Dark Web Informer - Cyber Threat Intelligence

German law enforcement has dismantled the relaunched version of the criminal online marketplace "Crimenetwork" and arrested its alleged operator on the Spanish island of Mallorca, the Federal Criminal Police Office (BKA) and the Frankfurt Public Prosecutor's Office's cybercrime unit (ZIT) announced on May 8, 2026.

Alan Bill, a 33-year-old Slovakian man from Bratislava, was sentenced Thursday to 200 months (16 years and 8 months) in federal prison by U.S. District Judge Cristian M. Stevens for his role in operating Kingdom Market, a darknet marketplace that ran from March 2021 to December 2023.

A threat actor claims to have leaked a database from Meetic, a major French online dating platform, releasing 7,169,561 records for free under the hashtag #freebreach3d.

A threat actor is selling a 243 million record dataset attributed to credilink.com.br, described in the post as a Brazilian credit information and risk analysis provider serving financial institutions and retailers.

A threat actor claims to have leaked a database from LDLC, a major French retailer of computers, components, smartphones, and gaming/audio/TV equipment, releasing 1,504,635 records for free under the hashtag #freebreach3d.

A threat actor is advertising what they describe as a US banking / premium credit client dataset tied to communitychoicecu.com, releasing a 1M+ record sample with full card numbers, names, issuing banks, and addresses.

Ivanti has issued an urgent security advisory for its Endpoint Manager Mobile (EPMM) product, disclosing five vulnerabilities including one that is actively exploited in the wild.

A threat actor claims to be selling a 2.47GB CSV database from real estate platform homes.at.world, totaling 7,023,773 lines split between 4,883,773 agent records and 2,140,000 investor records.

A threat actor claims to be selling live, authenticated admin panel access to a major US Non-Emergency Medical Transportation (NEMT) platform, advertising real-time control over operations rather than a static dump.

A threat actor claims to have compromised TuID Digital, the digital identity platform operated by Uruguayan state-owned telecom Antel, by obtaining the API key stored alongside internal files on Antel’s server backend.

A threat actor describing themselves as specializing in “stealing medical data” claims to have breached Mexican clinical lab Laboratorios CEFLO, releasing the dataset for free out of stated retaliation after the lab allegedly ignored a paid pentest offer.

A threat actor claims to be selling a customer database from a Belgian sports/fitness business (gym branding visible in the post as “ANIMO”), advertising it as containing 105,000 customers with full IBAN banking details. The seller is offering tiered pricing with $90 per 1,000 customers or $8,500 for the full dataset.

A threat actor claims to have re-dumped the moreideas.ae database, stating this version is “more juicy than before” and dating the breach to May 2026

A threat actor claims to have leaked a database from Indonesia’s Ministry of Energy and Mineral Resources (Kementerian ESDM), specifically the list of distributors for general commercial business entities of fuel oil for the second semester of 2025

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

A newly disclosed remote access trojan (RAT) is quietly turning a built-in Windows feature into a credential-harvesting weapon, and what makes it particularly worrying is that it never has to touch your phone to steal codes meant for it.

When most people picture a darknet drug bust, they imagine cinematic scenes of hooded figures and underground servers. The reality, as a New South Wales Police operation revealed this week, looks a lot more mundane: a quiet street in Sydney's southwest, a 6:40am knock on the door, and a hard drive holding the keys to a multimillion-dollar bitcoin wallet.

The Apache Software Foundation has released security updates to address several vulnerabilities in Apache HTTP Server, including a critical double-free memory corruption flaw that can lead to denial-of-service and potentially remote code execution.

Palo Alto Networks warned customers today that a critical unpatched vulnerability in PAN-OS is being actively exploited in attacks targeting internet-exposed firewalls.

Weaver E-cology RCE Flaw Actively Exploited via Exposed Debug API