{ "category": { "description": "Security research, vulnerabilities, breaches, malware, incident response, and underground indicators.", "id": "cyber-hacking", "item_count": 80, "items": [ { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "ae50840b4b32916d", "id": "cluster-ae50840b4b32916d", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T18:27:03Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 1, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 67.0, "score_global_percentile": 4.38, "score_source_percentile": 13.51, "source_rank_by_engagement": 33, "stars": 0, "views": 57 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ฎ๐Ÿ‡น Burger King Italy allegedly targeted in 5M database leak A threat actor on an underground forum is claiming to sell a database allegedly originating from Burger King Italy, the well-established fast-food chain with more than 150 restaurants in the country. The actor claims the database contains roughly 5M...", "fingerprint": "ae50840b4b32916d", "hashtags": [], "id": "sliceforlifeee-2028", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 934, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 109706, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2028", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2028" }, "media_type": "photo", "message_id": 2028, "original_text": "๐Ÿšจ๐Ÿ‡ฎ๐Ÿ‡น Burger King Italy allegedly targeted in 5M database leak\n\nA threat actor on an underground forum is claiming to sell a database allegedly originating from Burger King Italy, the well-established fast-food chain with more than 150 restaurants in the country.\n\nThe actor claims the database contains roughly 5M records, appearing to be loyalty program customer data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข First and last names\nโ€ข Email addresses\nโ€ข Loyalty card codes\nโ€ข Points and ranking points\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Burger King Italy\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Italy ๐Ÿ‡ฎ๐Ÿ‡น\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Retail / Restaurant\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: kvantize\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Database for sale\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~5M records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Not disclosed (contact to purchase)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: June 1, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T18:27:03Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2028", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2028" }, "telegram_url": "https://t.me/SliceForLifeee/2028", "text": "๐Ÿšจ๐Ÿ‡ฎ๐Ÿ‡น Burger King Italy allegedly targeted in 5M database leak\n\nA threat actor on an underground forum is claiming to sell a database allegedly originating from Burger King Italy, the well-established fast-food chain with more than 150 restaurants in the country.\n\nThe actor claims the database contains roughly 5M records, appearing to be loyalty program customer data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข First and last names\nโ€ข Email addresses\nโ€ข Loyalty card codes\nโ€ข Points and ranking points\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Burger King Italy\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Italy ๐Ÿ‡ฎ๐Ÿ‡น\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Retail / Restaurant\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: kvantize\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Database for sale\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~5M records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Not disclosed (contact to purchase)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: June 1, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2028/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity news perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "BleepingComputer", "handle": "bleepingcomputer", "id": "telegram:bleepingcomputer", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity news publisher.", "rank": 11, "risk_label": "Incident claims should be checked against affected-party statements", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "incident reporting" ], "tier": "Tier 2", "title": "BleepingComputer", "url": "https://t.me/bleepingcomputer" }, "channel_handle": "bleepingcomputer", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "9cabd9d6fd0e2151", "id": "cluster-9cabd9d6fd0e2151", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T18:17:06Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 3, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 136.0, "score_global_percentile": 7.23, "score_source_percentile": 9.09, "source_rank_by_engagement": 11, "stars": 0, "views": 106 }, "english_status": "original_english", "excerpt": "WordPress malware campaign hides payloads in Steam profiles Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data. [...] https://www.bleepingcomputer.com/news/security/wordpress-malware-campaign-hides-payloads-in-steam-profiles/", "fingerprint": "9cabd9d6fd0e2151", "hashtags": [], "id": "bleepingcomputer-24792", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 900, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 206551, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24792", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24792" }, "media_type": "photo", "message_id": 24792, "original_text": "WordPress malware campaign hides payloads in Steam profiles\n\nNearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data. [...]\n\nhttps://www.bleepingcomputer.com/news/security/wordpress-malware-campaign-hides-payloads-in-steam-profiles/", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T18:17:06Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "incident-reporting", "bleepingcomputer.com", "malware" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24792", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24792" }, "telegram_url": "https://t.me/bleepingcomputer/24792", "text": "WordPress malware campaign hides payloads in Steam profiles\n\nNearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data. [...]\n\nhttps://www.bleepingcomputer.com/news/security/wordpress-malware-campaign-hides-payloads-in-steam-profiles/", "url": "https://news.jeremywhittaker.com/item/bleepingcomputer-24792/", "urls": [ "https://www.bleepingcomputer.com/news/security/wordpress-malware-campaign-hides-payloads-in-steam-profiles/" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "f867d7bce755708e", "id": "cluster-f867d7bce755708e", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T17:51:54Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 95.0, "score_global_percentile": 5.29, "score_source_percentile": 27.03, "source_rank_by_engagement": 28, "stars": 0, "views": 95 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ซ๐Ÿ‡ท Le Mรฉdia Pour Tous allegedly targeted in 13K database leak A threat actor on an underground forum is claiming to have leaked a database allegedly originating from Le Mรฉdia Pour Tous, an independent French media outlet created by Vincent Lapierre. The actor notes the data is not from the current year. The actor...", "fingerprint": "f867d7bce755708e", "hashtags": [], "id": "sliceforlifeee-2027", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 1051, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 162374, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2027", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2027" }, "media_type": "photo", "message_id": 2027, "original_text": "๐Ÿšจ๐Ÿ‡ซ๐Ÿ‡ท Le Mรฉdia Pour Tous allegedly targeted in 13K database leak\n\nA threat actor on an underground forum is claiming to have leaked a database allegedly originating from Le Mรฉdia Pour Tous, an independent French media outlet created by Vincent Lapierre. The actor notes the data is not from the current year.\n\nThe actor claims the leak contains roughly 13K records across user and account data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Usernames and login names\nโ€ข Passwords (hashed)\nโ€ข First and last names / nicknames\nโ€ข Email addresses\nโ€ข User URLs\nโ€ข Registration dates and display names\nโ€ข User roles and account status\nโ€ข Session tokens\nโ€ข Account settings and metadata\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Le Mรฉdia Pour Tous\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: France ๐Ÿ‡ซ๐Ÿ‡ท\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Media / Publishing\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: kvantize\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~13K records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: 1 Point\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: June 1, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T17:51:54Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2027", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2027" }, "telegram_url": "https://t.me/SliceForLifeee/2027", "text": "๐Ÿšจ๐Ÿ‡ซ๐Ÿ‡ท Le Mรฉdia Pour Tous allegedly targeted in 13K database leak\n\nA threat actor on an underground forum is claiming to have leaked a database allegedly originating from Le Mรฉdia Pour Tous, an independent French media outlet created by Vincent Lapierre. The actor notes the data is not from the current year.\n\nThe actor claims the leak contains roughly 13K records across user and account data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Usernames and login names\nโ€ข Passwords (hashed)\nโ€ข First and last names / nicknames\nโ€ข Email addresses\nโ€ข User URLs\nโ€ข Registration dates and display names\nโ€ข User roles and account status\nโ€ข Session tokens\nโ€ข Account settings and metadata\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Le Mรฉdia Pour Tous\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: France ๐Ÿ‡ซ๐Ÿ‡ท\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Media / Publishing\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: kvantize\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~13K records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: 1 Point\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: June 1, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2027/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity trade-publication perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "The Hacker News", "handle": "thehackernews", "id": "telegram:thehackernews", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity publication.", "rank": 8, "risk_label": "Technical reporting should be checked against vendor advisories", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "research source" ], "tier": "Tier 1", "title": "The Hacker News", "url": "https://t.me/thehackernews" }, "channel_handle": "thehackernews", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "76dd9ec33a19deb7", "id": "cluster-76dd9ec33a19deb7", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T17:41:28Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T17:42:39Z", "engagement": { "forwards": 16, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ‘": 1, "๐Ÿ”ฅ": 6, "๐Ÿ˜ฑ": 2 }, "reactions": 9, "replies": 0, "score_absolute": 1585.0, "score_global_percentile": 29.5, "score_source_percentile": 12.5, "source_rank_by_engagement": 8, "stars": 0, "views": 1407 }, "english_status": "original_english", "excerpt": "๐Ÿ”ฅ A new supply chain attack has hit official Red Hat Cloud Services npm packages. The Miasma campaign, a fresh Mini Shai-Hulud variant, plants a malicious preinstall hook that steals GitHub secrets, cloud credentials, SSH keys, and more from developer and CI/CD environments. It also adds persistence and downstream...", "fingerprint": "76dd9ec33a19deb7", "hashtags": [], "id": "thehackernews-9122", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 470, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 30094, "width": 900 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "thehackernews/9122", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9122" }, "media_type": "photo", "message_id": 9122, "original_text": "๐Ÿ”ฅ A new supply chain attack has hit official Red Hat Cloud Services npm packages.\n\nThe Miasma campaign, a fresh Mini Shai-Hulud variant, plants a malicious preinstall hook that steals GitHub secrets, cloud credentials, SSH keys, and more from developer and CI/CD environments.\n\nIt also adds persistence and downstream poisoning.\n\nRead: https://thehackernews.com/2026/06/miasma-supply-chain-attack-compromises.html", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T17:41:28Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "research-source", "thehackernews.com", "state-media" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "thehackernews/9122", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9122" }, "telegram_url": "https://t.me/thehackernews/9122", "text": "๐Ÿ”ฅ A new supply chain attack has hit official Red Hat Cloud Services npm packages.\n\nThe Miasma campaign, a fresh Mini Shai-Hulud variant, plants a malicious preinstall hook that steals GitHub secrets, cloud credentials, SSH keys, and more from developer and CI/CD environments.\n\nIt also adds persistence and downstream poisoning.\n\nRead: https://thehackernews.com/2026/06/miasma-supply-chain-attack-compromises.html", "url": "https://news.jeremywhittaker.com/item/thehackernews-9122/", "urls": [ "https://thehackernews.com/2026/06/miasma-supply-chain-attack-compromises.html" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "On-chain scam-tracking perspective", "category": "cyber", "credibility": "Research source", "display_name": "MistTrack Alert", "handle": "misttrack_alert", "id": "telegram:misttrack_alert", "item_count": 0, "language": "en", "priority": 68, "provenance_note": "Public Telegram channel promoted after handle resolution and bounded ingest evidence on 2026-05-29.", "rank": 37, "risk_label": "Attribution and loss estimates require confirmation; low-context transfer tape is filtered unless the post includes clear scam, exploit, theft, laundering, or cybercrime context", "role": "research_source", "role_label": "Research Source", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "research source", "on-chain scam tracking", "cyber-context gated" ], "tier": "Tier 3", "title": "MistTrack Alert", "url": "https://t.me/misttrack_alert" }, "channel_handle": "misttrack_alert", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "12e1da89b5950714", "id": "cluster-12e1da89b5950714", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T17:32:06Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 10.0, "score_global_percentile": 3.54, "score_source_percentile": 100.0, "source_rank_by_engagement": 1, "stars": 0, "views": 10 }, "english_status": "original_english", "excerpt": "24,898,430.2184 #USDT transferred from TFxqYTM4L6JrctPEHfiiAREHHcTr8cVYef to TTyiSefHC6TnGYYB8UYFNzakeaXKgQtCve. Go MistTrack | Transaction Details", "fingerprint": "12e1da89b5950714", "hashtags": [ "usdt" ], "id": "misttrack-alert-455102", "language": "en", "language_display": "English", "language_original": "en", "media": [], "media_type": "text", "message_id": 455102, "original_text": "24,898,430.2184 #USDT transferred from TFxqYTM4L6JrctPEHfiiAREHHcTr8cVYef to TTyiSefHC6TnGYYB8UYFNzakeaXKgQtCve.\n\nGo MistTrack | Transaction Details", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T17:32:06Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "usdt", "cyber-hacking", "cyber", "research-source", "on-chain-scam-tracking", "cyber-context-gated" ], "telegram_url": "https://t.me/misttrack_alert/455102", "text": "24,898,430.2184 #USDT transferred from TFxqYTM4L6JrctPEHfiiAREHHcTr8cVYef to TTyiSefHC6TnGYYB8UYFNzakeaXKgQtCve.\n\nGo MistTrack | Transaction Details", "url": "https://news.jeremywhittaker.com/item/misttrack-alert-455102/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "a69bd87be60d02c8", "id": "cluster-a69bd87be60d02c8", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T16:56:54Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 3, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 173.0, "score_global_percentile": 8.42, "score_source_percentile": 62.16, "source_rank_by_engagement": 15, "stars": 0, "views": 143 }, "english_status": "original_english", "excerpt": "๐Ÿšจ Nornikovik hidden browser malware advertised on underground forum A threat actor on an underground forum is advertising Nornikovik, a hidden-browser malware marketed as fileless and undetected. The seller describes it as a tool that runs a victim's browser silently in the background, lets the operator control it...", "fingerprint": "a69bd87be60d02c8", "hashtags": [], "id": "sliceforlifeee-2025", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 980, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 146203, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2025", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2025" }, "media_type": "photo", "message_id": 2025, "original_text": "๐Ÿšจ Nornikovik hidden browser malware advertised on underground forum\n\nA threat actor on an underground forum is advertising Nornikovik, a hidden-browser malware marketed as fileless and undetected. The seller describes it as a tool that runs a victim's browser silently in the background, lets the operator control it remotely, and can load the victim's saved browser data.\n\nThe listing promotes the tool to other forum members for the purpose of covert remote browser session hijacking and data theft.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฏ๐—ฒ๐—ถ๐—ป๐—ด ๐—ฎ๐—ฑ๐˜ƒ๐—ฒ๐—ฟ๐˜๐—ถ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข A covert (\"hidden\") remote browser controlled by the attacker\nโ€ข Claimed fileless operation and self-deletion after execution\nโ€ข Ability to load victim browser data (cookies and autofills)\nโ€ข Support for multiple mainstream browsers (Chrome, Edge, Brave, Yandex, OperaGX, Vivaldi)\nโ€ข Claimed anti-analysis and anti-VM features\nโ€ข Multiple persistence methods\nโ€ข A builder and listener interface\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: N/A (offensive malware)\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Cybercrime Tooling / Malware-as-a-Service\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: solitaryElite\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Selling fileless hidden-browser malware\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Covert browser session hijacking and data theft tool\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Listed via autobuy (middleman accepted)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: June 1, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T16:56:54Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "malware", "markets", "shipping" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2025", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2025" }, "telegram_url": "https://t.me/SliceForLifeee/2025", "text": "๐Ÿšจ Nornikovik hidden browser malware advertised on underground forum\n\nA threat actor on an underground forum is advertising Nornikovik, a hidden-browser malware marketed as fileless and undetected. The seller describes it as a tool that runs a victim's browser silently in the background, lets the operator control it remotely, and can load the victim's saved browser data.\n\nThe listing promotes the tool to other forum members for the purpose of covert remote browser session hijacking and data theft.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฏ๐—ฒ๐—ถ๐—ป๐—ด ๐—ฎ๐—ฑ๐˜ƒ๐—ฒ๐—ฟ๐˜๐—ถ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข A covert (\"hidden\") remote browser controlled by the attacker\nโ€ข Claimed fileless operation and self-deletion after execution\nโ€ข Ability to load victim browser data (cookies and autofills)\nโ€ข Support for multiple mainstream browsers (Chrome, Edge, Brave, Yandex, OperaGX, Vivaldi)\nโ€ข Claimed anti-analysis and anti-VM features\nโ€ข Multiple persistence methods\nโ€ข A builder and listener interface\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: N/A (offensive malware)\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Cybercrime Tooling / Malware-as-a-Service\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: solitaryElite\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Selling fileless hidden-browser malware\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Covert browser session hijacking and data theft tool\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Listed via autobuy (middleman accepted)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: June 1, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2025/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "2d6d6ec742866b6f", "id": "cluster-2d6d6ec742866b6f", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T15:35:07Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 196.0, "score_global_percentile": 8.79, "score_source_percentile": 81.08, "source_rank_by_engagement": 8, "stars": 0, "views": 196 }, "english_status": "original_english", "excerpt": "โ€ผ๏ธ New Dark Web Informer Blog Post! Title: Threat Actor Claims to Sell Live Web-Shell Access to a NASA Web Application Link: https://darkwebinformer.com/threat-actor-claims-to-sell-live-web-shell-access-to-a-nasa-web-application/", "fingerprint": "2d6d6ec742866b6f", "hashtags": [], "id": "sliceforlifeee-2024", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 630, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 101044, "width": 1200 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2024", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2024" }, "media_type": "photo", "message_id": 2024, "original_text": "โ€ผ๏ธ New Dark Web Informer Blog Post!\n\nTitle: Threat Actor Claims to Sell Live Web-Shell Access to a NASA Web Application\n\nLink: https://darkwebinformer.com/threat-actor-claims-to-sell-live-web-shell-access-to-a-nasa-web-application/", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T15:35:07Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "darkwebinformer.com" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2024", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2024" }, "telegram_url": "https://t.me/SliceForLifeee/2024", "text": "โ€ผ๏ธ New Dark Web Informer Blog Post!\n\nTitle: Threat Actor Claims to Sell Live Web-Shell Access to a NASA Web Application\n\nLink: https://darkwebinformer.com/threat-actor-claims-to-sell-live-web-shell-access-to-a-nasa-web-application/", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2024/", "urls": [ "https://darkwebinformer.com/threat-actor-claims-to-sell-live-web-shell-access-to-a-nasa-web-application/" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "279dd5e2532c6633", "id": "cluster-279dd5e2532c6633", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T15:17:06Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T15:20:53Z", "engagement": { "forwards": 2, "paid_reactions": 0, "reaction_breakdown": { "โค": 1, "๐Ÿ˜ˆ": 1 }, "reactions": 2, "replies": 0, "score_absolute": 212.0, "score_global_percentile": 9.06, "score_source_percentile": 89.19, "source_rank_by_engagement": 5, "stars": 0, "views": 188 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ช๐Ÿ‡ธ Spanish gas company allegedly targeted in database sale exposing IBANs and phones A threat actor on an underground forum is claiming to sell a database allegedly belonging to a Spanish gas company. The actor describes the leads as fresh and says the data was obtained via a hack/vulnerability and has never been...", "fingerprint": "279dd5e2532c6633", "hashtags": [], "id": "sliceforlifeee-2023", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 833, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 112658, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2023", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2023" }, "media_type": "photo", "message_id": 2023, "original_text": "๐Ÿšจ๐Ÿ‡ช๐Ÿ‡ธ Spanish gas company allegedly targeted in database sale exposing IBANs and phones\n\nA threat actor on an underground forum is claiming to sell a database allegedly belonging to a Spanish gas company. The actor describes the leads as fresh and says the data was obtained via a hack/vulnerability and has never been sold before.\n\nThe actor claims the database contains roughly 555K unique records including banking and contact details.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names (name, surname 1, surname 2)\nโ€ข Identification numbers and type\nโ€ข Phone numbers (two per record)\nโ€ข Email addresses\nโ€ข IBAN bank account numbers\nโ€ข Bank identifiers\nโ€ข Province, locality, and postal code\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Undisclosed Spanish gas company\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Spain ๐Ÿ‡ช๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Energy / Utilities\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: jordanbelfortwolf\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Database for sale (obtained via hack/vulnerability)\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~555K unique records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Not disclosed (contact to purchase)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T15:17:06Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "energy" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2023", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2023" }, "telegram_url": "https://t.me/SliceForLifeee/2023", "text": "๐Ÿšจ๐Ÿ‡ช๐Ÿ‡ธ Spanish gas company allegedly targeted in database sale exposing IBANs and phones\n\nA threat actor on an underground forum is claiming to sell a database allegedly belonging to a Spanish gas company. The actor describes the leads as fresh and says the data was obtained via a hack/vulnerability and has never been sold before.\n\nThe actor claims the database contains roughly 555K unique records including banking and contact details.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names (name, surname 1, surname 2)\nโ€ข Identification numbers and type\nโ€ข Phone numbers (two per record)\nโ€ข Email addresses\nโ€ข IBAN bank account numbers\nโ€ข Bank identifiers\nโ€ข Province, locality, and postal code\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Undisclosed Spanish gas company\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Spain ๐Ÿ‡ช๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Energy / Utilities\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: jordanbelfortwolf\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Database for sale (obtained via hack/vulnerability)\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~555K unique records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Not disclosed (contact to purchase)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2023/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity news perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "BleepingComputer", "handle": "bleepingcomputer", "id": "telegram:bleepingcomputer", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity news publisher.", "rank": 11, "risk_label": "Incident claims should be checked against affected-party statements", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "incident reporting" ], "tier": "Tier 2", "title": "BleepingComputer", "url": "https://t.me/bleepingcomputer" }, "channel_handle": "bleepingcomputer", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "b653859413c28746", "id": "cluster-b653859413c28746", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T15:07:10Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T15:21:10Z", "engagement": { "forwards": 4, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ’ฉ": 1 }, "reactions": 1, "replies": 0, "score_absolute": 392.0, "score_global_percentile": 12.29, "score_source_percentile": 36.36, "source_rank_by_engagement": 8, "stars": 0, "views": 350 }, "english_status": "original_english", "excerpt": "Microsoft investigates Office Apps, Teams file access issues Microsoft says an ongoing incident is preventing users of its Teams collaboration platform and Office for the web cloud-based productivity suite from opening files. [...]...", "fingerprint": "b653859413c28746", "hashtags": [], "id": "bleepingcomputer-24791", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 900, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 252045, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24791", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24791" }, "media_type": "photo", "message_id": 24791, "original_text": "Microsoft investigates Office Apps, Teams file access issues\n\nMicrosoft says an ongoing incident is preventing users of its Teams collaboration platform and Office for the web cloud-based productivity suite from opening files. [...]\n\nhttps://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-office-apps-teams-file-access-issues/", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T15:07:10Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "incident-reporting", "bleepingcomputer.com" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24791", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24791" }, "telegram_url": "https://t.me/bleepingcomputer/24791", "text": "Microsoft investigates Office Apps, Teams file access issues\n\nMicrosoft says an ongoing incident is preventing users of its Teams collaboration platform and Office for the web cloud-based productivity suite from opening files. [...]\n\nhttps://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-office-apps-teams-file-access-issues/", "url": "https://news.jeremywhittaker.com/item/bleepingcomputer-24791/", "urls": [ "https://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-office-apps-teams-file-access-issues/" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "cf044f63248eaff2", "id": "cluster-cf044f63248eaff2", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T15:04:38Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 2, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 190.0, "score_global_percentile": 8.71, "score_source_percentile": 78.38, "source_rank_by_engagement": 9, "stars": 0, "views": 170 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ต๐Ÿ‡ช DIRANDRO (Peruvian National Police) allegedly targeted by L4TAMFUCK3RS A threat actor group on an underground forum, identifying as L4TAMFUCK3RS, is claiming to sell a full database allegedly originating from DIRANDRO, the specialized anti-drug-trafficking division of the Peruvian National Police (Policรญa...", "fingerprint": "cf044f63248eaff2", "hashtags": [], "id": "sliceforlifeee-2020", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 936, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 160561, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2020", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2020" }, "media_type": "photo", "message_id": 2020, "original_text": "๐Ÿšจ๐Ÿ‡ต๐Ÿ‡ช DIRANDRO (Peruvian National Police) allegedly targeted by L4TAMFUCK3RS\n\nA threat actor group on an underground forum, identifying as L4TAMFUCK3RS, is claiming to sell a full database allegedly originating from DIRANDRO, the specialized anti-drug-trafficking division of the Peruvian National Police (Policรญa Nacional del Perรบ). The actors claim all police/military personnel records are included.\n\nThe actors claim the database contains roughly 300K folders (people) totaling about 7.8 GB.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names, surnames, national ID numbers (DNI), and police ID codes (CIP)\nโ€ข Dates of birth, gender, marital status, education level\nโ€ข Parents' full names\nโ€ข Full residential addresses\nโ€ข Civil registry data and identification codes (NIF)\nโ€ข Police intervention/operation details and incident narratives\nโ€ข Exact event coordinates and penitentiary facility references\nโ€ข Seized substance details and evidence labels\nโ€ข Detained individuals' names, ages, and DNI numbers\nโ€ข Document metadata and institutional info (PNP, INPE, Public Prosecutor)\nโ€ข Internal personnel records (CIP, DNI, names, registration dates)\nโ€ข Scanned national ID document images and photographs\nโ€ข Military-related records\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: DIRANDRO (Policรญa Nacional del Perรบ)\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Peru ๐Ÿ‡ต๐Ÿ‡ช\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government / Law Enforcement\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: cantpwn (L4TAMFUCK3RS)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Full police database for sale\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~300K folders/people (~7.8 GB)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: $700\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T15:04:38Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "iran" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2020", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2020" }, "telegram_url": "https://t.me/SliceForLifeee/2020", "text": "๐Ÿšจ๐Ÿ‡ต๐Ÿ‡ช DIRANDRO (Peruvian National Police) allegedly targeted by L4TAMFUCK3RS\n\nA threat actor group on an underground forum, identifying as L4TAMFUCK3RS, is claiming to sell a full database allegedly originating from DIRANDRO, the specialized anti-drug-trafficking division of the Peruvian National Police (Policรญa Nacional del Perรบ). The actors claim all police/military personnel records are included.\n\nThe actors claim the database contains roughly 300K folders (people) totaling about 7.8 GB.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names, surnames, national ID numbers (DNI), and police ID codes (CIP)\nโ€ข Dates of birth, gender, marital status, education level\nโ€ข Parents' full names\nโ€ข Full residential addresses\nโ€ข Civil registry data and identification codes (NIF)\nโ€ข Police intervention/operation details and incident narratives\nโ€ข Exact event coordinates and penitentiary facility references\nโ€ข Seized substance details and evidence labels\nโ€ข Detained individuals' names, ages, and DNI numbers\nโ€ข Document metadata and institutional info (PNP, INPE, Public Prosecutor)\nโ€ข Internal personnel records (CIP, DNI, names, registration dates)\nโ€ข Scanned national ID document images and photographs\nโ€ข Military-related records\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: DIRANDRO (Policรญa Nacional del Perรบ)\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Peru ๐Ÿ‡ต๐Ÿ‡ช\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government / Law Enforcement\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: cantpwn (L4TAMFUCK3RS)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Full police database for sale\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~300K folders/people (~7.8 GB)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: $700\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2020/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity news perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "BleepingComputer", "handle": "bleepingcomputer", "id": "telegram:bleepingcomputer", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity news publisher.", "rank": 11, "risk_label": "Incident claims should be checked against affected-party statements", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "incident reporting" ], "tier": "Tier 2", "title": "BleepingComputer", "url": "https://t.me/bleepingcomputer" }, "channel_handle": "bleepingcomputer", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "8b8ed2278c51541f", "id": "cluster-8b8ed2278c51541f", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T14:33:34Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 2, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 384.0, "score_global_percentile": 12.11, "score_source_percentile": 27.27, "source_rank_by_engagement": 9, "stars": 0, "views": 364 }, "english_status": "original_english", "excerpt": "Race Against Time: Why Faster Vulnerability Alerts Matter Attackers are exploiting vulnerabilities faster than many organizations can identify and patch them. SecAlerts explains why faster vulnerability alerts can help reduce exposure and improve response times. [...]...", "fingerprint": "8b8ed2278c51541f", "hashtags": [], "id": "bleepingcomputer-24790", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 900, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 100330, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24790", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24790" }, "media_type": "photo", "message_id": 24790, "original_text": "Race Against Time: Why Faster Vulnerability Alerts Matter\n\nAttackers are exploiting vulnerabilities faster than many organizations can identify and patch them. SecAlerts explains why faster vulnerability alerts can help reduce exposure and improve response times. [...]\n\nhttps://www.bleepingcomputer.com/news/security/race-against-time-why-faster-vulnerability-alerts-matter/", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T14:33:34Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "incident-reporting", "bleepingcomputer.com", "cve", "exploit" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24790", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24790" }, "telegram_url": "https://t.me/bleepingcomputer/24790", "text": "Race Against Time: Why Faster Vulnerability Alerts Matter\n\nAttackers are exploiting vulnerabilities faster than many organizations can identify and patch them. SecAlerts explains why faster vulnerability alerts can help reduce exposure and improve response times. [...]\n\nhttps://www.bleepingcomputer.com/news/security/race-against-time-why-faster-vulnerability-alerts-matter/", "url": "https://news.jeremywhittaker.com/item/bleepingcomputer-24790/", "urls": [ "https://www.bleepingcomputer.com/news/security/race-against-time-why-faster-vulnerability-alerts-matter/" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity trade-publication perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "The Hacker News", "handle": "thehackernews", "id": "telegram:thehackernews", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity publication.", "rank": 8, "risk_label": "Technical reporting should be checked against vendor advisories", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "research source" ], "tier": "Tier 1", "title": "The Hacker News", "url": "https://t.me/thehackernews" }, "channel_handle": "thehackernews", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "e762b04277e5dcf2", "id": "cluster-e762b04277e5dcf2", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T14:05:06Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T14:10:20Z", "engagement": { "forwards": 13, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ‘": 1, "๐Ÿ”ฅ": 7 }, "reactions": 8, "replies": 0, "score_absolute": 3403.0, "score_global_percentile": 52.78, "score_source_percentile": 25.0, "source_rank_by_engagement": 7, "stars": 0, "views": 3257 }, "english_status": "original_english", "excerpt": "โšก PAN-OS exploited. Gogs 0-day. GlassWorm takedown. AI malware lures. Smishing wave. OAuth phish kits. SonicWall scans. Monday #cybersecurity recap is stacked. Read it - https://thehackernews.com/2026/06/weekly-recap-new-linux-flaw-pan-os.html", "fingerprint": "e762b04277e5dcf2", "hashtags": [ "cybersecurity" ], "id": "thehackernews-9121", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 900, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 84267, "width": 720 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "thehackernews/9121", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9121" }, "media_type": "photo", "message_id": 9121, "original_text": "โšก PAN-OS exploited. Gogs 0-day. GlassWorm takedown. AI malware lures. Smishing wave. OAuth phish kits. SonicWall scans.\n\nMonday #cybersecurity recap is stacked.\n\nRead it - https://thehackernews.com/2026/06/weekly-recap-new-linux-flaw-pan-os.html", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T14:05:06Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cybersecurity", "cyber-hacking", "cyber", "verification-anchor", "research-source", "thehackernews.com", "exploit", "malware" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "thehackernews/9121", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9121" }, "telegram_url": "https://t.me/thehackernews/9121", "text": "โšก PAN-OS exploited. Gogs 0-day. GlassWorm takedown. AI malware lures. Smishing wave. OAuth phish kits. SonicWall scans.\n\nMonday #cybersecurity recap is stacked.\n\nRead it - https://thehackernews.com/2026/06/weekly-recap-new-linux-flaw-pan-os.html", "url": "https://news.jeremywhittaker.com/item/thehackernews-9121/", "urls": [ "https://thehackernews.com/2026/06/weekly-recap-new-linux-flaw-pan-os.html" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber incident/news monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Hackmanac Cyber News", "handle": "hackmanac_cybernews", "id": "telegram:hackmanac_cybernews", "item_count": 0, "language": "en", "priority": 52, "provenance_note": "Public Telegram broadcast channel promoted after bounded no-media handle validation on 2026-05-31.", "rank": 73, "risk_label": "Incident claims should be checked against vendor, victim, and researcher disclosures", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber", "incident reporting" ], "tier": "Tier 3", "title": "Hackmanac Cyber News", "url": "https://t.me/hackmanac_cybernews" }, "channel_handle": "hackmanac_cybernews", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "fbad9796c00d7de3", "id": "cluster-fbad9796c00d7de3", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T13:44:49Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T13:44:52Z", "engagement": { "forwards": 3, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 282.0, "score_global_percentile": 9.88, "score_source_percentile": 50.0, "source_rank_by_engagement": 3, "stars": 0, "views": 252 }, "english_status": "original_english", "excerpt": "๐ŸšจCyber Alert โ€ผ๏ธ ๐Ÿ‡ช๐Ÿ‡ฌEgypt - ๐—•๐—ผ๐˜‚๐—ฟ๐—ถ ๐—š๐—ฟ๐—ผ๐˜‚๐—ฝ The Gentlemen hacking group claims to have breached Bouri Group. Threat actor: The Gentlemen Sector: Manufacturing Data exposure (claimed): Not specified Data type: Not specified Observed: Jun 1, 2026 Status: Pending verification ESIXยฉ: 5.04 Full details and impact assessment on...", "fingerprint": "fbad9796c00d7de3", "hashtags": [], "id": "hackmanac-cybernews-2304", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 557, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 59842, "width": 456 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "hackmanac_cybernews/2304", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/hackmanac_cybernews/2304" }, "media_type": "photo", "message_id": 2304, "original_text": "๐ŸšจCyber Alert โ€ผ๏ธ\n\n๐Ÿ‡ช๐Ÿ‡ฌEgypt - ๐—•๐—ผ๐˜‚๐—ฟ๐—ถ ๐—š๐—ฟ๐—ผ๐˜‚๐—ฝ\n\nThe Gentlemen hacking group claims to have breached Bouri Group.\n\nThreat actor: The Gentlemen\nSector: Manufacturing\nData exposure (claimed): Not specified\nData type: Not specified\nObserved: Jun 1, 2026\nStatus: Pending verification\nESIXยฉ: 5.04\n\nFull details and impact assessment on HackRisk.io", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T13:44:49Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "incident-reporting" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "hackmanac_cybernews/2304", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/hackmanac_cybernews/2304" }, "telegram_url": "https://t.me/hackmanac_cybernews/2304", "text": "๐ŸšจCyber Alert โ€ผ๏ธ\n\n๐Ÿ‡ช๐Ÿ‡ฌEgypt - ๐—•๐—ผ๐˜‚๐—ฟ๐—ถ ๐—š๐—ฟ๐—ผ๐˜‚๐—ฝ\n\nThe Gentlemen hacking group claims to have breached Bouri Group.\n\nThreat actor: The Gentlemen\nSector: Manufacturing\nData exposure (claimed): Not specified\nData type: Not specified\nObserved: Jun 1, 2026\nStatus: Pending verification\nESIXยฉ: 5.04\n\nFull details and impact assessment on HackRisk.io", "url": "https://news.jeremywhittaker.com/item/hackmanac-cybernews-2304/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity news perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "BleepingComputer", "handle": "bleepingcomputer", "id": "telegram:bleepingcomputer", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity news publisher.", "rank": 11, "risk_label": "Incident claims should be checked against affected-party statements", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "incident reporting" ], "tier": "Tier 2", "title": "BleepingComputer", "url": "https://t.me/bleepingcomputer" }, "channel_handle": "bleepingcomputer", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "b768357c6742e679", "id": "cluster-b768357c6742e679", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T13:20:26Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 5, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 481.0, "score_global_percentile": 14.05, "score_source_percentile": 63.64, "source_rank_by_engagement": 5, "stars": 0, "views": 431 }, "english_status": "original_english", "excerpt": "Critical Windows Netlogon RCE flaw now exploited in attacks The Centre for Cybersecurity Belgium (CCB), the country's national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attacks. [...]...", "fingerprint": "b768357c6742e679", "hashtags": [], "id": "bleepingcomputer-24789", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 900, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 198221, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24789", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24789" }, "media_type": "photo", "message_id": 24789, "original_text": "Critical Windows Netlogon RCE flaw now exploited in attacks\n\nThe Centre for Cybersecurity Belgium (CCB), the country's national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attacks. [...]\n\nhttps://www.bleepingcomputer.com/news/microsoft/critical-windows-netlogon-remote-code-execution-flaw-now-exploited-in-attacks/", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T13:20:26Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "incident-reporting", "bleepingcomputer.com", "cve", "exploit" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24789", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24789" }, "telegram_url": "https://t.me/bleepingcomputer/24789", "text": "Critical Windows Netlogon RCE flaw now exploited in attacks\n\nThe Centre for Cybersecurity Belgium (CCB), the country's national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attacks. [...]\n\nhttps://www.bleepingcomputer.com/news/microsoft/critical-windows-netlogon-remote-code-execution-flaw-now-exploited-in-attacks/", "url": "https://news.jeremywhittaker.com/item/bleepingcomputer-24789/", "urls": [ "https://www.bleepingcomputer.com/news/microsoft/critical-windows-netlogon-remote-code-execution-flaw-now-exploited-in-attacks/" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity news perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "BleepingComputer", "handle": "bleepingcomputer", "id": "telegram:bleepingcomputer", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity news publisher.", "rank": 11, "risk_label": "Incident claims should be checked against affected-party statements", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "incident reporting" ], "tier": "Tier 2", "title": "BleepingComputer", "url": "https://t.me/bleepingcomputer" }, "channel_handle": "bleepingcomputer", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "3fbf297b813df2dd", "id": "cluster-3fbf297b813df2dd", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T13:20:25Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 2, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 406.0, "score_global_percentile": 12.56, "score_source_percentile": 54.55, "source_rank_by_engagement": 6, "stars": 0, "views": 386 }, "english_status": "original_english", "excerpt": "Webinar tomorrow: From alert to resolution in network incident response Network incidents are often detected quickly, but investigations and coordination can delay resolution. Join our webinar tomorrow to learn how automation and AI-assisted workflows can help IT teams accelerate incident response. [...]...", "fingerprint": "3fbf297b813df2dd", "hashtags": [], "id": "bleepingcomputer-24788", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 900, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 160775, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24788", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24788" }, "media_type": "photo", "message_id": 24788, "original_text": "Webinar tomorrow: From alert to resolution in network incident response\n\nNetwork incidents are often detected quickly, but investigations and coordination can delay resolution. Join our webinar tomorrow to learn how automation and AI-assisted workflows can help IT teams accelerate incident response. [...]\n\nhttps://www.bleepingcomputer.com/news/security/webinar-tomorrow-from-alert-to-resolution-in-network-incident-response/", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T13:20:25Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "incident-reporting", "bleepingcomputer.com" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24788", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24788" }, "telegram_url": "https://t.me/bleepingcomputer/24788", "text": "Webinar tomorrow: From alert to resolution in network incident response\n\nNetwork incidents are often detected quickly, but investigations and coordination can delay resolution. Join our webinar tomorrow to learn how automation and AI-assisted workflows can help IT teams accelerate incident response. [...]