Dark Web Informer - Cyber Threat Intelligence

CVE-2026-20230 is an unauthenticated, remote server-side request forgery (SSRF) vulnerability in Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME).

A threat actor using the alias l1ghtSoulHem, posting for "SoulHemTeam," claims to have breached the IEEA (State Institute for Adult Education) in Campeche, Mexico, and leaked a database tied to campeche.inea.gob.mx.

A threat actor using the alias DumpsecV2 ("Dumpsec") claims to be selling a large dataset stolen from Carvivo, a French SaaS provider whose "Carvivo Contact" platform manages automotive sales leads for car dealerships across Europe.

A threat actor using the alias malconguerra2 claims to be selling a confidential dataset attributed to SUNACOOP, Venezuela's national superintendency of cooperatives.

A threat actor using the alias Hermes_Olymp, posting on behalf of "Olympus_Group," claims to have leaked 10,000+ records from the RPP Nayarit, the public property registry of Nayarit state, Mexico.

A threat actor using the alias spain claims to be selling a 109.79 GB customer database stolen from Iberdrola, one of the world's largest electricity utilities, and lists the domain iberdrola.es.

A threat actor using the alias malconguerra2 claims to be selling a 30 GB confidential dataset attributed to SENIAT, Venezuela's national tax and customs authority.

A threat actor using the alias sativa claims to have leaked a database dump attributed to INEGI, Mexico's national statistics institute, allegedly sourced from internal GOB.MX services.

A threat actor using the alias hackformetome claims to be selling persistent web-shell access and a related exploit to a compromised NASA .gov web application, advertising remote code execution and the ability to pivot into internal network ranges.

A threat actor using the alias 2019 claims to have leaked a database allegedly belonging to Hampr, an Australian workplace food and catering management platform used by businesses to organise office meals, corporate catering, pantry supplies, and workplace events.

CVE-2026-39987 is a critical pre-authentication remote code execution flaw in Marimo, a popular open-source reactive Python notebook framework and a modern alternative to Jupyter with roughly 19.6k GitHub stars.

A threat actor using the alias Moelester claims to be selling a dataset allegedly originating from Swiss Medical, a major Argentine private healthcare and health-insurance company.

A threat actor using the alias ChimeraZ claims to have leaked a database allegedly belonging to Amepi (Amanda), described as the leading French cooperative platform for sharing exclusive listings among real-estate agencies.

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Mindpath College Health, a US provider of mental and behavioral health services for college students, has been listed on a ransomware group's data-leak site.

Fortinet has disclosed a critical authentication bypass affecting FortiClient Endpoint Management Server (EMS).

A threat actor using the alias ChimeraZ claims to have leaked a database allegedly belonging to EnVisite, a French platform for real-estate virtual tours used by agents to create and share interactive property presentations.

A threat actor using the alias ChimeraZ claims to have leaked a database allegedly belonging to Figaro Immobilier / Explorimmo, a French real-estate platform offering property listings for sale, rent, and vacation stays.

A threat actor using the alias xMetah claims to be selling a database allegedly belonging to Resana, a French government collaboration platform hosted on the state's numerique.gouv.fr domain.

A threat actor using the alias bacen claims to hold 43,847,219 Brazilian iFood customer records, said to include CPF national IDs, full names, emails, phone numbers, and credit-card data.