Dark Web Informer

‼️ Footage of the LeakBase domain administrator getting arrested in Taganrog, Russia. techcrunch.com/2026/03/25/rus…

‼️🇺🇸 Senzing (sezning.com), a U.S.-based AI software company specializing in handling and cleaning complex data, has allegedly been breached, with 100,002 records leaked containing extensive PII. ⠀ ‣ Threat Actor: ijpys ‣ Category: Data Leak ‣ Victim: Senzing ‣ Industry: Software / AI / Data Management ⠀ What's in it: ⠀ ▪️ 100,002 records ▪️ Entity ID and Record ID ▪️ First name, last name, name suffix ▪️ Phone numbers ▪️ Social handles ▪️ SSN (Social Security Numbers) ▪️ Passport numbers ▪️ Gender ▪️ Date of birth ▪️ Driver's license numbers ▪️ Credit card account numbers ▪️ Full addresses (line 1, city, postal code, state)

Canonical Ubuntu put together a good blog post on Copy Fail (CVE-2026-31431). Including mitigation methods. ubuntu.com/blog/copy-fail…

‼️ CVE-2026-41940: A high-performance, multi-threaded security auditing tool designed to detect CVE-2026-41940, a critical Authentication Bypass vulnerability in cPanel & WHM. github.com/XsanFlip/poc-c…

The two IOC feeds will be relaunched Friday with a new UI, UX, and features. Much better than the current version. Stay tuned.

Your data is already out there. The question is whether you'll see it before someone uses it. Unredacted intel. Real-time threat feeds. Hundreds of daily alerts. Companies: darkwebinformer.com/api-details Individuals: darkwebinformer.com/pricing

‼️🇫🇷 Psycho-Prat (École de Psychologues Praticiens), a French psychology school, has allegedly been breached, with a 55 GB database and complete source code leaked. ⠀ ‣ Threat Actor: Spirigatito ‣ Category: Data Leak ‣ Victim: Psycho-Prat (École de Psychologues Praticiens) ‣ Industry: Education ⠀ The actor is offering the full 55 GB dataset for download. The leak includes student and teacher personal information, identity documents, course materials, account credentials, and the complete source code of the Psycho-Prat platform. ⠀ What's in it: ⠀ ▪️ 55 GB of total data ▪️ Student information including 11,447 documents: national ID cards, passports, IBANs, diplomas, applications + database ▪️ 10,506 photos of students and teachers ▪️ 5,521 course documents (valued at $8,000) ▪️ All Psycho-Prat accounts and connection logs ▪️ Complete Psycho-Prat source code totaling 85,424 files

Instructure key rotation: community.instructure.com/en/discussion/…

‼️ Instructure Holdings, Inc. (Canva LMS, instructure.com) and Cushman & Wakefield Inc. have been claimed by ShinyHunters

Most breach alerts arrive days or weeks late. By then, your data's been copied, mirrored, and resold. Dark Web Informer shows it as it happens. Companies: darkwebinformer.com/api-details Individuals: darkwebinformer.com/pricing

‼️🇪🇬 The Egyptian Ministry of Manpower (Ministry of Labour) has allegedly been breached, with 34,528 records of Egyptian workers abroad leaked for sale. ⠀ ‣ Threat Actor: CrowStealer ‣ Category: Data Leak ‣ Victim: Egyptian Ministry of Manpower (Ministry of Labour) ‣ Industry: Government / Labour ⠀ The actor states the data relates to Egyptian workers employed outside of Egypt and is offering the database for $100. ⠀ What's in it: ⠀ ▪️ 34,528 records of Egyptian workers abroad ▪️ ID, full name, and national number ▪️ Date of birth and gender ▪️ Marital status ▪️ Job title ▪️ Address (governorate, center, village, street) ▪️ Academic degree ▪️ Mobile and phone numbers ▪️ Email addresses ▪️ Passport number and passport expiration date ▪️ Account creation timestamps

I have posted several of these, here is another cPanel/WHM PoC... CVE-2026-41940: cPanel/WHM Authentication Bypass github.com/kmaruthisrikar…

Facts

Whether it's your data or your company's, threat actors aren't waiting to use it. Real-time alerts. Unredacted intel. Hundreds of alerts, daily. See what's exposed before it costs you. Companies: darkwebinformer.com/api-details Individuals: darkwebinformer.com/pricing

