Dark Web Informer - Cyber Threat Intelligence

CVE-2026-39987 is a critical pre-authentication remote code execution flaw in Marimo, a popular open-source reactive Python notebook framework and a modern alternative to Jupyter with roughly 19.6k GitHub stars.

A threat actor using the alias Moelester claims to be selling a dataset allegedly originating from Swiss Medical, a major Argentine private healthcare and health-insurance company.

A threat actor using the alias ChimeraZ claims to have leaked a database allegedly belonging to Amepi (Amanda), described as the leading French cooperative platform for sharing exclusive listings among real-estate agencies.

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Mindpath College Health, a US provider of mental and behavioral health services for college students, has been listed on a ransomware group's data-leak site.

Fortinet has disclosed a critical authentication bypass affecting FortiClient Endpoint Management Server (EMS).

A threat actor using the alias ChimeraZ claims to have leaked a database allegedly belonging to EnVisite, a French platform for real-estate virtual tours used by agents to create and share interactive property presentations.

A threat actor using the alias ChimeraZ claims to have leaked a database allegedly belonging to Figaro Immobilier / Explorimmo, a French real-estate platform offering property listings for sale, rent, and vacation stays.

A threat actor using the alias xMetah claims to be selling a database allegedly belonging to Resana, a French government collaboration platform hosted on the state's numerique.gouv.fr domain.

A threat actor using the alias bacen claims to hold 43,847,219 Brazilian iFood customer records, said to include CPF national IDs, full names, emails, phone numbers, and credit-card data.

A threat actor using the alias henrymartin has posted what is described as the full leak of EasyPay, a now-defunct Bermudian financial service that processed transactions between individuals and businesses.

A threat actor using the alias azazeljakel claims to have gained administrator access to preparados.gob.mx, a training portal of Mexico's Coordinación Nacional de Protección Civil (Civil Protection authority), and to have exfiltrated the user list.

A threat actor using the alias ChimeraZ claims to have leaked a database allegedly belonging to FNHPA (Fédération Nationale de l'Hôtellerie de Plein Air), the main professional organization representing campsite and outdoor-hospitality operators in France.

A threat actor using the alias MagoSpeak claims to have leaked a database allegedly belonging to Instituto Tecnológico de Zacatepec, a public technological institute in Morelos, Mexico.

A threat actor using the alias Databasehooligan claims to be selling a dataset allegedly originating from Nitaqat (nitaqat.com.sa), a Saudi Arabian portal. The listing describes around 437,000 records organized into contacts, support tickets, and booking history, said to include direct contact details, business information, and related notes.

A threat actor using the alias Sorb claims to be selling a database allegedly belonging to Tripocity, a UK B2B transport-management company specializing in coach and minibus travel across the UK and Europe.

A threat actor using the alias Sorb claims to be selling a database allegedly belonging to EcoAssist, a Brazilian reverse-logistics and ESG (waste management) company.

A threat actor using the alias Sorb claims to be selling a full database allegedly belonging to Koufu, a Singaporean food and beverage company operating food courts, coffee shops, and casual eateries.

A threat actor using the alias ChimeraZ claims to have leaked a database allegedly belonging to Socotec, a French testing, inspection, certification, and technical-consulting company serving construction, infrastructure, real estate, and industrial projects.

A threat actor using the alias kr0x6 claims to hold live access to an administrative portal of an unnamed Spanish public-management entity, covering 371 accounts where employee bank details for payroll deposits can allegedly be modified.