\n\nhttps://www.bleepingcomputer.com/news/security/webinar-tomorrow-from-alert-to-resolution-in-network-incident-response/", "url": "https://news.jeremywhittaker.com/item/bleepingcomputer-24788/", "urls": [ "https://www.bleepingcomputer.com/news/security/webinar-tomorrow-from-alert-to-resolution-in-network-incident-response/" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity trade-publication perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "The Hacker News", "handle": "thehackernews", "id": "telegram:thehackernews", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity publication.", "rank": 8, "risk_label": "Technical reporting should be checked against vendor advisories", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "research source" ], "tier": "Tier 1", "title": "The Hacker News", "url": "https://t.me/thehackernews" }, "channel_handle": "thehackernews", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "73092c5ac5768304", "id": "cluster-73092c5ac5768304", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T12:32:24Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T12:37:44Z", "engagement": { "forwards": 5, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ‘": 4, "๐Ÿ”ฅ": 3 }, "reactions": 7, "replies": 0, "score_absolute": 3719.0, "score_global_percentile": 55.97, "score_source_percentile": 37.5, "source_rank_by_engagement": 6, "stars": 0, "views": 3655 }, "english_status": "original_english", "excerpt": "The โ€œvCISO platformโ€ label is outdated for todayโ€™s MSPs. Service providers need portfolio-wide security programs, CISO-grade intelligence, and revenue insights. Thatโ€™s why the Security Growth Platform category has emerged โ€” and Cynomi currently defines it with its unified frameworks and 100% partner-only model. Read:...", "fingerprint": "73092c5ac5768304", "hashtags": [], "id": "thehackernews-9120", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 470, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 45475, "width": 900 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "thehackernews/9120", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9120" }, "media_type": "photo", "message_id": 9120, "original_text": "The โ€œvCISO platformโ€ label is outdated for todayโ€™s MSPs.\n\nService providers need portfolio-wide security programs, CISO-grade intelligence, and revenue insights.\n\nThatโ€™s why the Security Growth Platform category has emerged โ€” and Cynomi currently defines it with its unified frameworks and 100% partner-only model.\n\nRead: https://thehackernews.com/2026/06/the-security-growth-platform-why-msps.html", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T12:32:24Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "research-source", "thehackernews.com" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "thehackernews/9120", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9120" }, "telegram_url": "https://t.me/thehackernews/9120", "text": "The โ€œvCISO platformโ€ label is outdated for todayโ€™s MSPs.\n\nService providers need portfolio-wide security programs, CISO-grade intelligence, and revenue insights.\n\nThatโ€™s why the Security Growth Platform category has emerged โ€” and Cynomi currently defines it with its unified frameworks and 100% partner-only model.\n\nRead: https://thehackernews.com/2026/06/the-security-growth-platform-why-msps.html", "url": "https://news.jeremywhittaker.com/item/thehackernews-9120/", "urls": [ "https://thehackernews.com/2026/06/the-security-growth-platform-why-msps.html" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity news perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "BleepingComputer", "handle": "bleepingcomputer", "id": "telegram:bleepingcomputer", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity news publisher.", "rank": 11, "risk_label": "Incident claims should be checked against affected-party statements", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "incident reporting" ], "tier": "Tier 2", "title": "BleepingComputer", "url": "https://t.me/bleepingcomputer" }, "channel_handle": "bleepingcomputer", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "781c795f28558bbb", "id": "cluster-781c795f28558bbb", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T12:04:39Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 4, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 516.0, "score_global_percentile": 14.36, "score_source_percentile": 90.91, "source_rank_by_engagement": 2, "stars": 0, "views": 476 }, "english_status": "original_english", "excerpt": "Microsoft confirms outage affecting MFA, My Sign-Ins platform Microsoft is working to address an ongoing incident preventing customers from setting up multi-factor authentication (MFA) or accessing the My Sign-Ins platform. [...]...", "fingerprint": "781c795f28558bbb", "hashtags": [], "id": "bleepingcomputer-24787", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 900, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 221679, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24787", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24787" }, "media_type": "photo", "message_id": 24787, "original_text": "Microsoft confirms outage affecting MFA, My Sign-Ins platform\n\nMicrosoft is working to address an ongoing incident preventing customers from setting up multi-factor authentication (MFA) or accessing the My Sign-Ins platform. [...]\n\nhttps://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-outage-affecting-mfa-my-sign-ins-platform/", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T12:04:39Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "incident-reporting", "bleepingcomputer.com" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24787", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24787" }, "telegram_url": "https://t.me/bleepingcomputer/24787", "text": "Microsoft confirms outage affecting MFA, My Sign-Ins platform\n\nMicrosoft is working to address an ongoing incident preventing customers from setting up multi-factor authentication (MFA) or accessing the My Sign-Ins platform. [...]\n\nhttps://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-outage-affecting-mfa-my-sign-ins-platform/", "url": "https://news.jeremywhittaker.com/item/bleepingcomputer-24787/", "urls": [ "https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-outage-affecting-mfa-my-sign-ins-platform/" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity trade-publication perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "The Hacker News", "handle": "thehackernews", "id": "telegram:thehackernews", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity publication.", "rank": 8, "risk_label": "Technical reporting should be checked against vendor advisories", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "research source" ], "tier": "Tier 1", "title": "The Hacker News", "url": "https://t.me/thehackernews" }, "channel_handle": "thehackernews", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "9c23a4cf6c379f47", "id": "cluster-9c23a4cf6c379f47", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T11:58:55Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T12:04:34Z", "engagement": { "forwards": 11, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ‘": 4, "๐Ÿ‘": 7, "๐Ÿ”ฅ": 4 }, "reactions": 15, "replies": 0, "score_absolute": 3903.0, "score_global_percentile": 57.32, "score_source_percentile": 50.0, "source_rank_by_engagement": 5, "stars": 0, "views": 3763 }, "english_status": "original_english", "excerpt": "๐Ÿ›‘ China-aligned hackers are intensifying espionage campaigns. Operation Dragon Weave is hitting Czech Republic and Taiwan with spear-phishing ZIPs to deploy AdaptixC2 via Azure Blob Storage. It gives attackers full remote control with 36 commands. Learn More:...", "fingerprint": "9c23a4cf6c379f47", "hashtags": [], "id": "thehackernews-9119", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 380, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 37259, "width": 728 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "thehackernews/9119", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9119" }, "media_type": "photo", "message_id": 9119, "original_text": "๐Ÿ›‘ China-aligned hackers are intensifying espionage campaigns.\n\nOperation Dragon Weave is hitting Czech Republic and Taiwan with spear-phishing ZIPs to deploy AdaptixC2 via Azure Blob Storage.\n\nIt gives attackers full remote control with 36 commands.\n\nLearn More: https://thehackernews.com/2026/06/china-aligned-groups-ramp-up-attacks.html\n\nStay alert with unexpected email attachments.", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T11:58:55Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "research-source", "thehackernews.com" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "thehackernews/9119", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9119" }, "telegram_url": "https://t.me/thehackernews/9119", "text": "๐Ÿ›‘ China-aligned hackers are intensifying espionage campaigns.\n\nOperation Dragon Weave is hitting Czech Republic and Taiwan with spear-phishing ZIPs to deploy AdaptixC2 via Azure Blob Storage.\n\nIt gives attackers full remote control with 36 commands.\n\nLearn More: https://thehackernews.com/2026/06/china-aligned-groups-ramp-up-attacks.html\n\nStay alert with unexpected email attachments.", "url": "https://news.jeremywhittaker.com/item/thehackernews-9119/", "urls": [ "https://thehackernews.com/2026/06/china-aligned-groups-ramp-up-attacks.html" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity news perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "BleepingComputer", "handle": "bleepingcomputer", "id": "telegram:bleepingcomputer", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity news publisher.", "rank": 11, "risk_label": "Incident claims should be checked against affected-party statements", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "incident reporting" ], "tier": "Tier 2", "title": "BleepingComputer", "url": "https://t.me/bleepingcomputer" }, "channel_handle": "bleepingcomputer", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "033f93c53a153569", "id": "cluster-033f93c53a153569", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T11:15:43Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 2, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 548.0, "score_global_percentile": 14.87, "score_source_percentile": 100.0, "source_rank_by_engagement": 1, "stars": 0, "views": 528 }, "english_status": "original_english", "excerpt": "Microsoft fixes KB5089549 Windows security update install issues Microsoft has resolved a known issue causing installation failures and 0x800f0922 errors when deploying the May 2026 Windows 11 security update (KB5089549). [...]...", "fingerprint": "033f93c53a153569", "hashtags": [], "id": "bleepingcomputer-24786", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 900, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 89183, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24786", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24786" }, "media_type": "photo", "message_id": 24786, "original_text": "Microsoft fixes KB5089549 Windows security update install issues\n\nMicrosoft has resolved a known issue causing installation failures and 0x800f0922 errors when deploying the May 2026 Windows 11 security update (KB5089549). [...]\n\nhttps://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-kb5089549-windows-security-update-install-issues/", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T11:15:43Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "incident-reporting", "bleepingcomputer.com" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24786", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24786" }, "telegram_url": "https://t.me/bleepingcomputer/24786", "text": "Microsoft fixes KB5089549 Windows security update install issues\n\nMicrosoft has resolved a known issue causing installation failures and 0x800f0922 errors when deploying the May 2026 Windows 11 security update (KB5089549). [...]\n\nhttps://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-kb5089549-windows-security-update-install-issues/", "url": "https://news.jeremywhittaker.com/item/bleepingcomputer-24786/", "urls": [ "https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-kb5089549-windows-security-update-install-issues/" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "OSINT/cyber research perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "Cyber Detective", "handle": "cybdetective", "id": "telegram:cybdetective", "item_count": 0, "language": "en", "priority": 78, "provenance_note": "Public Telegram feed used for cyber OSINT and investigation leads.", "rank": 10, "risk_label": "Tool and lead references need operator verification", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "research source", "OSINT" ], "tier": "Tier 1", "title": "Cyber Detective", "url": "https://t.me/cybdetective" }, "channel_handle": "cybdetective", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "1d85d63097bc899b", "id": "cluster-1d85d63097bc899b", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T10:50:24Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T11:18:35Z", "engagement": { "forwards": 42, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ‘": 6, "๐Ÿคก": 1 }, "reactions": 7, "replies": 0, "score_absolute": 1622.0, "score_global_percentile": 30.08, "score_source_percentile": 100.0, "source_rank_by_engagement": 1, "stars": 0, "views": 1188 }, "english_status": "original_english", "excerpt": "SHOPOSINT A tool for gathering additional information about accounts across various payment systems (Stripe, SumUp, Revolut, Lydia) https://github.com/redsecurityfr/ShopOSINT", "fingerprint": "1d85d63097bc899b", "hashtags": [], "id": "cybdetective-3507", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 896, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 144132, "width": 1586 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "cybdetective/3507", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/cybdetective/3507" }, "media_type": "photo", "message_id": 3507, "original_text": "SHOPOSINT\n\nA tool for gathering additional information about accounts across various payment systems (Stripe, SumUp, Revolut, Lydia)\n\nhttps://github.com/redsecurityfr/ShopOSINT", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T10:50:24Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "research-source", "osint", "github.com" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "cybdetective/3507", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/cybdetective/3507" }, "telegram_url": "https://t.me/cybdetective/3507", "text": "SHOPOSINT\n\nA tool for gathering additional information about accounts across various payment systems (Stripe, SumUp, Revolut, Lydia)\n\nhttps://github.com/redsecurityfr/ShopOSINT", "url": "https://news.jeremywhittaker.com/item/cybdetective-3507/", "urls": [ "https://github.com/redsecurityfr/ShopOSINT" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "OSINT/cyber research perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "Cyber Detective", "handle": "cybdetective", "id": "telegram:cybdetective", "item_count": 0, "language": "en", "priority": 78, "provenance_note": "Public Telegram feed used for cyber OSINT and investigation leads.", "rank": 10, "risk_label": "Tool and lead references need operator verification", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "research source", "OSINT" ], "tier": "Tier 1", "title": "Cyber Detective", "url": "https://t.me/cybdetective" }, "channel_handle": "cybdetective", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "d882e42b5fd175da", "id": "cluster-d882e42b5fd175da", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T10:22:08Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T10:25:21Z", "engagement": { "forwards": 34, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ‘": 3, "๐Ÿ‘": 4 }, "reactions": 7, "replies": 0, "score_absolute": 1398.0, "score_global_percentile": 26.2, "score_source_percentile": 50.0, "source_rank_by_engagement": 3, "stars": 0, "views": 1044 }, "english_status": "original_english", "excerpt": "TXFETCH A tool for searching for transaction information by volume and time range across 10 popular blockchains (#btc, #eth, #solana, #tron and others) https://github.com/xaynov-osint/txfetch Creator @osint_xaynov", "fingerprint": "d882e42b5fd175da", "hashtags": [ "btc", "eth", "solana", "tron" ], "id": "cybdetective-3506", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 896, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 250437, "width": 1592 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "cybdetective/3506", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/cybdetective/3506" }, "media_type": "photo", "message_id": 3506, "original_text": "TXFETCH\n\nA tool for searching for transaction information by volume and time range across 10 popular blockchains (#btc, #eth, #solana, #tron and others)\n\nhttps://github.com/xaynov-osint/txfetch\n\nCreator @osint_xaynov", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T10:22:08Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "btc", "eth", "solana", "tron", "cyber-hacking", "cyber", "verification-anchor", "research-source", "osint", "github.com", "bitcoin" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "cybdetective/3506", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/cybdetective/3506" }, "telegram_url": "https://t.me/cybdetective/3506", "text": "TXFETCH\n\nA tool for searching for transaction information by volume and time range across 10 popular blockchains (#btc, #eth, #solana, #tron and others)\n\nhttps://github.com/xaynov-osint/txfetch\n\nCreator @osint_xaynov", "url": "https://news.jeremywhittaker.com/item/cybdetective-3506/", "urls": [ "https://github.com/xaynov-osint/txfetch" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity trade-publication perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "The Hacker News", "handle": "thehackernews", "id": "telegram:thehackernews", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity publication.", "rank": 8, "risk_label": "Technical reporting should be checked against vendor advisories", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "research source" ], "tier": "Tier 1", "title": "The Hacker News", "url": "https://t.me/thehackernews" }, "channel_handle": "thehackernews", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "6c01c976fc62e113", "id": "cluster-6c01c976fc62e113", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T09:44:44Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T09:48:42Z", "engagement": { "forwards": 21, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ‘": 2, "๐Ÿ”ฅ": 10, "๐Ÿ˜ฑ": 1 }, "reactions": 13, "replies": 0, "score_absolute": 4865.0, "score_global_percentile": 62.67, "score_source_percentile": 75.0, "source_rank_by_engagement": 3, "stars": 0, "views": 4629 }, "english_status": "original_english", "excerpt": "๐Ÿšจ A legitimate-looking npm package for OpenAI Codex has been stealing developer auth tokens for over a month. codexui-android, marketed as a remote web UI, has seen 29,000+ weekly downloads. Since version 0.1.82 it quietly sends ~/.codex/auth.json โ€” including non-expiring refresh tokens โ€” to an attacker server. Read:...", "fingerprint": "6c01c976fc62e113", "hashtags": [], "id": "thehackernews-9118", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 470, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 58921, "width": 900 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "thehackernews/9118", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9118" }, "media_type": "photo", "message_id": 9118, "original_text": "๐Ÿšจ A legitimate-looking npm package for OpenAI Codex has been stealing developer auth tokens for over a month.\n\ncodexui-android, marketed as a remote web UI, has seen 29,000+ weekly downloads. Since version 0.1.82 it quietly sends ~/.codex/auth.json โ€” including non-expiring refresh tokens โ€” to an attacker server.\n\nRead: https://thehackernews.com/2026/06/openai-codex-authentication-tokens.html", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T09:44:44Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "research-source", "thehackernews.com", "markets" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "thehackernews/9118", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9118" }, "telegram_url": "https://t.me/thehackernews/9118", "text": "๐Ÿšจ A legitimate-looking npm package for OpenAI Codex has been stealing developer auth tokens for over a month.\n\ncodexui-android, marketed as a remote web UI, has seen 29,000+ weekly downloads. Since version 0.1.82 it quietly sends ~/.codex/auth.json โ€” including non-expiring refresh tokens โ€” to an attacker server.\n\nRead: https://thehackernews.com/2026/06/openai-codex-authentication-tokens.html", "url": "https://news.jeremywhittaker.com/item/thehackernews-9118/", "urls": [ "https://thehackernews.com/2026/06/openai-codex-authentication-tokens.html" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity trade-publication perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "The Hacker News", "handle": "thehackernews", "id": "telegram:thehackernews", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity publication.", "rank": 8, "risk_label": "Technical reporting should be checked against vendor advisories", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "research source" ], "tier": "Tier 1", "title": "The Hacker News", "url": "https://t.me/thehackernews" }, "channel_handle": "thehackernews", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "150b988a267da69e", "id": "cluster-150b988a267da69e", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T08:50:56Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T09:00:04Z", "engagement": { "forwards": 15, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ‘": 9, "๐Ÿ”ฅ": 3, "๐Ÿ˜": 8 }, "reactions": 20, "replies": 0, "score_absolute": 4921.0, "score_global_percentile": 62.9, "score_source_percentile": 87.5, "source_rank_by_engagement": 2, "stars": 0, "views": 4731 }, "english_status": "original_english", "excerpt": "โš ๏ธ Threat actors are actively exploiting a critical vulnerability in WP Maps Pro. CVE-2026-8732 (CVSS 9.8) lets unauthenticated attackers create admin accounts and take over sites. It affects all versions up to 6.1.0. Update to 6.1.1 now. Read: https://thehackernews.com/2026/06/critical-wp-maps-pro-flaw-actively.html", "fingerprint": "150b988a267da69e", "hashtags": [], "id": "thehackernews-9117", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 470, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 52841, "width": 900 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "thehackernews/9117", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9117" }, "media_type": "photo", "message_id": 9117, "original_text": "โš ๏ธ Threat actors are actively exploiting a critical vulnerability in WP Maps Pro.\n\nCVE-2026-8732 (CVSS 9.8) lets unauthenticated attackers create admin accounts and take over sites. It affects all versions up to 6.1.0.\n\nUpdate to 6.1.1 now.\n\nRead: https://thehackernews.com/2026/06/critical-wp-maps-pro-flaw-actively.html", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T08:50:56Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "research-source", "thehackernews.com", "cve", "exploit" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "thehackernews/9117", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9117" }, "telegram_url": "https://t.me/thehackernews/9117", "text": "โš ๏ธ Threat actors are actively exploiting a critical vulnerability in WP Maps Pro.\n\nCVE-2026-8732 (CVSS 9.8) lets unauthenticated attackers create admin accounts and take over sites. It affects all versions up to 6.1.0.\n\nUpdate to 6.1.1 now.\n\nRead: https://thehackernews.com/2026/06/critical-wp-maps-pro-flaw-actively.html", "url": "https://news.jeremywhittaker.com/item/thehackernews-9117/", "urls": [ "https://thehackernews.com/2026/06/critical-wp-maps-pro-flaw-actively.html" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber incident/news monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Hackmanac Cyber News", "handle": "hackmanac_cybernews", "id": "telegram:hackmanac_cybernews", "item_count": 0, "language": "en", "priority": 52, "provenance_note": "Public Telegram broadcast channel promoted after bounded no-media handle validation on 2026-05-31.", "rank": 73, "risk_label": "Incident claims should be checked against vendor, victim, and researcher disclosures", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber", "incident reporting" ], "tier": "Tier 3", "title": "Hackmanac Cyber News", "url": "https://t.me/hackmanac_cybernews" }, "channel_handle": "hackmanac_cybernews", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "8a333abab8b5d5e4", "id": "cluster-8a333abab8b5d5e4", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T08:27:35Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T12:22:03Z", "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ‘": 1 }, "reactions": 1, "replies": 0, "score_absolute": 260.0, "score_global_percentile": 9.63, "score_source_percentile": 25.0, "source_rank_by_engagement": 4, "stars": 0, "views": 258 }, "english_status": "original_english", "excerpt": "๐€๐ ๐ž๐ง๐ญ๐ข๐œ ๐€๐ˆ ๐ˆ๐ฌ ๐‘๐ž๐ฐ๐ซ๐ข๐ญ๐ข๐ง๐  ๐ญ๐ก๐ž ๐‘๐ฎ๐ฅ๐ž๐ฌ ๐จ๐Ÿ ๐‚๐ฒ๐›๐ž๐ซ๐ฌ๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ Agentic AI is already ๐ซ๐ž๐ฌ๐ก๐š๐ฉ๐ข๐ง๐  ๐ก๐จ๐ฐ ๐ฌ๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ ๐จ๐ฉ๐ž๐ซ๐š๐ญ๐ข๐จ๐ง๐ฌ ๐ฐ๐จ๐ซ๐ค, from SOC automation to threat intelligence and vulnerability management. In this article we explore what it actually means for security teams, the ๐ง๐ž๐ฐ ๐ซ๐ข๐ฌ๐ค๐ฌ it introduces, and why ๐ญ๐ซ๐ž๐š๐ญ๐ข๐ง๐  ๐ข๐ญ ๐š๐ฌ ๐š...", "fingerprint": "8a333abab8b5d5e4", "hashtags": [], "id": "hackmanac-cybernews-2303", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 550, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 108872, "width": 1000 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "hackmanac_cybernews/2303", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/hackmanac_cybernews/2303" }, "media_type": "photo", "message_id": 2303, "original_text": "๐€๐ ๐ž๐ง๐ญ๐ข๐œ ๐€๐ˆ ๐ˆ๐ฌ ๐‘๐ž๐ฐ๐ซ๐ข๐ญ๐ข๐ง๐  ๐ญ๐ก๐ž ๐‘๐ฎ๐ฅ๐ž๐ฌ ๐จ๐Ÿ ๐‚๐ฒ๐›๐ž๐ซ๐ฌ๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ\n\nAgentic AI is already ๐ซ๐ž๐ฌ๐ก๐š๐ฉ๐ข๐ง๐  ๐ก๐จ๐ฐ ๐ฌ๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ ๐จ๐ฉ๐ž๐ซ๐š๐ญ๐ข๐จ๐ง๐ฌ ๐ฐ๐จ๐ซ๐ค, from SOC automation to threat intelligence and vulnerability management. \n\nIn this article we explore what it actually means for security teams, the ๐ง๐ž๐ฐ ๐ซ๐ข๐ฌ๐ค๐ฌ it introduces, and why ๐ญ๐ซ๐ž๐š๐ญ๐ข๐ง๐  ๐ข๐ญ ๐š๐ฌ ๐š ๐œ๐จ๐ฌ๐ญ-๐œ๐ฎ๐ญ๐ญ๐ข๐ง๐  ๐ญ๐จ๐จ๐ฅ ๐ข๐ง๐ฌ๐ญ๐ž๐š๐ ๐จ๐Ÿ ๐š ๐Ÿ๐จ๐ซ๐œ๐ž ๐ฆ๐ฎ๐ฅ๐ญ๐ข๐ฉ๐ฅ๐ข๐ž๐ซ ๐ข๐ฌ ๐š ๐๐š๐ง๐ ๐ž๐ซ๐จ๐ฎ๐ฌ ๐ฆ๐ข๐ฌ๐ญ๐š๐ค๐ž.\n\n๐Š๐ž๐ฒ ๐ฉ๐จ๐ข๐ง๐ญ๐ฌ:\nโ†’ 48% of professionals identified agentic AI as the top attack vector for 2026\nโ†’ AI agents create new non-human identities that legacy systems can't manage\nโ†’ Claude Mythos Preview found thousands of vulnerabilities across major OS and browsers\nโ†’ The winning formula is hybrid: AI speed + human judgment\nโ†’ Governance must come before deployment, not after\n\nRead the full article:\nhttps://hackmanac.com/news/agentic-ai-is-rewriting-the-rules-of-cybersecurity-are-you-ready", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T08:27:35Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "incident-reporting", "hackmanac.com", "cve" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "hackmanac_cybernews/2303", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/hackmanac_cybernews/2303" }, "telegram_url": "https://t.me/hackmanac_cybernews/2303", "text": "๐€๐ ๐ž๐ง๐ญ๐ข๐œ ๐€๐ˆ ๐ˆ๐ฌ ๐‘๐ž๐ฐ๐ซ๐ข๐ญ๐ข๐ง๐  ๐ญ๐ก๐ž ๐‘๐ฎ๐ฅ๐ž๐ฌ ๐จ๐Ÿ ๐‚๐ฒ๐›๐ž๐ซ๐ฌ๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ\n\nAgentic AI is already ๐ซ๐ž๐ฌ๐ก๐š๐ฉ๐ข๐ง๐  ๐ก๐จ๐ฐ ๐ฌ๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ ๐จ๐ฉ๐ž๐ซ๐š๐ญ๐ข๐จ๐ง๐ฌ ๐ฐ๐จ๐ซ๐ค, from SOC automation to threat intelligence and vulnerability management. \n\nIn this article we explore what it actually means for security teams, the ๐ง๐ž๐ฐ ๐ซ๐ข๐ฌ๐ค๐ฌ it introduces, and why ๐ญ๐ซ๐ž๐š๐ญ๐ข๐ง๐  ๐ข๐ญ ๐š๐ฌ ๐š ๐œ๐จ๐ฌ๐ญ-๐œ๐ฎ๐ญ๐ญ๐ข๐ง๐  ๐ญ๐จ๐จ๐ฅ ๐ข๐ง๐ฌ๐ญ๐ž๐š๐ ๐จ๐Ÿ ๐š ๐Ÿ๐จ๐ซ๐œ๐ž ๐ฆ๐ฎ๐ฅ๐ญ๐ข๐ฉ๐ฅ๐ข๐ž๐ซ ๐ข๐ฌ ๐š ๐๐š๐ง๐ ๐ž๐ซ๐จ๐ฎ๐ฌ ๐ฆ๐ข๐ฌ๐ญ๐š๐ค๐ž.\n\n๐Š๐ž๐ฒ ๐ฉ๐จ๐ข๐ง๐ญ๐ฌ:\nโ†’ 48% of professionals identified agentic AI as the top attack vector for 2026\nโ†’ AI agents create new non-human identities that legacy systems can't manage\nโ†’ Claude Mythos Preview found thousands of vulnerabilities across major OS and browsers\nโ†’ The winning formula is hybrid: AI speed + human judgment\nโ†’ Governance must come before deployment, not after\n\nRead the full article:\nhttps://hackmanac.com/news/agentic-ai-is-rewriting-the-rules-of-cybersecurity-are-you-ready", "url": "https://news.jeremywhittaker.com/item/hackmanac-cybernews-2303/", "urls": [ "https://hackmanac.com/news/agentic-ai-is-rewriting-the-rules-of-cybersecurity-are-you-ready" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber incident/news monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Hackmanac Cyber News", "handle": "hackmanac_cybernews", "id": "telegram:hackmanac_cybernews", "item_count": 0, "language": "en", "priority": 52, "provenance_note": "Public Telegram broadcast channel promoted after bounded no-media handle validation on 2026-05-31.", "rank": 73, "risk_label": "Incident claims should be checked against vendor, victim, and researcher disclosures", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber", "incident reporting" ], "tier": "Tier 3", "title": "Hackmanac Cyber News", "url": "https://t.me/hackmanac_cybernews" }, "channel_handle": "hackmanac_cybernews", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "22ebf87e73251de6", "id": "cluster-22ebf87e73251de6", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T07:45:14Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T07:45:17Z", "engagement": { "forwards": 3, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 376.0, "score_global_percentile": 11.92, "score_source_percentile": 100.0, "source_rank_by_engagement": 1, "stars": 0, "views": 346 }, "english_status": "original_english", "excerpt": "๐ŸšจCyber Alert โ€ผ๏ธ ๐Ÿ‡ฏ๐Ÿ‡ตJapan - ๐—”๐˜€๐—ผ๐˜ƒ๐—ถ๐—ฒ๐˜„ ๐—œ๐—ป๐—ฐ. Asoview Inc. disclosed a cyberattack on its โ€œsatsukiโ€ reservation management system after detecting unauthorized access on May 20, 2026. Attackers allegedly used compromised partner credentials to access partner and guest reservation data. Exposed information included company...", "fingerprint": "22ebf87e73251de6", "hashtags": [], "id": "hackmanac-cybernews-2302", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 893, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 127961, "width": 1292 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "hackmanac_cybernews/2302", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/hackmanac_cybernews/2302" }, "media_type": "photo", "message_id": 2302, "original_text": "๐ŸšจCyber Alert โ€ผ๏ธ\n\n๐Ÿ‡ฏ๐Ÿ‡ตJapan - ๐—”๐˜€๐—ผ๐˜ƒ๐—ถ๐—ฒ๐˜„ ๐—œ๐—ป๐—ฐ.\n\nAsoview Inc. disclosed a cyberattack on its โ€œsatsukiโ€ reservation management system after detecting unauthorized access on May 20, 2026. Attackers allegedly used compromised partner credentials to access partner and guest reservation data. Exposed information included company details, contact information, bank account details, invoices, payment notices, and email addresses. The incident affected 111 partner accounts and 14,400 additional partner records.\n\nThreat actor: Not Specified\nSector: Hospitality\nData exposure (claimed): 14,400 records\nData type: Company details, contact information, bank account details, invoices, payment notices, email addresses, reservation data\nObserved: May 28, 2026\nStatus: Confirmed\nESIXยฉ: 5.63\n\nFull details and impact assessment on HackRisk.io", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T07:45:14Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "incident-reporting" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "hackmanac_cybernews/2302", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/hackmanac_cybernews/2302" }, "telegram_url": "https://t.me/hackmanac_cybernews/2302", "text": "๐ŸšจCyber Alert โ€ผ๏ธ\n\n๐Ÿ‡ฏ๐Ÿ‡ตJapan - ๐—”๐˜€๐—ผ๐˜ƒ๐—ถ๐—ฒ๐˜„ ๐—œ๐—ป๐—ฐ.\n\nAsoview Inc. disclosed a cyberattack on its โ€œsatsukiโ€ reservation management system after detecting unauthorized access on May 20, 2026. Attackers allegedly used compromised partner credentials to access partner and guest reservation data. Exposed information included company details, contact information, bank account details, invoices, payment notices, and email addresses. The incident affected 111 partner accounts and 14,400 additional partner records.\n\nThreat actor: Not Specified\nSector: Hospitality\nData exposure (claimed): 14,400 records\nData type: Company details, contact information, bank account details, invoices, payment notices, email addresses, reservation data\nObserved: May 28, 2026\nStatus: Confirmed\nESIXยฉ: 5.63\n\nFull details and impact assessment on HackRisk.io", "url": "https://news.jeremywhittaker.com/item/hackmanac-cybernews-2302/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber incident/news monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Hackmanac Cyber News", "handle": "hackmanac_cybernews", "id": "telegram:hackmanac_cybernews", "item_count": 0, "language": "en", "priority": 52, "provenance_note": "Public Telegram broadcast channel promoted after bounded no-media handle validation on 2026-05-31.", "rank": 73, "risk_label": "Incident claims should be checked against vendor, victim, and researcher disclosures", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber", "incident reporting" ], "tier": "Tier 3", "title": "Hackmanac Cyber News", "url": "https://t.me/hackmanac_cybernews" }, "channel_handle": "hackmanac_cybernews", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "2b21b552c9132535", "id": "cluster-2b21b552c9132535", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T07:37:15Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T07:37:18Z", "engagement": { "forwards": 2, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 361.0, "score_global_percentile": 11.66, "score_source_percentile": 75.0, "source_rank_by_engagement": 2, "stars": 0, "views": 341 }, "english_status": "original_english", "excerpt": "๐ŸšจCyber Alert โ€ผ๏ธ ๐Ÿ‡ง๐Ÿ‡ทBrazil - ๐—š๐—ฟ๐˜‚๐—ฝ๐—ผ ๐— ๐—ฎ๐˜‚๐—ฎฬ BravoX hacking group claims to have breached Grupo Mauรก and allegedly exfiltrated 427.3 GB of data. Threat actor: BravoX Sector: Construction Data exposure (claimed): 427.3 GB of data Data type: Client records, accounting data, confidential documents, marketing data, project...", "fingerprint": "2b21b552c9132535", "hashtags": [], "id": "hackmanac-cybernews-2301", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 351, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 62636, "width": 1231 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "hackmanac_cybernews/2301", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/hackmanac_cybernews/2301" }, "media_type": "photo", "message_id": 2301, "original_text": "๐ŸšจCyber Alert โ€ผ๏ธ\n\n๐Ÿ‡ง๐Ÿ‡ทBrazil - ๐—š๐—ฟ๐˜‚๐—ฝ๐—ผ ๐— ๐—ฎ๐˜‚๐—ฎฬ\n\nBravoX hacking group claims to have breached Grupo Mauรก and allegedly exfiltrated 427.3 GB of data.\n\nThreat actor: BravoX\nSector: Construction\nData exposure (claimed): 427.3 GB of data\nData type: Client records, accounting data, confidential documents, marketing data, project data, personal data, contracts, technology data\nObserved: May 30, 2026\nStatus: Pending verification\nESIXยฉ: 5.40\n\nFull details and impact assessment on HackRisk.io", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T07:37:15Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "incident-reporting", "markets" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "hackmanac_cybernews/2301", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/hackmanac_cybernews/2301" }, "telegram_url": "https://t.me/hackmanac_cybernews/2301", "text": "๐ŸšจCyber Alert โ€ผ๏ธ\n\n๐Ÿ‡ง๐Ÿ‡ทBrazil - ๐—š๐—ฟ๐˜‚๐—ฝ๐—ผ ๐— ๐—ฎ๐˜‚๐—ฎฬ\n\nBravoX hacking group claims to have breached Grupo Mauรก and allegedly exfiltrated 427.3 GB of data.\n\nThreat actor: BravoX\nSector: Construction\nData exposure (claimed): 427.3 GB of data\nData type: Client records, accounting data, confidential documents, marketing data, project data, personal data, contracts, technology data\nObserved: May 30, 2026\nStatus: Pending verification\nESIXยฉ: 5.40\n\nFull details and impact assessment on HackRisk.io", "url": "https://news.jeremywhittaker.com/item/hackmanac-cybernews-2301/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "e3b0c44298fc1c14", "id": "cluster-e3b0c44298fc1c14", "is_burst": true, "label": "1116-post burst", "latest_published_at": "2026-06-01T18:54:18Z", "position": 279, "size": 1116 }, "edited_at": "2026-06-01T06:30:57Z", "engagement": { "forwards": 75, "paid_reactions": 0, "reaction_breakdown": { "โค": 2, "๐ŸŽ‰": 2, "๐Ÿ’ฏ": 2, "๐Ÿ”ฅ": 4, "๐Ÿ˜": 86, "๐Ÿ˜ฑ": 3, "๐Ÿคฃ": 55, "๐Ÿฅฐ": 6, "๐Ÿซก": 2 }, "reactions": 162, "replies": 0, "score_absolute": 4576.0, "score_global_percentile": 61.24, "score_source_percentile": 85.71, "source_rank_by_engagement": 3, "stars": 0, "views": 3502 }, "english_status": "original_english", "excerpt": "", "fingerprint": "e3b0c44298fc1c14", "hashtags": [], "id": "vxunderground-8891", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 974, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 100902, "width": 1179 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "vxunderground/8891", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8891" }, "media_type": "photo", "message_id": 8891, "original_text": "", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T06:30:42Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "vxunderground/8891", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8891" }, "telegram_url": "https://t.me/vxunderground/8891", "text": "", "url": "https://news.jeremywhittaker.com/item/vxunderground-8891/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "9a6a08345ca87609", "id": "cluster-9a6a08345ca87609", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T21:10:59Z", "position": 1, "size": 1 }, "edited_at": "2026-05-31T22:16:34Z", "engagement": { "forwards": 2, "paid_reactions": 0, "reaction_breakdown": { "โค": 1 }, "reactions": 1, "replies": 0, "score_absolute": 225.0, "score_global_percentile": 9.26, "score_source_percentile": 94.59, "source_rank_by_engagement": 3, "stars": 0, "views": 203 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ฎ๐Ÿ‡ท Hajj and Pilgrimage Organization allegedly targeted in breach exposing 168M+ records for $80,000 BTC A threat actor on an underground forum is claiming to sell a database allegedly originating from the Hajj and Pilgrimage Organization in Iran, the government body managing pilgrimage travel. The actor claims the...", "fingerprint": "9a6a08345ca87609", "hashtags": [], "id": "sliceforlifeee-2016", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 640, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 108753, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2016", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2016" }, "media_type": "photo", "message_id": 2016, "original_text": "๐Ÿšจ๐Ÿ‡ฎ๐Ÿ‡ท Hajj and Pilgrimage Organization allegedly targeted in breach exposing 168M+ records for $80,000 BTC\n\nA threat actor on an underground forum is claiming to sell a database allegedly originating from the Hajj and Pilgrimage Organization in Iran, the government body managing pilgrimage travel.\n\nThe actor claims the dataset contains more than 168 million records spanning 1984 to 2024.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names, father's name, dates and places of birth\nโ€ข National codes (SSN), ID numbers, national card serial numbers\nโ€ข Marital status and occupation\nโ€ข Contact information (home/work addresses, postal codes, phone numbers)\nโ€ข Passport details (number, issue/expiration dates) and passport scans\nโ€ข Traveler photos\nโ€ข Travel flight and insurance information\nโ€ข Security deposit and banking/payment documents\nโ€ข Pilgrimage broker and accommodation information\nโ€ข Details of government officials, NAJA forces, Basij forces, and clerics\nโ€ข Allocated quota data (including martyr families)\nโ€ข Source code of Hajj apps and services\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Hajj and Pilgrimage Organization of Iran\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Iran ๐Ÿ‡ฎ๐Ÿ‡ท\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: irleak\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Database for sale\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 168M+ records (1984 to 2024)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: $80,000 BTC\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T21:10:59Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "bitcoin", "iran", "shipping", "state-media" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2016", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2016" }, "telegram_url": "https://t.me/SliceForLifeee/2016", "text": "๐Ÿšจ๐Ÿ‡ฎ๐Ÿ‡ท Hajj and Pilgrimage Organization allegedly targeted in breach exposing 168M+ records for $80,000 BTC\n\nA threat actor on an underground forum is claiming to sell a database allegedly originating from the Hajj and Pilgrimage Organization in Iran, the government body managing pilgrimage travel.\n\nThe actor claims the dataset contains more than 168 million records spanning 1984 to 2024.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names, father's name, dates and places of birth\nโ€ข National codes (SSN), ID numbers, national card serial numbers\nโ€ข Marital status and occupation\nโ€ข Contact information (home/work addresses, postal codes, phone numbers)\nโ€ข Passport details (number, issue/expiration dates) and passport scans\nโ€ข Traveler photos\nโ€ข Travel flight and insurance information\nโ€ข Security deposit and banking/payment documents\nโ€ข Pilgrimage broker and accommodation information\nโ€ข Details of government officials, NAJA forces, Basij forces, and clerics\nโ€ข Allocated quota data (including martyr families)\nโ€ข Source code of Hajj apps and services\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Hajj and Pilgrimage Organization of Iran\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Iran ๐Ÿ‡ฎ๐Ÿ‡ท\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: irleak\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Database for sale\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 168M+ records (1984 to 2024)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: $80,000 BTC\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2016/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "5800660fbc7e68fb", "id": "cluster-5800660fbc7e68fb", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T21:04:05Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 1, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 174.0, "score_global_percentile": 8.44, "score_source_percentile": 64.86, "source_rank_by_engagement": 14, "stars": 0, "views": 164 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡จ๐Ÿ‡ด GamaSoft allegedly targeted in 150GB+ data breach A threat actor on an underground forum is claiming to have exfiltrated data allegedly originating from GamaSoft, a Colombian company specializing in POS software for the food and beverage sector. The actor notes the company has over 25 years of experience, more...", "fingerprint": "5800660fbc7e68fb", "hashtags": [], "id": "sliceforlifeee-2015", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 1083, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 201864, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2015", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2015" }, "media_type": "photo", "message_id": 2015, "original_text": "๐Ÿšจ๐Ÿ‡จ๐Ÿ‡ด GamaSoft allegedly targeted in 150GB+ data breach\n\nA threat actor on an underground forum is claiming to have exfiltrated data allegedly originating from GamaSoft, a Colombian company specializing in POS software for the food and beverage sector. The actor notes the company has over 25 years of experience, more than 4,200 installations across Colombia, and generates over 6 million invoices monthly.\n\nThe actor claims to have exfiltrated over 150 GB of data including software installers, databases, backups, invoices, and inventory information.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Client and contact names\nโ€ข Email addresses\nโ€ข Phone and mobile numbers\nโ€ข Addresses and municipality data\nโ€ข Representative names and identity documents\nโ€ข Business/owner details and roles\nโ€ข Tax and franchise data\nโ€ข Software installers and client databases\nโ€ข MySQL dumps (.csv, .sql) and backups from 2015 to 2017\nโ€ข PDF and XML invoices (facturas)\nโ€ข Support folder, activators, and software backups\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: GamaSoft\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Colombia ๐Ÿ‡จ๐Ÿ‡ด\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Technology / POS Software\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: tillthaend\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Exfiltrated databases, clients, and software\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 150 GB+ of data\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free (reply to unlock)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T21:04:05Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "shipping" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2015", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2015" }, "telegram_url": "https://t.me/SliceForLifeee/2015", "text": "๐Ÿšจ๐Ÿ‡จ๐Ÿ‡ด GamaSoft allegedly targeted in 150GB+ data breach\n\nA threat actor on an underground forum is claiming to have exfiltrated data allegedly originating from GamaSoft, a Colombian company specializing in POS software for the food and beverage sector. The actor notes the company has over 25 years of experience, more than 4,200 installations across Colombia, and generates over 6 million invoices monthly.\n\nThe actor claims to have exfiltrated over 150 GB of data including software installers, databases, backups, invoices, and inventory information.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Client and contact names\nโ€ข Email addresses\nโ€ข Phone and mobile numbers\nโ€ข Addresses and municipality data\nโ€ข Representative names and identity documents\nโ€ข Business/owner details and roles\nโ€ข Tax and franchise data\nโ€ข Software installers and client databases\nโ€ข MySQL dumps (.csv, .sql) and backups from 2015 to 2017\nโ€ข PDF and XML invoices (facturas)\nโ€ข Support folder, activators, and software backups\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: GamaSoft\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Colombia ๐Ÿ‡จ๐Ÿ‡ด\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Technology / POS Software\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: tillthaend\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Exfiltrated databases, clients, and software\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 150 GB+ of data\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free (reply to unlock)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2015/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "2811d9d41dc71349", "id": "cluster-2811d9d41dc71349", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T20:57:09Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 160.0, "score_global_percentile": 8.03, "score_source_percentile": 45.95, "source_rank_by_engagement": 21, "stars": 0, "views": 160 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ซ๐Ÿ‡ท Avantages Enseignants allegedly targeted in 126K database leak A threat actor on an underground forum is claiming to have leaked a database allegedly originating from Avantages Enseignants, a French platform dedicated to education professionals (teachers and staff in the National Education system). The actor...", "fingerprint": "2811d9d41dc71349", "hashtags": [], "id": "sliceforlifeee-2014", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 764, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 108493, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2014", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2014" }, "media_type": "photo", "message_id": 2014, "original_text": "๐Ÿšจ๐Ÿ‡ซ๐Ÿ‡ท Avantages Enseignants allegedly targeted in 126K database leak\n\nA threat actor on an underground forum is claiming to have leaked a database allegedly originating from Avantages Enseignants, a French platform dedicated to education professionals (teachers and staff in the National Education system).\n\nThe actor claims the leak contains roughly 126K records across customer and account data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข First and last names\nโ€ข Email addresses\nโ€ข Passwords (hashed)\nโ€ข Telephone numbers\nโ€ข IP addresses\nโ€ข Fax and cart data\nโ€ข Tokens and codes\nโ€ข Account status and approval fields\nโ€ข Wishlist and custom field data\nโ€ข Profile pictures and newsletter status\nโ€ข Account creation and reminder timestamps\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Avantages Enseignants\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: France ๐Ÿ‡ซ๐Ÿ‡ท\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Education\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: kvantize\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~126K records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: 1 Point\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T20:57:09Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2014", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2014" }, "telegram_url": "https://t.me/SliceForLifeee/2014", "text": "๐Ÿšจ๐Ÿ‡ซ๐Ÿ‡ท Avantages Enseignants allegedly targeted in 126K database leak\n\nA threat actor on an underground forum is claiming to have leaked a database allegedly originating from Avantages Enseignants, a French platform dedicated to education professionals (teachers and staff in the National Education system).