‼️🇫🇷 ZenMobile (zenmobile.fr), a French mobile virtual network operator (MVNO), has allegedly been re-leaked, with a database containing over 15 million rows reposted on a hacking forum. ⠀ ‣ Threat Actor: NormalLeVrai ‣ Category: Data Leak (Repost) ‣ Victim: ZenMobile ‣ Industry: Telecommunications / MVNO ⠀ The actor is reposting the 15M-France-zenmobile.fr-Mobile-Virtual-Network-Operator-FullDump-sql, originally circulated previously. ZenMobile operates as a French MVNO using major operator networks (Orange, SFR, Bouygues, Free) to provide phone and internet packages. ⠀ What's in it: ⠀ ▪️ 15+ million rows from ZenMobile ▪️ Customer IDs and titles (Mme/M.) ▪️ First and last names ▪️ Full postal addresses (street, building, city, postal code) ▪️ Phone numbers ▪️ Email addresses ▪️ Date of birth ▪️ Account creation dates ▪️ URLs accessed by customers (form/promo participation links) ▪️ Argumentation status / department codes ▪️ Marketing source (e.g., WebRivage) ▪️ Activity timestamps

‼️🇵🇦 MiniMed Panama, the largest private primary healthcare network in Panama, has allegedly been breached, with approximately 400,000 records leaked spanning patients, doctors, and medical imaging data. ⠀ ‣ Threat Actor: ohmydays (Waxx Org.) ‣ Category: Data Leak ‣ Victim: MiniMed Panama (Clínica Laboratorio) ‣ Industry: Healthcare ⠀ The actor claims access was obtained due to default credentials left on the client's systems by their vendor LATAM MAXIA. Two compromised systems were identified with weak credentials. MiniMed operates over 14 clinics and a hospital in Panama City. ⠀ What's in it: ⠀ ▪️ ~400,000 total records ▪️ usersdata (74,233): user PII, plaintext passwords, names, usernames, emails, phones, job titles, access levels ▪️ patients (156,869): patient PII, national IDs, names, gender, emails, phones, addresses, DOB, marital status, nationality ▪️ patientsexams (99,304): medical imaging records, patient names, DOB/age, gender, study descriptions, modalities, dates, referring doctors, report/image status ▪️ doctorsinfo (521): doctor PII, plaintext passwords, national IDs, names, emails, phones, specialty, doctor type, status ▪️ appointments (23,511): patient/doctor/radiologist/tech IDs, dates, study types, modalities, payment methods, organizations ▪️ appointmentsnames (23,507): appointment summaries, patient IDs/names, dates/times, study names, modalities, status

SOC teams need early signals, not post-incident summaries. Dark Web Informer monitors underground sources continuously and publishes intel in real time. Watch threats as they happen. 🛡️ darkwebinformer.com 🕵️ API: darkwebinformer.com/api-details/

SOC teams need early signals, not post-incident summaries. Dark Web Informer monitors underground sources continuously and publishes intel in real time. Watch threats as they happen. 🛡️ darkwebinformer.com 🕵️ API: darkwebinformer.com/api-details/

‼️🇮🇱 Crocs Israel (crocs.co.il), the Israeli branch of the global footwear brand, has allegedly been breached, with a customer database of 852,520 records leaked. ⠀ ‣ Threat Actor: campfire ‣ Category: Data Leak ‣ Victim: Crocs Israel ‣ Industry: Retail / Footwear ⠀ The actor claims the breach occurred on May 3, 2026 and is selling the database for $350. ⠀ What's in it: ⠀ ▪️ 852,520 customer records ▪️ Customer ID ▪️ First and last names ▪️ Phone numbers ▪️ Email addresses ▪️ Addresses ▪️ Date of birth ▪️ Gender

SOC teams need early signals, not post-incident summaries. Dark Web Informer monitors underground sources continuously and publishes intel in real time. Watch threats as they happen. 🛡️ darkwebinformer.com 🕵️ API: darkwebinformer.com/api-details/

‼️🇫🇷 Actradis (app.actradis.fr), a French B2B compliance and administrative document management platform, has allegedly been scraped, with over 305,000 records leaked across two distinct files. ⠀ ‣ Threat Actor: Lagui ‣ Category: Data Leak ‣ Victim: Actradis ‣ Industry: B2B / Compliance / Administrative Services ⠀ The actor claims the data was scraped just a day prior to posting and is completely fresh, never circulated elsewhere. Sample records show detailed corporate client and case-tracking information including invoices, supplier relationships, and internal communication histories. ⠀ What's in it: ⠀ ▪️ File 1 (clients_all.jsonl): 82,611 complete client entries - SIREN numbers, intra-community VAT numbers, company names - Full addresses, country, NAF codes (business activity) - Activity descriptions - Subscription/client status, file dossier creation and renewal dates - Mandate types (collection, insurance, diffusion, procurement) - Document counts, invoice counts, full invoice histories with amounts and dates - Supplier lists with SIREN, status, and relationship details ⠀ ▪️ File 2 (suivi_all.jsonl): 222,473 complete tracking entries - SIREN, VAT numbers, internal company device IDs - Commercial agent assignments, client status, action dates - Contact details: manager names, roles, emails, phone numbers - Internal notes and communication histories - Full historical logs (id_histo) with timestamps, commercial agent, communication type (call, mail, etc.), and message content