having its domains seized earlier today by the FBI.

.@CCITIC_ORG has claimed to have taken down DarkForums. x.com/CCITIC_ORG/sta…

‼️⚠️ A threat actor is allegedly selling a WordPress core Remote Code Execution (RCE) 0-day exploit affecting versions 6.8.1 through 6.9.3. The Python-based exploit reportedly works with default settings and installations, requiring no authentication or user interaction. Proofs are available through the forum's guarantor service. Price: $125,000.

💥 The Combo List category on the threat feed will start to receive 30–70 more alerts per day going forward, possibly even more. Working on some more things...

‼️ Threat actor Tanaka has moved on from BreachForums and is now a trial mod on Spear.

‼️ Another BreachForums domain registration... forum is currently being tested. breachforums[.]ai

The DoJ has come out with a press release regarding the seizure of Handala's domains. justice.gov/opa/pr/justice…

88[.]214[.]24[.]107 🤷‍♀️

88[.]214[.]24[.]107 🤷‍♀️

breachforums[.]ac was updated with a message below their current one. 🤷‍♀️

worldmonitor.app darkwebinformer.com/world-monitor-…

World Monitor: Real-time global intelligence dashboard - AI-powered news aggregation, geopolitical monitoring, and infrastructure tracking in a unified situational awareness interface. GitHub: github.com/koala73/worldm…

‼️ All DF domains are down including mirrors/onion, giving a 522 error.

Video Credit: @PenguinDIY" target="_blank" rel="nofollow noopener">youtube.com/@PenguinDIY

How to make a DIY Super 20,000 mAh Power Bank (120W)

I disclosed an IP belonging to Handala back in December. However, this IP now goes to a cPanel page. It's not clear if this was part of the seizure or not. github.com/DarkWebInforme…

‼️ Handala's DLS has been seized by law enforcement. handala-hack[.]to

‼️🇺🇸 Berkadia Commercial Mortgage LLC has been given a final warning that if the ransom isn't paid over 5,000,000 Salesforce records will be leaked.

💥 One change is coming this weekend and another in the coming week. I will be removing the Pro/Elite feed. The only difference between that feed and the Plus feed is that the Pro/Elite feed has Ransomware, which is now entirely covered by the Ransomware feed. You will not be missing anything by using the current "Plus" feed and it will allow me to be more proactive with one threat feed rather than two. Another change coming up is there will be more "Logs" alerts on the threat feed in the coming week. I am finalizing those changes. More to come.