\n\nThe actor claims the leak contains roughly 126K records across customer and account data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข First and last names\nโ€ข Email addresses\nโ€ข Passwords (hashed)\nโ€ข Telephone numbers\nโ€ข IP addresses\nโ€ข Fax and cart data\nโ€ข Tokens and codes\nโ€ข Account status and approval fields\nโ€ข Wishlist and custom field data\nโ€ข Profile pictures and newsletter status\nโ€ข Account creation and reminder timestamps\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Avantages Enseignants\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: France ๐Ÿ‡ซ๐Ÿ‡ท\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Education\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: kvantize\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~126K records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: 1 Point\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2014/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "c72fcdd0a7a6818f", "id": "cluster-c72fcdd0a7a6818f", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T18:45:39Z", "position": 1, "size": 1 }, "edited_at": "2026-05-31T19:02:01Z", "engagement": { "forwards": 8, "paid_reactions": 0, "reaction_breakdown": { "โค": 11 }, "reactions": 11, "replies": 0, "score_absolute": 2537.0, "score_global_percentile": 40.85, "score_source_percentile": 14.29, "source_rank_by_engagement": 13, "stars": 0, "views": 2435 }, "english_status": "original_english", "excerpt": "Silly emulation gunk: https://tria.ge/260531-gepdbsas8t/behavioral2", "fingerprint": "c72fcdd0a7a6818f", "hashtags": [], "id": "vxunderground-8890", "language": "en", "language_display": "English", "language_original": "en", "media": [], "media_type": "link", "message_id": 8890, "original_text": "Silly emulation gunk: https://tria.ge/260531-gepdbsas8t/behavioral2", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T18:45:39Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware", "tria.ge" ], "telegram_url": "https://t.me/vxunderground/8890", "text": "Silly emulation gunk: https://tria.ge/260531-gepdbsas8t/behavioral2", "url": "https://news.jeremywhittaker.com/item/vxunderground-8890/", "urls": [ "https://tria.ge/260531-gepdbsas8t/behavioral2" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "2e1fb164a0fddf8d", "id": "cluster-2e1fb164a0fddf8d", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T18:43:00Z", "position": 1, "size": 1 }, "edited_at": "2026-05-31T18:43:28Z", "engagement": { "forwards": 19, "paid_reactions": 0, "reaction_breakdown": { "โค": 8, "โคโ€๐Ÿ”ฅ": 2, "๐Ÿ‘": 2, "๐Ÿ’ฏ": 1, "๐Ÿ˜": 32, "๐Ÿ˜ฑ": 2, "๐Ÿคฃ": 1, "๐Ÿฅฐ": 1 }, "reactions": 49, "replies": 0, "score_absolute": 2653.0, "score_global_percentile": 42.27, "score_source_percentile": 21.43, "source_rank_by_engagement": 12, "stars": 0, "views": 2365 }, "english_status": "original_english", "excerpt": "Yesterday I got a funny DM. s00pcan said some AI slop is automatically forking his Linux open-source projects and adding goofy ass ReadMe files to look all fancy. The primary difference though is the ReadMe includes a \"download here\" link which delivers a .zip file. The .zip file contains cool and badass malware. The...", "fingerprint": "2e1fb164a0fddf8d", "hashtags": [], "id": "vxunderground-8889", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 1280, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 229973, "width": 1212 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "vxunderground/8889", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8889" }, "media_type": "photo", "message_id": 8889, "original_text": "Yesterday I got a funny DM. s00pcan said some AI slop is automatically forking his Linux open-source projects and adding goofy ass ReadMe files to look all fancy. The primary difference though is the ReadMe includes a \"download here\" link which delivers a .zip file.\n\nThe .zip file contains cool and badass malware. The malware is also free. Yay\n\nThis is a campaign which has been identified by various AV vendors since April, 2026. It is attributed to StealC.\n\nIn this particular instance though it is very, very silly. The exact mechanic in which this StealC group is using to automagically fork projects on GitHub, insert bogus ReadMe files, etc. is unknown. Clearly it is AI generated. However, this group failed to account for all edge cases because ... this is malware developed for Windows ... but it is from a Linux audio driver fork.\n\nThis yet again however a use case of AI in malware campaigns. StealC has been around forever and clearly isn't AI slop. However, Threat Actors are using AI to generate fancy schmancy ReadMe files. Very cool. Thank you, Mr. Smart GPU-thingy.\n\nThe following GitHub I'll be linking is giving FREE malware. Visiting the page won't give you the free malware. At the top of the ReadMe is a \"Download\" section with a hyperlink to \"pcie_dante_snd_v1.4\".\n\nIf you care what this payload does:\nInside this .zip file is \"Application.cmd\", \"dir-dot-cc\", \"lua51.dll\", and \"loader.exe\".\n\nApplication.cmd is a command line file, it launches loader.exe. Loader.exe is responsible for loading the \"dir\" file. Loader.exe is dependent on lua51.dll because the \"dir\" file is a GIANT obfuscated Lua file.\n\nI hate Lua and I hate dealing with obfuscated Lua, I refuse to be a victim of Lua, so instead of trying to bonk it with a stick I emulated it. Unsurprisingly, the malicious Lua file tries to harvest credentials from Chrome and exfiltrate them to a remote host.\n\nFree malware: github-dot-com/mbyington67-prog/snd-dante-pcie/tree/master\n\ntl;dr ai slopping and forking github, delivers malware that uses obfuscated lua, i like cats a lot", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T18:43:00Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware", "osint" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "vxunderground/8889", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8889" }, "telegram_url": "https://t.me/vxunderground/8889", "text": "Yesterday I got a funny DM. s00pcan said some AI slop is automatically forking his Linux open-source projects and adding goofy ass ReadMe files to look all fancy. The primary difference though is the ReadMe includes a \"download here\" link which delivers a .zip file.\n\nThe .zip file contains cool and badass malware. The malware is also free. Yay\n\nThis is a campaign which has been identified by various AV vendors since April, 2026. It is attributed to StealC.\n\nIn this particular instance though it is very, very silly. The exact mechanic in which this StealC group is using to automagically fork projects on GitHub, insert bogus ReadMe files, etc. is unknown. Clearly it is AI generated. However, this group failed to account for all edge cases because ... this is malware developed for Windows ... but it is from a Linux audio driver fork.\n\nThis yet again however a use case of AI in malware campaigns. StealC has been around forever and clearly isn't AI slop. However, Threat Actors are using AI to generate fancy schmancy ReadMe files. Very cool. Thank you, Mr. Smart GPU-thingy.\n\nThe following GitHub I'll be linking is giving FREE malware. Visiting the page won't give you the free malware. At the top of the ReadMe is a \"Download\" section with a hyperlink to \"pcie_dante_snd_v1.4\".\n\nIf you care what this payload does:\nInside this .zip file is \"Application.cmd\", \"dir-dot-cc\", \"lua51.dll\", and \"loader.exe\".\n\nApplication.cmd is a command line file, it launches loader.exe. Loader.exe is responsible for loading the \"dir\" file. Loader.exe is dependent on lua51.dll because the \"dir\" file is a GIANT obfuscated Lua file.\n\nI hate Lua and I hate dealing with obfuscated Lua, I refuse to be a victim of Lua, so instead of trying to bonk it with a stick I emulated it. Unsurprisingly, the malicious Lua file tries to harvest credentials from Chrome and exfiltrate them to a remote host.\n\nFree malware: github-dot-com/mbyington67-prog/snd-dante-pcie/tree/master\n\ntl;dr ai slopping and forking github, delivers malware that uses obfuscated lua, i like cats a lot", "url": "https://news.jeremywhittaker.com/item/vxunderground-8889/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "1de3cff725316453", "id": "cluster-1de3cff725316453", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T17:51:44Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 1, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 219.0, "score_global_percentile": 9.16, "score_source_percentile": 91.89, "source_rank_by_engagement": 4, "stars": 0, "views": 209 }, "english_status": "original_english", "excerpt": "๐Ÿšจ FedEx account checker tool advertised on underground forum A threat actor on an underground forum is advertising a FedEx \"mail pass\" account checker, a credential-stuffing tool designed to validate stolen email/password combinations against FedEx accounts. The seller markets it as request-based with updated API...", "fingerprint": "1de3cff725316453", "hashtags": [], "id": "sliceforlifeee-2012", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 978, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 131977, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2012", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2012" }, "media_type": "photo", "message_id": 2012, "original_text": "๐Ÿšจ FedEx account checker tool advertised on underground forum\n\nA threat actor on an underground forum is advertising a FedEx \"mail pass\" account checker, a credential-stuffing tool designed to validate stolen email/password combinations against FedEx accounts. The seller markets it as request-based with updated API handling and anti-bot bypass.\n\nThe listing promotes the tool to other forum members and claims it can pull account profile data from validated logins.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฏ๐—ฒ๐—ถ๐—ป๐—ด ๐—ฎ๐—ฑ๐˜ƒ๐—ฒ๐—ฟ๐˜๐—ถ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข A request-based credential checker targeting FedEx accounts\nโ€ข Claimed anti-bot / WAF bypass handling\nโ€ข Automated validation of email:password combolists\nโ€ข Capture of account profile details from valid logins (name, contact info, address, account balance fields)\nโ€ข Marketed throughput of several hundred checks per minute\nโ€ข Sold as a single GO script copy\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: FedEx (account checker tooling)\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Cybercrime Tooling\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: DataKernel\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Selling FedEx credential-checking tool\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Account-validation / credential-stuffing tool\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Single copy (middleman accepted)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T17:51:44Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "markets" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2012", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2012" }, "telegram_url": "https://t.me/SliceForLifeee/2012", "text": "๐Ÿšจ FedEx account checker tool advertised on underground forum\n\nA threat actor on an underground forum is advertising a FedEx \"mail pass\" account checker, a credential-stuffing tool designed to validate stolen email/password combinations against FedEx accounts. The seller markets it as request-based with updated API handling and anti-bot bypass.\n\nThe listing promotes the tool to other forum members and claims it can pull account profile data from validated logins.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฏ๐—ฒ๐—ถ๐—ป๐—ด ๐—ฎ๐—ฑ๐˜ƒ๐—ฒ๐—ฟ๐˜๐—ถ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข A request-based credential checker targeting FedEx accounts\nโ€ข Claimed anti-bot / WAF bypass handling\nโ€ข Automated validation of email:password combolists\nโ€ข Capture of account profile details from valid logins (name, contact info, address, account balance fields)\nโ€ข Marketed throughput of several hundred checks per minute\nโ€ข Sold as a single GO script copy\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: FedEx (account checker tooling)\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Cybercrime Tooling\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: DataKernel\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Selling FedEx credential-checking tool\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Account-validation / credential-stuffing tool\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Single copy (middleman accepted)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2012/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "1d344364923068be", "id": "cluster-1d344364923068be", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T16:18:28Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 4, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 256.0, "score_global_percentile": 9.57, "score_source_percentile": 100.0, "source_rank_by_engagement": 1, "stars": 0, "views": 216 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ฌ๐Ÿ‡ง๐Ÿ‡ฎ๐Ÿ‡ช Nando's allegedly targeted in employee database breach A threat actor on an underground forum is claiming to sell an employee database allegedly originating from Nando's, the restaurant chain. The actor says the breach occurred as of May 30, 2026, and the data consists mainly of UK and Irish employees. The...", "fingerprint": "1d344364923068be", "hashtags": [], "id": "sliceforlifeee-2011", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 478, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 68697, "width": 1200 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2011", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2011" }, "media_type": "photo", "message_id": 2011, "original_text": "๐Ÿšจ๐Ÿ‡ฌ๐Ÿ‡ง๐Ÿ‡ฎ๐Ÿ‡ช Nando's allegedly targeted in employee database breach\n\nA threat actor on an underground forum is claiming to sell an employee database allegedly originating from Nando's, the restaurant chain. The actor says the breach occurred as of May 30, 2026, and the data consists mainly of UK and Irish employees.\n\nThe actor claims the database contains 87,000 records of past and current \"Nandoca\" employees.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names\nโ€ข Job titles and supervisory groups\nโ€ข Business and personal email addresses\nโ€ข Mobile and landline phone numbers\nโ€ข Employment locations\nโ€ข Employee roles\nโ€ข Business locations and numbers\nโ€ข Cost center information\nโ€ข Job listing information including salaries\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Nando's\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: United Kingdom ๐Ÿ‡ฌ๐Ÿ‡ง / Ireland ๐Ÿ‡ฎ๐Ÿ‡ช\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Retail / Restaurant\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: failing2\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked employee database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 87,000 records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: $1,000\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T16:18:28Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2011", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2011" }, "telegram_url": "https://t.me/SliceForLifeee/2011", "text": "๐Ÿšจ๐Ÿ‡ฌ๐Ÿ‡ง๐Ÿ‡ฎ๐Ÿ‡ช Nando's allegedly targeted in employee database breach\n\nA threat actor on an underground forum is claiming to sell an employee database allegedly originating from Nando's, the restaurant chain. The actor says the breach occurred as of May 30, 2026, and the data consists mainly of UK and Irish employees.\n\nThe actor claims the database contains 87,000 records of past and current \"Nandoca\" employees.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names\nโ€ข Job titles and supervisory groups\nโ€ข Business and personal email addresses\nโ€ข Mobile and landline phone numbers\nโ€ข Employment locations\nโ€ข Employee roles\nโ€ข Business locations and numbers\nโ€ข Cost center information\nโ€ข Job listing information including salaries\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Nando's\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: United Kingdom ๐Ÿ‡ฌ๐Ÿ‡ง / Ireland ๐Ÿ‡ฎ๐Ÿ‡ช\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Retail / Restaurant\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: failing2\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked employee database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 87,000 records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: $1,000\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2011/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "d6f52dbe085a873d", "id": "cluster-d6f52dbe085a873d", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T16:05:09Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 1, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 190.0, "score_global_percentile": 8.69, "score_source_percentile": 75.68, "source_rank_by_engagement": 10, "stars": 0, "views": 180 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ซ๐Ÿ‡ท Air Austral allegedly targeted in database leak A threat actor on an underground forum is claiming to have leaked a database allegedly originating from Air Austral, a French airline specializing in flights between the Indian Ocean, metropolitan France, southern Africa, and certain Asian destinations. The actor is...", "fingerprint": "d6f52dbe085a873d", "hashtags": [], "id": "sliceforlifeee-2010", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 599, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 85891, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2010", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2010" }, "media_type": "photo", "message_id": 2010, "original_text": "๐Ÿšจ๐Ÿ‡ซ๐Ÿ‡ท Air Austral allegedly targeted in database leak\n\nA threat actor on an underground forum is claiming to have leaked a database allegedly originating from Air Austral, a French airline specializing in flights between the Indian Ocean, metropolitan France, southern Africa, and certain Asian destinations. The actor is releasing the data for free.\n\nThe actor claims the leak contains roughly 1K records in JSON format (~125 KB), appearing to be employee/staff data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข First and last names\nโ€ข Email addresses\nโ€ข Job titles (fonction)\nโ€ข Department/service\nโ€ข Location (localisation)\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Air Austral\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: France ๐Ÿ‡ซ๐Ÿ‡ท\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Aviation / Airline\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: ChimeraZ\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~1K records (~125 KB)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T16:05:09Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2010", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2010" }, "telegram_url": "https://t.me/SliceForLifeee/2010", "text": "๐Ÿšจ๐Ÿ‡ซ๐Ÿ‡ท Air Austral allegedly targeted in database leak\n\nA threat actor on an underground forum is claiming to have leaked a database allegedly originating from Air Austral, a French airline specializing in flights between the Indian Ocean, metropolitan France, southern Africa, and certain Asian destinations. The actor is releasing the data for free.\n\nThe actor claims the leak contains roughly 1K records in JSON format (~125 KB), appearing to be employee/staff data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข First and last names\nโ€ข Email addresses\nโ€ข Job titles (fonction)\nโ€ข Department/service\nโ€ข Location (localisation)\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Air Austral\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: France ๐Ÿ‡ซ๐Ÿ‡ท\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Aviation / Airline\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: ChimeraZ\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~1K records (~125 KB)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2010/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "cfcba89b1794b0ce", "id": "cluster-cfcba89b1794b0ce", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T15:56:36Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 1, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 172.0, "score_global_percentile": 8.38, "score_source_percentile": 59.46, "source_rank_by_engagement": 16, "stars": 0, "views": 162 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡บ๐Ÿ‡ธ MoniCare allegedly targeted in breach exposing 40K+ consumers A threat actor on an underground forum is claiming to sell a dataset allegedly originating from MoniCare, a Chicago-based domestic staffing agency that places professional nannies, babysitters, housekeepers, household managers, personal assistants, and...", "fingerprint": "cfcba89b1794b0ce", "hashtags": [], "id": "sliceforlifeee-2009", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 944, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 137675, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2009", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2009" }, "media_type": "photo", "message_id": 2009, "original_text": "๐Ÿšจ๐Ÿ‡บ๐Ÿ‡ธ MoniCare allegedly targeted in breach exposing 40K+ consumers\n\nA threat actor on an underground forum is claiming to sell a dataset allegedly originating from MoniCare, a Chicago-based domestic staffing agency that places professional nannies, babysitters, housekeepers, household managers, personal assistants, and caregivers.\n\nThe actor claims the breach contains over 40K consumer records along with a collection of identity documents.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names\nโ€ข Email addresses\nโ€ข Phone numbers\nโ€ข Addresses\nโ€ข Ages\nโ€ข PDF document attachments (driver's licenses, identification cards, passports, resumes, reference letters, vaccination cards)\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: MoniCare\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: United States ๐Ÿ‡บ๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Staffing / Domestic Services\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: 2019\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked consumer database and identity documents\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 40K+ records (2 datasets)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T15:56:36Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2009", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2009" }, "telegram_url": "https://t.me/SliceForLifeee/2009", "text": "๐Ÿšจ๐Ÿ‡บ๐Ÿ‡ธ MoniCare allegedly targeted in breach exposing 40K+ consumers\n\nA threat actor on an underground forum is claiming to sell a dataset allegedly originating from MoniCare, a Chicago-based domestic staffing agency that places professional nannies, babysitters, housekeepers, household managers, personal assistants, and caregivers.\n\nThe actor claims the breach contains over 40K consumer records along with a collection of identity documents.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names\nโ€ข Email addresses\nโ€ข Phone numbers\nโ€ข Addresses\nโ€ข Ages\nโ€ข PDF document attachments (driver's licenses, identification cards, passports, resumes, reference letters, vaccination cards)\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: MoniCare\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: United States ๐Ÿ‡บ๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Staffing / Domestic Services\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: 2019\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked consumer database and identity documents\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 40K+ records (2 datasets)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2009/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "57a4350d411c36b3", "id": "cluster-57a4350d411c36b3", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T15:48:40Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 1, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 160.0, "score_global_percentile": 8.01, "score_source_percentile": 43.24, "source_rank_by_engagement": 22, "stars": 0, "views": 150 }, "english_status": "original_english", "excerpt": "โ€ผ๏ธ New Dark Web Informer Blog Post! Title: Australian Workplace Catering Platform Hampr Hit by Alleged 360K+ Record Leak Link: https://darkwebinformer.com/australian-workplace-catering-platform-hampr-hit-by-alleged-360k-record-leak/", "fingerprint": "57a4350d411c36b3", "hashtags": [], "id": "sliceforlifeee-2008", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 630, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 145225, "width": 1200 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2008", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2008" }, "media_type": "photo", "message_id": 2008, "original_text": "โ€ผ๏ธ New Dark Web Informer Blog Post!\n\nTitle: Australian Workplace Catering Platform Hampr Hit by Alleged 360K+ Record Leak\n\nLink: https://darkwebinformer.com/australian-workplace-catering-platform-hampr-hit-by-alleged-360k-record-leak/", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T15:48:40Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "darkwebinformer.com" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2008", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2008" }, "telegram_url": "https://t.me/SliceForLifeee/2008", "text": "โ€ผ๏ธ New Dark Web Informer Blog Post!\n\nTitle: Australian Workplace Catering Platform Hampr Hit by Alleged 360K+ Record Leak\n\nLink: https://darkwebinformer.com/australian-workplace-catering-platform-hampr-hit-by-alleged-360k-record-leak/", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2008/", "urls": [ "https://darkwebinformer.com/australian-workplace-catering-platform-hampr-hit-by-alleged-360k-record-leak/" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "deeb22168ffb08aa", "id": "cluster-deeb22168ffb08aa", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T15:38:44Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 1, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 166.0, "score_global_percentile": 8.2, "score_source_percentile": 51.35, "source_rank_by_engagement": 19, "stars": 0, "views": 156 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡บ๐Ÿ‡ธ Bridges Bay Resort allegedly targeted in database leak A threat actor on an underground forum is claiming to have leaked a database allegedly originating from Bridges Bay Resort, a lakeside resort and waterpark located in Okoboji, Iowa. The actor is releasing the data for free. The actor claims the leak contains...", "fingerprint": "deeb22168ffb08aa", "hashtags": [], "id": "sliceforlifeee-2007", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 906, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 154805, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2007", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2007" }, "media_type": "photo", "message_id": 2007, "original_text": "๐Ÿšจ๐Ÿ‡บ๐Ÿ‡ธ Bridges Bay Resort allegedly targeted in database leak\n\nA threat actor on an underground forum is claiming to have leaked a database allegedly originating from Bridges Bay Resort, a lakeside resort and waterpark located in Okoboji, Iowa. The actor is releasing the data for free.\n\nThe actor claims the leak contains 52,744 visitors and 85 users.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Visitor and user names\nโ€ข Email addresses\nโ€ข Phone numbers\nโ€ข Visitor consent and signature fields\nโ€ข Room numbers\nโ€ข Document/PDF links (hosted on S3)\nโ€ข User agents and source data\nโ€ข Account creation and update timestamps\nโ€ข Approval status and member counts\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Bridges Bay Resort\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: United States ๐Ÿ‡บ๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Hospitality / Tourism\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: MirrorShell\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 52,744 visitors and 85 users\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T15:38:44Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2007", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2007" }, "telegram_url": "https://t.me/SliceForLifeee/2007", "text": "๐Ÿšจ๐Ÿ‡บ๐Ÿ‡ธ Bridges Bay Resort allegedly targeted in database leak\n\nA threat actor on an underground forum is claiming to have leaked a database allegedly originating from Bridges Bay Resort, a lakeside resort and waterpark located in Okoboji, Iowa. The actor is releasing the data for free.\n\nThe actor claims the leak contains 52,744 visitors and 85 users.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Visitor and user names\nโ€ข Email addresses\nโ€ข Phone numbers\nโ€ข Visitor consent and signature fields\nโ€ข Room numbers\nโ€ข Document/PDF links (hosted on S3)\nโ€ข User agents and source data\nโ€ข Account creation and update timestamps\nโ€ข Approval status and member counts\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Bridges Bay Resort\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: United States ๐Ÿ‡บ๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Hospitality / Tourism\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: MirrorShell\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 52,744 visitors and 85 users\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2007/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "e51c5600247488c1", "id": "cluster-e51c5600247488c1", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T15:28:18Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 1, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 164.0, "score_global_percentile": 8.17, "score_source_percentile": 48.65, "source_rank_by_engagement": 20, "stars": 0, "views": 154 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ฎ๐Ÿ‡ฉ Ratakan allegedly targeted in free database leak exposing 80K records A threat actor on an underground forum is claiming to have published a database allegedly originating from Ratakan, an Indonesian digital marketplace and affiliate sales platform. The actor is releasing the data for free. The actor claims the...", "fingerprint": "e51c5600247488c1", "hashtags": [], "id": "sliceforlifeee-2005", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 855, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 137435, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2005", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2005" }, "media_type": "photo", "message_id": 2005, "original_text": "๐Ÿšจ๐Ÿ‡ฎ๐Ÿ‡ฉ Ratakan allegedly targeted in free database leak exposing 80K records\n\nA threat actor on an underground forum is claiming to have published a database allegedly originating from Ratakan, an Indonesian digital marketplace and affiliate sales platform. The actor is releasing the data for free.\n\nThe actor claims the leak contains roughly 80K records across user and sales data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Usernames and full names\nโ€ข Email addresses\nโ€ข Phone numbers\nโ€ข Passwords (plaintext and hashed)\nโ€ข Login tokens and device IDs\nโ€ข Account verification status\nโ€ข Profile, avatar, and banner image paths\nโ€ข Linked social media handles (Facebook, Instagram, Twitter, Google)\nโ€ข Sales, vendor, buyer, and affiliate commission data\nโ€ข Purchase status and payment account fields\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Ratakan\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Indonesia ๐Ÿ‡ฎ๐Ÿ‡ฉ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Retail / E-commerce\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Bambi\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Free database leak\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~80K records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T15:28:18Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "markets" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2005", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2005" }, "telegram_url": "https://t.me/SliceForLifeee/2005", "text": "๐Ÿšจ๐Ÿ‡ฎ๐Ÿ‡ฉ Ratakan allegedly targeted in free database leak exposing 80K records\n\nA threat actor on an underground forum is claiming to have published a database allegedly originating from Ratakan, an Indonesian digital marketplace and affiliate sales platform. The actor is releasing the data for free.\n\nThe actor claims the leak contains roughly 80K records across user and sales data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Usernames and full names\nโ€ข Email addresses\nโ€ข Phone numbers\nโ€ข Passwords (plaintext and hashed)\nโ€ข Login tokens and device IDs\nโ€ข Account verification status\nโ€ข Profile, avatar, and banner image paths\nโ€ข Linked social media handles (Facebook, Instagram, Twitter, Google)\nโ€ข Sales, vendor, buyer, and affiliate commission data\nโ€ข Purchase status and payment account fields\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Ratakan\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Indonesia ๐Ÿ‡ฎ๐Ÿ‡ฉ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Retail / E-commerce\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Bambi\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Free database leak\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~80K records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2005/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "3928e3cecef8efad", "id": "cluster-3928e3cecef8efad", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T15:18:18Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 1, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 180.0, "score_global_percentile": 8.52, "score_source_percentile": 70.27, "source_rank_by_engagement": 12, "stars": 0, "views": 170 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ฎ๐Ÿ‡ณ Mydukaan allegedly targeted in massive breach exposing 100M users A threat actor on an underground forum is claiming to sell a full database dump allegedly originating from Mydukaan, an e-commerce platform (described as similar to Shopify) widely used in India. The actor claims the dump contains roughly 100M...", "fingerprint": "3928e3cecef8efad", "hashtags": [], "id": "sliceforlifeee-2004", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 1185, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 166289, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2004", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2004" }, "media_type": "photo", "message_id": 2004, "original_text": "๐Ÿšจ๐Ÿ‡ฎ๐Ÿ‡ณ Mydukaan allegedly targeted in massive breach exposing 100M users\n\nA threat actor on an underground forum is claiming to sell a full database dump allegedly originating from Mydukaan, an e-commerce platform (described as similar to Shopify) widely used in India.\n\nThe actor claims the dump contains roughly 100M users, including purchase history and encrypted payment API keys.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Usernames, first and last names\nโ€ข Email addresses\nโ€ข Phone numbers\nโ€ข Passwords and account status fields\nโ€ข Full buyer addresses (line, city, state, pin, country)\nโ€ข Purchase and transaction history\nโ€ข Order, store lead, and seller data\nโ€ข Encrypted payment API keys\nโ€ข Activity logs and reseller SKU mapping\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Mydukaan\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: India ๐Ÿ‡ฎ๐Ÿ‡ณ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Retail / E-commerce\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: stalker8083\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Full database dump\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~100M users\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: $10,000 (open to negotiation)\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T15:18:18Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2004", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2004" }, "telegram_url": "https://t.me/SliceForLifeee/2004", "text": "๐Ÿšจ๐Ÿ‡ฎ๐Ÿ‡ณ Mydukaan allegedly targeted in massive breach exposing 100M users\n\nA threat actor on an underground forum is claiming to sell a full database dump allegedly originating from Mydukaan, an e-commerce platform (described as similar to Shopify) widely used in India.\n\nThe actor claims the dump contains roughly 100M users, including purchase history and encrypted payment API keys.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Usernames, first and last names\nโ€ข Email addresses\nโ€ข Phone numbers\nโ€ข Passwords and account status fields\nโ€ข Full buyer addresses (line, city, state, pin, country)\nโ€ข Purchase and transaction history\nโ€ข Order, store lead, and seller data\nโ€ข Encrypted payment API keys\nโ€ข Activity logs and reseller SKU mapping\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Mydukaan\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: India ๐Ÿ‡ฎ๐Ÿ‡ณ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Retail / E-commerce\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: stalker8083\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Full database dump\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~100M users\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: $10,000 (open to negotiation)\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2004/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity news perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "BleepingComputer", "handle": "bleepingcomputer", "id": "telegram:bleepingcomputer", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity news publisher.", "rank": 11, "risk_label": "Incident claims should be checked against affected-party statements", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "incident reporting" ], "tier": "Tier 2", "title": "BleepingComputer", "url": "https://t.me/bleepingcomputer" }, "channel_handle": "bleepingcomputer", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "86b4373ffc2c9316", "id": "cluster-86b4373ffc2c9316", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T15:13:17Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 6, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 499.0, "score_global_percentile": 14.2, "score_source_percentile": 72.73, "source_rank_by_engagement": 4, "stars": 0, "views": 439 }, "english_status": "original_english", "excerpt": "WP Maps Pro bug exploited to create admin accounts on WordPress sites Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. [...]...", "fingerprint": "86b4373ffc2c9316", "hashtags": [], "id": "bleepingcomputer-24785", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 900, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 171808, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24785", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24785" }, "media_type": "photo", "message_id": 24785, "original_text": "WP Maps Pro bug exploited to create admin accounts on WordPress sites\n\nHackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. [...]\n\nhttps://www.bleepingcomputer.com/news/security/wp-maps-pro-bug-exploited-to-create-admin-accounts-on-wordpress-sites/", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T15:13:17Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "incident-reporting", "bleepingcomputer.com", "exploit" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24785", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24785" }, "telegram_url": "https://t.me/bleepingcomputer/24785", "text": "WP Maps Pro bug exploited to create admin accounts on WordPress sites\n\nHackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. [...]\n\nhttps://www.bleepingcomputer.com/news/security/wp-maps-pro-bug-exploited-to-create-admin-accounts-on-wordpress-sites/", "url": "https://news.jeremywhittaker.com/item/bleepingcomputer-24785/", "urls": [ "https://www.bleepingcomputer.com/news/security/wp-maps-pro-bug-exploited-to-create-admin-accounts-on-wordpress-sites/" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "6c1978398190fe53", "id": "cluster-6c1978398190fe53", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T14:58:06Z", "position": 1, "size": 1 }, "edited_at": "2026-05-31T17:31:54Z", "engagement": { "forwards": 2, "paid_reactions": 0, "reaction_breakdown": { "โค": 1 }, "reactions": 1, "replies": 0, "score_absolute": 202.0, "score_global_percentile": 8.91, "score_source_percentile": 86.49, "source_rank_by_engagement": 6, "stars": 0, "views": 180 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡จ๐Ÿ‡ด CNE (National Electoral Council) allegedly targeted by EsqueleSquad A threat actor on an underground forum, attributing the leak to a group called EsqueleSquad, is claiming to have obtained confidential material directly from the CNE (Consejo Nacional Electoral), Colombia's National Electoral Council, and related...", "fingerprint": "6c1978398190fe53", "hashtags": [], "id": "sliceforlifeee-2001", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 1212, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 184090, "width": 1200 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2001", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2001" }, "media_type": "photo", "message_id": 2001, "original_text": "๐Ÿšจ๐Ÿ‡จ๐Ÿ‡ด CNE (National Electoral Council) allegedly targeted by EsqueleSquad\n\nA threat actor on an underground forum, attributing the leak to a group called EsqueleSquad, is claiming to have obtained confidential material directly from the CNE (Consejo Nacional Electoral), Colombia's National Electoral Council, and related sources. The actor timed the post to coincide with Colombia's elections.\n\nThe actor claims to hold internal confidential documents and campaign financing records.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข CNE internal confidential documents (internal reports, audit findings, formal complaints about electoral irregularities)\nโ€ข Sensitive correspondence between CNE officials and campaign teams\nโ€ข Documents showing weaknesses and anomalies in the voter registry and polling stations\nโ€ข 2026 campaign financing records (declared and hidden donor lists)\nโ€ข Alleged dark money movements and suspicious transfers\nโ€ข Ghost companies and large contracts awarded to campaign donors\nโ€ข Discrepancies between official reports and actual financial movements\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: CNE (Consejo Nacional Electoral)\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Colombia ๐Ÿ‡จ๐Ÿ‡ด\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government / Elections\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Hydr0gen (EsqueleSquad)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Confidential electoral documents and campaign financing records\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Internal documents and financial records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T14:58:06Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "state-media" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2001", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2001" }, "telegram_url": "https://t.me/SliceForLifeee/2001", "text": "๐Ÿšจ๐Ÿ‡จ๐Ÿ‡ด CNE (National Electoral Council) allegedly targeted by EsqueleSquad\n\nA threat actor on an underground forum, attributing the leak to a group called EsqueleSquad, is claiming to have obtained confidential material directly from the CNE (Consejo Nacional Electoral), Colombia's National Electoral Council, and related sources. The actor timed the post to coincide with Colombia's elections.\n\nThe actor claims to hold internal confidential documents and campaign financing records.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข CNE internal confidential documents (internal reports, audit findings, formal complaints about electoral irregularities)\nโ€ข Sensitive correspondence between CNE officials and campaign teams\nโ€ข Documents showing weaknesses and anomalies in the voter registry and polling stations\nโ€ข 2026 campaign financing records (declared and hidden donor lists)\nโ€ข Alleged dark money movements and suspicious transfers\nโ€ข Ghost companies and large contracts awarded to campaign donors\nโ€ข Discrepancies between official reports and actual financial movements\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: CNE (Consejo Nacional Electoral)\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Colombia ๐Ÿ‡จ๐Ÿ‡ด\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government / Elections\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Hydr0gen (EsqueleSquad)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Confidential electoral documents and campaign financing records\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Internal documents and financial records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2001/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity trade-publication perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "The Hacker News", "handle": "thehackernews", "id": "telegram:thehackernews", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity publication.", "rank": 8, "risk_label": "Technical reporting should be checked against vendor advisories", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "research source" ], "tier": "Tier 1", "title": "The Hacker News", "url": "https://t.me/thehackernews" }, "channel_handle": "thehackernews", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "0c75cc21779b370c", "id": "cluster-0c75cc21779b370c", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T12:23:27Z", "position": 1, "size": 1 }, "edited_at": "2026-05-31T12:25:52Z", "engagement": { "forwards": 22, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ‘": 3, "๐Ÿ‘": 10, "๐Ÿ”ฅ": 2, "๐Ÿ˜": 14, "๐Ÿค”": 5 }, "reactions": 34, "replies": 0, "score_absolute": 4750.0, "score_global_percentile": 62.16, "score_source_percentile": 62.5, "source_rank_by_engagement": 4, "stars": 0, "views": 4462 }, "english_status": "original_english", "excerpt": "Dutch authorities have dismantled a botnet comprising at least 17 million infected devices, including computers, smartphones, tablets, and IoT devices. More than 200 servers in the Netherlands supported the operation. Police seized a subset of the infrastructure, and the hosting provider subsequently took the network...", "fingerprint": "0c75cc21779b370c", "hashtags": [], "id": "thehackernews-9116", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 380, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 49821, "width": 728 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "thehackernews/9116", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9116" }, "media_type": "photo", "message_id": 9116, "original_text": "Dutch authorities have dismantled a botnet comprising at least 17 million infected devices, including computers, smartphones, tablets, and IoT devices.\n\nMore than 200 servers in the Netherlands supported the operation. Police seized a subset of the infrastructure, and the hosting provider subsequently took the network offline.\n\nRead: https://thehackernews.com/2026/05/dutch-authorities-dismantle-botnet.html", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T12:23:27Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "research-source", "thehackernews.com", "malware" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "thehackernews/9116", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9116" }, "telegram_url": "https://t.me/thehackernews/9116", "text": "Dutch authorities have dismantled a botnet comprising at least 17 million infected devices, including computers, smartphones, tablets, and IoT devices.\n\nMore than 200 servers in the Netherlands supported the operation. Police seized a subset of the infrastructure, and the hosting provider subsequently took the network offline.\n\nRead: https://thehackernews.com/2026/05/dutch-authorities-dismantle-botnet.html", "url": "https://news.jeremywhittaker.com/item/thehackernews-9116/", "urls": [ "https://thehackernews.com/2026/05/dutch-authorities-dismantle-botnet.html" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "f40139e8f6a0d9aa", "id": "cluster-f40139e8f6a0d9aa", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T01:13:34Z", "position": 1, "size": 1 }, "edited_at": "2026-05-31T01:49:21Z", "engagement": { "forwards": 0, "paid_reactions": 1, "reaction_breakdown": { "ReactionPaid()": 1 }, "reactions": 1, "replies": 0, "score_absolute": 63.0, "score_global_percentile": 4.28, "score_source_percentile": 8.11, "source_rank_by_engagement": 35, "stars": 1, "views": 36 }, "english_status": "original_english", "excerpt": "๐Ÿšจ FalkonC2 Windows RAT advertised on a Russian speaking underground forum A threat actor on an underground forum is advertising FalkonC2, a private Windows remote access trojan (RAT) written in C++ and assembly. The seller markets two payload variants, one aimed at consumer systems and one at corporate environments,...", "fingerprint": "f40139e8f6a0d9aa", "hashtags": [], "id": "sliceforlifeee-1999", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 923, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 186915, "width": 1650 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1999", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1999" }, "media_type": "photo", "message_id": 1999, "original_text": "๐Ÿšจ FalkonC2 Windows RAT advertised on a Russian speaking underground forum\n\nA threat actor on an underground forum is advertising FalkonC2, a private Windows remote access trojan (RAT) written in C++ and assembly. The seller markets two payload variants, one aimed at consumer systems and one at corporate environments, and claims the malware operates in memory and is designed to evade common antivirus and EDR products.