D 3 B B Y ❤️

I tested dual-boot, WSL2, and VMs to run Linux apps on Windows, and only one was worth keeping bit.ly/4d39eWS

Excel Boss Moves

I added another new API endpoint for compromise lookups. One request for a domain or organization will provide data on whether either were compromised against the Ransomware feed, Threat feed, Whiteintel stealer lookup, and HIBP breach lookup. Review the note at the top of the API pages. Interested in subscribing: darkwebinformer.com/api-details/

🇫🇷 🚨 A threat actor on a cybercrime forum is claiming to have extracted data from France’s public health-related platform sante.gouv.fr. According to the post, the actor alleges that more than 26,000 beneficiary-related records were collected from publicly accessible data sources and shared sample fields allegedly linked to organizational and financial information. The post also advertises the sale of an alleged scraper tool used to collect the data. At this time, the claims remain unverified, and there is no official confirmation regarding the authenticity, scope, or sensitivity of the alleged dataset. While the actor describes the source as “public,” aggregation and redistribution of large-scale records can still create privacy and security concerns, especially when datasets are centralized and enriched. Potential risks may include: • Targeted phishing campaigns • Profiling and data enrichment • Fraud and impersonation attempts • Abuse of organizational or beneficiary records #DDW #Intelligence #France #CyberSecurity #DataLeak #DarkWeb #InfoSec

Weekly Triage: 1,134 new vulnerabilities found, including a 9.8 critical bypass in cPanel/WHM and active Express.js logic flaws. Patch your systems now. #VulnerabilityDigest #CVE202641940 #InfoSec #CyberSecurity #ZeroDay #PatchManagement securityonline.info/weekly-vulnera…

A member of a #Darkweb forum allegedly #Breached Matomo[.]org Format: sql all raw: 13,523 GB: 12.6 #DataBreach #Darkweb

Canonical Ubuntu put together a good blog post on Copy Fail (CVE-2026-31431). Including mitigation methods. ubuntu.com/blog/copy-fail…

🇨🇳 🎥 A threat actor on a cybercrime forum is claiming to have released the source code of an alleged mass-reporting bot targeting Kuaishou, one of China’s largest short-video platforms. According to the post, the tool was allegedly designed to automate coordinated reporting campaigns against user profiles and videos in an attempt to trigger account suspensions or content takedowns at scale. The actor claims the system abused authenticated GraphQL reporting endpoints, rotating session cookies, and automated reporting workflows to bypass moderation protections and submit bulk trust-and-safety reports. The post further alleges the tool supported: • Automated mass-report campaigns • Multi-threaded account operations • Rotating session-cookie authentication • Bulk targeting of videos and user profiles • Dynamic cookie loading and automated reporting rounds At this time, these claims remain unverified, and there is no official confirmation regarding the authenticity or operational effectiveness of the alleged tool. If legitimate, tools like these could pose risks including: • Coordinated platform abuse • False moderation enforcement • Targeted censorship or harassment campaigns • Mass account disruptions • Manipulation of trust-and-safety systems The incident highlights the growing abuse of automated moderation-reporting systems and the importance of anomaly detection, rate limiting, session integrity controls, and anti-automation protections within social media ecosystems. #DDW #Intelligence #China #Kuaishou #CyberSecurity #SocialMedia #InfoSec #DarkWeb

🇳🇬 A threat actor on a cybercrime forum is claiming to have leaked data allegedly associated with Lagos State University (LASU). According to the post, the exposed dataset allegedly contains: • Email addresses • Passwords and password hashes • Full names • Gender information • Enrollment year data • Academic discipline records • Internal user identifiers The actor shared a download link publicly and claimed the database was released for free. At this time, the claims remain unverified, and there is no official confirmation regarding the authenticity, scope, or source of the alleged dataset. If authentic, exposure of university-related credentials and student records could increase the risk of: • Credential stuffing attacks • Academic account compromise • Phishing and impersonation campaigns • Unauthorized access to university systems • Identity theft targeting students and staff Users who may be affected are advised to reset reused passwords immediately, enable multi-factor authentication where available, and remain cautious of suspicious emails or login requests. #DDW #Intelligence #Nigeria #LASU #CyberSecurity #DataLeak #DarkWeb #InfoSec

A member of a #darkweb forum allegedy #Breached 10 million car insurance USA data Type: #USA Car Insurance Format: xlsx Records: 10.000.000+ Data: Name, Address, City, State, Phone, Car Type, Manufacturer, Model, Body, VIN, Gender, Claim Amount Price:  (Negotiable)

you can implement inheritance in C with one trick: make the parent struct the first member cast the child pointer to parent* and it works perfectly because C guarantees the first member is at offset 0. this is exactly how the linux kernel does OOP.

