Dark Web Informer - Cyber Threat Intelligence

A threat actor using the alias shabat is advertising the sale of unauthorized access to France's SIV (Système d'Immatriculation des Véhicules), the country's official national vehicle-registration system.

A threat actor using the alias Saturne has posted what they describe as the database of FHF.fr, the official website of the Fédération Hospitalière de France (French Hospital Federation), which represents public healthcare and medico-social institutions and runs a major job board for the public health sector.

A threat actor using the alias Kazu is extorting Meducar (meducar.com), a Latin American telemedicine and patient-management platform owned by Grupo Cormos, an Argentine health-tech company.

A threat actor using the alias ChimeraZ has posted what they describe as the database of Whise.eu, a European real-estate CRM used by agencies and agents to manage leads, properties, and transactions.

A threat actor using the alias TomTom has posted what they describe as the member database of Stockaholics.net, a US-based online forum for stock-market, trading, cryptocurrency, and financial-market discussion.

A threat actor using the alias NightBroker has posted what they describe as the database of Deliware (deliware.app), an Indian food-delivery app serving restaurant owners, delivery drivers, and customers.

A threat actor using the alias xMetah has posted what they describe as a database from laregion.fr, the official site of France's Région Occitanie (Pyrénées-Méditerranée), one of the country's regional governments.

A forum user posting under the alias ctyzn, identifying as a concerned citizen, claims to have documented multiple recent government data exposures affecting Magelang City, Indonesia.

A threat actor using the alias Kazu is extorting ConsultorioMovil (consultoriomovil.net), a telemedicine and healthcare platform owned by Grupo Cormos (Cormos S.A.), an Argentine health-tech company.

A threat actor using the alias Kazu is extorting SaludTools (saludtools.com), a Colombian health-tech company that provides a cloud-based practice-management and electronic medical record (EMR/EHR) platform for physicians, clinics, and healthcare professionals.

Real-time uptime for Dark Web Informer's threat-intel feeds, APIs, and platform. Monitored continuously, refreshed every minute.

Live status, uptime, and verified .onion mirrors for active darknet markets. Real-time monitoring updated continuously by Dark Web Informer.

A threat actor using the alias ChimeraZ has posted what they describe as the database of Ouestfrance-Immo.pro (ouestfrance-immo.com), a French digital platform built for real-estate professionals and property marketing services.

A threat actor using the alias S0BER is advertising the sale of a claimed ~13.9 GB dataset of around 10,290 files across three RAR archives, spanning 2003 to 2026, said to be stolen from PiniWeb / Editora Pini (piniweb.com.br), a Brazilian information company that has served the construction industry since 1948.

A threat actor using the alias 0xSec has posted what they describe as a small database from Timer Immobilier, a specialized French real-estate agency and online platform that runs a transparent “interactive sale” (auction-style) system for property buyers and sellers.

A threat actor using the alias ChimeraZ has posted what they describe as a partial database of MaGestionLocative (magestionlocative.fr), a French property management software platform used by landlords and real-estate professionals.

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

CVE-2026-48907 is a critical unauthenticated remote code execution flaw in the Joomla Content Editor (JCE), the most widely installed editor extension for Joomla.

A threat actor using the alias ChimeraZ has posted what they describe as the database of TakTikimmo (taktikimmo.fr), a French professional real-estate software platform that helps agencies manage property listings, client relationships, and sales processes.

A threat actor using the alias Rhodes is advertising the sale of a claimed 116GB dataset of around 125,000 files said to be stolen from VNIIR-M, described in the listing as a Russian scientific research institute focused on radio communications and electronic defense and involved in defense-related R&D.