\n\nThe listing promotes the tool to other forum members on a paid monthly subscription basis.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฏ๐—ฒ๐—ถ๐—ป๐—ด ๐—ฎ๐—ฑ๐˜ƒ๐—ฒ๐—ฟ๐˜๐—ถ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข A private Windows RAT (DLL and EXE payloads)\nโ€ข Two variants: one targeting consumer systems, one targeting corporate systems\nโ€ข Claimed antivirus and EDR/XDR evasion\nโ€ข Remote shell and remote management capabilities\nโ€ข Reconnaissance, persistence, and privilege escalation features\nโ€ข Multiple architecture outputs (x32, x64, arm64)\nโ€ข Claimed support across modern Windows desktop and server versions\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: N/A (offensive malware)\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Cybercrime Tooling / Malware-as-a-Service\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: DarkFalcon\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Selling private Windows RAT (FalkonC2)\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Remote access trojan with claimed AV/EDR evasion\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Monthly subscription (consumer tier โ‚ฌ249, corporate tier โ‚ฌ1,499)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 23, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T01:13:34Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "malware", "markets", "russia", "shipping" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1999", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1999" }, "telegram_url": "https://t.me/SliceForLifeee/1999", "text": "๐Ÿšจ FalkonC2 Windows RAT advertised on a Russian speaking underground forum\n\nA threat actor on an underground forum is advertising FalkonC2, a private Windows remote access trojan (RAT) written in C++ and assembly. The seller markets two payload variants, one aimed at consumer systems and one at corporate environments, and claims the malware operates in memory and is designed to evade common antivirus and EDR products.\n\nThe listing promotes the tool to other forum members on a paid monthly subscription basis.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฏ๐—ฒ๐—ถ๐—ป๐—ด ๐—ฎ๐—ฑ๐˜ƒ๐—ฒ๐—ฟ๐˜๐—ถ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข A private Windows RAT (DLL and EXE payloads)\nโ€ข Two variants: one targeting consumer systems, one targeting corporate systems\nโ€ข Claimed antivirus and EDR/XDR evasion\nโ€ข Remote shell and remote management capabilities\nโ€ข Reconnaissance, persistence, and privilege escalation features\nโ€ข Multiple architecture outputs (x32, x64, arm64)\nโ€ข Claimed support across modern Windows desktop and server versions\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: N/A (offensive malware)\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Cybercrime Tooling / Malware-as-a-Service\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: DarkFalcon\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Selling private Windows RAT (FalkonC2)\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Remote access trojan with claimed AV/EDR evasion\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Monthly subscription (consumer tier โ‚ฌ249, corporate tier โ‚ฌ1,499)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 23, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1999/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "85cc523cab48f2bf", "id": "cluster-85cc523cab48f2bf", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T23:51:00Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 62.0, "score_global_percentile": 4.26, "score_source_percentile": 5.41, "source_rank_by_engagement": 36, "stars": 0, "views": 62 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ฆ๐Ÿ‡บ RIC Publications allegedly targeted in breach exposing 116K+ customers A threat actor on an underground forum is claiming to sell a dataset allegedly originating from RIC Publications, an Australian educational publishing company that develops teaching resources, student workbooks, lesson plans, and...", "fingerprint": "85cc523cab48f2bf", "hashtags": [], "id": "sliceforlifeee-1997", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 739, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 133937, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1997", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1997" }, "media_type": "photo", "message_id": 1997, "original_text": "๐Ÿšจ๐Ÿ‡ฆ๐Ÿ‡บ RIC Publications allegedly targeted in breach exposing 116K+ customers\n\nA threat actor on an underground forum is claiming to sell a dataset allegedly originating from RIC Publications, an Australian educational publishing company that develops teaching resources, student workbooks, lesson plans, and curriculum-aligned classroom content for schools.\n\nThe actor claims the breach contains over 116K customer records.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข First and last names\nโ€ข Email addresses\nโ€ข Telephone numbers\nโ€ข Street addresses (city, state, post code)\nโ€ข IP addresses\nโ€ข Order IDs, order codes, and store codes\nโ€ข Payment method and payment details\nโ€ข Full price, paid price, and amounts\nโ€ข School and product names\nโ€ข POS codes and signature-required flags\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: RIC Publications\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Australia ๐Ÿ‡ฆ๐Ÿ‡บ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Education / Publishing\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: 2019\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked customer database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 116K+ records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Offer / one-time sale (BTC, ETH, XMR)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T23:51:00Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "bitcoin" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1997", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1997" }, "telegram_url": "https://t.me/SliceForLifeee/1997", "text": "๐Ÿšจ๐Ÿ‡ฆ๐Ÿ‡บ RIC Publications allegedly targeted in breach exposing 116K+ customers\n\nA threat actor on an underground forum is claiming to sell a dataset allegedly originating from RIC Publications, an Australian educational publishing company that develops teaching resources, student workbooks, lesson plans, and curriculum-aligned classroom content for schools.\n\nThe actor claims the breach contains over 116K customer records.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข First and last names\nโ€ข Email addresses\nโ€ข Telephone numbers\nโ€ข Street addresses (city, state, post code)\nโ€ข IP addresses\nโ€ข Order IDs, order codes, and store codes\nโ€ข Payment method and payment details\nโ€ข Full price, paid price, and amounts\nโ€ข School and product names\nโ€ข POS codes and signature-required flags\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: RIC Publications\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Australia ๐Ÿ‡ฆ๐Ÿ‡บ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Education / Publishing\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: 2019\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked customer database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 116K+ records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Offer / one-time sale (BTC, ETH, XMR)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1997/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "055b05232dfe21cd", "id": "cluster-055b05232dfe21cd", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T23:19:22Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T23:20:21Z", "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 69.0, "score_global_percentile": 4.4, "score_source_percentile": 16.22, "source_rank_by_engagement": 32, "stars": 0, "views": 69 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ฆ๐Ÿ‡บ Melbourne International Film Festival allegedly targeted in breach exposing 340K+ customers A threat actor on an underground forum is claiming to sell a dataset allegedly originating from the Melbourne International Film Festival (MIFF), Australia's largest and one of the world's oldest film festivals, running...", "fingerprint": "055b05232dfe21cd", "hashtags": [], "id": "sliceforlifeee-1996", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 773, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 124697, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1996", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1996" }, "media_type": "photo", "message_id": 1996, "original_text": "๐Ÿšจ๐Ÿ‡ฆ๐Ÿ‡บ Melbourne International Film Festival allegedly targeted in breach exposing 340K+ customers\n\nA threat actor on an underground forum is claiming to sell a dataset allegedly originating from the Melbourne International Film Festival (MIFF), Australia's largest and one of the world's oldest film festivals, running annually in Melbourne since 1952.\n\nThe actor claims the breach contains over 340K customer records across two datasets.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names (first and surname)\nโ€ข Company names\nโ€ข Email addresses\nโ€ข Phone and mobile numbers\nโ€ข Addresses (street, suburb, state, post code)\nโ€ข Booking totals and registration dates\nโ€ข Member numbers and membership status\nโ€ข Unit price, membership type, and suspension status\nโ€ข Purchase dates and membership period dates\nโ€ข Shipping data\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Melbourne International Film Festival (MIFF)\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Australia ๐Ÿ‡ฆ๐Ÿ‡บ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Entertainment / Events\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: 2019\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked customer database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 340K+ records (2 datasets)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Offer / one-time sale (BTC, ETH, XMR)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T23:19:22Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "bitcoin", "shipping" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1996", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1996" }, "telegram_url": "https://t.me/SliceForLifeee/1996", "text": "๐Ÿšจ๐Ÿ‡ฆ๐Ÿ‡บ Melbourne International Film Festival allegedly targeted in breach exposing 340K+ customers\n\nA threat actor on an underground forum is claiming to sell a dataset allegedly originating from the Melbourne International Film Festival (MIFF), Australia's largest and one of the world's oldest film festivals, running annually in Melbourne since 1952.\n\nThe actor claims the breach contains over 340K customer records across two datasets.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names (first and surname)\nโ€ข Company names\nโ€ข Email addresses\nโ€ข Phone and mobile numbers\nโ€ข Addresses (street, suburb, state, post code)\nโ€ข Booking totals and registration dates\nโ€ข Member numbers and membership status\nโ€ข Unit price, membership type, and suspension status\nโ€ข Purchase dates and membership period dates\nโ€ข Shipping data\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Melbourne International Film Festival (MIFF)\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Australia ๐Ÿ‡ฆ๐Ÿ‡บ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Entertainment / Events\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: 2019\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked customer database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 340K+ records (2 datasets)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Offer / one-time sale (BTC, ETH, XMR)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1996/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "4d72a48bfc4f35d6", "id": "cluster-4d72a48bfc4f35d6", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T23:09:11Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 73.0, "score_global_percentile": 4.57, "score_source_percentile": 18.92, "source_rank_by_engagement": 31, "stars": 0, "views": 73 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡บ๐Ÿ‡ธ HungerRush allegedly targeted in breach exposing 26.8M+ customers A threat actor on an underground forum is claiming to have leaked a dataset allegedly originating from HungerRush, a U.S.-based restaurant technology company headquartered in Houston that provides cloud-based point-of-sale (POS) and restaurant...", "fingerprint": "4d72a48bfc4f35d6", "hashtags": [], "id": "sliceforlifeee-1995", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 894, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 185766, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1995", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1995" }, "media_type": "photo", "message_id": 1995, "original_text": "๐Ÿšจ๐Ÿ‡บ๐Ÿ‡ธ HungerRush allegedly targeted in breach exposing 26.8M+ customers\n\nA threat actor on an underground forum is claiming to have leaked a dataset allegedly originating from HungerRush, a U.S.-based restaurant technology company headquartered in Houston that provides cloud-based point-of-sale (POS) and restaurant management software for quick-service, fast-casual, and pizza restaurants.\n\nThe actor claims the breach contains over 26.8M customer records across two datasets.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names\nโ€ข Addresses (line 1, line 2, city, state, zip, country)\nโ€ข Phone numbers and fax numbers\nโ€ข Email addresses\nโ€ข Dates of birth\nโ€ข Owner and domain names\nโ€ข Twilio phone numbers\nโ€ข Account status and modification dates\nโ€ข Marketing, conversion, and survey report data\nโ€ข Brand and order source metadata\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: HungerRush\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: United States ๐Ÿ‡บ๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Technology / Restaurant POS\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: 2019\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked customer database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 26.8M+ records (2 datasets)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T23:09:11Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "markets", "shipping" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1995", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1995" }, "telegram_url": "https://t.me/SliceForLifeee/1995", "text": "๐Ÿšจ๐Ÿ‡บ๐Ÿ‡ธ HungerRush allegedly targeted in breach exposing 26.8M+ customers\n\nA threat actor on an underground forum is claiming to have leaked a dataset allegedly originating from HungerRush, a U.S.-based restaurant technology company headquartered in Houston that provides cloud-based point-of-sale (POS) and restaurant management software for quick-service, fast-casual, and pizza restaurants.\n\nThe actor claims the breach contains over 26.8M customer records across two datasets.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names\nโ€ข Addresses (line 1, line 2, city, state, zip, country)\nโ€ข Phone numbers and fax numbers\nโ€ข Email addresses\nโ€ข Dates of birth\nโ€ข Owner and domain names\nโ€ข Twilio phone numbers\nโ€ข Account status and modification dates\nโ€ข Marketing, conversion, and survey report data\nโ€ข Brand and order source metadata\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: HungerRush\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: United States ๐Ÿ‡บ๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Technology / Restaurant POS\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: 2019\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked customer database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 26.8M+ records (2 datasets)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1995/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "c53878811242800f", "id": "cluster-c53878811242800f", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T22:55:34Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T23:04:36Z", "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ”ฅ": 1 }, "reactions": 1, "replies": 0, "score_absolute": 83.0, "score_global_percentile": 4.88, "score_source_percentile": 21.62, "source_rank_by_engagement": 30, "stars": 0, "views": 81 }, "english_status": "original_english", "excerpt": "๐Ÿšจ Bumble allegedly targeted in massive 32 million user database sale A threat actor on an underground forum is claiming to sell a dataset allegedly originating from Bumble, the dating app. The actor describes it as a clean JSON dump of fresh records. The actor claims the dataset contains roughly 32 million records...", "fingerprint": "c53878811242800f", "hashtags": [], "id": "sliceforlifeee-1994", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 917, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 181132, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1994", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1994" }, "media_type": "photo", "message_id": 1994, "original_text": "๐Ÿšจ Bumble allegedly targeted in massive 32 million user database sale\n\nA threat actor on an underground forum is claiming to sell a dataset allegedly originating from Bumble, the dating app. The actor describes it as a clean JSON dump of fresh records.\n\nThe actor claims the dataset contains roughly 32 million records including authentication hashes and detailed profile data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Email addresses\nโ€ข Authentication credentials (bcrypt hashed)\nโ€ข Phone numbers\nโ€ข Full bios (name, date of birth, work, education)\nโ€ข Location data\nโ€ข Habits and lifestyle fields (drinking, smoking, exercise)\nโ€ข Political and religious affiliations\nโ€ข Linked Instagram/Spotify accounts\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Bumble\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Technology / Dating\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Euphoric_Reply_5727\n๐—–๐—น๐—ฎ๐—ถ๐—บ: User database sale (clean JSON dump)\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~32,105,822 records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: $999\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T22:55:34Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1994", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1994" }, "telegram_url": "https://t.me/SliceForLifeee/1994", "text": "๐Ÿšจ Bumble allegedly targeted in massive 32 million user database sale\n\nA threat actor on an underground forum is claiming to sell a dataset allegedly originating from Bumble, the dating app. The actor describes it as a clean JSON dump of fresh records.\n\nThe actor claims the dataset contains roughly 32 million records including authentication hashes and detailed profile data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Email addresses\nโ€ข Authentication credentials (bcrypt hashed)\nโ€ข Phone numbers\nโ€ข Full bios (name, date of birth, work, education)\nโ€ข Location data\nโ€ข Habits and lifestyle fields (drinking, smoking, exercise)\nโ€ข Political and religious affiliations\nโ€ข Linked Instagram/Spotify accounts\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Bumble\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Technology / Dating\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Euphoric_Reply_5727\n๐—–๐—น๐—ฎ๐—ถ๐—บ: User database sale (clean JSON dump)\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~32,105,822 records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: $999\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1994/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "3d1e437fb0f90250", "id": "cluster-3d1e437fb0f90250", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T22:47:59Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 86.0, "score_global_percentile": 4.96, "score_source_percentile": 24.32, "source_rank_by_engagement": 29, "stars": 0, "views": 86 }, "english_status": "original_english", "excerpt": "โ€ผ๏ธ๐Ÿ‡บ๐Ÿ‡ธ Genesis Ransomware Claims 5 Victims ๐Ÿ‡บ๐Ÿ‡ธ A Roettgers - Fuel distributor and gas station operator. ๐Ÿ‡บ๐Ÿ‡ธ Cedar Street Capital - Private investment entity associated with Cynvestors Limited Partnership. ๐Ÿ‡บ๐Ÿ‡ธ Green Resource - Distributor of professional fertilizers, chemicals, and seeds for turf, lawn, and landscaping...", "fingerprint": "3d1e437fb0f90250", "hashtags": [], "id": "sliceforlifeee-1992", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 852, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 29871, "width": 980 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1992", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1992" }, "media_type": "photo", "message_id": 1992, "original_text": "โ€ผ๏ธ๐Ÿ‡บ๐Ÿ‡ธ Genesis Ransomware Claims 5 Victims\n\n๐Ÿ‡บ๐Ÿ‡ธ A Roettgers - Fuel distributor and gas station operator.\n\n๐Ÿ‡บ๐Ÿ‡ธ Cedar Street Capital - Private investment entity associated with Cynvestors Limited Partnership.\n\n๐Ÿ‡บ๐Ÿ‡ธ Green Resource - Distributor of professional fertilizers, chemicals, and seeds for turf, lawn, and landscaping markets.\n\n๐Ÿ‡บ๐Ÿ‡ธ Wentworth - DC Metro area design-build firm.\n\n๐Ÿ‡บ๐Ÿ‡ธ Cavalier Flooring Systems Inc. - Flooring and tile contractor.\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T22:47:59Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "energy", "malware", "markets" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1992", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1992" }, "telegram_url": "https://t.me/SliceForLifeee/1992", "text": "โ€ผ๏ธ๐Ÿ‡บ๐Ÿ‡ธ Genesis Ransomware Claims 5 Victims\n\n๐Ÿ‡บ๐Ÿ‡ธ A Roettgers - Fuel distributor and gas station operator.\n\n๐Ÿ‡บ๐Ÿ‡ธ Cedar Street Capital - Private investment entity associated with Cynvestors Limited Partnership.\n\n๐Ÿ‡บ๐Ÿ‡ธ Green Resource - Distributor of professional fertilizers, chemicals, and seeds for turf, lawn, and landscaping markets.\n\n๐Ÿ‡บ๐Ÿ‡ธ Wentworth - DC Metro area design-build firm.\n\n๐Ÿ‡บ๐Ÿ‡ธ Cavalier Flooring Systems Inc. - Flooring and tile contractor.\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1992/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "aa61ae5af3d42f26", "id": "cluster-aa61ae5af3d42f26", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T22:39:23Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T22:50:42Z", "engagement": { "forwards": 2, "paid_reactions": 0, "reaction_breakdown": { "โค": 1 }, "reactions": 1, "replies": 0, "score_absolute": 106.0, "score_global_percentile": 5.72, "score_source_percentile": 29.73, "source_rank_by_engagement": 27, "stars": 0, "views": 84 }, "english_status": "original_english", "excerpt": "๐Ÿšจ GoldenBullet cracking tool advertised on underground forum A threat actor on an underground forum marketplace is advertising GoldenBullet, an automation and web testing framework being promoted as a credential-stuffing and account-checking tool. The post markets version 2.1 with a refreshed UI and updated...", "fingerprint": "aa61ae5af3d42f26", "hashtags": [], "id": "sliceforlifeee-1987", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 1290, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 187060, "width": 1500 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1987", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1987" }, "media_type": "photo", "message_id": 1987, "original_text": "๐Ÿšจ GoldenBullet cracking tool advertised on underground forum\n\nA threat actor on an underground forum marketplace is advertising GoldenBullet, an automation and web testing framework being promoted as a credential-stuffing and account-checking tool. The post markets version 2.1 with a refreshed UI and updated libraries.\n\nThe actor is promoting the tool's account-cracking, proxy, and config management capabilities to other forum users.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฏ๐—ฒ๐—ถ๐—ป๐—ด ๐—ฎ๐—ฑ๐˜ƒ๐—ฒ๐—ฟ๐˜๐—ถ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Multi-run job engine with bot/proxy stats and hit outputs to database\nโ€ข Netflix cookie checker with auto-add to hits\nโ€ข ULP to Combo extraction and Logs to ULP conversion\nโ€ข Keyword remover for trimming ULP files\nโ€ข Proxy checker with auto type/country detection\nโ€ข Config manager supporting .tic, .opk, .loli, .svb formats\nโ€ข Captcha-solving blocks (ReCaptcha, Slide, PoW)\nโ€ข Hashing and utility blocks (MD5, SHA256, GenerateGUID, Unix time)\nโ€ข Multipart HTTP request builder and TLS bypass options\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: N/A (offensive tooling)\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Cybercrime Tooling\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: ticnico\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Selling/advertising GoldenBullet cracking tool (v2.1)\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Credential-stuffing and account-checking framework\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Listed in forum marketplace (sellers section)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T22:39:23Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "markets" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1987", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1987" }, "telegram_url": "https://t.me/SliceForLifeee/1987", "text": "๐Ÿšจ GoldenBullet cracking tool advertised on underground forum\n\nA threat actor on an underground forum marketplace is advertising GoldenBullet, an automation and web testing framework being promoted as a credential-stuffing and account-checking tool. The post markets version 2.1 with a refreshed UI and updated libraries.\n\nThe actor is promoting the tool's account-cracking, proxy, and config management capabilities to other forum users.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฏ๐—ฒ๐—ถ๐—ป๐—ด ๐—ฎ๐—ฑ๐˜ƒ๐—ฒ๐—ฟ๐˜๐—ถ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Multi-run job engine with bot/proxy stats and hit outputs to database\nโ€ข Netflix cookie checker with auto-add to hits\nโ€ข ULP to Combo extraction and Logs to ULP conversion\nโ€ข Keyword remover for trimming ULP files\nโ€ข Proxy checker with auto type/country detection\nโ€ข Config manager supporting .tic, .opk, .loli, .svb formats\nโ€ข Captcha-solving blocks (ReCaptcha, Slide, PoW)\nโ€ข Hashing and utility blocks (MD5, SHA256, GenerateGUID, Unix time)\nโ€ข Multipart HTTP request builder and TLS bypass options\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: N/A (offensive tooling)\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Cybercrime Tooling\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: ticnico\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Selling/advertising GoldenBullet cracking tool (v2.1)\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Credential-stuffing and account-checking framework\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Listed in forum marketplace (sellers section)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1987/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "5597dc9554738905", "id": "cluster-5597dc9554738905", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T21:46:04Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T22:28:32Z", "engagement": { "forwards": 1, "paid_reactions": 0, "reaction_breakdown": { "โค": 1 }, "reactions": 1, "replies": 0, "score_absolute": 120.0, "score_global_percentile": 6.47, "score_source_percentile": 32.43, "source_rank_by_engagement": 26, "stars": 0, "views": 108 }, "english_status": "original_english", "excerpt": "Here are SOME features coming to the new Threat Feed in June. - OCR Text Scanning. Click a button to scan the screenshot, wait a couple seconds and it will pull any links, session IDs, tox, telegrams from the screenshot back to you with easy to copy buttons - Threat report generation. You can run it per Threat Alert...", "fingerprint": "5597dc9554738905", "hashtags": [], "id": "sliceforlifeee-1986", "language": "en", "language_display": "English", "language_original": "en", "media": [], "media_type": "text", "message_id": 1986, "original_text": "Here are SOME features coming to the new Threat Feed in June.\n\n- OCR Text Scanning. Click a button to scan the screenshot, wait a couple seconds and it will pull any links, session IDs, tox, telegrams from the screenshot back to you with easy to copy buttons\n\n- Threat report generation. You can run it per Threat Alert or via bookmarks, the first 100 alerts, etc.\n\n- Ability to search different APIs. I don't want to name openly for now.\n\n- Search WhiteIntels stealer log database for any domain (no longer limited by alert). It will currently return only stats for that domain. But surely your company is safe, right? RIGHT?\n\n- Search filters that are also now bound to the filtered export button. Multiple exports daily, not limited to 1.\n\nMany new features coming. Just wanted to provide a simple update. Don't worry I'm cooking.", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T21:46:04Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "shipping", "telegram" ], "telegram_url": "https://t.me/SliceForLifeee/1986", "text": "Here are SOME features coming to the new Threat Feed in June.\n\n- OCR Text Scanning. Click a button to scan the screenshot, wait a couple seconds and it will pull any links, session IDs, tox, telegrams from the screenshot back to you with easy to copy buttons\n\n- Threat report generation. You can run it per Threat Alert or via bookmarks, the first 100 alerts, etc.\n\n- Ability to search different APIs. I don't want to name openly for now.\n\n- Search WhiteIntels stealer log database for any domain (no longer limited by alert). It will currently return only stats for that domain. But surely your company is safe, right? RIGHT?\n\n- Search filters that are also now bound to the filtered export button. Multiple exports daily, not limited to 1.\n\nMany new features coming. Just wanted to provide a simple update. Don't worry I'm cooking.", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1986/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "38103acd153dd1f5", "id": "cluster-38103acd153dd1f5", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T19:34:44Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T19:34:52Z", "engagement": { "forwards": 13, "paid_reactions": 0, "reaction_breakdown": { "โค": 110, "๐ŸŽ‰": 2, "๐Ÿ”ฅ": 2, "๐Ÿคฃ": 9, "๐Ÿคฏ": 8, "๐Ÿฅฐ": 32 }, "reactions": 163, "replies": 0, "score_absolute": 2750.0, "score_global_percentile": 43.8, "score_source_percentile": 28.57, "source_rank_by_engagement": 11, "stars": 0, "views": 2294 }, "english_status": "original_english", "excerpt": "This is beautiful. The kids are finding FREE MALWARE and understand the beauty of free malware. Thank you, Skinpack.", "fingerprint": "38103acd153dd1f5", "hashtags": [], "id": "vxunderground-8888", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 719, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 79859, "width": 779 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "vxunderground/8888", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8888" }, "media_type": "photo", "message_id": 8888, "original_text": "This is beautiful.\n\nThe kids are finding FREE MALWARE and understand the beauty of free malware.\n\nThank you, Skinpack.", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T19:34:44Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "vxunderground/8888", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8888" }, "telegram_url": "https://t.me/vxunderground/8888", "text": "This is beautiful.\n\nThe kids are finding FREE MALWARE and understand the beauty of free malware.\n\nThank you, Skinpack.", "url": "https://news.jeremywhittaker.com/item/vxunderground-8888/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "0d00c2d70ed0a215", "id": "cluster-0d00c2d70ed0a215", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T19:27:33Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T19:27:40Z", "engagement": { "forwards": 8, "paid_reactions": 0, "reaction_breakdown": { "โค": 38, "๐Ÿ”ฅ": 3, "๐Ÿฅฐ": 5 }, "reactions": 46, "replies": 0, "score_absolute": 2499.0, "score_global_percentile": 40.11, "score_source_percentile": 7.14, "source_rank_by_engagement": 14, "stars": 0, "views": 2327 }, "english_status": "original_english", "excerpt": "Hello I have added more malware to the malware collection place. I have added 150,000 malwares and a bunch of malware reversing papers coupled with malwares. Please download the malware. vx-underground.org/Updates", "fingerprint": "0d00c2d70ed0a215", "hashtags": [], "id": "vxunderground-8887", "language": "en", "language_display": "English", "language_original": "en", "media": [], "media_type": "text", "message_id": 8887, "original_text": "Hello\n\nI have added more malware to the malware collection place. I have added 150,000 malwares and a bunch of malware reversing papers coupled with malwares.\n\nPlease download the malware.\n\nvx-underground.org/Updates", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T19:27:33Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware" ], "telegram_url": "https://t.me/vxunderground/8887", "text": "Hello\n\nI have added more malware to the malware collection place. I have added 150,000 malwares and a bunch of malware reversing papers coupled with malwares.\n\nPlease download the malware.\n\nvx-underground.org/Updates", "url": "https://news.jeremywhittaker.com/item/vxunderground-8887/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "OSINT/cyber research perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "Cyber Detective", "handle": "cybdetective", "id": "telegram:cybdetective", "item_count": 0, "language": "en", "priority": 78, "provenance_note": "Public Telegram feed used for cyber OSINT and investigation leads.", "rank": 10, "risk_label": "Tool and lead references need operator verification", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "research source", "OSINT" ], "tier": "Tier 1", "title": "Cyber Detective", "url": "https://t.me/cybdetective" }, "channel_handle": "cybdetective", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "f0950be458257e29", "id": "cluster-f0950be458257e29", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T19:13:04Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T19:21:32Z", "engagement": { "forwards": 28, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ‘": 7 }, "reactions": 7, "replies": 5, "score_absolute": 1032.0, "score_global_percentile": 20.86, "score_source_percentile": 25.0, "source_rank_by_engagement": 4, "stars": 0, "views": 718 }, "english_status": "original_english", "excerpt": "KRONIKIER If you havenโ€™t been able to find the contact details on a particular website today, that doesnโ€™t mean theyโ€™ve never been there The Internet Archive API and Kronikier may find contact details that have been removed very quickly https://github.com/soxoj/kronikier Creator @soxoj_insides", "fingerprint": "f0950be458257e29", "hashtags": [], "id": "cybdetective-3505", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 888, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 189771, "width": 1588 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "cybdetective/3505", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/cybdetective/3505" }, "media_type": "photo", "message_id": 3505, "original_text": "KRONIKIER\n\nIf you havenโ€™t been able to find the contact details on a particular website today, that doesnโ€™t mean theyโ€™ve never been there\n\nThe Internet Archive API and Kronikier may find contact details that have been removed very quickly\n\nhttps://github.com/soxoj/kronikier\n\nCreator @soxoj_insides", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T19:13:04Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "research-source", "osint", "github.com" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "cybdetective/3505", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/cybdetective/3505" }, "telegram_url": "https://t.me/cybdetective/3505", "text": "KRONIKIER\n\nIf you havenโ€™t been able to find the contact details on a particular website today, that doesnโ€™t mean theyโ€™ve never been there\n\nThe Internet Archive API and Kronikier may find contact details that have been removed very quickly\n\nhttps://github.com/soxoj/kronikier\n\nCreator @soxoj_insides", "url": "https://news.jeremywhittaker.com/item/cybdetective-3505/", "urls": [ "https://github.com/soxoj/kronikier" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "74621041a0693644", "id": "cluster-74621041a0693644", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T19:06:25Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 169.0, "score_global_percentile": 8.32, "score_source_percentile": 56.76, "source_rank_by_engagement": 17, "stars": 0, "views": 169 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡จ๐Ÿ‡ด Colombian government systems allegedly compromised by EsqueleSquad (150 GB) A threat actor group on an underground forum, identifying as EsqueleSquad, is claiming to have compromised 15 official Colombian government databases, extracted directly from internal servers. The actors are threatening to release the...", "fingerprint": "74621041a0693644", "hashtags": [], "id": "sliceforlifeee-1983", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 1040, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 167892, "width": 1200 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1983", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1983" }, "media_type": "photo", "message_id": 1983, "original_text": "๐Ÿšจ๐Ÿ‡จ๐Ÿ‡ด Colombian government systems allegedly compromised by EsqueleSquad (150 GB)\n\nA threat actor group on an underground forum, identifying as EsqueleSquad, is claiming to have compromised 15 official Colombian government databases, extracted directly from internal servers. The actors are threatening to release the full package after election day.\n\nThe actors claim to hold roughly 150 GB of data and around 75 million rows across critical national systems.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข DIAN - taxes, RUT, income tax returns, companies (48.5 GB)\nโ€ข Registradurรญa - IDs, biometrics, civil registry, electoral data (28.3 GB)\nโ€ข ICETEX - educational debts of millions (19.7 GB)\nโ€ข Colpensiones - pensions and financial data of retirees (16.8 GB)\nโ€ข ICFES - student exam results and educational data (24.7 GB combined)\nโ€ข Migraciรณn Colombia - passports, visas, migration records (9.1 GB)\nโ€ข Seguridad Social - EPS health affiliations and social security (7.4 GB)\nโ€ข Policรญa - internal National Police data (3.2 GB)\nโ€ข Fiscalรญa - criminal investigations and legal cases (2.8 GB)\nโ€ข DANE, CNSC, Gobierno Bogotรก, Medellรญn, Datos.gov (national statistics, public competitions, city government, open data)\nโ€ข Intelligence reports, SISBEN + Prosperidad Social (15M+ records), and 2026 campaign financing data\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Multiple Colombian government agencies\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Colombia ๐Ÿ‡จ๐Ÿ‡ด\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Skull1172 (EsqueleSquad)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: 15 official government databases compromised\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~75 million rows (~155 GB total)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free (samples now, full release threatened after election day)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T19:06:25Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "state-media" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1983", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1983" }, "telegram_url": "https://t.me/SliceForLifeee/1983", "text": "๐Ÿšจ๐Ÿ‡จ๐Ÿ‡ด Colombian government systems allegedly compromised by EsqueleSquad (150 GB)\n\nA threat actor group on an underground forum, identifying as EsqueleSquad, is claiming to have compromised 15 official Colombian government databases, extracted directly from internal servers. The actors are threatening to release the full package after election day.\n\nThe actors claim to hold roughly 150 GB of data and around 75 million rows across critical national systems.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข DIAN - taxes, RUT, income tax returns, companies (48.5 GB)\nโ€ข Registradurรญa - IDs, biometrics, civil registry, electoral data (28.3 GB)\nโ€ข ICETEX - educational debts of millions (19.7 GB)\nโ€ข Colpensiones - pensions and financial data of retirees (16.8 GB)\nโ€ข ICFES - student exam results and educational data (24.7 GB combined)\nโ€ข Migraciรณn Colombia - passports, visas, migration records (9.1 GB)\nโ€ข Seguridad Social - EPS health affiliations and social security (7.4 GB)\nโ€ข Policรญa - internal National Police data (3.2 GB)\nโ€ข Fiscalรญa - criminal investigations and legal cases (2.8 GB)\nโ€ข DANE, CNSC, Gobierno Bogotรก, Medellรญn, Datos.gov (national statistics, public competitions, city government, open data)\nโ€ข Intelligence reports, SISBEN + Prosperidad Social (15M+ records), and 2026 campaign financing data\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Multiple Colombian government agencies\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Colombia ๐Ÿ‡จ๐Ÿ‡ด\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Skull1172 (EsqueleSquad)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: 15 official government databases compromised\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~75 million rows (~155 GB total)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free (samples now, full release threatened after election day)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1983/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "0f1d438d4271b16b", "id": "cluster-0f1d438d4271b16b", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T19:00:00Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 121.0, "score_global_percentile": 6.58, "score_source_percentile": 35.14, "source_rank_by_engagement": 25, "stars": 0, "views": 121 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ญ๐Ÿ‡ฐ Hong Kong school and food sector orgs allegedly targeted in 120K database leak A threat actor group on an underground forum, identifying as Anka Red Team (TurkHackTeam), is claiming to have dumped a database allegedly originating from Hong Kong based school and food sector entities. The actors claim the leak...", "fingerprint": "0f1d438d4271b16b", "hashtags": [], "id": "sliceforlifeee-1981", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 1144, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 140037, "width": 1501 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1981", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1981" }, "media_type": "photo", "message_id": 1981, "original_text": "๐Ÿšจ๐Ÿ‡ญ๐Ÿ‡ฐ Hong Kong school and food sector orgs allegedly targeted in 120K database leak\n\nA threat actor group on an underground forum, identifying as Anka Red Team (TurkHackTeam), is claiming to have dumped a database allegedly originating from Hong Kong based school and food sector entities.\n\nThe actors claim the leak contains roughly 120,000 records, with targets listed as a Hong Kong education institution and a food sector company.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Member and company names\nโ€ข Member language and address fields\nโ€ข Usernames and login names\nโ€ข Passwords (hashed)\nโ€ข User emails\nโ€ข Account creation IPs and timestamps\nโ€ข User roles (including Administrator accounts)\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Hong Kong school and food sector entities\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Hong Kong ๐Ÿ‡ญ๐Ÿ‡ฐ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Education / Food\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: 'SALDIRGAN (Anka Red Team / TurkHackTeam)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Database dump\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~120,000 records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: 3 Credits\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T19:00:00Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1981", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1981" }, "telegram_url": "https://t.me/SliceForLifeee/1981", "text": "๐Ÿšจ๐Ÿ‡ญ๐Ÿ‡ฐ Hong Kong school and food sector orgs allegedly targeted in 120K database leak\n\nA threat actor group on an underground forum, identifying as Anka Red Team (TurkHackTeam), is claiming to have dumped a database allegedly originating from Hong Kong based school and food sector entities.\n\nThe actors claim the leak contains roughly 120,000 records, with targets listed as a Hong Kong education institution and a food sector company.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Member and company names\nโ€ข Member language and address fields\nโ€ข Usernames and login names\nโ€ข Passwords (hashed)\nโ€ข User emails\nโ€ข Account creation IPs and timestamps\nโ€ข User roles (including Administrator accounts)\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Hong Kong school and food sector entities\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Hong Kong ๐Ÿ‡ญ๐Ÿ‡ฐ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Education / Food\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: 'SALDIRGAN (Anka Red Team / TurkHackTeam)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Database dump\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~120,000 records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: 3 Credits\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1981/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity news perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "BleepingComputer", "handle": "bleepingcomputer", "id": "telegram:bleepingcomputer", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity news publisher.", "rank": 11, "risk_label": "Incident claims should be checked against affected-party statements", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "incident reporting" ], "tier": "Tier 2", "title": "BleepingComputer", "url": "https://t.me/bleepingcomputer" }, "channel_handle": "bleepingcomputer", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "6185ba12b37b7732", "id": "cluster-6185ba12b37b7732", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T18:09:41Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 7, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 405.0, "score_global_percentile": 12.5, "score_source_percentile": 45.45, "source_rank_by_engagement": 7, "stars": 0, "views": 335 }, "english_status": "original_english", "excerpt": "Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. [...]...", "fingerprint": "6185ba12b37b7732", "hashtags": [], "id": "bleepingcomputer-24784", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 900, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 170233, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24784", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24784" }, "media_type": "photo", "message_id": 24784, "original_text": "Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks\n\nPalo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. [...]\n\nhttps://www.bleepingcomputer.com/news/security/palo-alto-globalprotect-vpn-auth-bypass-flaw-now-exploited-in-attacks/", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T18:09:41Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "incident-reporting", "bleepingcomputer.com", "cve", "exploit" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24784", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24784" }, "telegram_url": "https://t.me/bleepingcomputer/24784", "text": "Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks\n\nPalo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. [...]\n\nhttps://www.bleepingcomputer.com/news/security/palo-alto-globalprotect-vpn-auth-bypass-flaw-now-exploited-in-attacks/", "url": "https://news.jeremywhittaker.com/item/bleepingcomputer-24784/", "urls": [ "https://www.bleepingcomputer.com/news/security/palo-alto-globalprotect-vpn-auth-bypass-flaw-now-exploited-in-attacks/" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "ea575165c5eb3ab0", "id": "cluster-ea575165c5eb3ab0", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T17:16:32Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T18:46:29Z", "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": { "โค": 1 }, "reactions": 1, "replies": 0, "score_absolute": 148.0, "score_global_percentile": 7.79, "score_source_percentile": 40.54, "source_rank_by_engagement": 23, "stars": 0, "views": 146 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ฒ๐Ÿ‡ฝ INCODIS allegedly targeted in leak exposing 20,000+ users with disabilities A threat actor on an underground forum, attributing the leak to a group called Olympus_Group, is claiming to have leaked data allegedly originating from INCODIS, the State of Colima's institute for the inclusion and protection of people...", "fingerprint": "ea575165c5eb3ab0", "hashtags": [], "id": "sliceforlifeee-1980", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 725, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 127496, "width": 1200 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1980", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1980" }, "media_type": "photo", "message_id": 1980, "original_text": "๐Ÿšจ๐Ÿ‡ฒ๐Ÿ‡ฝ INCODIS allegedly targeted in leak exposing 20,000+ users with disabilities\n\nA threat actor on an underground forum, attributing the leak to a group called Olympus_Group, is claiming to have leaked data allegedly originating from INCODIS, the State of Colima's institute for the inclusion and protection of people with disabilities in Mexico. The actor is releasing the data for free.