MetaMask makes buying SOL simple and secure.

Anthropic opens Claude Security to public beta for enterprise customers, enabling AI-driven vulnerability detection, scan scheduling, exports, and low-friction deployment alternativeto.net/news/2026/5/an…

‼️🇮🇱 Crocs Israel (crocs.co.il), the Israeli branch of the global footwear brand, has allegedly been breached, with a customer database of 852,520 records leaked. ⠀ ‣ Threat Actor: campfire ‣ Category: Data Leak ‣ Victim: Crocs Israel ‣ Industry: Retail / Footwear ⠀ The actor claims the breach occurred on May 3, 2026 and is selling the database for $350. ⠀ What's in it: ⠀ ▪️ 852,520 customer records ▪️ Customer ID ▪️ First and last names ▪️ Phone numbers ▪️ Email addresses ▪️ Addresses ▪️ Date of birth ▪️ Gender

🇫🇷 ☎️ A threat actor on a cybercrime forum is claiming to be reposting an alleged full database dump associated with ZenMobile France. According to the forum post, the dataset allegedly contains more than 15 million rows tied to ZenMobile, a France-based mobile virtual network operator (MVNO). The shared samples allegedly include: • Full names • Email addresses • Phone numbers • Physical addresses • Postal codes and city information • Birth dates • Subscription and participation-related records • Customer service / transaction status fields The actor also shared a download link and sample database entries. At this time, the claims remain unverified, and no official confirmation from ZenMobile has been observed. If confirmed, exposure of large-scale telecom customer data could significantly increase the risk of: • SIM-swapping attacks • Phishing and SMS-based scams • Identity theft • Credential stuffing attacks • Social engineering campaigns targeting telecom users Users potentially affected are advised to: • Monitor mobile accounts for suspicious SIM or number transfer activity • Enable MFA on sensitive accounts • Remain cautious of unsolicited SMS or phone calls • Change passwords if reused across services #DDW #Intelligence #France #ZenMobile #CyberSecurity #DataBreach #DarkWeb

write() doesn’t mean written to disk. it usually copies data into the page cache and returns. the kernel marks it dirty and flushes it later. your program thinks it’s done but the data may still only exist in memory.

🚨DDoS Alert: 🇮🇱 RuskiNet Group claims to have targeted the website of AeroSol (aerosol.co.il)

🇪🇹 A threat actor on a cybercrime forum is claiming to have breached National Oil Ethiopia PLC (NOC), alleging the exfiltration of multiple databases containing sensitive operational and personal data. According to the post, the allegedly compromised data includes: • Client and employee PII • Contracts and salary records • Email addresses and physical addresses • Internal operational and business data • ERP database contents reportedly exceeding hundreds of gigabytes The actor also claims the intrusion involved exploitation of Microsoft Exchange ProxyLogon vulnerabilities alongside post-exploitation tooling and lateral movement activity. At this time, the claims remain unverified, and there is no official confirmation regarding the authenticity or scale of the alleged breach. If confirmed, exposure of energy-sector operational data and employee records could create significant risks including: • Targeted phishing campaigns • Financial fraud • Supply chain exposure • Operational disruption • Intelligence collection against critical infrastructure entities #DDW #Intelligence #Ethiopia #CyberSecurity #DataBreach #DarkWeb #CriticalInfrastructure #InfoSec

on linux, you can restrict a process to a tiny set of syscalls anything else is blocked by the kernel. it’s called seccomp. containers and browsers use seccomp bpf to sandbox code. one mistake, and the kernel kills the process.

Before GitHub lucumr.pocoo.org/2026/4/28/befo…