Daily Dose of Dark Web Informer - May 14th, 2026
This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
Dark Web Informer - Cyber Threat Intelligence
CVE-2026-20182: Critical Cisco SD-WAN Auth Bypass Under Active Exploitation
Cisco has disclosed and patched CVE-2026-20182, a maximum-severity authentication bypass affecting Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager.
Burkina Faso Passport & ID Records Allegedly Leaked: 50K+ Scanned Identity Documents Exposed Online
A threat actor is advertising a massive collection of allegedly leaked Burkina Faso identity documents, claiming the archive contains more than 50,000 scanned passports and national ID cards in original PDF quality.
Xacria XNO Allegedly Breached: 446 Service Orders and Subscriber PII Exposed From the Italian Carrier-Grade Telecom Network Orchestration Platform Used by FASTWEB and SKY ITALIA
A threat actor claims to have breached Xacria XNO (Xacria Network Orchestrator), a carrier-grade, cloud-native network orchestration platform used by Tier 1, 2, and 3 telecommunications operators in Italy for zero-touch provisioning and automation of fiber broadband, mobile, and enterprise network services.
mutreasury Allegedly Breached: Admin Credentials and API Keys Exposed From the Egyptian University Payment Gateway Covering 28+ Universities, Sold With a Zero-Day Vulnerability
A threat actor is selling a database from mutreasury, the centralized payment gateway connecting more than 28 Egyptian universities for tuition, application fees, and other student payments.
Daily Dose of Dark Web Informer - May 13th, 2026
This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
German National Indicted Over Money Laundering Tied to Defunct "Dream Market" Darknet Marketplace
Federal prosecutors have charged Owe Martin Andresen, a 49-year-old German citizen believed to have served as the lead administrator of the once-massive darknet marketplace Dream Market, with laundering more than $2 million in proceeds tied to the site's commission accounts. German authorities arrested Andresen last week on parallel charges of their own.
NTN Bearing Corporation of America Allegedly Hit by PayoutsKing Ransomware: 596 GB Exfiltrated From the American Ball and Roller Bearing Manufacturer, Including US Army JLTV Program Documents
A threat actor operating under the PayoutsKing brand (self-described as “Not RaaS”) has listed NTN Bearing Corporation of America on its extortion leak site, claiming to have exfiltrated 596 GB of data from the American manufacturer, a subsidiary of the global bearing maker NTN Corporation with revenue of $1.5B and approximately 4,700 employees.
SIVVI Allegedly Breached: Approximately 300,000 Customer Records Reposted From the Dubai-Based Fashion E-Commerce Platform
A threat actor is reposting the previously reported SIVVI database for sale, listing approximately 300,000 UAE customer records from the Dubai-based fashion e-commerce platform founded in 2014 and now owned by noon.
Ministry of Health of Vietnam Allegedly Breached Exposing 480,000 Medical Staff Records From the Vietnamese Government Health Authority
A threat actor claims to have exfiltrated a database from the Ministry of Health of Vietnam containing over 480,000 sensitive records, including the personal data of doctors, nurses, and medical staff.
Akitatek Allegedly Breached Exposing 5,400 Customer Records From the French IT Services and Electronics Repair Company
A threat actor is leaking the customer database of Akitatek, a French IT services and electronics repair company.
Daily Dose of Dark Web Informer - May 12th, 2026
This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
FutureShop Egypt Allegedly Breached Exposing Thousands of Customer, Order, and Delivery Records From the Egyptian Grocery Delivery Platform
A threat actor claims to have breached FutureShop Egypt, an Egyptian grocery delivery platform, by exploiting an entirely exposed API that required no authentication.
Public Authority for Civil Information Allegedly Breached Exposing 5.23 Million Kuwaiti Citizen Records From the Kuwaiti Government Identity Authority
.dwi-post,
.dwi-post * {
font-family: 'Inter', -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
}
.dwi-post {
--dwi-card: rgba(127, 127, 127, 0.06);
--dwi-border: rgba(127, 127, 127, 0.18);
--dwi-muted: rgba(127, 127, 127, 0.85);
--dwi-cyan: #38bdf8;
--dwi-amber: #fbbf24;
max-width: 680px;
margin: 0 auto;
font-size: 16px;
line-height: 1.65;
font-feature-settings:
Daily Dose of Dark Web Informer - May 11th, 2026
This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
KAMS PARIS Allegedly Breached Exposing 187,927 Customer Records From the French Niche Perfumery
A threat actor is selling the customer database of KAMS PARIS, a Parisian niche perfumery founded in 1960 and located at 6 Avenue de l’Opéra, specializing in rare niche perfumes, skincare, and beauty products with delivery across Europe.
SAWTAD Allegedly Leaked Exposing 2,211 Files (2.19 GB) of SAW Sensor Diaper Tech R&D and SPMet Metrology Archive
A threat actor is selling a full archive described as one of the deepest technical leaks in the field of Surface Acoustic Wave (SAW) sensors and their application in smart diapers (Smart Diaper / Wetness Sensing).
Google Threat Intelligence Group Reports First Known AI-Developed Zero-Day Exploit
Google's Threat Intelligence Group has documented what it describes as the first confirmed instance of threat actors leveraging artificial intelligence to engineer a zero-day exploit, marking a significant escalation in how AI is being weaponized for cyberattacks.
Mansoura University Allegedly Leaked Exposing 731 Contact Records From the Egyptian Academic Institution
Mansoura University Allegedly Leaked Exposing 731 Contact Records From the Egyptian Academic Institution
German Authorities Shut Down Revived "Crimenetwork" Platform, Arrest Operator on Mallorca
German law enforcement has dismantled the relaunched version of the criminal online marketplace "Crimenetwork" and arrested its alleged operator on the Spanish island of Mallorca, the Federal Criminal Police Office (BKA) and the Frankfurt Public Prosecutor's Office's cybercrime unit (ZIT) announced on May 8, 2026.
A real-time cyber threat intelligence platform that monitors the dark web and clearnet for data breaches, ransomware campaigns, darknet market activity, leaked databases, and active threat actors.