\n\nThe actor claims the leak contains over 20,000 users and 6,000 documents and photos.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names\nโ€ข Photos\nโ€ข Personal documents\nโ€ข 6,000 documents and photos in total\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: INCODIS (State of Colima)\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Mexico ๐Ÿ‡ฒ๐Ÿ‡ฝ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government / Social Services\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Hermes_Olymp (Olympus_Group)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked user records, documents, and photos\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 20,000+ users, 6,000 documents and photos\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T17:16:32Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1980", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1980" }, "telegram_url": "https://t.me/SliceForLifeee/1980", "text": "๐Ÿšจ๐Ÿ‡ฒ๐Ÿ‡ฝ INCODIS allegedly targeted in leak exposing 20,000+ users with disabilities\n\nA threat actor on an underground forum, attributing the leak to a group called Olympus_Group, is claiming to have leaked data allegedly originating from INCODIS, the State of Colima's institute for the inclusion and protection of people with disabilities in Mexico. The actor is releasing the data for free.\n\nThe actor claims the leak contains over 20,000 users and 6,000 documents and photos.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names\nโ€ข Photos\nโ€ข Personal documents\nโ€ข 6,000 documents and photos in total\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: INCODIS (State of Colima)\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Mexico ๐Ÿ‡ฒ๐Ÿ‡ฝ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government / Social Services\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Hermes_Olymp (Olympus_Group)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked user records, documents, and photos\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 20,000+ users, 6,000 documents and photos\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1980/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "590bb385c6122182", "id": "cluster-590bb385c6122182", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T16:13:21Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T16:15:52Z", "engagement": { "forwards": 1, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ˜ญ": 1 }, "reactions": 1, "replies": 0, "score_absolute": 183.0, "score_global_percentile": 8.54, "score_source_percentile": 72.97, "source_rank_by_engagement": 11, "stars": 0, "views": 171 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ช๐Ÿ‡ธ Bambuy allegedly targeted in free database leak A threat actor on an underground forum is claiming to have published a database allegedly originating from Bambuy, a Spanish e-commerce platform. The actor is releasing the data for free. The actor claims the leaked SQL database contains customer and address...", "fingerprint": "590bb385c6122182", "hashtags": [], "id": "sliceforlifeee-1979", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 628, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 91622, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1979", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1979" }, "media_type": "photo", "message_id": 1979, "original_text": "๐Ÿšจ๐Ÿ‡ช๐Ÿ‡ธ Bambuy allegedly targeted in free database leak\n\nA threat actor on an underground forum is claiming to have published a database allegedly originating from Bambuy, a Spanish e-commerce platform. The actor is releasing the data for free.\n\nThe actor claims the leaked SQL database contains customer and address records.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข First and last names\nโ€ข Company and alias fields\nโ€ข Addresses, postal codes, and cities\nโ€ข Phone and mobile numbers\nโ€ข VAT numbers and DNI (national ID)\nโ€ข Country and state data\nโ€ข Account creation and update timestamps\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Bambuy\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Spain ๐Ÿ‡ช๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Retail / E-commerce\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Bambi\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Free database leak\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Customer and address records (SQL database)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T16:13:21Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1979", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1979" }, "telegram_url": "https://t.me/SliceForLifeee/1979", "text": "๐Ÿšจ๐Ÿ‡ช๐Ÿ‡ธ Bambuy allegedly targeted in free database leak\n\nA threat actor on an underground forum is claiming to have published a database allegedly originating from Bambuy, a Spanish e-commerce platform. The actor is releasing the data for free.\n\nThe actor claims the leaked SQL database contains customer and address records.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข First and last names\nโ€ข Company and alias fields\nโ€ข Addresses, postal codes, and cities\nโ€ข Phone and mobile numbers\nโ€ข VAT numbers and DNI (national ID)\nโ€ข Country and state data\nโ€ข Account creation and update timestamps\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Bambuy\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Spain ๐Ÿ‡ช๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Retail / E-commerce\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Bambi\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Free database leak\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Customer and address records (SQL database)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1979/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "9999c049f6b8e8da", "id": "cluster-9999c049f6b8e8da", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T16:03:08Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 169.0, "score_global_percentile": 8.3, "score_source_percentile": 54.05, "source_rank_by_engagement": 18, "stars": 0, "views": 169 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ช๐Ÿ‡ธ Podoservice allegedly targeted in 100K database sale A threat actor on an underground forum is claiming to sell a database allegedly originating from Podoservice, a Spanish podiatry services platform. The actor claims the database contains roughly 100K records across customer and contact data. ๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜†...", "fingerprint": "9999c049f6b8e8da", "hashtags": [], "id": "sliceforlifeee-1978", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 1309, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 157857, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1978", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1978" }, "media_type": "photo", "message_id": 1978, "original_text": "๐Ÿšจ๐Ÿ‡ช๐Ÿ‡ธ Podoservice allegedly targeted in 100K database sale\n\nA threat actor on an underground forum is claiming to sell a database allegedly originating from Podoservice, a Spanish podiatry services platform.\n\nThe actor claims the database contains roughly 100K records across customer and contact data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข First and last names\nโ€ข Company and alias fields\nโ€ข Addresses, postal codes, and cities\nโ€ข Phone and mobile numbers\nโ€ข VAT numbers and DNI (national ID)\nโ€ข Email addresses\nโ€ข Passwords (hashed)\nโ€ข Dates of birth\nโ€ข Newsletter, registration IP, and account metadata\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Podoservice\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Spain ๐Ÿ‡ช๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Healthcare / Podiatry Services\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Sophia\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Database sale\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~100K records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Not disclosed (contact to purchase)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T16:03:08Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1978", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1978" }, "telegram_url": "https://t.me/SliceForLifeee/1978", "text": "๐Ÿšจ๐Ÿ‡ช๐Ÿ‡ธ Podoservice allegedly targeted in 100K database sale\n\nA threat actor on an underground forum is claiming to sell a database allegedly originating from Podoservice, a Spanish podiatry services platform.\n\nThe actor claims the database contains roughly 100K records across customer and contact data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข First and last names\nโ€ข Company and alias fields\nโ€ข Addresses, postal codes, and cities\nโ€ข Phone and mobile numbers\nโ€ข VAT numbers and DNI (national ID)\nโ€ข Email addresses\nโ€ข Passwords (hashed)\nโ€ข Dates of birth\nโ€ข Newsletter, registration IP, and account metadata\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Podoservice\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Spain ๐Ÿ‡ช๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Healthcare / Podiatry Services\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Sophia\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Database sale\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~100K records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Not disclosed (contact to purchase)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1978/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "OSINT/cyber research perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "Cyber Detective", "handle": "cybdetective", "id": "telegram:cybdetective", "item_count": 0, "language": "en", "priority": 78, "provenance_note": "Public Telegram feed used for cyber OSINT and investigation leads.", "rank": 10, "risk_label": "Tool and lead references need operator verification", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "research source", "OSINT" ], "tier": "Tier 1", "title": "Cyber Detective", "url": "https://t.me/cybdetective" }, "channel_handle": "cybdetective", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "8952b7918d434a4d", "id": "cluster-8952b7918d434a4d", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T15:57:57Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T18:29:54Z", "engagement": { "forwards": 41, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ‘": 1 }, "reactions": 1, "replies": 2, "score_absolute": 1433.0, "score_global_percentile": 26.74, "score_source_percentile": 75.0, "source_rank_by_engagement": 2, "stars": 0, "views": 1013 }, "english_status": "original_english", "excerpt": "AgenticEarth An AI assistant with access to 123 geospatial datasets. It allows you to gather a wealth of information about any location on Earth and visualise the results on a map. Free trial. https://agenticearth.app/ #geoint", "fingerprint": "8952b7918d434a4d", "hashtags": [ "geoint" ], "id": "cybdetective-3504", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 1262, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 296913, "width": 2560 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "cybdetective/3504", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/cybdetective/3504" }, "media_type": "photo", "message_id": 3504, "original_text": "AgenticEarth\n\nAn AI assistant with access to 123 geospatial datasets. It allows you to gather a wealth of information about any location on Earth and visualise the results on a map.\n\nFree trial.\n\nhttps://agenticearth.app/\n\n#geoint", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T15:57:57Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "geoint", "cyber-hacking", "cyber", "verification-anchor", "research-source", "osint", "agenticearth.app" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "cybdetective/3504", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/cybdetective/3504" }, "telegram_url": "https://t.me/cybdetective/3504", "text": "AgenticEarth\n\nAn AI assistant with access to 123 geospatial datasets. It allows you to gather a wealth of information about any location on Earth and visualise the results on a map.\n\nFree trial.\n\nhttps://agenticearth.app/\n\n#geoint", "url": "https://news.jeremywhittaker.com/item/cybdetective-3504/", "urls": [ "https://agenticearth.app/" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "2abe0e981fa9312a", "id": "cluster-2abe0e981fa9312a", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T15:42:15Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T16:02:35Z", "engagement": { "forwards": 3, "paid_reactions": 0, "reaction_breakdown": { "โค": 3 }, "reactions": 3, "replies": 0, "score_absolute": 228.0, "score_global_percentile": 9.28, "score_source_percentile": 97.3, "source_rank_by_engagement": 2, "stars": 0, "views": 192 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ช๐Ÿ‡ธ Spain allegedly targeted in massive 19 million biometric photos and ID cards leak A threat actor group on an underground forum, identifying as EsqueleSquad, is claiming to expose more than 19 million Spanish citizens and politicians in a consolidated 13 GB database. The actors claim the credentials were taken...", "fingerprint": "2abe0e981fa9312a", "hashtags": [], "id": "sliceforlifeee-1975", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 997, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 136401, "width": 1200 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1975", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1975" }, "media_type": "photo", "message_id": 1975, "original_text": "๐Ÿšจ๐Ÿ‡ช๐Ÿ‡ธ Spain allegedly targeted in massive 19 million biometric photos and ID cards leak\n\nA threat actor group on an underground forum, identifying as EsqueleSquad, is claiming to expose more than 19 million Spanish citizens and politicians in a consolidated 13 GB database. The actors claim the credentials were taken from the General Directorate of the Police system.\n\nThe actors claim the dataset contains biometric photos, ID cards, residence information, and emails.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Biometric photos of citizens\nโ€ข National ID cards (DNI)\nโ€ข Residence information\nโ€ข Email addresses\nโ€ข Full names and personal details\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: General Directorate of the Police (Spain)\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Spain ๐Ÿ‡ช๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government / Law Enforcement\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Skull1172 (EsqueleSquad)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked biometric photos and ID cards\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 19M+ records (~13 GB)\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T15:42:15Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1975", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1975" }, "telegram_url": "https://t.me/SliceForLifeee/1975", "text": "๐Ÿšจ๐Ÿ‡ช๐Ÿ‡ธ Spain allegedly targeted in massive 19 million biometric photos and ID cards leak\n\nA threat actor group on an underground forum, identifying as EsqueleSquad, is claiming to expose more than 19 million Spanish citizens and politicians in a consolidated 13 GB database. The actors claim the credentials were taken from the General Directorate of the Police system.\n\nThe actors claim the dataset contains biometric photos, ID cards, residence information, and emails.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Biometric photos of citizens\nโ€ข National ID cards (DNI)\nโ€ข Residence information\nโ€ข Email addresses\nโ€ข Full names and personal details\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: General Directorate of the Police (Spain)\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Spain ๐Ÿ‡ช๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government / Law Enforcement\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Skull1172 (EsqueleSquad)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked biometric photos and ID cards\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 19M+ records (~13 GB)\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1975/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity news perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "BleepingComputer", "handle": "bleepingcomputer", "id": "telegram:bleepingcomputer", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity news publisher.", "rank": 11, "risk_label": "Incident claims should be checked against affected-party statements", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "incident reporting" ], "tier": "Tier 2", "title": "BleepingComputer", "url": "https://t.me/bleepingcomputer" }, "channel_handle": "bleepingcomputer", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "f908bde7e7f75b9a", "id": "cluster-f908bde7e7f75b9a", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T14:39:00Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 7, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 501.0, "score_global_percentile": 14.24, "score_source_percentile": 81.82, "source_rank_by_engagement": 3, "stars": 0, "views": 431 }, "english_status": "original_english", "excerpt": "New CIFSwitch Linux flaw gives root on multiple distributions A newly discovered local privilege escalation vulnerability dubbed 'CIFSwitch' in the Linux kernel could allow attackers to forge CIFS authentication key descriptions, abuse the kernel's key request mechanism, and gain root privileges. [...]...", "fingerprint": "f908bde7e7f75b9a", "hashtags": [], "id": "bleepingcomputer-24783", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 900, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 157835, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24783", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24783" }, "media_type": "photo", "message_id": 24783, "original_text": "New CIFSwitch Linux flaw gives root on multiple distributions\n\nA newly discovered local privilege escalation vulnerability dubbed 'CIFSwitch' in the Linux kernel could allow attackers to forge CIFS authentication key descriptions, abuse the kernel's key request mechanism, and gain root privileges. [...]\n\nhttps://www.bleepingcomputer.com/news/security/new-cifswitch-linux-flaw-gives-root-on-multiple-distributions/", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T14:39:00Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "incident-reporting", "bleepingcomputer.com", "cve" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24783", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24783" }, "telegram_url": "https://t.me/bleepingcomputer/24783", "text": "New CIFSwitch Linux flaw gives root on multiple distributions\n\nA newly discovered local privilege escalation vulnerability dubbed 'CIFSwitch' in the Linux kernel could allow attackers to forge CIFS authentication key descriptions, abuse the kernel's key request mechanism, and gain root privileges. [...]\n\nhttps://www.bleepingcomputer.com/news/security/new-cifswitch-linux-flaw-gives-root-on-multiple-distributions/", "url": "https://news.jeremywhittaker.com/item/bleepingcomputer-24783/", "urls": [ "https://www.bleepingcomputer.com/news/security/new-cifswitch-linux-flaw-gives-root-on-multiple-distributions/" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "7de38186d89e8409", "id": "cluster-7de38186d89e8409", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T09:21:29Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T09:22:08Z", "engagement": { "forwards": 78, "paid_reactions": 0, "reaction_breakdown": { "โค": 142, "โคโ€๐Ÿ”ฅ": 6, "๐Ÿ’ฏ": 3, "๐Ÿ˜ข": 28, "๐Ÿ˜ฑ": 1, "๐Ÿค“": 1, "๐Ÿค”": 3, "๐Ÿฅฐ": 5, "๐Ÿซก": 25 }, "reactions": 214, "replies": 0, "score_absolute": 4760.0, "score_global_percentile": 62.2, "score_source_percentile": 92.86, "source_rank_by_engagement": 2, "stars": 0, "views": 3552 }, "english_status": "original_english", "excerpt": "A long long time ago, when I first got into malware, I met a kid who was a little older than me who, by all standards of measurement, was significantly more intelligent and gifted than me. He made me feel like a moron. Very quickly he established a reputation on IRC for being \"the guy\", despite being like, 16. His...", "fingerprint": "7de38186d89e8409", "hashtags": [], "id": "vxunderground-8886", "language": "en", "language_display": "English", "language_original": "en", "media": [], "media_type": "text", "message_id": 8886, "original_text": "A long long time ago, when I first got into malware, I met a kid who was a little older than me who, by all standards of measurement, was significantly more intelligent and gifted than me.\n\nHe made me feel like a moron.\n\nVery quickly he established a reputation on IRC for being \"the guy\", despite being like, 16. His parents were financially well off and extremely supportive and sent him to DEFCON. He had a really great PC setup. He had it all lined up. He was destined for an amazing and strong career in information security. I was extremely envious of him because he also had a super pretty girlfriend while somehow being a massive nerd. His parents bought him a car. In my eyes he had it all.\n\nOn my side, I had some old piece of crap computer. I didn't even have a computer chair, I used some ghetto dining room table chair made from janky wood. It was all beat up and yucky.\n\nI struggled learning C. On IRC I was basically the village idiot and memed all the time (although in good jest). My friend would become frustrated with me because of how slow I learned.\n\nI was a poor kid. I wasn't like, poor-poor like, homeless or whatever, but his parents has significantly more money than mine and were capable for providing for their son in ways my family could not.\n\nI'm not entirely sure what happened because, despite him learning faster, retaining more information, having more resources, having amazing opportunities, ... he threw it away. I have no idea why. He lost his focus somehow and ended up working at a restaurant for a little bit as a server. He later worked at a mall kiosk.\n\nI ended up being the successful one. I ended up having an amazing career in cybersecurity. I ended up knowing far more than him.\n\nSometimes I reflect on it and it blows my mind. I only surpassed him because I had endurance and was willing to continue the grind.\n\nHe had everything on a silver platter. He had so many amazing opportunities. He could have gone so far, he was so incredibly gifted and smart.\n\nI have no idea what he was thinking to make him squander it all.\n\nI guess the moral of the story is that turtle and the rabbit thingy has truth to it.", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T09:21:29Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware" ], "telegram_url": "https://t.me/vxunderground/8886", "text": "A long long time ago, when I first got into malware, I met a kid who was a little older than me who, by all standards of measurement, was significantly more intelligent and gifted than me.\n\nHe made me feel like a moron.\n\nVery quickly he established a reputation on IRC for being \"the guy\", despite being like, 16. His parents were financially well off and extremely supportive and sent him to DEFCON. He had a really great PC setup. He had it all lined up. He was destined for an amazing and strong career in information security. I was extremely envious of him because he also had a super pretty girlfriend while somehow being a massive nerd. His parents bought him a car. In my eyes he had it all.\n\nOn my side, I had some old piece of crap computer. I didn't even have a computer chair, I used some ghetto dining room table chair made from janky wood. It was all beat up and yucky.\n\nI struggled learning C. On IRC I was basically the village idiot and memed all the time (although in good jest). My friend would become frustrated with me because of how slow I learned.\n\nI was a poor kid. I wasn't like, poor-poor like, homeless or whatever, but his parents has significantly more money than mine and were capable for providing for their son in ways my family could not.\n\nI'm not entirely sure what happened because, despite him learning faster, retaining more information, having more resources, having amazing opportunities, ... he threw it away. I have no idea why. He lost his focus somehow and ended up working at a restaurant for a little bit as a server. He later worked at a mall kiosk.\n\nI ended up being the successful one. I ended up having an amazing career in cybersecurity. I ended up knowing far more than him.\n\nSometimes I reflect on it and it blows my mind. I only surpassed him because I had endurance and was willing to continue the grind.\n\nHe had everything on a silver platter. He had so many amazing opportunities. He could have gone so far, he was so incredibly gifted and smart.\n\nI have no idea what he was thinking to make him squander it all.\n\nI guess the moral of the story is that turtle and the rabbit thingy has truth to it.", "url": "https://news.jeremywhittaker.com/item/vxunderground-8886/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "b8efe05dd3356240", "id": "cluster-b8efe05dd3356240", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T07:19:00Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T07:19:28Z", "engagement": { "forwards": 59, "paid_reactions": 0, "reaction_breakdown": { "โค": 3, "๐Ÿ”ฅ": 47, "๐Ÿ˜": 14, "๐Ÿคฃ": 3 }, "reactions": 67, "replies": 0, "score_absolute": 4915.0, "score_global_percentile": 62.86, "score_source_percentile": 100.0, "source_rank_by_engagement": 1, "stars": 0, "views": 4191 }, "english_status": "original_english", "excerpt": "Hello, If you're a person who enjoys malware and/or knows Python and wants to see malware that targets STEAM and GAMERS, I have the source code to a malware I have named \"Stealer.Python.GMBA.Manipulator\". This malware was originally noted on Xitter from GMBA. In summary, this Python malware kills the Steam process...", "fingerprint": "b8efe05dd3356240", "hashtags": [], "id": "vxunderground-8885", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 1080, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 86629, "width": 1920 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "vxunderground/8885", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8885" }, "media_type": "photo", "message_id": 8885, "original_text": "Hello,\n\nIf you're a person who enjoys malware and/or knows Python and wants to see malware that targets STEAM and GAMERS, I have the source code to a malware I have named \"Stealer.Python.GMBA.Manipulator\".\n\nThis malware was originally noted on Xitter from GMBA.\n\nIn summary, this Python malware kills the Steam process and relaunches it with the \"-cef-enable-debugging\" flag. Because Steam is a Chromium app, this allows the malware payload to manipulate Steam web pages with web socket gunk and Javascript gunk.\n\nThis malware can \"modify\" user inventories, \"block users\", etc. It is all a facade designed to trick and social engineer Steam users into giving their expensive Counter Strike stuff to them.\n\nIt appears to be written using AI. Regardless of that fact this malware is creative and I like it.\n\nThe malware source code to this can be found under the \"/Python/\" directory. It is named \"Stealer.Python.GMBA.Manipulator.7z\".\n\nThis malware campaign is still active and the C2 is still live. If you execute the __main__.py file you might cook yourself, so be careful. Alternatively, you can run this in a VM and send the malware campaign authors pictures of Goatse.\n\nhttps://github.com/vxunderground/MalwareSourceCode", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T07:19:00Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware", "github.com" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "vxunderground/8885", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8885" }, "telegram_url": "https://t.me/vxunderground/8885", "text": "Hello,\n\nIf you're a person who enjoys malware and/or knows Python and wants to see malware that targets STEAM and GAMERS, I have the source code to a malware I have named \"Stealer.Python.GMBA.Manipulator\".\n\nThis malware was originally noted on Xitter from GMBA.\n\nIn summary, this Python malware kills the Steam process and relaunches it with the \"-cef-enable-debugging\" flag. Because Steam is a Chromium app, this allows the malware payload to manipulate Steam web pages with web socket gunk and Javascript gunk.\n\nThis malware can \"modify\" user inventories, \"block users\", etc. It is all a facade designed to trick and social engineer Steam users into giving their expensive Counter Strike stuff to them.\n\nIt appears to be written using AI. Regardless of that fact this malware is creative and I like it.\n\nThe malware source code to this can be found under the \"/Python/\" directory. It is named \"Stealer.Python.GMBA.Manipulator.7z\".\n\nThis malware campaign is still active and the C2 is still live. If you execute the __main__.py file you might cook yourself, so be careful. Alternatively, you can run this in a VM and send the malware campaign authors pictures of Goatse.\n\nhttps://github.com/vxunderground/MalwareSourceCode", "url": "https://news.jeremywhittaker.com/item/vxunderground-8885/", "urls": [ "https://github.com/vxunderground/MalwareSourceCode" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "d25f9aaccfad2e8f", "id": "cluster-d25f9aaccfad2e8f", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T07:07:53Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T07:08:46Z", "engagement": { "forwards": 48, "paid_reactions": 0, "reaction_breakdown": { "โค": 7, "๐Ÿ”ฅ": 6, "๐Ÿ˜": 1, "๐Ÿค“": 19, "๐Ÿคฃ": 4, "๐Ÿฅฐ": 52 }, "reactions": 89, "replies": 0, "score_absolute": 3578.0, "score_global_percentile": 54.68, "score_source_percentile": 64.29, "source_rank_by_engagement": 6, "stars": 0, "views": 2920 }, "english_status": "original_english", "excerpt": "I learned quite a bit from this actually. I didn't know Steam was a Chromium app. Hence, you can kill Steam then relaunch it with the \"-cef-enable-debugging\" flag. Once you'll launched Steam with this, you can inject Javascript into Steam using Chromium \"webSocketDebuggingUrl\" stuff. This malware has a whole...", "fingerprint": "d25f9aaccfad2e8f", "hashtags": [], "id": "vxunderground-8884", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 657, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 50908, "width": 1133 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "vxunderground/8884", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8884" }, "media_type": "photo", "message_id": 8884, "original_text": "I learned quite a bit from this actually.\n\nI didn't know Steam was a Chromium app. Hence, you can kill Steam then relaunch it with the \"-cef-enable-debugging\" flag.\n\nOnce you'll launched Steam with this, you can inject Javascript into Steam using Chromium \"webSocketDebuggingUrl\" stuff.\n\nThis malware has a whole pseudo-framework of Javascript that can do:\n- Alert Bell (?)\n- Block pages\n- \"Help page\" (?)\n- Inventory manipulation\n- Steam library manipulation\n- Profile manipulation\n- Steam redirections\n\nBasically, this malware payload switches Steam into a Chromium debug state, then sends web debug requests (kind of like Chrome Dev Tools?) to manipulate the Steam pages. It injects Javascript.\n\nThe chat window that spawns is from a remote host they control. This is really cool.\n\nIs it AI slop? Yes\n\nIs this code EXTREMELY easy to reverse engineer? Yes\n\nDid they unironically document their entire code base in Russian because it was (probably) written using Claude and the authors probably speak Russian? Yes\n\nIs this extremely creative and cool? Yes\n\nSpecial thanks to \"pro\" from 2c44. He handed me the payload and the decompiled Python. The malware .py was Base64 encoded ... so obtaining the original source was ridiculously easy.", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T07:07:53Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware", "russia" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "vxunderground/8884", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8884" }, "telegram_url": "https://t.me/vxunderground/8884", "text": "I learned quite a bit from this actually.\n\nI didn't know Steam was a Chromium app. Hence, you can kill Steam then relaunch it with the \"-cef-enable-debugging\" flag.\n\nOnce you'll launched Steam with this, you can inject Javascript into Steam using Chromium \"webSocketDebuggingUrl\" stuff.\n\nThis malware has a whole pseudo-framework of Javascript that can do:\n- Alert Bell (?)\n- Block pages\n- \"Help page\" (?)\n- Inventory manipulation\n- Steam library manipulation\n- Profile manipulation\n- Steam redirections\n\nBasically, this malware payload switches Steam into a Chromium debug state, then sends web debug requests (kind of like Chrome Dev Tools?) to manipulate the Steam pages. It injects Javascript.\n\nThe chat window that spawns is from a remote host they control. This is really cool.\n\nIs it AI slop? Yes\n\nIs this code EXTREMELY easy to reverse engineer? Yes\n\nDid they unironically document their entire code base in Russian because it was (probably) written using Claude and the authors probably speak Russian? Yes\n\nIs this extremely creative and cool? Yes\n\nSpecial thanks to \"pro\" from 2c44. He handed me the payload and the decompiled Python. The malware .py was Base64 encoded ... so obtaining the original source was ridiculously easy.", "url": "https://news.jeremywhittaker.com/item/vxunderground-8884/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity trade-publication perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "The Hacker News", "handle": "thehackernews", "id": "telegram:thehackernews", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity publication.", "rank": 8, "risk_label": "Technical reporting should be checked against vendor advisories", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "research source" ], "tier": "Tier 1", "title": "The Hacker News", "url": "https://t.me/thehackernews" }, "channel_handle": "thehackernews", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "66feffad7fa3a9e4", "id": "cluster-66feffad7fa3a9e4", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T06:44:09Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T06:57:38Z", "engagement": { "forwards": 34, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ‘": 3, "๐Ÿ”ฅ": 6, "๐Ÿ˜": 4, "๐Ÿคฏ": 1 }, "reactions": 14, "replies": 0, "score_absolute": 5194.0, "score_global_percentile": 63.9, "score_source_percentile": 100.0, "source_rank_by_engagement": 1, "stars": 0, "views": 4826 }, "english_status": "original_english", "excerpt": "๐Ÿšจ CVE-2026-0257, a PAN-OS and Prisma Access authentication bypass flaw, is under active exploitation. The CVSS 7.8 bug can enable unauthorized VPN access and, in some observed cases, access to internal networks. Patch immediately or apply mitigations. Details:...", "fingerprint": "66feffad7fa3a9e4", "hashtags": [], "id": "thehackernews-9115", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 900, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 75404, "width": 720 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "thehackernews/9115", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9115" }, "media_type": "photo", "message_id": 9115, "original_text": "๐Ÿšจ CVE-2026-0257, a PAN-OS and Prisma Access authentication bypass flaw, is under active exploitation.\n\nThe CVSS 7.8 bug can enable unauthorized VPN access and, in some observed cases, access to internal networks.\n\nPatch immediately or apply mitigations.\n\nDetails: https://thehackernews.com/2026/05/pan-os-globalprotect-authentication.html", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T06:44:09Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "research-source", "thehackernews.com", "cve", "exploit" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "thehackernews/9115", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9115" }, "telegram_url": "https://t.me/thehackernews/9115", "text": "๐Ÿšจ CVE-2026-0257, a PAN-OS and Prisma Access authentication bypass flaw, is under active exploitation.\n\nThe CVSS 7.8 bug can enable unauthorized VPN access and, in some observed cases, access to internal networks.\n\nPatch immediately or apply mitigations.\n\nDetails: https://thehackernews.com/2026/05/pan-os-globalprotect-authentication.html", "url": "https://news.jeremywhittaker.com/item/thehackernews-9115/", "urls": [ "https://thehackernews.com/2026/05/pan-os-globalprotect-authentication.html" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "a5bb09136d38b7f1", "id": "cluster-a5bb09136d38b7f1", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T06:15:15Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T06:15:56Z", "engagement": { "forwards": 24, "paid_reactions": 0, "reaction_breakdown": { "โค": 2, "โคโ€๐Ÿ”ฅ": 2, "๐Ÿ˜": 56, "๐Ÿคฃ": 4, "๐Ÿฅฐ": 12 }, "reactions": 76, "replies": 0, "score_absolute": 3307.0, "score_global_percentile": 51.79, "score_source_percentile": 50.0, "source_rank_by_engagement": 8, "stars": 0, "views": 2915 }, "english_status": "original_english", "excerpt": "me reverse engineering malware that targets steam", "fingerprint": "a5bb09136d38b7f1", "hashtags": [], "id": "vxunderground-8883", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": 18.994, "height": 600, "kind": "video", "mime_type": "video/mp4", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 2111015, "width": 720 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "vxunderground/8883", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8883" }, "media_type": "video", "message_id": 8883, "original_text": "me reverse engineering malware that targets steam", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T06:15:15Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "vxunderground/8883", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8883" }, "telegram_url": "https://t.me/vxunderground/8883", "text": "me reverse engineering malware that targets steam", "url": "https://news.jeremywhittaker.com/item/vxunderground-8883/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "e3b0c44298fc1c14", "id": "cluster-e3b0c44298fc1c14", "is_burst": true, "label": "1116-post burst", "latest_published_at": "2026-06-01T18:54:18Z", "position": 1060, "size": 1116 }, "edited_at": null, "engagement": { "forwards": 31, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 3209.0, "score_global_percentile": 50.52, "score_source_percentile": 42.86, "source_rank_by_engagement": 9, "stars": 0, "views": 2899 }, "english_status": "original_english", "excerpt": "", "fingerprint": "e3b0c44298fc1c14", "hashtags": [], "id": "vxunderground-8882", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 566, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 16335, "width": 463 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "vxunderground/8882", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8882" }, "media_type": "photo", "message_id": 8882, "original_text": "", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T06:05:32Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "vxunderground/8882", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8882" }, "telegram_url": "https://t.me/vxunderground/8882", "text": "", "url": "https://news.jeremywhittaker.com/item/vxunderground-8882/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "4ec3ac6a5a7c483a", "id": "cluster-4ec3ac6a5a7c483a", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T06:05:31Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T06:06:40Z", "engagement": { "forwards": 28, "paid_reactions": 0, "reaction_breakdown": { "โค": 1, "๐Ÿ˜ข": 2, "๐Ÿคฃ": 90, "๐Ÿฅฐ": 7 }, "reactions": 100, "replies": 0, "score_absolute": 3334.0, "score_global_percentile": 52.06, "score_source_percentile": 57.14, "source_rank_by_engagement": 7, "stars": 0, "views": 2854 }, "english_status": "original_english", "excerpt": "Using this script you can also send these Russian people very important and private messages (I didn't message them this, this isn't my image, someone else did) Images via \"pro from 2c44\"", "fingerprint": "4ec3ac6a5a7c483a", "hashtags": [], "id": "vxunderground-8881", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 445, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 30683, "width": 1280 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "vxunderground/8881", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8881" }, "media_type": "photo", "message_id": 8881, "original_text": "Using this script you can also send these Russian people very important and private messages (I didn't message them this, this isn't my image, someone else did)\n\nImages via \"pro from 2c44\"", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T06:05:31Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware", "russia" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "vxunderground/8881", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8881" }, "telegram_url": "https://t.me/vxunderground/8881", "text": "Using this script you can also send these Russian people very important and private messages (I didn't message them this, this isn't my image, someone else did)\n\nImages via \"pro from 2c44\"", "url": "https://news.jeremywhittaker.com/item/vxunderground-8881/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "235cec03fc19287f", "id": "cluster-235cec03fc19287f", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T06:00:55Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T06:01:42Z", "engagement": { "forwards": 49, "paid_reactions": 0, "reaction_breakdown": { "โค": 4, "๐Ÿ”ฅ": 9, "๐Ÿ˜": 75, "๐Ÿ˜ฑ": 1, "๐Ÿค“": 1, "๐Ÿคฃ": 12, "๐Ÿฅฐ": 3 }, "reactions": 105, "replies": 0, "score_absolute": 3658.0, "score_global_percentile": 55.48, "score_source_percentile": 71.43, "source_rank_by_engagement": 5, "stars": 0, "views": 2958 }, "english_status": "needs_translation", "excerpt": "I got the payload to this malware. It is absurdly silly. This malware is killing me bro. It is so unbelievably silly. This was 100% written using Claude or ChatGPT. I've never seen a malware payload LEAVE NOTES describing what it's doing. The malware has a Powershell script that connects to the C2 for stinky malware...", "fingerprint": "235cec03fc19287f", "hashtags": [], "id": "vxunderground-8880", "language": "ru", "language_display": "Russian", "language_original": "ru", "media": [ { "downloaded": false, "duration": null, "height": 495, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 89496, "width": 1280 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "vxunderground/8880", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8880" }, "media_type": "photo", "message_id": 8880, "original_text": "I got the payload to this malware. It is absurdly silly. This malware is killing me bro. It is so unbelievably silly.\n\nThis was 100% written using Claude or ChatGPT. I've never seen a malware payload LEAVE NOTES describing what it's doing.\n\nThe malware has a Powershell script that connects to the C2 for stinky malware stuff. This module is responsible for persistence. Thankfully their persistence script documented the entire code base and file locations.\n\nVery cool. Thank you spoopy Russian Counter Strike scammers.\n\nEven more silly, the C2 is hardcoded as a string (seen in attached image). The C2 address shows it has been an active malware campaign since at least January 31st, 2026 based off of data present on VirusTotal. It was initially uploaded as \"9lixh\".\n\nThis persistence script was from a victim machine so I've censored some data. Regardless, the botched cyrillic notes also makes me giggle.\n\nRussian to English translations present in this silly script which documents everything for us:\n# ะŸัƒั‚ะธ ะดะปั ัƒะดะฐะปะตะฝะธั\n# Paths for deletion\n\n# ะ—ะฐะฒะตั€ัˆะฐะตะผ ะฟั€ะพั†ะตััั‹ python ะธ pythonw\n# Terminate/finish the python and pythonw processes\n\n# ะฃะดะฐะปัะตะผ ะฐะฒั‚ะพะทะฐะฟัƒัะบ ะธะท ั€ะตะตัั‚ั€ะฐ\n# Remove autorun from the registry\n\n# ะ—ะฐะฒะตั€ัˆะฐะตะผ ะฟั€ะพั†ะตัั ะผะพะฝะธั‚ะพั€ะฐ\n# Stop the monitoring process\n\n# ะะพะฒะฐั ั„ัƒะฝะบั†ะธั ะดะปั ะฟั€ะพะฒะตั€ะบะธ f.json ะธ ัƒะฑะธะนัั‚ะฒะฐ ะฟั€ะพั†ะตััะพะฒ\n# New function for checking f.json and killing processes\n\n# ะŸั€ะพะฒะตั€ัะตะผ ั„ะปะฐะณ library\n# Check the library flag\n\n# ะกะฟะธัะพะบ ะฟั€ะพั†ะตััะพะฒ ะดะปั ัƒะฑะธะนัั‚ะฒะฐ\n# List of processes to kill\n\n# ะŸั€ะพะฒะตั€ะบะฐ ั„ะปะฐะณะฐ ัƒะดะฐะปะตะฝะธั (ะบะฐะถะดั‹ะต 20 ัะตะบัƒะฝะด)\n# Check the deletion flag (every 20 seconds)\n\n# 20 ัะตะบัƒะฝะด ะฟั€ะธ ะธะฝั‚ะตั€ะฒะฐะปะต 2 ัะตะบัƒะฝะดั‹\n# 20 seconds with a 2-second interval\n\n# ะŸั€ะพะฒะตั€ะบะฐ f.json ะธ ัƒะฑะธะนัั‚ะฒะพ ะฟั€ะพั†ะตััะพะฒ (ะบะฐะถะดั‹ะต 4 ัะตะบัƒะฝะดั‹)\n# Check f.json and kill processes (every 4 seconds)", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T06:00:55Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware", "russia" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "vxunderground/8880", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8880" }, "telegram_url": "https://t.me/vxunderground/8880", "text": "I got the payload to this malware. It is absurdly silly. This malware is killing me bro. It is so unbelievably silly.\n\nThis was 100% written using Claude or ChatGPT. I've never seen a malware payload LEAVE NOTES describing what it's doing.\n\nThe malware has a Powershell script that connects to the C2 for stinky malware stuff. This module is responsible for persistence. Thankfully their persistence script documented the entire code base and file locations.\n\nVery cool. Thank you spoopy Russian Counter Strike scammers.\n\nEven more silly, the C2 is hardcoded as a string (seen in attached image). The C2 address shows it has been an active malware campaign since at least January 31st, 2026 based off of data present on VirusTotal. It was initially uploaded as \"9lixh\".\n\nThis persistence script was from a victim machine so I've censored some data. Regardless, the botched cyrillic notes also makes me giggle.\n\nRussian to English translations present in this silly script which documents everything for us:\n# ะŸัƒั‚ะธ ะดะปั ัƒะดะฐะปะตะฝะธั\n# Paths for deletion\n\n# ะ—ะฐะฒะตั€ัˆะฐะตะผ ะฟั€ะพั†ะตััั‹ python ะธ pythonw\n# Terminate/finish the python and pythonw processes\n\n# ะฃะดะฐะปัะตะผ ะฐะฒั‚ะพะทะฐะฟัƒัะบ ะธะท ั€ะตะตัั‚ั€ะฐ\n# Remove autorun from the registry\n\n# ะ—ะฐะฒะตั€ัˆะฐะตะผ ะฟั€ะพั†ะตัั ะผะพะฝะธั‚ะพั€ะฐ\n# Stop the monitoring process\n\n# ะะพะฒะฐั ั„ัƒะฝะบั†ะธั ะดะปั ะฟั€ะพะฒะตั€ะบะธ f.json ะธ ัƒะฑะธะนัั‚ะฒะฐ ะฟั€ะพั†ะตััะพะฒ\n# New function for checking f.json and killing processes\n\n# ะŸั€ะพะฒะตั€ัะตะผ ั„ะปะฐะณ library\n# Check the library flag\n\n# ะกะฟะธัะพะบ ะฟั€ะพั†ะตััะพะฒ ะดะปั ัƒะฑะธะนัั‚ะฒะฐ\n# List of processes to kill\n\n# ะŸั€ะพะฒะตั€ะบะฐ ั„ะปะฐะณะฐ ัƒะดะฐะปะตะฝะธั (ะบะฐะถะดั‹ะต 20 ัะตะบัƒะฝะด)\n# Check the deletion flag (every 20 seconds)\n\n# 20 ัะตะบัƒะฝะด ะฟั€ะธ ะธะฝั‚ะตั€ะฒะฐะปะต 2 ัะตะบัƒะฝะดั‹\n# 20 seconds with a 2-second interval\n\n# ะŸั€ะพะฒะตั€ะบะฐ f.json ะธ ัƒะฑะธะนัั‚ะฒะพ ะฟั€ะพั†ะตััะพะฒ (ะบะฐะถะดั‹ะต 4 ัะตะบัƒะฝะดั‹)\n# Check f.json and kill processes (every 4 seconds)", "url": "https://news.jeremywhittaker.com/item/vxunderground-8880/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "246ae7a804c3df3e", "id": "cluster-246ae7a804c3df3e", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T05:29:33Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T05:31:32Z", "engagement": { "forwards": 15, "paid_reactions": 0, "reaction_breakdown": { "โค": 22 }, "reactions": 22, "replies": 0, "score_absolute": 3178.0, "score_global_percentile": 50.05, "score_source_percentile": 35.71, "source_rank_by_engagement": 10, "stars": 0, "views": 2984 }, "english_status": "original_english", "excerpt": "Someone commented on Xitter immediately. Context for TG nerds: https://x.com/GMBA/status/2059692291028144219", "fingerprint": "246ae7a804c3df3e", "hashtags": [], "id": "vxunderground-8879", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 1012, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 102170, "width": 1200 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "vxunderground/8879", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8879" }, "media_type": "photo", "message_id": 8879, "original_text": "Someone commented on Xitter immediately. Context for TG nerds:\n\nhttps://x.com/GMBA/status/2059692291028144219", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T05:29:33Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware", "x.com" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "vxunderground/8879", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8879" }, "telegram_url": "https://t.me/vxunderground/8879", "text": "Someone commented on Xitter immediately. Context for TG nerds:\n\nhttps://x.com/GMBA/status/2059692291028144219", "url": "https://news.jeremywhittaker.com/item/vxunderground-8879/", "urls": [ "https://x.com/GMBA/status/2059692291028144219" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "bb36eaf7bbc001c8", "id": "cluster-bb36eaf7bbc001c8", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T05:26:31Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T05:26:39Z", "engagement": { "forwards": 34, "paid_reactions": 0, "reaction_breakdown": { "โค": 46, "๐Ÿ”ฅ": 1, "๐Ÿค”": 4, "๐Ÿฅฐ": 9 }, "reactions": 60, "replies": 0, "score_absolute": 3701.0, "score_global_percentile": 55.81, "score_source_percentile": 78.57, "source_rank_by_engagement": 4, "stars": 0, "views": 3241 }, "english_status": "original_english", "excerpt": "Hello, Awhile ago some guy on Xitter was talking about his friend being scammed and losing Counter Strike stuff. I'm not a gamer, I don't understand Counter Strike markets and stuff, but the gist of everything was he purchased an item and he was (in some capacity) scammed? He said Steam support was DMing him over...", "fingerprint": "bb36eaf7bbc001c8", "hashtags": [], "id": "vxunderground-8878", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 960, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 147975, "width": 1280 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "vxunderground/8878", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8878" }, "media_type": "photo", "message_id": 8878, "original_text": "Hello,\n\nAwhile ago some guy on Xitter was talking about his friend being scammed and losing Counter Strike stuff. I'm not a gamer, I don't understand Counter Strike markets and stuff, but the gist of everything was he purchased an item and he was (in some capacity) scammed?