DragonForce Ransomware Leaks Data Allegedly Stolen from U.S. Healthcare Firm VIP Imaging
DragonForce ransomware has published 8.67 GB of data allegedly stolen from VIP Imaging, a U.S. cardiac imaging provider in Anaheim, California. Unverified.
Dark Web Informer - Cyber Threat Intelligence
Brazilian DETRAN SP Database of 13 Million Records Allegedly Leaked for Free
A threat actor using the alias pl4t0v has posted what they describe as a database from DETRAN SP, the motor-vehicle and identity authority of São Paulo state in Brazil, claiming 13 million lines (about 1.59GB) in SQLite format, and is sharing it for free.
Colombian Poultry Company Avícola El Madroño Allegedly Breached, 860MB of Data Leaked
A threat actor using the alias Saturne has posted what they describe as an 860MB data leak from Avícola El Madroño S.A. (avicolaelmadrono.com), a Colombian poultry and prepared-foods company based in Bucaramanga, and is sharing it for free.
PLAY Ransomware Allegedly Claims U.S. Firm J&J Gaming
A U.S. amusement, arcade & attractions company added to the PLAY ransomware data-leak site.
Canadian Clinic WELL Health Kensington Medical Centres Allegedly Breached, 307,000 Patient Records Held to Ransom
A threat actor using the alias Kazu is extorting WELL Health Kensington Medical Centres (kmc.cortico.ca), a community medical clinic in Canada that provides family medicine, same-day appointments, virtual care, and specialist referrals to patients of all ages, operating as part of WELL Health Technologies on the Cortico platform.
US Electronics Wholesaler Flawireless Allegedly Breached, Customer and Order Database Leaked
A threat actor using the alias 0xSec has posted what they describe as the database of Flawireless, a US-based wholesaler of mobile phone accessories and refurbished electronics that also trades as Techy Extra.
Alleged GOV.CO Colombia Leak Claims 4.3 Million Records, but the Posted Sample Is German Taxpayer Data
A threat actor using the alias NormalLeVrai has posted a “comeback” teaser headlined as a leak of GOV.CO, the official digital platform of the Colombian government, claiming 4,300,002 records.
Durango State Education Department Allegedly Breached, Exposing Records of Thousands of Primary School Children
A threat actor using the alias D3spair157 (operating as “Sociedad Privada 157”) has posted what they describe as a data leak from the Secretaría de Educación del Estado de Durango (SEED), Mexico's Durango state education department, reportedly obtained using administrator credentials to its student-management portal.
Leroy Merlin Spain Customer Database of Nearly 55,000 Records Allegedly Leaked
A threat actor using the alias Saturne has posted what they describe as the customer database of leroymerlin.es, the official Spanish e-commerce site of Leroy Merlin, a major home-improvement and DIY retail chain.
Alleged Full Texas Parks and Wildlife Database Offered for Sale After Confirmed Breach of 3.1 Million Records
.dwi-root *, .dwi-root *::before, .dwi-root *::after { box-sizing: border-box; }
.dwi-root {
--bg: #0a0e16;
--bg-2: #0d131f;
--ink: #e8eef7;
--ink-soft: #9fb0c7;
--ink-dim: #5d6b82;
--cyan: #34e0ff;
--cyan-deep: #0bb6da;
--amber: #ffb020;
--red: #ff4d5e;
--line: rgba(120, 160, 210, .14);
--line-2: rgba(120, 160, 210, .26);
--card:
Around 347,000 Ecuadorian Citizens' Facial and Biometric Records Allegedly Offered for Sale
A threat actor using the alias Albertcamus is advertising what they describe as a database of facial images and identity records for 347,178 Ecuadorian citizens.
Taxpayer Database From Mexico's Coahuila State Government Allegedly Leaked
Threat actors using the aliases M1sery157 and D3spair157 (operating as “Sociedad privada 157”) have posted what they describe as a database scraped from a Coahuila state government portal in Mexico.
Squidbleed: A 29-Year-Old Heap Over-Read Leaks Cleartext HTTP in Squid (CVE-2026-47729)
CVE-2026-47729, nicknamed Squidbleed, is a heap buffer over-read in the FTP gateway of the Squid web proxy.
Illicit Access to France's Vehicle Registration System SIV Allegedly Offered For Sale
A threat actor using the alias shabat is advertising the sale of unauthorized access to France's SIV (Système d'Immatriculation des Véhicules), the country's official national vehicle-registration system.
Around 30,700 Records Allegedly Leaked From France's Hospital Federation FHF
A threat actor using the alias Saturne has posted what they describe as the database of FHF.fr, the official website of the Fédération Hospitalière de France (French Hospital Federation), which represents public healthcare and medico-social institutions and runs a major job board for the public health sector.
Argentine Telemedicine Platform Meducar Allegedly Breached, 3.1 Million Patient Records Held to Ransom
A threat actor using the alias Kazu is extorting Meducar (meducar.com), a Latin American telemedicine and patient-management platform owned by Grupo Cormos, an Argentine health-tech company.
European Real Estate CRM Whise Allegedly Breached, Over 40 Million Records Leaked
A threat actor using the alias ChimeraZ has posted what they describe as the database of Whise.eu, a European real-estate CRM used by agencies and agents to manage leads, properties, and transactions.
US Stock-Market Forum Stockaholics Allegedly Breached, Member Database Leaked
A threat actor using the alias TomTom has posted what they describe as the member database of Stockaholics.net, a US-based online forum for stock-market, trading, cryptocurrency, and financial-market discussion.
Indian Food Delivery App Deliware Allegedly Breached, Exposing User Data, Tokens, and Stripe Keys
A threat actor using the alias NightBroker has posted what they describe as the database of Deliware (deliware.app), an Indian food-delivery app serving restaurant owners, delivery drivers, and customers.
Around 318,000 Student Records, Including Minors and Facial Photos, Allegedly Leaked From France's Région Occitanie
A threat actor using the alias xMetah has posted what they describe as a database from laregion.fr, the official site of France's Région Occitanie (Pyrénées-Méditerranée), one of the country's regional governments.
A real-time cyber threat intelligence platform that monitors the dark web and clearnet for data breaches, ransomware campaigns, darknet market activity, leaked databases, and active threat actors.