\n\nHe said Steam support was DMing him over Steam. People were memeing him, saying Steam doesn't communicate over Steam like an instant messenger client. People questioned the validity of the images.\n\nI had a bunch of people DM me, tag me on the post, etc. I saw it, but I was busy with my baby boy, so I put it on the back burner. However, it peaked my interest because it was extremely unusual. I do play stuff on Steam sometimes, and I've never seen or heard of malware which is curated to specifically target Steam coupled with social engineering work.\n\nTwo things\n\n1. I get tons of messages, DMs, and emails. I can't find the original post anymore. If you know what I'm describing please comment it below, or something, I don't know. The post itself is interesting and provides context to second part of this write-up.\n\n2. This is malware. I was on THE STREETS DAWG (talking with stinky nerds on Telegram) passively to see if anyone knew anything about this. I was able to receive the payload as well the decompiled source code (it's written in Python). This malware was developed by some nerds in Russia determined to ... drain people on Counter Strike and steal their items? Again, I'm not a gamer or Counter Strike nerd, so I don't understand the objective of this malware or the monetary value behind this, but apparently it is enough to motivate someone to create malware which injects itself into Steam to allow them to manipulate the application and impersonate Steam support (API hooking).\n\nI haven't had a chance to review the malware in totality yet. I've briefly skimmed it. It's got a bunch of different modules and stages. Someone seems to have put quite a bit of effort into this. I've never seen anything like this, so it's really cool.\n\nOn a side note, I've been noticing a trend of Threat Actors targeting Steam. It was initially by creating fake and malicious games. Now we are seeing malware payloads that inject themselves into the Steam application itself and manipulate it in ways to trick users into giving them valuable video game items or potentially pushing more malware to their machine.\n\nVery cool.", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T05:26:31Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware", "markets", "russia", "shipping", "telegram" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "vxunderground/8878", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8878" }, "telegram_url": "https://t.me/vxunderground/8878", "text": "Hello,\n\nAwhile ago some guy on Xitter was talking about his friend being scammed and losing Counter Strike stuff. I'm not a gamer, I don't understand Counter Strike markets and stuff, but the gist of everything was he purchased an item and he was (in some capacity) scammed?\n\nHe said Steam support was DMing him over Steam. People were memeing him, saying Steam doesn't communicate over Steam like an instant messenger client. People questioned the validity of the images.\n\nI had a bunch of people DM me, tag me on the post, etc. I saw it, but I was busy with my baby boy, so I put it on the back burner. However, it peaked my interest because it was extremely unusual. I do play stuff on Steam sometimes, and I've never seen or heard of malware which is curated to specifically target Steam coupled with social engineering work.\n\nTwo things\n\n1. I get tons of messages, DMs, and emails. I can't find the original post anymore. If you know what I'm describing please comment it below, or something, I don't know. The post itself is interesting and provides context to second part of this write-up.\n\n2. This is malware. I was on THE STREETS DAWG (talking with stinky nerds on Telegram) passively to see if anyone knew anything about this. I was able to receive the payload as well the decompiled source code (it's written in Python). This malware was developed by some nerds in Russia determined to ... drain people on Counter Strike and steal their items? Again, I'm not a gamer or Counter Strike nerd, so I don't understand the objective of this malware or the monetary value behind this, but apparently it is enough to motivate someone to create malware which injects itself into Steam to allow them to manipulate the application and impersonate Steam support (API hooking).\n\nI haven't had a chance to review the malware in totality yet. I've briefly skimmed it. It's got a bunch of different modules and stages. Someone seems to have put quite a bit of effort into this. I've never seen anything like this, so it's really cool.\n\nOn a side note, I've been noticing a trend of Threat Actors targeting Steam. It was initially by creating fake and malicious games. Now we are seeing malware payloads that inject themselves into the Steam application itself and manipulate it in ways to trick users into giving them valuable video game items or potentially pushing more malware to their machine.\n\nVery cool.", "url": "https://news.jeremywhittaker.com/item/vxunderground-8878/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "3c28718406cd3f3c", "id": "cluster-3c28718406cd3f3c", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T01:55:21Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 17.0, "score_global_percentile": 3.56, "score_source_percentile": 2.7, "source_rank_by_engagement": 37, "stars": 0, "views": 17 }, "english_status": "original_english", "excerpt": "โ€ผ๏ธ๐Ÿ‡บ๐Ÿ‡ธ DentaQuest has had 234GB+ leaked on to ShinyHunters Pay or Leak Dark Web portal ________________________________________ Main Channel: https://t.me/SliceForLifeee Backup Channel: https://t.me/SliceForLifeeee Website: darkwebinformer.com Pricing (Includes Crypto): darkwebinformer.com/pricing API Access:...", "fingerprint": "3c28718406cd3f3c", "hashtags": [], "id": "sliceforlifeee-1974", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 339, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 19879, "width": 302 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1974", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1974" }, "media_type": "photo", "message_id": 1974, "original_text": "โ€ผ๏ธ๐Ÿ‡บ๐Ÿ‡ธ DentaQuest has had 234GB+ leaked on to ShinyHunters Pay or Leak Dark Web portal\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T01:55:21Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1974", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1974" }, "telegram_url": "https://t.me/SliceForLifeee/1974", "text": "โ€ผ๏ธ๐Ÿ‡บ๐Ÿ‡ธ DentaQuest has had 234GB+ leaked on to ShinyHunters Pay or Leak Dark Web portal\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1974/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "On-chain scam-tracking perspective", "category": "cyber", "credibility": "Research source", "display_name": "MistTrack Alert", "handle": "misttrack_alert", "id": "telegram:misttrack_alert", "item_count": 0, "language": "en", "priority": 68, "provenance_note": "Public Telegram channel promoted after handle resolution and bounded ingest evidence on 2026-05-29.", "rank": 37, "risk_label": "Attribution and loss estimates require confirmation; low-context transfer tape is filtered unless the post includes clear scam, exploit, theft, laundering, or cybercrime context", "role": "research_source", "role_label": "Research Source", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "research source", "on-chain scam tracking", "cyber-context gated" ], "tier": "Tier 3", "title": "MistTrack Alert", "url": "https://t.me/misttrack_alert" }, "channel_handle": "misttrack_alert", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "7b54db22bd9500b5", "id": "cluster-7b54db22bd9500b5", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T00:34:54Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 5.0, "score_global_percentile": 3.26, "score_source_percentile": 50.0, "source_rank_by_engagement": 2, "stars": 0, "views": 5 }, "english_status": "original_english", "excerpt": "โš ๏ธโš ๏ธโš ๏ธ5.0 #BTC transferred from Kelp-Dao-Exploiter to bc1q4yqt0aygp4uzqv5kdfsfepvt0687562r8rhq6m. Go MistTrack | Transaction Details", "fingerprint": "7b54db22bd9500b5", "hashtags": [ "btc" ], "id": "misttrack-alert-453912", "language": "en", "language_display": "English", "language_original": "en", "media": [], "media_type": "text", "message_id": 453912, "original_text": "โš ๏ธโš ๏ธโš ๏ธ5.0 #BTC transferred from Kelp-Dao-Exploiter to bc1q4yqt0aygp4uzqv5kdfsfepvt0687562r8rhq6m.\n\nGo MistTrack | Transaction Details", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T00:34:54Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "btc", "cyber-hacking", "cyber", "research-source", "on-chain-scam-tracking", "cyber-context-gated", "bitcoin", "exploit" ], "telegram_url": "https://t.me/misttrack_alert/453912", "text": "โš ๏ธโš ๏ธโš ๏ธ5.0 #BTC transferred from Kelp-Dao-Exploiter to bc1q4yqt0aygp4uzqv5kdfsfepvt0687562r8rhq6m.\n\nGo MistTrack | Transaction Details", "url": "https://news.jeremywhittaker.com/item/misttrack-alert-453912/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "e6161a18e6170c9e", "id": "cluster-e6161a18e6170c9e", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T00:25:34Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 65.0, "score_global_percentile": 4.32, "score_source_percentile": 10.81, "source_rank_by_engagement": 34, "stars": 0, "views": 65 }, "english_status": "original_english", "excerpt": "๐Ÿšจ Keybe.ai allegedly targeted in customer database leak A threat actor on an underground forum is claiming that Keybe.ai, an AI platform, suffered a data breach in May 2026 resulting in the full compromise of its customer database. The actor claims the leak contains roughly 1.9M CSV records (~156M in size), partially...", "fingerprint": "e6161a18e6170c9e", "hashtags": [], "id": "sliceforlifeee-1973", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 1015, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 141489, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1973", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1973" }, "media_type": "photo", "message_id": 1973, "original_text": "๐Ÿšจ Keybe.ai allegedly targeted in customer database leak\n\nA threat actor on an underground forum is claiming that Keybe.ai, an AI platform, suffered a data breach in May 2026 resulting in the full compromise of its customer database.\n\nThe actor claims the leak contains roughly 1.9M CSV records (~156M in size), partially released.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Names and surnames\nโ€ข Cities\nโ€ข Email addresses\nโ€ข Phone numbers\nโ€ข Account status and creation dates\nโ€ข Service, campaign, and lead source data\nโ€ข Commercial agent and WhatsApp update fields\nโ€ข Comments and contact history\nโ€ข Various marketing and CRM metadata\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Keybe.ai\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Technology / AI Platform\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: zSenior\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Full customer database compromise\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~1,919,063 records (~156M)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 29, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T00:25:34Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "markets" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1973", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1973" }, "telegram_url": "https://t.me/SliceForLifeee/1973", "text": "๐Ÿšจ Keybe.ai allegedly targeted in customer database leak\n\nA threat actor on an underground forum is claiming that Keybe.ai, an AI platform, suffered a data breach in May 2026 resulting in the full compromise of its customer database.\n\nThe actor claims the leak contains roughly 1.9M CSV records (~156M in size), partially released.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Names and surnames\nโ€ข Cities\nโ€ข Email addresses\nโ€ข Phone numbers\nโ€ข Account status and creation dates\nโ€ข Service, campaign, and lead source data\nโ€ข Commercial agent and WhatsApp update fields\nโ€ข Comments and contact history\nโ€ข Various marketing and CRM metadata\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Keybe.ai\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Technology / AI Platform\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: zSenior\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Full customer database compromise\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~1,919,063 records (~156M)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 29, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1973/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "3a76eb4158569847", "id": "cluster-3a76eb4158569847", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-29T22:15:46Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 136.0, "score_global_percentile": 7.17, "score_source_percentile": 37.84, "source_rank_by_engagement": 24, "stars": 0, "views": 136 }, "english_status": "original_english", "excerpt": "John Daghita aka \"lick\" will be extradited back to the United States after a judge approved it. h/t: @vxdb https://rci.fm/deuxiles/infos/Justice/Le-hacker-John-Daghita-soupconne-dun-vol-de-46-millions-de-dollars-en-cryptommonaie", "fingerprint": "3a76eb4158569847", "hashtags": [], "id": "sliceforlifeee-1971", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 630, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 64068, "width": 1200 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1971", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1971" }, "media_type": "photo", "message_id": 1971, "original_text": "John Daghita aka \"lick\" will be extradited back to the United States after a judge approved it. h/t: @vxdb\n\nhttps://rci.fm/deuxiles/infos/Justice/Le-hacker-John-Daghita-soupconne-dun-vol-de-46-millions-de-dollars-en-cryptommonaie", "provenance_label": "Public Telegram post", "published_at": "2026-05-29T22:15:46Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "rci.fm" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1971", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1971" }, "telegram_url": "https://t.me/SliceForLifeee/1971", "text": "John Daghita aka \"lick\" will be extradited back to the United States after a judge approved it. h/t: @vxdb\n\nhttps://rci.fm/deuxiles/infos/Justice/Le-hacker-John-Daghita-soupconne-dun-vol-de-46-millions-de-dollars-en-cryptommonaie", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1971/", "urls": [ "https://rci.fm/deuxiles/infos/Justice/Le-hacker-John-Daghita-soupconne-dun-vol-de-46-millions-de-dollars-en-cryptommonaie" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "bfb640d552723dff", "id": "cluster-bfb640d552723dff", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-29T22:05:06Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 2, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 178.0, "score_global_percentile": 8.5, "score_source_percentile": 67.57, "source_rank_by_engagement": 13, "stars": 0, "views": 158 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ฒ๐Ÿ‡ฆ Multiple Moroccan government and corporate databases allegedly listed for sale A threat actor on an underground forum is claiming to sell a bunch of Moroccan databases, attributed to a group/dumper known as PKA291. The listing spans both government-related and corporate datasets. The actor claims the combined...", "fingerprint": "bfb640d552723dff", "hashtags": [], "id": "sliceforlifeee-1970", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 556, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 80532, "width": 1200 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1970", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1970" }, "media_type": "photo", "message_id": 1970, "original_text": "๐Ÿšจ๐Ÿ‡ฒ๐Ÿ‡ฆ Multiple Moroccan government and corporate databases allegedly listed for sale\n\nA threat actor on an underground forum is claiming to sell a bunch of Moroccan databases, attributed to a group/dumper known as PKA291. The listing spans both government-related and corporate datasets.\n\nThe actor claims the combined datasets total millions of records across justice, transport, training, and private sector entities.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Ministry of Justice (2 million documents, 150K lawsuit cases) - $3,000\nโ€ข NARSA (2 million lines) - $800\nโ€ข RADEM Maroc (1.1 million documents) - $600\nโ€ข OFPPT (400K lines) - $300\nโ€ข LNM6 (95K documents) - $500\nโ€ข Delivery companies (8 million lines) - $1,800\nโ€ข Insurance company (initial access) - $600\nโ€ข Other companies (500K lines) - $350\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Multiple Moroccan government and corporate entities\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Morocco ๐Ÿ‡ฒ๐Ÿ‡ฆ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government / Multiple\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: anisanas2 (dumped by PKA291)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Multiple databases for sale\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Millions of records across multiple datasets\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Individual listings $300 to $3,000; special offer $5,500 for all\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 29, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-29T22:05:06Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "state-media" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1970", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1970" }, "telegram_url": "https://t.me/SliceForLifeee/1970", "text": "๐Ÿšจ๐Ÿ‡ฒ๐Ÿ‡ฆ Multiple Moroccan government and corporate databases allegedly listed for sale\n\nA threat actor on an underground forum is claiming to sell a bunch of Moroccan databases, attributed to a group/dumper known as PKA291. The listing spans both government-related and corporate datasets.\n\nThe actor claims the combined datasets total millions of records across justice, transport, training, and private sector entities.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Ministry of Justice (2 million documents, 150K lawsuit cases) - $3,000\nโ€ข NARSA (2 million lines) - $800\nโ€ข RADEM Maroc (1.1 million documents) - $600\nโ€ข OFPPT (400K lines) - $300\nโ€ข LNM6 (95K documents) - $500\nโ€ข Delivery companies (8 million lines) - $1,800\nโ€ข Insurance company (initial access) - $600\nโ€ข Other companies (500K lines) - $350\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Multiple Moroccan government and corporate entities\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Morocco ๐Ÿ‡ฒ๐Ÿ‡ฆ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government / Multiple\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: anisanas2 (dumped by PKA291)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Multiple databases for sale\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Millions of records across multiple datasets\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Individual listings $300 to $3,000; special offer $5,500 for all\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 29, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1970/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "e3451baa1a44393c", "id": "cluster-e3451baa1a44393c", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-29T20:09:48Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 2, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 200.0, "score_global_percentile": 8.87, "score_source_percentile": 83.78, "source_rank_by_engagement": 7, "stars": 0, "views": 180 }, "english_status": "original_english", "excerpt": "๐Ÿšจ 0day Syndicate has a security check page... /verify.php?id=1&confirm_hash= that tells people not to scrape their information. The funny thing is that the onion url at the bottom of the security check message goes to 0APT which shows the hacked KRYBIT message from earlier this month. Clicking the verify human button...", "fingerprint": "e3451baa1a44393c", "hashtags": [], "id": "sliceforlifeee-1966", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 631, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 54464, "width": 583 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1966", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1966" }, "media_type": "photo", "message_id": 1966, "original_text": "๐Ÿšจ 0day Syndicate has a security check page... /verify.php?id=1&confirm_hash= that tells people not to scrape their information.\n\nThe funny thing is that the onion url at the bottom of the security check message goes to 0APT which shows the hacked KRYBIT message from earlier this month.\n\nClicking the verify human button takes you to 0day Syndicate.\n\nPossible rebrand?\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-29T20:09:48Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "exploit" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1966", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1966" }, "telegram_url": "https://t.me/SliceForLifeee/1966", "text": "๐Ÿšจ 0day Syndicate has a security check page... /verify.php?id=1&confirm_hash= that tells people not to scrape their information.\n\nThe funny thing is that the onion url at the bottom of the security check message goes to 0APT which shows the hacked KRYBIT message from earlier this month.\n\nClicking the verify human button takes you to 0day Syndicate.\n\nPossible rebrand?\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1966/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity news perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "BleepingComputer", "handle": "bleepingcomputer", "id": "telegram:bleepingcomputer", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity news publisher.", "rank": 11, "risk_label": "Incident claims should be checked against affected-party statements", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "incident reporting" ], "tier": "Tier 2", "title": "BleepingComputer", "url": "https://t.me/bleepingcomputer" }, "channel_handle": "bleepingcomputer", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "5365fef5277089bb", "id": "cluster-5365fef5277089bb", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-29T19:10:09Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 4, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 218.0, "score_global_percentile": 9.14, "score_source_percentile": 18.18, "source_rank_by_engagement": 10, "stars": 0, "views": 178 }, "english_status": "original_english", "excerpt": "ChatGPT share links abused to host fake outage pages to deliver malware Threat actors are abusing ChatGPT's content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. [...]...", "fingerprint": "5365fef5277089bb", "hashtags": [], "id": "bleepingcomputer-24782", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 900, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 238163, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24782", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24782" }, "media_type": "photo", "message_id": 24782, "original_text": "ChatGPT share links abused to host fake outage pages to deliver malware\n\nThreat actors are abusing ChatGPT's content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. [...]\n\nhttps://www.bleepingcomputer.com/news/security/chatgpt-share-links-abused-to-host-fake-outage-pages-to-deliver-malware/", "provenance_label": "Public Telegram post", "published_at": "2026-05-29T19:10:09Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "incident-reporting", "bleepingcomputer.com", "malware" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24782", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24782" }, "telegram_url": "https://t.me/bleepingcomputer/24782", "text": "ChatGPT share links abused to host fake outage pages to deliver malware\n\nThreat actors are abusing ChatGPT's content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. [...]\n\nhttps://www.bleepingcomputer.com/news/security/chatgpt-share-links-abused-to-host-fake-outage-pages-to-deliver-malware/", "url": "https://news.jeremywhittaker.com/item/bleepingcomputer-24782/", "urls": [ "https://www.bleepingcomputer.com/news/security/chatgpt-share-links-abused-to-host-fake-outage-pages-to-deliver-malware/" ], "verification_state": "source-attributed" } ], "label": "Cyber & Hacking", "latest_published_at": "2026-06-01T18:27:03Z", "order": 5, "source_count": 8, "sources": [ { "bias_label": "Cybersecurity trade-publication perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "The Hacker News", "handle": "thehackernews", "id": "telegram:thehackernews", "item_count": 8, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity publication.", "rank": 8, "risk_label": "Technical reporting should be checked against vendor advisories", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "research source" ], "tier": "Tier 1", "title": "The Hacker News", "url": "https://t.me/thehackernews" }, { "bias_label": "OSINT/cyber research perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "Cyber Detective", "handle": "cybdetective", "id": "telegram:cybdetective", "item_count": 4, "language": "en", "priority": 78, "provenance_note": "Public Telegram feed used for cyber OSINT and investigation leads.", "rank": 10, "risk_label": "Tool and lead references need operator verification", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "research source", "OSINT" ], "tier": "Tier 1", "title": "Cyber Detective", "url": "https://t.me/cybdetective" }, { "bias_label": "Cybersecurity news perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "BleepingComputer", "handle": "bleepingcomputer", "id": "telegram:bleepingcomputer", "item_count": 11, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity news publisher.", "rank": 11, "risk_label": "Incident claims should be checked against affected-party statements", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "incident reporting" ], "tier": "Tier 2", "title": "BleepingComputer", "url": "https://t.me/bleepingcomputer" }, { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 14, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 37, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, { "bias_label": "On-chain scam-tracking perspective", "category": "cyber", "credibility": "Research source", "display_name": "MistTrack Alert", "handle": "misttrack_alert", "id": "telegram:misttrack_alert", "item_count": 2, "language": "en", "priority": 68, "provenance_note": "Public Telegram channel promoted after handle resolution and bounded ingest evidence on 2026-05-29.", "rank": 37, "risk_label": "Attribution and loss estimates require confirmation; low-context transfer tape is filtered unless the post includes clear scam, exploit, theft, laundering, or cybercrime context", "role": "research_source", "role_label": "Research Source", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "research source", "on-chain scam tracking", "cyber-context gated" ], "tier": "Tier 3", "title": "MistTrack Alert", "url": "https://t.me/misttrack_alert" }, { "bias_label": "Cyber vulnerability-monitoring perspective", "category": "cyber", "credibility": "Research source", "display_name": "Dark Web Informer CVE Alerts", "handle": "darkwebinformer_cvealerts", "id": "telegram:darkwebinformer_cvealerts", "item_count": 0, "language": "en", "priority": 62, "provenance_note": "Public Telegram channel resolved successfully on 2026-05-29; no post fell inside the 30-day candidate cutoff.", "rank": 38, "risk_label": "CVE mentions should be checked against vendor/NVD records", "role": "research_source", "role_label": "Research Source", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "research source", "CVE alerts", "cyber" ], "tier": "Tier 3", "title": "Dark Web Informer CVE Alerts", "url": "https://t.me/darkwebinformer_cvealerts" }, { "bias_label": "Cyber incident/news monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Hackmanac Cyber News", "handle": "hackmanac_cybernews", "id": "telegram:hackmanac_cybernews", "item_count": 4, "language": "en", "priority": 52, "provenance_note": "Public Telegram broadcast channel promoted after bounded no-media handle validation on 2026-05-31.", "rank": 73, "risk_label": "Incident claims should be checked against vendor, victim, and researcher disclosures", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber", "incident reporting" ], "tier": "Tier 3", "title": "Hackmanac Cyber News", "url": "https://t.me/hackmanac_cybernews" } ], "translation_coverage": { "by_english_status": { "needs_translation": 1, "original_english": 79 }, "by_language": { "en": 79, "ru": 1 }, "items": 80 } }, "generated_at": "2026-06-01T18:57:39Z", "items": [ { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "ae50840b4b32916d", "id": "cluster-ae50840b4b32916d", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T18:27:03Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 1, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 67.0, "score_global_percentile": 4.38, "score_source_percentile": 13.51, "source_rank_by_engagement": 33, "stars": 0, "views": 57 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ฎ๐Ÿ‡น Burger King Italy allegedly targeted in 5M database leak A threat actor on an underground forum is claiming to sell a database allegedly originating from Burger King Italy, the well-established fast-food chain with more than 150 restaurants in the country. The actor claims the database contains roughly 5M...", "fingerprint": "ae50840b4b32916d", "hashtags": [], "id": "sliceforlifeee-2028", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 934, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 109706, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2028", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2028" }, "media_type": "photo", "message_id": 2028, "original_text": "๐Ÿšจ๐Ÿ‡ฎ๐Ÿ‡น Burger King Italy allegedly targeted in 5M database leak\n\nA threat actor on an underground forum is claiming to sell a database allegedly originating from Burger King Italy, the well-established fast-food chain with more than 150 restaurants in the country.\n\nThe actor claims the database contains roughly 5M records, appearing to be loyalty program customer data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข First and last names\nโ€ข Email addresses\nโ€ข Loyalty card codes\nโ€ข Points and ranking points\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Burger King Italy\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Italy ๐Ÿ‡ฎ๐Ÿ‡น\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Retail / Restaurant\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: kvantize\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Database for sale\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~5M records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Not disclosed (contact to purchase)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: June 1, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T18:27:03Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2028", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2028" }, "telegram_url": "https://t.me/SliceForLifeee/2028", "text": "๐Ÿšจ๐Ÿ‡ฎ๐Ÿ‡น Burger King Italy allegedly targeted in 5M database leak\n\nA threat actor on an underground forum is claiming to sell a database allegedly originating from Burger King Italy, the well-established fast-food chain with more than 150 restaurants in the country.\n\nThe actor claims the database contains roughly 5M records, appearing to be loyalty program customer data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข First and last names\nโ€ข Email addresses\nโ€ข Loyalty card codes\nโ€ข Points and ranking points\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Burger King Italy\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Italy ๐Ÿ‡ฎ๐Ÿ‡น\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Retail / Restaurant\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: kvantize\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Database for sale\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~5M records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Not disclosed (contact to purchase)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: June 1, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2028/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity news perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "BleepingComputer", "handle": "bleepingcomputer", "id": "telegram:bleepingcomputer", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity news publisher.", "rank": 11, "risk_label": "Incident claims should be checked against affected-party statements", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "incident reporting" ], "tier": "Tier 2", "title": "BleepingComputer", "url": "https://t.me/bleepingcomputer" }, "channel_handle": "bleepingcomputer", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "9cabd9d6fd0e2151", "id": "cluster-9cabd9d6fd0e2151", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T18:17:06Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 3, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 136.0, "score_global_percentile": 7.23, "score_source_percentile": 9.09, "source_rank_by_engagement": 11, "stars": 0, "views": 106 }, "english_status": "original_english", "excerpt": "WordPress malware campaign hides payloads in Steam profiles Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data. [...] https://www.bleepingcomputer.com/news/security/wordpress-malware-campaign-hides-payloads-in-steam-profiles/", "fingerprint": "9cabd9d6fd0e2151", "hashtags": [], "id": "bleepingcomputer-24792", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 900, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 206551, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24792", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24792" }, "media_type": "photo", "message_id": 24792, "original_text": "WordPress malware campaign hides payloads in Steam profiles\n\nNearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data. [...]\n\nhttps://www.bleepingcomputer.com/news/security/wordpress-malware-campaign-hides-payloads-in-steam-profiles/", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T18:17:06Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "incident-reporting", "bleepingcomputer.com", "malware" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24792", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24792" }, "telegram_url": "https://t.me/bleepingcomputer/24792", "text": "WordPress malware campaign hides payloads in Steam profiles\n\nNearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data. [...]\n\nhttps://www.bleepingcomputer.com/news/security/wordpress-malware-campaign-hides-payloads-in-steam-profiles/", "url": "https://news.jeremywhittaker.com/item/bleepingcomputer-24792/", "urls": [ "https://www.bleepingcomputer.com/news/security/wordpress-malware-campaign-hides-payloads-in-steam-profiles/" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "f867d7bce755708e", "id": "cluster-f867d7bce755708e", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T17:51:54Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 95.0, "score_global_percentile": 5.29, "score_source_percentile": 27.03, "source_rank_by_engagement": 28, "stars": 0, "views": 95 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ซ๐Ÿ‡ท Le Mรฉdia Pour Tous allegedly targeted in 13K database leak A threat actor on an underground forum is claiming to have leaked a database allegedly originating from Le Mรฉdia Pour Tous, an independent French media outlet created by Vincent Lapierre. The actor notes the data is not from the current year. The actor...", "fingerprint": "f867d7bce755708e", "hashtags": [], "id": "sliceforlifeee-2027", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 1051, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 162374, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2027", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2027" }, "media_type": "photo", "message_id": 2027, "original_text": "๐Ÿšจ๐Ÿ‡ซ๐Ÿ‡ท Le Mรฉdia Pour Tous allegedly targeted in 13K database leak\n\nA threat actor on an underground forum is claiming to have leaked a database allegedly originating from Le Mรฉdia Pour Tous, an independent French media outlet created by Vincent Lapierre. The actor notes the data is not from the current year.\n\nThe actor claims the leak contains roughly 13K records across user and account data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Usernames and login names\nโ€ข Passwords (hashed)\nโ€ข First and last names / nicknames\nโ€ข Email addresses\nโ€ข User URLs\nโ€ข Registration dates and display names\nโ€ข User roles and account status\nโ€ข Session tokens\nโ€ข Account settings and metadata\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Le Mรฉdia Pour Tous\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: France ๐Ÿ‡ซ๐Ÿ‡ท\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Media / Publishing\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: kvantize\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~13K records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: 1 Point\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: June 1, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T17:51:54Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2027", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2027" }, "telegram_url": "https://t.me/SliceForLifeee/2027", "text": "๐Ÿšจ๐Ÿ‡ซ๐Ÿ‡ท Le Mรฉdia Pour Tous allegedly targeted in 13K database leak\n\nA threat actor on an underground forum is claiming to have leaked a database allegedly originating from Le Mรฉdia Pour Tous, an independent French media outlet created by Vincent Lapierre. The actor notes the data is not from the current year.\n\nThe actor claims the leak contains roughly 13K records across user and account data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Usernames and login names\nโ€ข Passwords (hashed)\nโ€ข First and last names / nicknames\nโ€ข Email addresses\nโ€ข User URLs\nโ€ข Registration dates and display names\nโ€ข User roles and account status\nโ€ข Session tokens\nโ€ข Account settings and metadata\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Le Mรฉdia Pour Tous\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: France ๐Ÿ‡ซ๐Ÿ‡ท\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Media / Publishing\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: kvantize\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~13K records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: 1 Point\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: June 1, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2027/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity trade-publication perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "The Hacker News", "handle": "thehackernews", "id": "telegram:thehackernews", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity publication.", "rank": 8, "risk_label": "Technical reporting should be checked against vendor advisories", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "research source" ], "tier": "Tier 1", "title": "The Hacker News", "url": "https://t.me/thehackernews" }, "channel_handle": "thehackernews", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "76dd9ec33a19deb7", "id": "cluster-76dd9ec33a19deb7", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T17:41:28Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T17:42:39Z", "engagement": { "forwards": 16, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ‘": 1, "๐Ÿ”ฅ": 6, "๐Ÿ˜ฑ": 2 }, "reactions": 9, "replies": 0, "score_absolute": 1585.0, "score_global_percentile": 29.5, "score_source_percentile": 12.5, "source_rank_by_engagement": 8, "stars": 0, "views": 1407 }, "english_status": "original_english", "excerpt": "๐Ÿ”ฅ A new supply chain attack has hit official Red Hat Cloud Services npm packages. The Miasma campaign, a fresh Mini Shai-Hulud variant, plants a malicious preinstall hook that steals GitHub secrets, cloud credentials, SSH keys, and more from developer and CI/CD environments. It also adds persistence and downstream...", "fingerprint": "76dd9ec33a19deb7", "hashtags": [], "id": "thehackernews-9122", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 470, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 30094, "width": 900 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "thehackernews/9122", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9122" }, "media_type": "photo", "message_id": 9122, "original_text": "๐Ÿ”ฅ A new supply chain attack has hit official Red Hat Cloud Services npm packages.\n\nThe Miasma campaign, a fresh Mini Shai-Hulud variant, plants a malicious preinstall hook that steals GitHub secrets, cloud credentials, SSH keys, and more from developer and CI/CD environments.\n\nIt also adds persistence and downstream poisoning.\n\nRead: https://thehackernews.com/2026/06/miasma-supply-chain-attack-compromises.html", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T17:41:28Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "research-source", "thehackernews.com", "state-media" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "thehackernews/9122", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9122" }, "telegram_url": "https://t.me/thehackernews/9122", "text": "๐Ÿ”ฅ A new supply chain attack has hit official Red Hat Cloud Services npm packages.\n\nThe Miasma campaign, a fresh Mini Shai-Hulud variant, plants a malicious preinstall hook that steals GitHub secrets, cloud credentials, SSH keys, and more from developer and CI/CD environments.\n\nIt also adds persistence and downstream poisoning.\n\nRead: https://thehackernews.com/2026/06/miasma-supply-chain-attack-compromises.html", "url": "https://news.jeremywhittaker.com/item/thehackernews-9122/", "urls": [ "https://thehackernews.com/2026/06/miasma-supply-chain-attack-compromises.html" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "On-chain scam-tracking perspective", "category": "cyber", "credibility": "Research source", "display_name": "MistTrack Alert", "handle": "misttrack_alert", "id": "telegram:misttrack_alert", "item_count": 0, "language": "en", "priority": 68, "provenance_note": "Public Telegram channel promoted after handle resolution and bounded ingest evidence on 2026-05-29.", "rank": 37, "risk_label": "Attribution and loss estimates require confirmation; low-context transfer tape is filtered unless the post includes clear scam, exploit, theft, laundering, or cybercrime context", "role": "research_source", "role_label": "Research Source", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "research source", "on-chain scam tracking", "cyber-context gated" ], "tier": "Tier 3", "title": "MistTrack Alert", "url": "https://t.me/misttrack_alert" }, "channel_handle": "misttrack_alert", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "12e1da89b5950714", "id": "cluster-12e1da89b5950714", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T17:32:06Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 10.0, "score_global_percentile": 3.54, "score_source_percentile": 100.0, "source_rank_by_engagement": 1, "stars": 0, "views": 10 }, "english_status": "original_english", "excerpt": "24,898,430.2184 #USDT transferred from TFxqYTM4L6JrctPEHfiiAREHHcTr8cVYef to TTyiSefHC6TnGYYB8UYFNzakeaXKgQtCve. Go MistTrack | Transaction Details", "fingerprint": "12e1da89b5950714", "hashtags": [ "usdt" ], "id": "misttrack-alert-455102", "language": "en", "language_display": "English", "language_original": "en", "media": [], "media_type": "text", "message_id": 455102, "original_text": "24,898,430.2184 #USDT transferred from TFxqYTM4L6JrctPEHfiiAREHHcTr8cVYef to TTyiSefHC6TnGYYB8UYFNzakeaXKgQtCve.\n\nGo MistTrack | Transaction Details", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T17:32:06Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "usdt", "cyber-hacking", "cyber", "research-source", "on-chain-scam-tracking", "cyber-context-gated" ], "telegram_url": "https://t.me/misttrack_alert/455102", "text": "24,898,430.2184 #USDT transferred from TFxqYTM4L6JrctPEHfiiAREHHcTr8cVYef to TTyiSefHC6TnGYYB8UYFNzakeaXKgQtCve.\n\nGo MistTrack | Transaction Details", "url": "https://news.jeremywhittaker.com/item/misttrack-alert-455102/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "a69bd87be60d02c8", "id": "cluster-a69bd87be60d02c8", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T16:56:54Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 3, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 173.0, "score_global_percentile": 8.42, "score_source_percentile": 62.16, "source_rank_by_engagement": 15, "stars": 0, "views": 143 }, "english_status": "original_english", "excerpt": "๐Ÿšจ Nornikovik hidden browser malware advertised on underground forum A threat actor on an underground forum is advertising Nornikovik, a hidden-browser malware marketed as fileless and undetected. The seller describes it as a tool that runs a victim's browser silently in the background, lets the operator control it...", "fingerprint": "a69bd87be60d02c8", "hashtags": [], "id": "sliceforlifeee-2025", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 980, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 146203, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2025", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2025" }, "media_type": "photo", "message_id": 2025, "original_text": "๐Ÿšจ Nornikovik hidden browser malware advertised on underground forum\n\nA threat actor on an underground forum is advertising Nornikovik, a hidden-browser malware marketed as fileless and undetected. The seller describes it as a tool that runs a victim's browser silently in the background, lets the operator control it remotely, and can load the victim's saved browser data.\n\nThe listing promotes the tool to other forum members for the purpose of covert remote browser session hijacking and data theft.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฏ๐—ฒ๐—ถ๐—ป๐—ด ๐—ฎ๐—ฑ๐˜ƒ๐—ฒ๐—ฟ๐˜๐—ถ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข A covert (\"hidden\") remote browser controlled by the attacker\nโ€ข Claimed fileless operation and self-deletion after execution\nโ€ข Ability to load victim browser data (cookies and autofills)\nโ€ข Support for multiple mainstream browsers (Chrome, Edge, Brave, Yandex, OperaGX, Vivaldi)\nโ€ข Claimed anti-analysis and anti-VM features\nโ€ข Multiple persistence methods\nโ€ข A builder and listener interface\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: N/A (offensive malware)\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Cybercrime Tooling / Malware-as-a-Service\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: solitaryElite\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Selling fileless hidden-browser malware\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Covert browser session hijacking and data theft tool\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Listed via autobuy (middleman accepted)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: June 1, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T16:56:54Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "malware", "markets", "shipping" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2025", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2025" }, "telegram_url": "https://t.me/SliceForLifeee/2025", "text": "๐Ÿšจ Nornikovik hidden browser malware advertised on underground forum\n\nA threat actor on an underground forum is advertising Nornikovik, a hidden-browser malware marketed as fileless and undetected. The seller describes it as a tool that runs a victim's browser silently in the background, lets the operator control it remotely, and can load the victim's saved browser data.\n\nThe listing promotes the tool to other forum members for the purpose of covert remote browser session hijacking and data theft.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฏ๐—ฒ๐—ถ๐—ป๐—ด ๐—ฎ๐—ฑ๐˜ƒ๐—ฒ๐—ฟ๐˜๐—ถ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข A covert (\"hidden\") remote browser controlled by the attacker\nโ€ข Claimed fileless operation and self-deletion after execution\nโ€ข Ability to load victim browser data (cookies and autofills)\nโ€ข Support for multiple mainstream browsers (Chrome, Edge, Brave, Yandex, OperaGX, Vivaldi)\nโ€ข Claimed anti-analysis and anti-VM features\nโ€ข Multiple persistence methods\nโ€ข A builder and listener interface\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: N/A (offensive malware)\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Cybercrime Tooling / Malware-as-a-Service\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: solitaryElite\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Selling fileless hidden-browser malware\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Covert browser session hijacking and data theft tool\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Listed via autobuy (middleman accepted)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: June 1, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2025/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "2d6d6ec742866b6f", "id": "cluster-2d6d6ec742866b6f", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T15:35:07Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 196.0, "score_global_percentile": 8.79, "score_source_percentile": 81.08, "source_rank_by_engagement": 8, "stars": 0, "views": 196 }, "english_status": "original_english", "excerpt": "โ€ผ๏ธ New Dark Web Informer Blog Post! Title: Threat Actor Claims to Sell Live Web-Shell Access to a NASA Web Application Link: https://darkwebinformer.com/threat-actor-claims-to-sell-live-web-shell-access-to-a-nasa-web-application/", "fingerprint": "2d6d6ec742866b6f", "hashtags": [], "id": "sliceforlifeee-2024", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 630, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 101044, "width": 1200 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2024", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2024" }, "media_type": "photo", "message_id": 2024, "original_text": "โ€ผ๏ธ New Dark Web Informer Blog Post!\n\nTitle: Threat Actor Claims to Sell Live Web-Shell Access to a NASA Web Application\n\nLink: https://darkwebinformer.com/threat-actor-claims-to-sell-live-web-shell-access-to-a-nasa-web-application/", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T15:35:07Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "darkwebinformer.com" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2024", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2024" }, "telegram_url": "https://t.me/SliceForLifeee/2024", "text": "โ€ผ๏ธ New Dark Web Informer Blog Post!\n\nTitle: Threat Actor Claims to Sell Live Web-Shell Access to a NASA Web Application\n\nLink: https://darkwebinformer.com/threat-actor-claims-to-sell-live-web-shell-access-to-a-nasa-web-application/", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2024/", "urls": [ "https://darkwebinformer.com/threat-actor-claims-to-sell-live-web-shell-access-to-a-nasa-web-application/" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "279dd5e2532c6633", "id": "cluster-279dd5e2532c6633", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T15:17:06Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T15:20:53Z", "engagement": { "forwards": 2, "paid_reactions": 0, "reaction_breakdown": { "โค": 1, "๐Ÿ˜ˆ": 1 }, "reactions": 2, "replies": 0, "score_absolute": 212.0, "score_global_percentile": 9.06, "score_source_percentile": 89.19, "source_rank_by_engagement": 5, "stars": 0, "views": 188 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ช๐Ÿ‡ธ Spanish gas company allegedly targeted in database sale exposing IBANs and phones A threat actor on an underground forum is claiming to sell a database allegedly belonging to a Spanish gas company. The actor describes the leads as fresh and says the data was obtained via a hack/vulnerability and has never been...", "fingerprint": "279dd5e2532c6633", "hashtags": [], "id": "sliceforlifeee-2023", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 833, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 112658, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2023", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2023" }, "media_type": "photo", "message_id": 2023, "original_text": "๐Ÿšจ๐Ÿ‡ช๐Ÿ‡ธ Spanish gas company allegedly targeted in database sale exposing IBANs and phones\n\nA threat actor on an underground forum is claiming to sell a database allegedly belonging to a Spanish gas company. The actor describes the leads as fresh and says the data was obtained via a hack/vulnerability and has never been sold before.\n\nThe actor claims the database contains roughly 555K unique records including banking and contact details.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names (name, surname 1, surname 2)\nโ€ข Identification numbers and type\nโ€ข Phone numbers (two per record)\nโ€ข Email addresses\nโ€ข IBAN bank account numbers\nโ€ข Bank identifiers\nโ€ข Province, locality, and postal code\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Undisclosed Spanish gas company\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Spain ๐Ÿ‡ช๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Energy / Utilities\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: jordanbelfortwolf\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Database for sale (obtained via hack/vulnerability)\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~555K unique records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Not disclosed (contact to purchase)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T15:17:06Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "energy" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2023", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2023" }, "telegram_url": "https://t.me/SliceForLifeee/2023", "text": "๐Ÿšจ๐Ÿ‡ช๐Ÿ‡ธ Spanish gas company allegedly targeted in database sale exposing IBANs and phones\n\nA threat actor on an underground forum is claiming to sell a database allegedly belonging to a Spanish gas company. The actor describes the leads as fresh and says the data was obtained via a hack/vulnerability and has never been sold before.\n\nThe actor claims the database contains roughly 555K unique records including banking and contact details.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names (name, surname 1, surname 2)\nโ€ข Identification numbers and type\nโ€ข Phone numbers (two per record)\nโ€ข Email addresses\nโ€ข IBAN bank account numbers\nโ€ข Bank identifiers\nโ€ข Province, locality, and postal code\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Undisclosed Spanish gas company\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Spain ๐Ÿ‡ช๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Energy / Utilities\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: jordanbelfortwolf\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Database for sale (obtained via hack/vulnerability)\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~555K unique records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Not disclosed (contact to purchase)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2023/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity news perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "BleepingComputer", "handle": "bleepingcomputer", "id": "telegram:bleepingcomputer", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity news publisher.", "rank": 11, "risk_label": "Incident claims should be checked against affected-party statements", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "incident reporting" ], "tier": "Tier 2", "title": "BleepingComputer", "url": "https://t.me/bleepingcomputer" }, "channel_handle": "bleepingcomputer", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "b653859413c28746", "id": "cluster-b653859413c28746", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T15:07:10Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T15:21:10Z", "engagement": { "forwards": 4, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ’ฉ": 1 }, "reactions": 1, "replies": 0, "score_absolute": 392.0, "score_global_percentile": 12.29, "score_source_percentile": 36.36, "source_rank_by_engagement": 8, "stars": 0, "views": 350 }, "english_status": "original_english", "excerpt": "Microsoft investigates Office Apps, Teams file access issues Microsoft says an ongoing incident is preventing users of its Teams collaboration platform and Office for the web cloud-based productivity suite from opening files. [...]...", "fingerprint": "b653859413c28746", "hashtags": [], "id": "bleepingcomputer-24791", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 900, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 252045, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24791", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24791" }, "media_type": "photo", "message_id": 24791, "original_text": "Microsoft investigates Office Apps, Teams file access issues\n\nMicrosoft says an ongoing incident is preventing users of its Teams collaboration platform and Office for the web cloud-based productivity suite from opening files. [...]\n\nhttps://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-office-apps-teams-file-access-issues/", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T15:07:10Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "incident-reporting", "bleepingcomputer.com" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24791", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24791" }, "telegram_url": "https://t.me/bleepingcomputer/24791", "text": "Microsoft investigates Office Apps, Teams file access issues\n\nMicrosoft says an ongoing incident is preventing users of its Teams collaboration platform and Office for the web cloud-based productivity suite from opening files. [...]\n\nhttps://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-office-apps-teams-file-access-issues/", "url": "https://news.jeremywhittaker.com/item/bleepingcomputer-24791/", "urls": [ "https://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-office-apps-teams-file-access-issues/" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "cf044f63248eaff2", "id": "cluster-cf044f63248eaff2", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T15:04:38Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 2, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 190.0, "score_global_percentile": 8.71, "score_source_percentile": 78.38, "source_rank_by_engagement": 9, "stars": 0, "views": 170 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ต๐Ÿ‡ช DIRANDRO (Peruvian National Police) allegedly targeted by L4TAMFUCK3RS A threat actor group on an underground forum, identifying as L4TAMFUCK3RS, is claiming to sell a full database allegedly originating from DIRANDRO, the specialized anti-drug-trafficking division of the Peruvian National Police (Policรญa...", "fingerprint": "cf044f63248eaff2", "hashtags": [], "id": "sliceforlifeee-2020", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 936, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 160561, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2020", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2020" }, "media_type": "photo", "message_id": 2020, "original_text": "๐Ÿšจ๐Ÿ‡ต๐Ÿ‡ช DIRANDRO (Peruvian National Police) allegedly targeted by L4TAMFUCK3RS\n\nA threat actor group on an underground forum, identifying as L4TAMFUCK3RS, is claiming to sell a full database allegedly originating from DIRANDRO, the specialized anti-drug-trafficking division of the Peruvian National Police (Policรญa Nacional del Perรบ). The actors claim all police/military personnel records are included.\n\nThe actors claim the database contains roughly 300K folders (people) totaling about 7.8 GB.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names, surnames, national ID numbers (DNI), and police ID codes (CIP)\nโ€ข Dates of birth, gender, marital status, education level\nโ€ข Parents' full names\nโ€ข Full residential addresses\nโ€ข Civil registry data and identification codes (NIF)\nโ€ข Police intervention/operation details and incident narratives\nโ€ข Exact event coordinates and penitentiary facility references\nโ€ข Seized substance details and evidence labels\nโ€ข Detained individuals' names, ages, and DNI numbers\nโ€ข Document metadata and institutional info (PNP, INPE, Public Prosecutor)\nโ€ข Internal personnel records (CIP, DNI, names, registration dates)\nโ€ข Scanned national ID document images and photographs\nโ€ข Military-related records\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: DIRANDRO (Policรญa Nacional del Perรบ)\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Peru ๐Ÿ‡ต๐Ÿ‡ช\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government / Law Enforcement\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: cantpwn (L4TAMFUCK3RS)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Full police database for sale\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~300K folders/people (~7.8 GB)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: $700\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T15:04:38Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "iran" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2020", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2020" }, "telegram_url": "https://t.me/SliceForLifeee/2020", "text": "๐Ÿšจ๐Ÿ‡ต๐Ÿ‡ช DIRANDRO (Peruvian National Police) allegedly targeted by L4TAMFUCK3RS\n\nA threat actor group on an underground forum, identifying as L4TAMFUCK3RS, is claiming to sell a full database allegedly originating from DIRANDRO, the specialized anti-drug-trafficking division of the Peruvian National Police (Policรญa Nacional del Perรบ). The actors claim all police/military personnel records are included.\n\nThe actors claim the database contains roughly 300K folders (people) totaling about 7.8 GB.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names, surnames, national ID numbers (DNI), and police ID codes (CIP)\nโ€ข Dates of birth, gender, marital status, education level\nโ€ข Parents' full names\nโ€ข Full residential addresses\nโ€ข Civil registry data and identification codes (NIF)\nโ€ข Police intervention/operation details and incident narratives\nโ€ข Exact event coordinates and penitentiary facility references\nโ€ข Seized substance details and evidence labels\nโ€ข Detained individuals' names, ages, and DNI numbers\nโ€ข Document metadata and institutional info (PNP, INPE, Public Prosecutor)\nโ€ข Internal personnel records (CIP, DNI, names, registration dates)\nโ€ข Scanned national ID document images and photographs\nโ€ข Military-related records\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: DIRANDRO (Policรญa Nacional del Perรบ)\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Peru ๐Ÿ‡ต๐Ÿ‡ช\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government / Law Enforcement\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: cantpwn (L4TAMFUCK3RS)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Full police database for sale\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~300K folders/people (~7.8 GB)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: $700\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2020/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity news perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "BleepingComputer", "handle": "bleepingcomputer", "id": "telegram:bleepingcomputer", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity news publisher.", "rank": 11, "risk_label": "Incident claims should be checked against affected-party statements", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "incident reporting" ], "tier": "Tier 2", "title": "BleepingComputer", "url": "https://t.me/bleepingcomputer" }, "channel_handle": "bleepingcomputer", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "8b8ed2278c51541f", "id": "cluster-8b8ed2278c51541f", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T14:33:34Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 2, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 384.0, "score_global_percentile": 12.11, "score_source_percentile": 27.27, "source_rank_by_engagement": 9, "stars": 0, "views": 364 }, "english_status": "original_english", "excerpt": "Race Against Time: Why Faster Vulnerability Alerts Matter Attackers are exploiting vulnerabilities faster than many organizations can identify and patch them. SecAlerts explains why faster vulnerability alerts can help reduce exposure and improve response times. [...]...", "fingerprint": "8b8ed2278c51541f", "hashtags": [], "id": "bleepingcomputer-24790", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 900, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 100330, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24790", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24790" }, "media_type": "photo", "message_id": 24790, "original_text": "Race Against Time: Why Faster Vulnerability Alerts Matter\n\nAttackers are exploiting vulnerabilities faster than many organizations can identify and patch them. SecAlerts explains why faster vulnerability alerts can help reduce exposure and improve response times. [...]\n\nhttps://www.bleepingcomputer.com/news/security/race-against-time-why-faster-vulnerability-alerts-matter/", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T14:33:34Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "incident-reporting", "bleepingcomputer.com", "cve", "exploit" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24790", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24790" }, "telegram_url": "https://t.me/bleepingcomputer/24790", "text": "Race Against Time: Why Faster Vulnerability Alerts Matter\n\nAttackers are exploiting vulnerabilities faster than many organizations can identify and patch them. SecAlerts explains why faster vulnerability alerts can help reduce exposure and improve response times. [...]\n\nhttps://www.bleepingcomputer.com/news/security/race-against-time-why-faster-vulnerability-alerts-matter/", "url": "https://news.jeremywhittaker.com/item/bleepingcomputer-24790/", "urls": [ "https://www.bleepingcomputer.com/news/security/race-against-time-why-faster-vulnerability-alerts-matter/" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity trade-publication perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "The Hacker News", "handle": "thehackernews", "id": "telegram:thehackernews", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity publication.", "rank": 8, "risk_label": "Technical reporting should be checked against vendor advisories", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "research source" ], "tier": "Tier 1", "title": "The Hacker News", "url": "https://t.me/thehackernews" }, "channel_handle": "thehackernews", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "e762b04277e5dcf2", "id": "cluster-e762b04277e5dcf2", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T14:05:06Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T14:10:20Z", "engagement": { "forwards": 13, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ‘": 1, "๐Ÿ”ฅ": 7 }, "reactions": 8, "replies": 0, "score_absolute": 3403.0, "score_global_percentile": 52.78, "score_source_percentile": 25.0, "source_rank_by_engagement": 7, "stars": 0, "views": 3257 }, "english_status": "original_english", "excerpt": "โšก PAN-OS exploited. Gogs 0-day. GlassWorm takedown. AI malware lures. Smishing wave. OAuth phish kits. SonicWall scans. Monday #cybersecurity recap is stacked. Read it - https://thehackernews.com/2026/06/weekly-recap-new-linux-flaw-pan-os.html", "fingerprint": "e762b04277e5dcf2", "hashtags": [ "cybersecurity" ], "id": "thehackernews-9121", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 900, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 84267, "width": 720 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "thehackernews/9121", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9121" }, "media_type": "photo", "message_id": 9121, "original_text": "โšก PAN-OS exploited. Gogs 0-day. GlassWorm takedown. AI malware lures. Smishing wave. OAuth phish kits. SonicWall scans.\n\nMonday #cybersecurity recap is stacked.\n\nRead it - https://thehackernews.com/2026/06/weekly-recap-new-linux-flaw-pan-os.html", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T14:05:06Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cybersecurity", "cyber-hacking", "cyber", "verification-anchor", "research-source", "thehackernews.com", "exploit", "malware" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "thehackernews/9121", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9121" }, "telegram_url": "https://t.me/thehackernews/9121", "text": "โšก PAN-OS exploited. Gogs 0-day. GlassWorm takedown. AI malware lures. Smishing wave. OAuth phish kits. SonicWall scans.\n\nMonday #cybersecurity recap is stacked.\n\nRead it - https://thehackernews.com/2026/06/weekly-recap-new-linux-flaw-pan-os.html", "url": "https://news.jeremywhittaker.com/item/thehackernews-9121/", "urls": [ "https://thehackernews.com/2026/06/weekly-recap-new-linux-flaw-pan-os.html" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber incident/news monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Hackmanac Cyber News", "handle": "hackmanac_cybernews", "id": "telegram:hackmanac_cybernews", "item_count": 0, "language": "en", "priority": 52, "provenance_note": "Public Telegram broadcast channel promoted after bounded no-media handle validation on 2026-05-31.", "rank": 73, "risk_label": "Incident claims should be checked against vendor, victim, and researcher disclosures", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber", "incident reporting" ], "tier": "Tier 3", "title": "Hackmanac Cyber News", "url": "https://t.me/hackmanac_cybernews" }, "channel_handle": "hackmanac_cybernews", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "fbad9796c00d7de3", "id": "cluster-fbad9796c00d7de3", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T13:44:49Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T13:44:52Z", "engagement": { "forwards": 3, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 282.0, "score_global_percentile": 9.88, "score_source_percentile": 50.0, "source_rank_by_engagement": 3, "stars": 0, "views": 252 }, "english_status": "original_english", "excerpt": "๐ŸšจCyber Alert โ€ผ๏ธ ๐Ÿ‡ช๐Ÿ‡ฌEgypt - ๐—•๐—ผ๐˜‚๐—ฟ๐—ถ ๐—š๐—ฟ๐—ผ๐˜‚๐—ฝ The Gentlemen hacking group claims to have breached Bouri Group. Threat actor: The Gentlemen Sector: Manufacturing Data exposure (claimed): Not specified Data type: Not specified Observed: Jun 1, 2026 Status: Pending verification ESIXยฉ: 5.04 Full details and impact assessment on...", "fingerprint": "fbad9796c00d7de3", "hashtags": [], "id": "hackmanac-cybernews-2304", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 557, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 59842, "width": 456 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "hackmanac_cybernews/2304", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/hackmanac_cybernews/2304" }, "media_type": "photo", "message_id": 2304, "original_text": "๐ŸšจCyber Alert โ€ผ๏ธ\n\n๐Ÿ‡ช๐Ÿ‡ฌEgypt - ๐—•๐—ผ๐˜‚๐—ฟ๐—ถ ๐—š๐—ฟ๐—ผ๐˜‚๐—ฝ\n\nThe Gentlemen hacking group claims to have breached Bouri Group.\n\nThreat actor: The Gentlemen\nSector: Manufacturing\nData exposure (claimed): Not specified\nData type: Not specified\nObserved: Jun 1, 2026\nStatus: Pending verification\nESIXยฉ: 5.04\n\nFull details and impact assessment on HackRisk.io", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T13:44:49Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "incident-reporting" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "hackmanac_cybernews/2304", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/hackmanac_cybernews/2304" }, "telegram_url": "https://t.me/hackmanac_cybernews/2304", "text": "๐ŸšจCyber Alert โ€ผ๏ธ\n\n๐Ÿ‡ช๐Ÿ‡ฌEgypt - ๐—•๐—ผ๐˜‚๐—ฟ๐—ถ ๐—š๐—ฟ๐—ผ๐˜‚๐—ฝ\n\nThe Gentlemen hacking group claims to have breached Bouri Group.\n\nThreat actor: The Gentlemen\nSector: Manufacturing\nData exposure (claimed): Not specified\nData type: Not specified\nObserved: Jun 1, 2026\nStatus: Pending verification\nESIXยฉ: 5.04\n\nFull details and impact assessment on HackRisk.io", "url": "https://news.jeremywhittaker.com/item/hackmanac-cybernews-2304/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity news perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "BleepingComputer", "handle": "bleepingcomputer", "id": "telegram:bleepingcomputer", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity news publisher.", "rank": 11, "risk_label": "Incident claims should be checked against affected-party statements", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "incident reporting" ], "tier": "Tier 2", "title": "BleepingComputer", "url": "https://t.me/bleepingcomputer" }, "channel_handle": "bleepingcomputer", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "b768357c6742e679", "id": "cluster-b768357c6742e679", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T13:20:26Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 5, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 481.0, "score_global_percentile": 14.05, "score_source_percentile": 63.64, "source_rank_by_engagement": 5, "stars": 0, "views": 431 }, "english_status": "original_english", "excerpt": "Critical Windows Netlogon RCE flaw now exploited in attacks The Centre for Cybersecurity Belgium (CCB), the country's national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attacks. [...]...", "fingerprint": "b768357c6742e679", "hashtags": [], "id": "bleepingcomputer-24789", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 900, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 198221, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24789", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24789" }, "media_type": "photo", "message_id": 24789, "original_text": "Critical Windows Netlogon RCE flaw now exploited in attacks\n\nThe Centre for Cybersecurity Belgium (CCB), the country's national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attacks. [...]\n\nhttps://www.bleepingcomputer.com/news/microsoft/critical-windows-netlogon-remote-code-execution-flaw-now-exploited-in-attacks/", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T13:20:26Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "incident-reporting", "bleepingcomputer.com", "cve", "exploit" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24789", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24789" }, "telegram_url": "https://t.me/bleepingcomputer/24789", "text": "Critical Windows Netlogon RCE flaw now exploited in attacks\n\nThe Centre for Cybersecurity Belgium (CCB), the country's national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attacks. [...]\n\nhttps://www.bleepingcomputer.com/news/microsoft/critical-windows-netlogon-remote-code-execution-flaw-now-exploited-in-attacks/", "url": "https://news.jeremywhittaker.com/item/bleepingcomputer-24789/", "urls": [ "https://www.bleepingcomputer.com/news/microsoft/critical-windows-netlogon-remote-code-execution-flaw-now-exploited-in-attacks/" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity news perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "BleepingComputer", "handle": "bleepingcomputer", "id": "telegram:bleepingcomputer", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity news publisher.", "rank": 11, "risk_label": "Incident claims should be checked against affected-party statements", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "incident reporting" ], "tier": "Tier 2", "title": "BleepingComputer", "url": "https://t.me/bleepingcomputer" }, "channel_handle": "bleepingcomputer", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "3fbf297b813df2dd", "id": "cluster-3fbf297b813df2dd", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T13:20:25Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 2, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 406.0, "score_global_percentile": 12.56, "score_source_percentile": 54.55, "source_rank_by_engagement": 6, "stars": 0, "views": 386 }, "english_status": "original_english", "excerpt": "Webinar tomorrow: From alert to resolution in network incident response Network incidents are often detected quickly, but investigations and coordination can delay resolution. Join our webinar tomorrow to learn how automation and AI-assisted workflows can help IT teams accelerate incident response. [...]...", "fingerprint": "3fbf297b813df2dd", "hashtags": [], "id": "bleepingcomputer-24788", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 900, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 160775, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24788", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24788" }, "media_type": "photo", "message_id": 24788, "original_text": "Webinar tomorrow: From alert to resolution in network incident response\n\nNetwork incidents are often detected quickly, but investigations and coordination can delay resolution. Join our webinar tomorrow to learn how automation and AI-assisted workflows can help IT teams accelerate incident response. [...]\n\nhttps://www.bleepingcomputer.com/news/security/webinar-tomorrow-from-alert-to-resolution-in-network-incident-response/", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T13:20:25Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "incident-reporting", "bleepingcomputer.com" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24788", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24788" }, "telegram_url": "https://t.me/bleepingcomputer/24788", "text": "Webinar tomorrow: From alert to resolution in network incident response\n\nNetwork incidents are often detected quickly, but investigations and coordination can delay resolution. Join our webinar tomorrow to learn how automation and AI-assisted workflows can help IT teams accelerate incident response. [...]\n\nhttps://www.bleepingcomputer.com/news/security/webinar-tomorrow-from-alert-to-resolution-in-network-incident-response/", "url": "https://news.jeremywhittaker.com/item/bleepingcomputer-24788/", "urls": [ "https://www.bleepingcomputer.com/news/security/webinar-tomorrow-from-alert-to-resolution-in-network-incident-response/" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity trade-publication perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "The Hacker News", "handle": "thehackernews", "id": "telegram:thehackernews", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity publication.", "rank": 8, "risk_label": "Technical reporting should be checked against vendor advisories", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "research source" ], "tier": "Tier 1", "title": "The Hacker News", "url": "https://t.me/thehackernews" }, "channel_handle": "thehackernews", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "73092c5ac5768304", "id": "cluster-73092c5ac5768304", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T12:32:24Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T12:37:44Z", "engagement": { "forwards": 5, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ‘": 4, "๐Ÿ”ฅ": 3 }, "reactions": 7, "replies": 0, "score_absolute": 3719.0, "score_global_percentile": 55.97, "score_source_percentile": 37.5, "source_rank_by_engagement": 6, "stars": 0, "views": 3655 }, "english_status": "original_english", "excerpt": "The โ€œvCISO platformโ€ label is outdated for todayโ€™s MSPs. Service providers need portfolio-wide security programs, CISO-grade intelligence, and revenue insights. Thatโ€™s why the Security Growth Platform category has emerged โ€” and Cynomi currently defines it with its unified frameworks and 100% partner-only model. Read:...", "fingerprint": "73092c5ac5768304", "hashtags": [], "id": "thehackernews-9120", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 470, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 45475, "width": 900 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "thehackernews/9120", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9120" }, "media_type": "photo", "message_id": 9120, "original_text": "The โ€œvCISO platformโ€ label is outdated for todayโ€™s MSPs.\n\nService providers need portfolio-wide security programs, CISO-grade intelligence, and revenue insights.\n\nThatโ€™s why the Security Growth Platform category has emerged โ€” and Cynomi currently defines it with its unified frameworks and 100% partner-only model.\n\nRead: https://thehackernews.com/2026/06/the-security-growth-platform-why-msps.html", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T12:32:24Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "research-source", "thehackernews.com" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "thehackernews/9120", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9120" }, "telegram_url": "https://t.me/thehackernews/9120", "text": "The โ€œvCISO platformโ€ label is outdated for todayโ€™s MSPs.\n\nService providers need portfolio-wide security programs, CISO-grade intelligence, and revenue insights.\n\nThatโ€™s why the Security Growth Platform category has emerged โ€” and Cynomi currently defines it with its unified frameworks and 100% partner-only model.\n\nRead: https://thehackernews.com/2026/06/the-security-growth-platform-why-msps.html", "url": "https://news.jeremywhittaker.com/item/thehackernews-9120/", "urls": [ "https://thehackernews.com/2026/06/the-security-growth-platform-why-msps.html" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity news perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "BleepingComputer", "handle": "bleepingcomputer", "id": "telegram:bleepingcomputer", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity news publisher.", "rank": 11, "risk_label": "Incident claims should be checked against affected-party statements", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "incident reporting" ], "tier": "Tier 2", "title": "BleepingComputer", "url": "https://t.me/bleepingcomputer" }, "channel_handle": "bleepingcomputer", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "781c795f28558bbb", "id": "cluster-781c795f28558bbb", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T12:04:39Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 4, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 516.0, "score_global_percentile": 14.36, "score_source_percentile": 90.91, "source_rank_by_engagement": 2, "stars": 0, "views": 476 }, "english_status": "original_english", "excerpt": "Microsoft confirms outage affecting MFA, My Sign-Ins platform Microsoft is working to address an ongoing incident preventing customers from setting up multi-factor authentication (MFA) or accessing the My Sign-Ins platform. [...]...", "fingerprint": "781c795f28558bbb", "hashtags": [], "id": "bleepingcomputer-24787", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 900, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 221679, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24787", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24787" }, "media_type": "photo", "message_id": 24787, "original_text": "Microsoft confirms outage affecting MFA, My Sign-Ins platform\n\nMicrosoft is working to address an ongoing incident preventing customers from setting up multi-factor authentication (MFA) or accessing the My Sign-Ins platform. [...]\n\nhttps://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-outage-affecting-mfa-my-sign-ins-platform/", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T12:04:39Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "incident-reporting", "bleepingcomputer.com" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24787", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24787" }, "telegram_url": "https://t.me/bleepingcomputer/24787", "text": "Microsoft confirms outage affecting MFA, My Sign-Ins platform\n\nMicrosoft is working to address an ongoing incident preventing customers from setting up multi-factor authentication (MFA) or accessing the My Sign-Ins platform. [...]\n\nhttps://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-outage-affecting-mfa-my-sign-ins-platform/", "url": "https://news.jeremywhittaker.com/item/bleepingcomputer-24787/", "urls": [ "https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-outage-affecting-mfa-my-sign-ins-platform/" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity trade-publication perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "The Hacker News", "handle": "thehackernews", "id": "telegram:thehackernews", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity publication.", "rank": 8, "risk_label": "Technical reporting should be checked against vendor advisories", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "research source" ], "tier": "Tier 1", "title": "The Hacker News", "url": "https://t.me/thehackernews" }, "channel_handle": "thehackernews", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "9c23a4cf6c379f47", "id": "cluster-9c23a4cf6c379f47", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T11:58:55Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T12:04:34Z", "engagement": { "forwards": 11, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ‘": 4, "๐Ÿ‘": 7, "๐Ÿ”ฅ": 4 }, "reactions": 15, "replies": 0, "score_absolute": 3903.0, "score_global_percentile": 57.32, "score_source_percentile": 50.0, "source_rank_by_engagement": 5, "stars": 0, "views": 3763 }, "english_status": "original_english", "excerpt": "๐Ÿ›‘ China-aligned hackers are intensifying espionage campaigns. Operation Dragon Weave is hitting Czech Republic and Taiwan with spear-phishing ZIPs to deploy AdaptixC2 via Azure Blob Storage. It gives attackers full remote control with 36 commands. Learn More:...", "fingerprint": "9c23a4cf6c379f47", "hashtags": [], "id": "thehackernews-9119", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 380, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 37259, "width": 728 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "thehackernews/9119", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9119" }, "media_type": "photo", "message_id": 9119, "original_text": "๐Ÿ›‘ China-aligned hackers are intensifying espionage campaigns.\n\nOperation Dragon Weave is hitting Czech Republic and Taiwan with spear-phishing ZIPs to deploy AdaptixC2 via Azure Blob Storage.\n\nIt gives attackers full remote control with 36 commands.\n\nLearn More: https://thehackernews.com/2026/06/china-aligned-groups-ramp-up-attacks.html\n\nStay alert with unexpected email attachments.", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T11:58:55Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "research-source", "thehackernews.com" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "thehackernews/9119", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9119" }, "telegram_url": "https://t.me/thehackernews/9119", "text": "๐Ÿ›‘ China-aligned hackers are intensifying espionage campaigns.\n\nOperation Dragon Weave is hitting Czech Republic and Taiwan with spear-phishing ZIPs to deploy AdaptixC2 via Azure Blob Storage.\n\nIt gives attackers full remote control with 36 commands.\n\nLearn More: https://thehackernews.com/2026/06/china-aligned-groups-ramp-up-attacks.html\n\nStay alert with unexpected email attachments.", "url": "https://news.jeremywhittaker.com/item/thehackernews-9119/", "urls": [ "https://thehackernews.com/2026/06/china-aligned-groups-ramp-up-attacks.html" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity news perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "BleepingComputer", "handle": "bleepingcomputer", "id": "telegram:bleepingcomputer", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity news publisher.", "rank": 11, "risk_label": "Incident claims should be checked against affected-party statements", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "incident reporting" ], "tier": "Tier 2", "title": "BleepingComputer", "url": "https://t.me/bleepingcomputer" }, "channel_handle": "bleepingcomputer", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "033f93c53a153569", "id": "cluster-033f93c53a153569", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T11:15:43Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 2, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 548.0, "score_global_percentile": 14.87, "score_source_percentile": 100.0, "source_rank_by_engagement": 1, "stars": 0, "views": 528 }, "english_status": "original_english", "excerpt": "Microsoft fixes KB5089549 Windows security update install issues Microsoft has resolved a known issue causing installation failures and 0x800f0922 errors when deploying the May 2026 Windows 11 security update (KB5089549). [...]...", "fingerprint": "033f93c53a153569", "hashtags": [], "id": "bleepingcomputer-24786", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 900, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 89183, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24786", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24786" }, "media_type": "photo", "message_id": 24786, "original_text": "Microsoft fixes KB5089549 Windows security update install issues\n\nMicrosoft has resolved a known issue causing installation failures and 0x800f0922 errors when deploying the May 2026 Windows 11 security update (KB5089549). [...]\n\nhttps://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-kb5089549-windows-security-update-install-issues/", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T11:15:43Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "incident-reporting", "bleepingcomputer.com" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24786", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24786" }, "telegram_url": "https://t.me/bleepingcomputer/24786", "text": "Microsoft fixes KB5089549 Windows security update install issues\n\nMicrosoft has resolved a known issue causing installation failures and 0x800f0922 errors when deploying the May 2026 Windows 11 security update (KB5089549). [...]\n\nhttps://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-kb5089549-windows-security-update-install-issues/", "url": "https://news.jeremywhittaker.com/item/bleepingcomputer-24786/", "urls": [ "https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-kb5089549-windows-security-update-install-issues/" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "OSINT/cyber research perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "Cyber Detective", "handle": "cybdetective", "id": "telegram:cybdetective", "item_count": 0, "language": "en", "priority": 78, "provenance_note": "Public Telegram feed used for cyber OSINT and investigation leads.", "rank": 10, "risk_label": "Tool and lead references need operator verification", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "research source", "OSINT" ], "tier": "Tier 1", "title": "Cyber Detective", "url": "https://t.me/cybdetective" }, "channel_handle": "cybdetective", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "1d85d63097bc899b", "id": "cluster-1d85d63097bc899b", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T10:50:24Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T11:18:35Z", "engagement": { "forwards": 42, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ‘": 6, "๐Ÿคก": 1 }, "reactions": 7, "replies": 0, "score_absolute": 1622.0, "score_global_percentile": 30.08, "score_source_percentile": 100.0, "source_rank_by_engagement": 1, "stars": 0, "views": 1188 }, "english_status": "original_english", "excerpt": "SHOPOSINT A tool for gathering additional information about accounts across various payment systems (Stripe, SumUp, Revolut, Lydia) https://github.com/redsecurityfr/ShopOSINT", "fingerprint": "1d85d63097bc899b", "hashtags": [], "id": "cybdetective-3507", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 896, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 144132, "width": 1586 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "cybdetective/3507", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/cybdetective/3507" }, "media_type": "photo", "message_id": 3507, "original_text": "SHOPOSINT\n\nA tool for gathering additional information about accounts across various payment systems (Stripe, SumUp, Revolut, Lydia)\n\nhttps://github.com/redsecurityfr/ShopOSINT", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T10:50:24Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "research-source", "osint", "github.com" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "cybdetective/3507", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/cybdetective/3507" }, "telegram_url": "https://t.me/cybdetective/3507", "text": "SHOPOSINT\n\nA tool for gathering additional information about accounts across various payment systems (Stripe, SumUp, Revolut, Lydia)\n\nhttps://github.com/redsecurityfr/ShopOSINT", "url": "https://news.jeremywhittaker.com/item/cybdetective-3507/", "urls": [ "https://github.com/redsecurityfr/ShopOSINT" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "OSINT/cyber research perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "Cyber Detective", "handle": "cybdetective", "id": "telegram:cybdetective", "item_count": 0, "language": "en", "priority": 78, "provenance_note": "Public Telegram feed used for cyber OSINT and investigation leads.", "rank": 10, "risk_label": "Tool and lead references need operator verification", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "research source", "OSINT" ], "tier": "Tier 1", "title": "Cyber Detective", "url": "https://t.me/cybdetective" }, "channel_handle": "cybdetective", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "d882e42b5fd175da", "id": "cluster-d882e42b5fd175da", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T10:22:08Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T10:25:21Z", "engagement": { "forwards": 34, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ‘": 3, "๐Ÿ‘": 4 }, "reactions": 7, "replies": 0, "score_absolute": 1398.0, "score_global_percentile": 26.2, "score_source_percentile": 50.0, "source_rank_by_engagement": 3, "stars": 0, "views": 1044 }, "english_status": "original_english", "excerpt": "TXFETCH A tool for searching for transaction information by volume and time range across 10 popular blockchains (#btc, #eth, #solana, #tron and others) https://github.com/xaynov-osint/txfetch Creator @osint_xaynov", "fingerprint": "d882e42b5fd175da", "hashtags": [ "btc", "eth", "solana", "tron" ], "id": "cybdetective-3506", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 896, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 250437, "width": 1592 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "cybdetective/3506", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/cybdetective/3506" }, "media_type": "photo", "message_id": 3506, "original_text": "TXFETCH\n\nA tool for searching for transaction information by volume and time range across 10 popular blockchains (#btc, #eth, #solana, #tron and others)\n\nhttps://github.com/xaynov-osint/txfetch\n\nCreator @osint_xaynov", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T10:22:08Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "btc", "eth", "solana", "tron", "cyber-hacking", "cyber", "verification-anchor", "research-source", "osint", "github.com", "bitcoin" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "cybdetective/3506", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/cybdetective/3506" }, "telegram_url": "https://t.me/cybdetective/3506", "text": "TXFETCH\n\nA tool for searching for transaction information by volume and time range across 10 popular blockchains (#btc, #eth, #solana, #tron and others)\n\nhttps://github.com/xaynov-osint/txfetch\n\nCreator @osint_xaynov", "url": "https://news.jeremywhittaker.com/item/cybdetective-3506/", "urls": [ "https://github.com/xaynov-osint/txfetch" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity trade-publication perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "The Hacker News", "handle": "thehackernews", "id": "telegram:thehackernews", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity publication.", "rank": 8, "risk_label": "Technical reporting should be checked against vendor advisories", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "research source" ], "tier": "Tier 1", "title": "The Hacker News", "url": "https://t.me/thehackernews" }, "channel_handle": "thehackernews", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "6c01c976fc62e113", "id": "cluster-6c01c976fc62e113", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T09:44:44Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T09:48:42Z", "engagement": { "forwards": 21, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ‘": 2, "๐Ÿ”ฅ": 10, "๐Ÿ˜ฑ": 1 }, "reactions": 13, "replies": 0, "score_absolute": 4865.0, "score_global_percentile": 62.67, "score_source_percentile": 75.0, "source_rank_by_engagement": 3, "stars": 0, "views": 4629 }, "english_status": "original_english", "excerpt": "๐Ÿšจ A legitimate-looking npm package for OpenAI Codex has been stealing developer auth tokens for over a month. codexui-android, marketed as a remote web UI, has seen 29,000+ weekly downloads. Since version 0.1.82 it quietly sends ~/.codex/auth.json โ€” including non-expiring refresh tokens โ€” to an attacker server. Read:...", "fingerprint": "6c01c976fc62e113", "hashtags": [], "id": "thehackernews-9118", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 470, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 58921, "width": 900 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "thehackernews/9118", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9118" }, "media_type": "photo", "message_id": 9118, "original_text": "๐Ÿšจ A legitimate-looking npm package for OpenAI Codex has been stealing developer auth tokens for over a month.\n\ncodexui-android, marketed as a remote web UI, has seen 29,000+ weekly downloads. Since version 0.1.82 it quietly sends ~/.codex/auth.json โ€” including non-expiring refresh tokens โ€” to an attacker server.\n\nRead: https://thehackernews.com/2026/06/openai-codex-authentication-tokens.html", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T09:44:44Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "research-source", "thehackernews.com", "markets" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "thehackernews/9118", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9118" }, "telegram_url": "https://t.me/thehackernews/9118", "text": "๐Ÿšจ A legitimate-looking npm package for OpenAI Codex has been stealing developer auth tokens for over a month.\n\ncodexui-android, marketed as a remote web UI, has seen 29,000+ weekly downloads. Since version 0.1.82 it quietly sends ~/.codex/auth.json โ€” including non-expiring refresh tokens โ€” to an attacker server.\n\nRead: https://thehackernews.com/2026/06/openai-codex-authentication-tokens.html", "url": "https://news.jeremywhittaker.com/item/thehackernews-9118/", "urls": [ "https://thehackernews.com/2026/06/openai-codex-authentication-tokens.html" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity trade-publication perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "The Hacker News", "handle": "thehackernews", "id": "telegram:thehackernews", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity publication.", "rank": 8, "risk_label": "Technical reporting should be checked against vendor advisories", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "research source" ], "tier": "Tier 1", "title": "The Hacker News", "url": "https://t.me/thehackernews" }, "channel_handle": "thehackernews", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "150b988a267da69e", "id": "cluster-150b988a267da69e", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T08:50:56Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T09:00:04Z", "engagement": { "forwards": 15, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ‘": 9, "๐Ÿ”ฅ": 3, "๐Ÿ˜": 8 }, "reactions": 20, "replies": 0, "score_absolute": 4921.0, "score_global_percentile": 62.9, "score_source_percentile": 87.5, "source_rank_by_engagement": 2, "stars": 0, "views": 4731 }, "english_status": "original_english", "excerpt": "โš ๏ธ Threat actors are actively exploiting a critical vulnerability in WP Maps Pro. CVE-2026-8732 (CVSS 9.8) lets unauthenticated attackers create admin accounts and take over sites. It affects all versions up to 6.1.0. Update to 6.1.1 now. Read: https://thehackernews.com/2026/06/critical-wp-maps-pro-flaw-actively.html", "fingerprint": "150b988a267da69e", "hashtags": [], "id": "thehackernews-9117", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 470, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 52841, "width": 900 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "thehackernews/9117", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9117" }, "media_type": "photo", "message_id": 9117, "original_text": "โš ๏ธ Threat actors are actively exploiting a critical vulnerability in WP Maps Pro.\n\nCVE-2026-8732 (CVSS 9.8) lets unauthenticated attackers create admin accounts and take over sites. It affects all versions up to 6.1.0.\n\nUpdate to 6.1.1 now.\n\nRead: https://thehackernews.com/2026/06/critical-wp-maps-pro-flaw-actively.html", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T08:50:56Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "research-source", "thehackernews.com", "cve", "exploit" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "thehackernews/9117", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9117" }, "telegram_url": "https://t.me/thehackernews/9117", "text": "โš ๏ธ Threat actors are actively exploiting a critical vulnerability in WP Maps Pro.\n\nCVE-2026-8732 (CVSS 9.8) lets unauthenticated attackers create admin accounts and take over sites. It affects all versions up to 6.1.0.\n\nUpdate to 6.1.1 now.\n\nRead: https://thehackernews.com/2026/06/critical-wp-maps-pro-flaw-actively.html", "url": "https://news.jeremywhittaker.com/item/thehackernews-9117/", "urls": [ "https://thehackernews.com/2026/06/critical-wp-maps-pro-flaw-actively.html" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber incident/news monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Hackmanac Cyber News", "handle": "hackmanac_cybernews", "id": "telegram:hackmanac_cybernews", "item_count": 0, "language": "en", "priority": 52, "provenance_note": "Public Telegram broadcast channel promoted after bounded no-media handle validation on 2026-05-31.", "rank": 73, "risk_label": "Incident claims should be checked against vendor, victim, and researcher disclosures", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber", "incident reporting" ], "tier": "Tier 3", "title": "Hackmanac Cyber News", "url": "https://t.me/hackmanac_cybernews" }, "channel_handle": "hackmanac_cybernews", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "8a333abab8b5d5e4", "id": "cluster-8a333abab8b5d5e4", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T08:27:35Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T12:22:03Z", "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ‘": 1 }, "reactions": 1, "replies": 0, "score_absolute": 260.0, "score_global_percentile": 9.63, "score_source_percentile": 25.0, "source_rank_by_engagement": 4, "stars": 0, "views": 258 }, "english_status": "original_english", "excerpt": "๐€๐ ๐ž๐ง๐ญ๐ข๐œ ๐€๐ˆ ๐ˆ๐ฌ ๐‘๐ž๐ฐ๐ซ๐ข๐ญ๐ข๐ง๐  ๐ญ๐ก๐ž ๐‘๐ฎ๐ฅ๐ž๐ฌ ๐จ๐Ÿ ๐‚๐ฒ๐›๐ž๐ซ๐ฌ๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ Agentic AI is already ๐ซ๐ž๐ฌ๐ก๐š๐ฉ๐ข๐ง๐  ๐ก๐จ๐ฐ ๐ฌ๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ ๐จ๐ฉ๐ž๐ซ๐š๐ญ๐ข๐จ๐ง๐ฌ ๐ฐ๐จ๐ซ๐ค, from SOC automation to threat intelligence and vulnerability management. In this article we explore what it actually means for security teams, the ๐ง๐ž๐ฐ ๐ซ๐ข๐ฌ๐ค๐ฌ it introduces, and why ๐ญ๐ซ๐ž๐š๐ญ๐ข๐ง๐  ๐ข๐ญ ๐š๐ฌ ๐š...", "fingerprint": "8a333abab8b5d5e4", "hashtags": [], "id": "hackmanac-cybernews-2303", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 550, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 108872, "width": 1000 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "hackmanac_cybernews/2303", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/hackmanac_cybernews/2303" }, "media_type": "photo", "message_id": 2303, "original_text": "๐€๐ ๐ž๐ง๐ญ๐ข๐œ ๐€๐ˆ ๐ˆ๐ฌ ๐‘๐ž๐ฐ๐ซ๐ข๐ญ๐ข๐ง๐  ๐ญ๐ก๐ž ๐‘๐ฎ๐ฅ๐ž๐ฌ ๐จ๐Ÿ ๐‚๐ฒ๐›๐ž๐ซ๐ฌ๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ\n\nAgentic AI is already ๐ซ๐ž๐ฌ๐ก๐š๐ฉ๐ข๐ง๐  ๐ก๐จ๐ฐ ๐ฌ๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ ๐จ๐ฉ๐ž๐ซ๐š๐ญ๐ข๐จ๐ง๐ฌ ๐ฐ๐จ๐ซ๐ค, from SOC automation to threat intelligence and vulnerability management. \n\nIn this article we explore what it actually means for security teams, the ๐ง๐ž๐ฐ ๐ซ๐ข๐ฌ๐ค๐ฌ it introduces, and why ๐ญ๐ซ๐ž๐š๐ญ๐ข๐ง๐  ๐ข๐ญ ๐š๐ฌ ๐š ๐œ๐จ๐ฌ๐ญ-๐œ๐ฎ๐ญ๐ญ๐ข๐ง๐  ๐ญ๐จ๐จ๐ฅ ๐ข๐ง๐ฌ๐ญ๐ž๐š๐ ๐จ๐Ÿ ๐š ๐Ÿ๐จ๐ซ๐œ๐ž ๐ฆ๐ฎ๐ฅ๐ญ๐ข๐ฉ๐ฅ๐ข๐ž๐ซ ๐ข๐ฌ ๐š ๐๐š๐ง๐ ๐ž๐ซ๐จ๐ฎ๐ฌ ๐ฆ๐ข๐ฌ๐ญ๐š๐ค๐ž.\n\n๐Š๐ž๐ฒ ๐ฉ๐จ๐ข๐ง๐ญ๐ฌ:\nโ†’ 48% of professionals identified agentic AI as the top attack vector for 2026\nโ†’ AI agents create new non-human identities that legacy systems can't manage\nโ†’ Claude Mythos Preview found thousands of vulnerabilities across major OS and browsers\nโ†’ The winning formula is hybrid: AI speed + human judgment\nโ†’ Governance must come before deployment, not after\n\nRead the full article:\nhttps://hackmanac.com/news/agentic-ai-is-rewriting-the-rules-of-cybersecurity-are-you-ready", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T08:27:35Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "incident-reporting", "hackmanac.com", "cve" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "hackmanac_cybernews/2303", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/hackmanac_cybernews/2303" }, "telegram_url": "https://t.me/hackmanac_cybernews/2303", "text": "๐€๐ ๐ž๐ง๐ญ๐ข๐œ ๐€๐ˆ ๐ˆ๐ฌ ๐‘๐ž๐ฐ๐ซ๐ข๐ญ๐ข๐ง๐  ๐ญ๐ก๐ž ๐‘๐ฎ๐ฅ๐ž๐ฌ ๐จ๐Ÿ ๐‚๐ฒ๐›๐ž๐ซ๐ฌ๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ\n\nAgentic AI is already ๐ซ๐ž๐ฌ๐ก๐š๐ฉ๐ข๐ง๐  ๐ก๐จ๐ฐ ๐ฌ๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ ๐จ๐ฉ๐ž๐ซ๐š๐ญ๐ข๐จ๐ง๐ฌ ๐ฐ๐จ๐ซ๐ค, from SOC automation to threat intelligence and vulnerability management. \n\nIn this article we explore what it actually means for security teams, the ๐ง๐ž๐ฐ ๐ซ๐ข๐ฌ๐ค๐ฌ it introduces, and why ๐ญ๐ซ๐ž๐š๐ญ๐ข๐ง๐  ๐ข๐ญ ๐š๐ฌ ๐š ๐œ๐จ๐ฌ๐ญ-๐œ๐ฎ๐ญ๐ญ๐ข๐ง๐  ๐ญ๐จ๐จ๐ฅ ๐ข๐ง๐ฌ๐ญ๐ž๐š๐ ๐จ๐Ÿ ๐š ๐Ÿ๐จ๐ซ๐œ๐ž ๐ฆ๐ฎ๐ฅ๐ญ๐ข๐ฉ๐ฅ๐ข๐ž๐ซ ๐ข๐ฌ ๐š ๐๐š๐ง๐ ๐ž๐ซ๐จ๐ฎ๐ฌ ๐ฆ๐ข๐ฌ๐ญ๐š๐ค๐ž.\n\n๐Š๐ž๐ฒ ๐ฉ๐จ๐ข๐ง๐ญ๐ฌ:\nโ†’ 48% of professionals identified agentic AI as the top attack vector for 2026\nโ†’ AI agents create new non-human identities that legacy systems can't manage\nโ†’ Claude Mythos Preview found thousands of vulnerabilities across major OS and browsers\nโ†’ The winning formula is hybrid: AI speed + human judgment\nโ†’ Governance must come before deployment, not after\n\nRead the full article:\nhttps://hackmanac.com/news/agentic-ai-is-rewriting-the-rules-of-cybersecurity-are-you-ready", "url": "https://news.jeremywhittaker.com/item/hackmanac-cybernews-2303/", "urls": [ "https://hackmanac.com/news/agentic-ai-is-rewriting-the-rules-of-cybersecurity-are-you-ready" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber incident/news monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Hackmanac Cyber News", "handle": "hackmanac_cybernews", "id": "telegram:hackmanac_cybernews", "item_count": 0, "language": "en", "priority": 52, "provenance_note": "Public Telegram broadcast channel promoted after bounded no-media handle validation on 2026-05-31.", "rank": 73, "risk_label": "Incident claims should be checked against vendor, victim, and researcher disclosures", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber", "incident reporting" ], "tier": "Tier 3", "title": "Hackmanac Cyber News", "url": "https://t.me/hackmanac_cybernews" }, "channel_handle": "hackmanac_cybernews", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "22ebf87e73251de6", "id": "cluster-22ebf87e73251de6", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T07:45:14Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T07:45:17Z", "engagement": { "forwards": 3, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 376.0, "score_global_percentile": 11.92, "score_source_percentile": 100.0, "source_rank_by_engagement": 1, "stars": 0, "views": 346 }, "english_status": "original_english", "excerpt": "๐ŸšจCyber Alert โ€ผ๏ธ ๐Ÿ‡ฏ๐Ÿ‡ตJapan - ๐—”๐˜€๐—ผ๐˜ƒ๐—ถ๐—ฒ๐˜„ ๐—œ๐—ป๐—ฐ. Asoview Inc. disclosed a cyberattack on its โ€œsatsukiโ€ reservation management system after detecting unauthorized access on May 20, 2026. Attackers allegedly used compromised partner credentials to access partner and guest reservation data. Exposed information included company...", "fingerprint": "22ebf87e73251de6", "hashtags": [], "id": "hackmanac-cybernews-2302", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 893, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 127961, "width": 1292 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "hackmanac_cybernews/2302", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/hackmanac_cybernews/2302" }, "media_type": "photo", "message_id": 2302, "original_text": "๐ŸšจCyber Alert โ€ผ๏ธ\n\n๐Ÿ‡ฏ๐Ÿ‡ตJapan - ๐—”๐˜€๐—ผ๐˜ƒ๐—ถ๐—ฒ๐˜„ ๐—œ๐—ป๐—ฐ.\n\nAsoview Inc. disclosed a cyberattack on its โ€œsatsukiโ€ reservation management system after detecting unauthorized access on May 20, 2026. Attackers allegedly used compromised partner credentials to access partner and guest reservation data. Exposed information included company details, contact information, bank account details, invoices, payment notices, and email addresses. The incident affected 111 partner accounts and 14,400 additional partner records.\n\nThreat actor: Not Specified\nSector: Hospitality\nData exposure (claimed): 14,400 records\nData type: Company details, contact information, bank account details, invoices, payment notices, email addresses, reservation data\nObserved: May 28, 2026\nStatus: Confirmed\nESIXยฉ: 5.63\n\nFull details and impact assessment on HackRisk.io", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T07:45:14Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "incident-reporting" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "hackmanac_cybernews/2302", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/hackmanac_cybernews/2302" }, "telegram_url": "https://t.me/hackmanac_cybernews/2302", "text": "๐ŸšจCyber Alert โ€ผ๏ธ\n\n๐Ÿ‡ฏ๐Ÿ‡ตJapan - ๐—”๐˜€๐—ผ๐˜ƒ๐—ถ๐—ฒ๐˜„ ๐—œ๐—ป๐—ฐ.\n\nAsoview Inc. disclosed a cyberattack on its โ€œsatsukiโ€ reservation management system after detecting unauthorized access on May 20, 2026. Attackers allegedly used compromised partner credentials to access partner and guest reservation data. Exposed information included company details, contact information, bank account details, invoices, payment notices, and email addresses. The incident affected 111 partner accounts and 14,400 additional partner records.\n\nThreat actor: Not Specified\nSector: Hospitality\nData exposure (claimed): 14,400 records\nData type: Company details, contact information, bank account details, invoices, payment notices, email addresses, reservation data\nObserved: May 28, 2026\nStatus: Confirmed\nESIXยฉ: 5.63\n\nFull details and impact assessment on HackRisk.io", "url": "https://news.jeremywhittaker.com/item/hackmanac-cybernews-2302/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber incident/news monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Hackmanac Cyber News", "handle": "hackmanac_cybernews", "id": "telegram:hackmanac_cybernews", "item_count": 0, "language": "en", "priority": 52, "provenance_note": "Public Telegram broadcast channel promoted after bounded no-media handle validation on 2026-05-31.", "rank": 73, "risk_label": "Incident claims should be checked against vendor, victim, and researcher disclosures", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber", "incident reporting" ], "tier": "Tier 3", "title": "Hackmanac Cyber News", "url": "https://t.me/hackmanac_cybernews" }, "channel_handle": "hackmanac_cybernews", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "2b21b552c9132535", "id": "cluster-2b21b552c9132535", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-06-01T07:37:15Z", "position": 1, "size": 1 }, "edited_at": "2026-06-01T07:37:18Z", "engagement": { "forwards": 2, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 361.0, "score_global_percentile": 11.66, "score_source_percentile": 75.0, "source_rank_by_engagement": 2, "stars": 0, "views": 341 }, "english_status": "original_english", "excerpt": "๐ŸšจCyber Alert โ€ผ๏ธ ๐Ÿ‡ง๐Ÿ‡ทBrazil - ๐—š๐—ฟ๐˜‚๐—ฝ๐—ผ ๐— ๐—ฎ๐˜‚๐—ฎฬ BravoX hacking group claims to have breached Grupo Mauรก and allegedly exfiltrated 427.3 GB of data. Threat actor: BravoX Sector: Construction Data exposure (claimed): 427.3 GB of data Data type: Client records, accounting data, confidential documents, marketing data, project...", "fingerprint": "2b21b552c9132535", "hashtags": [], "id": "hackmanac-cybernews-2301", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 351, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 62636, "width": 1231 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "hackmanac_cybernews/2301", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/hackmanac_cybernews/2301" }, "media_type": "photo", "message_id": 2301, "original_text": "๐ŸšจCyber Alert โ€ผ๏ธ\n\n๐Ÿ‡ง๐Ÿ‡ทBrazil - ๐—š๐—ฟ๐˜‚๐—ฝ๐—ผ ๐— ๐—ฎ๐˜‚๐—ฎฬ\n\nBravoX hacking group claims to have breached Grupo Mauรก and allegedly exfiltrated 427.3 GB of data.\n\nThreat actor: BravoX\nSector: Construction\nData exposure (claimed): 427.3 GB of data\nData type: Client records, accounting data, confidential documents, marketing data, project data, personal data, contracts, technology data\nObserved: May 30, 2026\nStatus: Pending verification\nESIXยฉ: 5.40\n\nFull details and impact assessment on HackRisk.io", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T07:37:15Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "incident-reporting", "markets" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "hackmanac_cybernews/2301", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/hackmanac_cybernews/2301" }, "telegram_url": "https://t.me/hackmanac_cybernews/2301", "text": "๐ŸšจCyber Alert โ€ผ๏ธ\n\n๐Ÿ‡ง๐Ÿ‡ทBrazil - ๐—š๐—ฟ๐˜‚๐—ฝ๐—ผ ๐— ๐—ฎ๐˜‚๐—ฎฬ\n\nBravoX hacking group claims to have breached Grupo Mauรก and allegedly exfiltrated 427.3 GB of data.\n\nThreat actor: BravoX\nSector: Construction\nData exposure (claimed): 427.3 GB of data\nData type: Client records, accounting data, confidential documents, marketing data, project data, personal data, contracts, technology data\nObserved: May 30, 2026\nStatus: Pending verification\nESIXยฉ: 5.40\n\nFull details and impact assessment on HackRisk.io", "url": "https://news.jeremywhittaker.com/item/hackmanac-cybernews-2301/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "e3b0c44298fc1c14", "id": "cluster-e3b0c44298fc1c14", "is_burst": true, "label": "1116-post burst", "latest_published_at": "2026-06-01T18:54:18Z", "position": 279, "size": 1116 }, "edited_at": "2026-06-01T06:30:57Z", "engagement": { "forwards": 75, "paid_reactions": 0, "reaction_breakdown": { "โค": 2, "๐ŸŽ‰": 2, "๐Ÿ’ฏ": 2, "๐Ÿ”ฅ": 4, "๐Ÿ˜": 86, "๐Ÿ˜ฑ": 3, "๐Ÿคฃ": 55, "๐Ÿฅฐ": 6, "๐Ÿซก": 2 }, "reactions": 162, "replies": 0, "score_absolute": 4576.0, "score_global_percentile": 61.24, "score_source_percentile": 85.71, "source_rank_by_engagement": 3, "stars": 0, "views": 3502 }, "english_status": "original_english", "excerpt": "", "fingerprint": "e3b0c44298fc1c14", "hashtags": [], "id": "vxunderground-8891", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 974, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 100902, "width": 1179 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "vxunderground/8891", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8891" }, "media_type": "photo", "message_id": 8891, "original_text": "", "provenance_label": "Public Telegram post", "published_at": "2026-06-01T06:30:42Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "vxunderground/8891", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8891" }, "telegram_url": "https://t.me/vxunderground/8891", "text": "", "url": "https://news.jeremywhittaker.com/item/vxunderground-8891/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "9a6a08345ca87609", "id": "cluster-9a6a08345ca87609", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T21:10:59Z", "position": 1, "size": 1 }, "edited_at": "2026-05-31T22:16:34Z", "engagement": { "forwards": 2, "paid_reactions": 0, "reaction_breakdown": { "โค": 1 }, "reactions": 1, "replies": 0, "score_absolute": 225.0, "score_global_percentile": 9.26, "score_source_percentile": 94.59, "source_rank_by_engagement": 3, "stars": 0, "views": 203 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ฎ๐Ÿ‡ท Hajj and Pilgrimage Organization allegedly targeted in breach exposing 168M+ records for $80,000 BTC A threat actor on an underground forum is claiming to sell a database allegedly originating from the Hajj and Pilgrimage Organization in Iran, the government body managing pilgrimage travel. The actor claims the...", "fingerprint": "9a6a08345ca87609", "hashtags": [], "id": "sliceforlifeee-2016", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 640, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 108753, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2016", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2016" }, "media_type": "photo", "message_id": 2016, "original_text": "๐Ÿšจ๐Ÿ‡ฎ๐Ÿ‡ท Hajj and Pilgrimage Organization allegedly targeted in breach exposing 168M+ records for $80,000 BTC\n\nA threat actor on an underground forum is claiming to sell a database allegedly originating from the Hajj and Pilgrimage Organization in Iran, the government body managing pilgrimage travel.\n\nThe actor claims the dataset contains more than 168 million records spanning 1984 to 2024.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names, father's name, dates and places of birth\nโ€ข National codes (SSN), ID numbers, national card serial numbers\nโ€ข Marital status and occupation\nโ€ข Contact information (home/work addresses, postal codes, phone numbers)\nโ€ข Passport details (number, issue/expiration dates) and passport scans\nโ€ข Traveler photos\nโ€ข Travel flight and insurance information\nโ€ข Security deposit and banking/payment documents\nโ€ข Pilgrimage broker and accommodation information\nโ€ข Details of government officials, NAJA forces, Basij forces, and clerics\nโ€ข Allocated quota data (including martyr families)\nโ€ข Source code of Hajj apps and services\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Hajj and Pilgrimage Organization of Iran\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Iran ๐Ÿ‡ฎ๐Ÿ‡ท\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: irleak\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Database for sale\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 168M+ records (1984 to 2024)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: $80,000 BTC\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T21:10:59Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "bitcoin", "iran", "shipping", "state-media" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2016", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2016" }, "telegram_url": "https://t.me/SliceForLifeee/2016", "text": "๐Ÿšจ๐Ÿ‡ฎ๐Ÿ‡ท Hajj and Pilgrimage Organization allegedly targeted in breach exposing 168M+ records for $80,000 BTC\n\nA threat actor on an underground forum is claiming to sell a database allegedly originating from the Hajj and Pilgrimage Organization in Iran, the government body managing pilgrimage travel.\n\nThe actor claims the dataset contains more than 168 million records spanning 1984 to 2024.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names, father's name, dates and places of birth\nโ€ข National codes (SSN), ID numbers, national card serial numbers\nโ€ข Marital status and occupation\nโ€ข Contact information (home/work addresses, postal codes, phone numbers)\nโ€ข Passport details (number, issue/expiration dates) and passport scans\nโ€ข Traveler photos\nโ€ข Travel flight and insurance information\nโ€ข Security deposit and banking/payment documents\nโ€ข Pilgrimage broker and accommodation information\nโ€ข Details of government officials, NAJA forces, Basij forces, and clerics\nโ€ข Allocated quota data (including martyr families)\nโ€ข Source code of Hajj apps and services\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Hajj and Pilgrimage Organization of Iran\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Iran ๐Ÿ‡ฎ๐Ÿ‡ท\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: irleak\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Database for sale\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 168M+ records (1984 to 2024)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: $80,000 BTC\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2016/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "5800660fbc7e68fb", "id": "cluster-5800660fbc7e68fb", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T21:04:05Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 1, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 174.0, "score_global_percentile": 8.44, "score_source_percentile": 64.86, "source_rank_by_engagement": 14, "stars": 0, "views": 164 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡จ๐Ÿ‡ด GamaSoft allegedly targeted in 150GB+ data breach A threat actor on an underground forum is claiming to have exfiltrated data allegedly originating from GamaSoft, a Colombian company specializing in POS software for the food and beverage sector. The actor notes the company has over 25 years of experience, more...", "fingerprint": "5800660fbc7e68fb", "hashtags": [], "id": "sliceforlifeee-2015", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 1083, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 201864, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2015", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2015" }, "media_type": "photo", "message_id": 2015, "original_text": "๐Ÿšจ๐Ÿ‡จ๐Ÿ‡ด GamaSoft allegedly targeted in 150GB+ data breach\n\nA threat actor on an underground forum is claiming to have exfiltrated data allegedly originating from GamaSoft, a Colombian company specializing in POS software for the food and beverage sector. The actor notes the company has over 25 years of experience, more than 4,200 installations across Colombia, and generates over 6 million invoices monthly.\n\nThe actor claims to have exfiltrated over 150 GB of data including software installers, databases, backups, invoices, and inventory information.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Client and contact names\nโ€ข Email addresses\nโ€ข Phone and mobile numbers\nโ€ข Addresses and municipality data\nโ€ข Representative names and identity documents\nโ€ข Business/owner details and roles\nโ€ข Tax and franchise data\nโ€ข Software installers and client databases\nโ€ข MySQL dumps (.csv, .sql) and backups from 2015 to 2017\nโ€ข PDF and XML invoices (facturas)\nโ€ข Support folder, activators, and software backups\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: GamaSoft\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Colombia ๐Ÿ‡จ๐Ÿ‡ด\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Technology / POS Software\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: tillthaend\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Exfiltrated databases, clients, and software\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 150 GB+ of data\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free (reply to unlock)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T21:04:05Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "shipping" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2015", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2015" }, "telegram_url": "https://t.me/SliceForLifeee/2015", "text": "๐Ÿšจ๐Ÿ‡จ๐Ÿ‡ด GamaSoft allegedly targeted in 150GB+ data breach\n\nA threat actor on an underground forum is claiming to have exfiltrated data allegedly originating from GamaSoft, a Colombian company specializing in POS software for the food and beverage sector. The actor notes the company has over 25 years of experience, more than 4,200 installations across Colombia, and generates over 6 million invoices monthly.\n\nThe actor claims to have exfiltrated over 150 GB of data including software installers, databases, backups, invoices, and inventory information.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Client and contact names\nโ€ข Email addresses\nโ€ข Phone and mobile numbers\nโ€ข Addresses and municipality data\nโ€ข Representative names and identity documents\nโ€ข Business/owner details and roles\nโ€ข Tax and franchise data\nโ€ข Software installers and client databases\nโ€ข MySQL dumps (.csv, .sql) and backups from 2015 to 2017\nโ€ข PDF and XML invoices (facturas)\nโ€ข Support folder, activators, and software backups\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: GamaSoft\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Colombia ๐Ÿ‡จ๐Ÿ‡ด\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Technology / POS Software\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: tillthaend\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Exfiltrated databases, clients, and software\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 150 GB+ of data\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free (reply to unlock)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2015/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "2811d9d41dc71349", "id": "cluster-2811d9d41dc71349", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T20:57:09Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 160.0, "score_global_percentile": 8.03, "score_source_percentile": 45.95, "source_rank_by_engagement": 21, "stars": 0, "views": 160 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ซ๐Ÿ‡ท Avantages Enseignants allegedly targeted in 126K database leak A threat actor on an underground forum is claiming to have leaked a database allegedly originating from Avantages Enseignants, a French platform dedicated to education professionals (teachers and staff in the National Education system). The actor...", "fingerprint": "2811d9d41dc71349", "hashtags": [], "id": "sliceforlifeee-2014", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 764, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 108493, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2014", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2014" }, "media_type": "photo", "message_id": 2014, "original_text": "๐Ÿšจ๐Ÿ‡ซ๐Ÿ‡ท Avantages Enseignants allegedly targeted in 126K database leak\n\nA threat actor on an underground forum is claiming to have leaked a database allegedly originating from Avantages Enseignants, a French platform dedicated to education professionals (teachers and staff in the National Education system).\n\nThe actor claims the leak contains roughly 126K records across customer and account data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข First and last names\nโ€ข Email addresses\nโ€ข Passwords (hashed)\nโ€ข Telephone numbers\nโ€ข IP addresses\nโ€ข Fax and cart data\nโ€ข Tokens and codes\nโ€ข Account status and approval fields\nโ€ข Wishlist and custom field data\nโ€ข Profile pictures and newsletter status\nโ€ข Account creation and reminder timestamps\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Avantages Enseignants\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: France ๐Ÿ‡ซ๐Ÿ‡ท\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Education\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: kvantize\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~126K records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: 1 Point\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T20:57:09Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2014", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2014" }, "telegram_url": "https://t.me/SliceForLifeee/2014", "text": "๐Ÿšจ๐Ÿ‡ซ๐Ÿ‡ท Avantages Enseignants allegedly targeted in 126K database leak\n\nA threat actor on an underground forum is claiming to have leaked a database allegedly originating from Avantages Enseignants, a French platform dedicated to education professionals (teachers and staff in the National Education system).\n\nThe actor claims the leak contains roughly 126K records across customer and account data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข First and last names\nโ€ข Email addresses\nโ€ข Passwords (hashed)\nโ€ข Telephone numbers\nโ€ข IP addresses\nโ€ข Fax and cart data\nโ€ข Tokens and codes\nโ€ข Account status and approval fields\nโ€ข Wishlist and custom field data\nโ€ข Profile pictures and newsletter status\nโ€ข Account creation and reminder timestamps\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Avantages Enseignants\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: France ๐Ÿ‡ซ๐Ÿ‡ท\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Education\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: kvantize\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~126K records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: 1 Point\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2014/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "c72fcdd0a7a6818f", "id": "cluster-c72fcdd0a7a6818f", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T18:45:39Z", "position": 1, "size": 1 }, "edited_at": "2026-05-31T19:02:01Z", "engagement": { "forwards": 8, "paid_reactions": 0, "reaction_breakdown": { "โค": 11 }, "reactions": 11, "replies": 0, "score_absolute": 2537.0, "score_global_percentile": 40.85, "score_source_percentile": 14.29, "source_rank_by_engagement": 13, "stars": 0, "views": 2435 }, "english_status": "original_english", "excerpt": "Silly emulation gunk: https://tria.ge/260531-gepdbsas8t/behavioral2", "fingerprint": "c72fcdd0a7a6818f", "hashtags": [], "id": "vxunderground-8890", "language": "en", "language_display": "English", "language_original": "en", "media": [], "media_type": "link", "message_id": 8890, "original_text": "Silly emulation gunk: https://tria.ge/260531-gepdbsas8t/behavioral2", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T18:45:39Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware", "tria.ge" ], "telegram_url": "https://t.me/vxunderground/8890", "text": "Silly emulation gunk: https://tria.ge/260531-gepdbsas8t/behavioral2", "url": "https://news.jeremywhittaker.com/item/vxunderground-8890/", "urls": [ "https://tria.ge/260531-gepdbsas8t/behavioral2" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "2e1fb164a0fddf8d", "id": "cluster-2e1fb164a0fddf8d", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T18:43:00Z", "position": 1, "size": 1 }, "edited_at": "2026-05-31T18:43:28Z", "engagement": { "forwards": 19, "paid_reactions": 0, "reaction_breakdown": { "โค": 8, "โคโ€๐Ÿ”ฅ": 2, "๐Ÿ‘": 2, "๐Ÿ’ฏ": 1, "๐Ÿ˜": 32, "๐Ÿ˜ฑ": 2, "๐Ÿคฃ": 1, "๐Ÿฅฐ": 1 }, "reactions": 49, "replies": 0, "score_absolute": 2653.0, "score_global_percentile": 42.27, "score_source_percentile": 21.43, "source_rank_by_engagement": 12, "stars": 0, "views": 2365 }, "english_status": "original_english", "excerpt": "Yesterday I got a funny DM. s00pcan said some AI slop is automatically forking his Linux open-source projects and adding goofy ass ReadMe files to look all fancy. The primary difference though is the ReadMe includes a \"download here\" link which delivers a .zip file. The .zip file contains cool and badass malware. The...", "fingerprint": "2e1fb164a0fddf8d", "hashtags": [], "id": "vxunderground-8889", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 1280, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 229973, "width": 1212 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "vxunderground/8889", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8889" }, "media_type": "photo", "message_id": 8889, "original_text": "Yesterday I got a funny DM. s00pcan said some AI slop is automatically forking his Linux open-source projects and adding goofy ass ReadMe files to look all fancy. The primary difference though is the ReadMe includes a \"download here\" link which delivers a .zip file.\n\nThe .zip file contains cool and badass malware. The malware is also free. Yay\n\nThis is a campaign which has been identified by various AV vendors since April, 2026. It is attributed to StealC.\n\nIn this particular instance though it is very, very silly. The exact mechanic in which this StealC group is using to automagically fork projects on GitHub, insert bogus ReadMe files, etc. is unknown. Clearly it is AI generated. However, this group failed to account for all edge cases because ... this is malware developed for Windows ... but it is from a Linux audio driver fork.\n\nThis yet again however a use case of AI in malware campaigns. StealC has been around forever and clearly isn't AI slop. However, Threat Actors are using AI to generate fancy schmancy ReadMe files. Very cool. Thank you, Mr. Smart GPU-thingy.\n\nThe following GitHub I'll be linking is giving FREE malware. Visiting the page won't give you the free malware. At the top of the ReadMe is a \"Download\" section with a hyperlink to \"pcie_dante_snd_v1.4\".\n\nIf you care what this payload does:\nInside this .zip file is \"Application.cmd\", \"dir-dot-cc\", \"lua51.dll\", and \"loader.exe\".\n\nApplication.cmd is a command line file, it launches loader.exe. Loader.exe is responsible for loading the \"dir\" file. Loader.exe is dependent on lua51.dll because the \"dir\" file is a GIANT obfuscated Lua file.\n\nI hate Lua and I hate dealing with obfuscated Lua, I refuse to be a victim of Lua, so instead of trying to bonk it with a stick I emulated it. Unsurprisingly, the malicious Lua file tries to harvest credentials from Chrome and exfiltrate them to a remote host.\n\nFree malware: github-dot-com/mbyington67-prog/snd-dante-pcie/tree/master\n\ntl;dr ai slopping and forking github, delivers malware that uses obfuscated lua, i like cats a lot", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T18:43:00Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware", "osint" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "vxunderground/8889", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8889" }, "telegram_url": "https://t.me/vxunderground/8889", "text": "Yesterday I got a funny DM. s00pcan said some AI slop is automatically forking his Linux open-source projects and adding goofy ass ReadMe files to look all fancy. The primary difference though is the ReadMe includes a \"download here\" link which delivers a .zip file.\n\nThe .zip file contains cool and badass malware. The malware is also free. Yay\n\nThis is a campaign which has been identified by various AV vendors since April, 2026. It is attributed to StealC.\n\nIn this particular instance though it is very, very silly. The exact mechanic in which this StealC group is using to automagically fork projects on GitHub, insert bogus ReadMe files, etc. is unknown. Clearly it is AI generated. However, this group failed to account for all edge cases because ... this is malware developed for Windows ... but it is from a Linux audio driver fork.\n\nThis yet again however a use case of AI in malware campaigns. StealC has been around forever and clearly isn't AI slop. However, Threat Actors are using AI to generate fancy schmancy ReadMe files. Very cool. Thank you, Mr. Smart GPU-thingy.\n\nThe following GitHub I'll be linking is giving FREE malware. Visiting the page won't give you the free malware. At the top of the ReadMe is a \"Download\" section with a hyperlink to \"pcie_dante_snd_v1.4\".\n\nIf you care what this payload does:\nInside this .zip file is \"Application.cmd\", \"dir-dot-cc\", \"lua51.dll\", and \"loader.exe\".\n\nApplication.cmd is a command line file, it launches loader.exe. Loader.exe is responsible for loading the \"dir\" file. Loader.exe is dependent on lua51.dll because the \"dir\" file is a GIANT obfuscated Lua file.\n\nI hate Lua and I hate dealing with obfuscated Lua, I refuse to be a victim of Lua, so instead of trying to bonk it with a stick I emulated it. Unsurprisingly, the malicious Lua file tries to harvest credentials from Chrome and exfiltrate them to a remote host.\n\nFree malware: github-dot-com/mbyington67-prog/snd-dante-pcie/tree/master\n\ntl;dr ai slopping and forking github, delivers malware that uses obfuscated lua, i like cats a lot", "url": "https://news.jeremywhittaker.com/item/vxunderground-8889/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "1de3cff725316453", "id": "cluster-1de3cff725316453", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T17:51:44Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 1, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 219.0, "score_global_percentile": 9.16, "score_source_percentile": 91.89, "source_rank_by_engagement": 4, "stars": 0, "views": 209 }, "english_status": "original_english", "excerpt": "๐Ÿšจ FedEx account checker tool advertised on underground forum A threat actor on an underground forum is advertising a FedEx \"mail pass\" account checker, a credential-stuffing tool designed to validate stolen email/password combinations against FedEx accounts. The seller markets it as request-based with updated API...", "fingerprint": "1de3cff725316453", "hashtags": [], "id": "sliceforlifeee-2012", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 978, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 131977, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2012", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2012" }, "media_type": "photo", "message_id": 2012, "original_text": "๐Ÿšจ FedEx account checker tool advertised on underground forum\n\nA threat actor on an underground forum is advertising a FedEx \"mail pass\" account checker, a credential-stuffing tool designed to validate stolen email/password combinations against FedEx accounts. The seller markets it as request-based with updated API handling and anti-bot bypass.\n\nThe listing promotes the tool to other forum members and claims it can pull account profile data from validated logins.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฏ๐—ฒ๐—ถ๐—ป๐—ด ๐—ฎ๐—ฑ๐˜ƒ๐—ฒ๐—ฟ๐˜๐—ถ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข A request-based credential checker targeting FedEx accounts\nโ€ข Claimed anti-bot / WAF bypass handling\nโ€ข Automated validation of email:password combolists\nโ€ข Capture of account profile details from valid logins (name, contact info, address, account balance fields)\nโ€ข Marketed throughput of several hundred checks per minute\nโ€ข Sold as a single GO script copy\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: FedEx (account checker tooling)\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Cybercrime Tooling\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: DataKernel\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Selling FedEx credential-checking tool\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Account-validation / credential-stuffing tool\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Single copy (middleman accepted)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T17:51:44Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "markets" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2012", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2012" }, "telegram_url": "https://t.me/SliceForLifeee/2012", "text": "๐Ÿšจ FedEx account checker tool advertised on underground forum\n\nA threat actor on an underground forum is advertising a FedEx \"mail pass\" account checker, a credential-stuffing tool designed to validate stolen email/password combinations against FedEx accounts. The seller markets it as request-based with updated API handling and anti-bot bypass.\n\nThe listing promotes the tool to other forum members and claims it can pull account profile data from validated logins.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฏ๐—ฒ๐—ถ๐—ป๐—ด ๐—ฎ๐—ฑ๐˜ƒ๐—ฒ๐—ฟ๐˜๐—ถ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข A request-based credential checker targeting FedEx accounts\nโ€ข Claimed anti-bot / WAF bypass handling\nโ€ข Automated validation of email:password combolists\nโ€ข Capture of account profile details from valid logins (name, contact info, address, account balance fields)\nโ€ข Marketed throughput of several hundred checks per minute\nโ€ข Sold as a single GO script copy\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: FedEx (account checker tooling)\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Cybercrime Tooling\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: DataKernel\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Selling FedEx credential-checking tool\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Account-validation / credential-stuffing tool\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Single copy (middleman accepted)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2012/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "1d344364923068be", "id": "cluster-1d344364923068be", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T16:18:28Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 4, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 256.0, "score_global_percentile": 9.57, "score_source_percentile": 100.0, "source_rank_by_engagement": 1, "stars": 0, "views": 216 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ฌ๐Ÿ‡ง๐Ÿ‡ฎ๐Ÿ‡ช Nando's allegedly targeted in employee database breach A threat actor on an underground forum is claiming to sell an employee database allegedly originating from Nando's, the restaurant chain. The actor says the breach occurred as of May 30, 2026, and the data consists mainly of UK and Irish employees. The...", "fingerprint": "1d344364923068be", "hashtags": [], "id": "sliceforlifeee-2011", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 478, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 68697, "width": 1200 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2011", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2011" }, "media_type": "photo", "message_id": 2011, "original_text": "๐Ÿšจ๐Ÿ‡ฌ๐Ÿ‡ง๐Ÿ‡ฎ๐Ÿ‡ช Nando's allegedly targeted in employee database breach\n\nA threat actor on an underground forum is claiming to sell an employee database allegedly originating from Nando's, the restaurant chain. The actor says the breach occurred as of May 30, 2026, and the data consists mainly of UK and Irish employees.\n\nThe actor claims the database contains 87,000 records of past and current \"Nandoca\" employees.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names\nโ€ข Job titles and supervisory groups\nโ€ข Business and personal email addresses\nโ€ข Mobile and landline phone numbers\nโ€ข Employment locations\nโ€ข Employee roles\nโ€ข Business locations and numbers\nโ€ข Cost center information\nโ€ข Job listing information including salaries\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Nando's\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: United Kingdom ๐Ÿ‡ฌ๐Ÿ‡ง / Ireland ๐Ÿ‡ฎ๐Ÿ‡ช\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Retail / Restaurant\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: failing2\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked employee database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 87,000 records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: $1,000\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T16:18:28Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2011", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2011" }, "telegram_url": "https://t.me/SliceForLifeee/2011", "text": "๐Ÿšจ๐Ÿ‡ฌ๐Ÿ‡ง๐Ÿ‡ฎ๐Ÿ‡ช Nando's allegedly targeted in employee database breach\n\nA threat actor on an underground forum is claiming to sell an employee database allegedly originating from Nando's, the restaurant chain. The actor says the breach occurred as of May 30, 2026, and the data consists mainly of UK and Irish employees.\n\nThe actor claims the database contains 87,000 records of past and current \"Nandoca\" employees.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names\nโ€ข Job titles and supervisory groups\nโ€ข Business and personal email addresses\nโ€ข Mobile and landline phone numbers\nโ€ข Employment locations\nโ€ข Employee roles\nโ€ข Business locations and numbers\nโ€ข Cost center information\nโ€ข Job listing information including salaries\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Nando's\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: United Kingdom ๐Ÿ‡ฌ๐Ÿ‡ง / Ireland ๐Ÿ‡ฎ๐Ÿ‡ช\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Retail / Restaurant\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: failing2\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked employee database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 87,000 records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: $1,000\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2011/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "d6f52dbe085a873d", "id": "cluster-d6f52dbe085a873d", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T16:05:09Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 1, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 190.0, "score_global_percentile": 8.69, "score_source_percentile": 75.68, "source_rank_by_engagement": 10, "stars": 0, "views": 180 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ซ๐Ÿ‡ท Air Austral allegedly targeted in database leak A threat actor on an underground forum is claiming to have leaked a database allegedly originating from Air Austral, a French airline specializing in flights between the Indian Ocean, metropolitan France, southern Africa, and certain Asian destinations. The actor is...", "fingerprint": "d6f52dbe085a873d", "hashtags": [], "id": "sliceforlifeee-2010", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 599, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 85891, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2010", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2010" }, "media_type": "photo", "message_id": 2010, "original_text": "๐Ÿšจ๐Ÿ‡ซ๐Ÿ‡ท Air Austral allegedly targeted in database leak\n\nA threat actor on an underground forum is claiming to have leaked a database allegedly originating from Air Austral, a French airline specializing in flights between the Indian Ocean, metropolitan France, southern Africa, and certain Asian destinations. The actor is releasing the data for free.\n\nThe actor claims the leak contains roughly 1K records in JSON format (~125 KB), appearing to be employee/staff data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข First and last names\nโ€ข Email addresses\nโ€ข Job titles (fonction)\nโ€ข Department/service\nโ€ข Location (localisation)\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Air Austral\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: France ๐Ÿ‡ซ๐Ÿ‡ท\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Aviation / Airline\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: ChimeraZ\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~1K records (~125 KB)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T16:05:09Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2010", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2010" }, "telegram_url": "https://t.me/SliceForLifeee/2010", "text": "๐Ÿšจ๐Ÿ‡ซ๐Ÿ‡ท Air Austral allegedly targeted in database leak\n\nA threat actor on an underground forum is claiming to have leaked a database allegedly originating from Air Austral, a French airline specializing in flights between the Indian Ocean, metropolitan France, southern Africa, and certain Asian destinations. The actor is releasing the data for free.\n\nThe actor claims the leak contains roughly 1K records in JSON format (~125 KB), appearing to be employee/staff data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข First and last names\nโ€ข Email addresses\nโ€ข Job titles (fonction)\nโ€ข Department/service\nโ€ข Location (localisation)\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Air Austral\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: France ๐Ÿ‡ซ๐Ÿ‡ท\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Aviation / Airline\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: ChimeraZ\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~1K records (~125 KB)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2010/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "cfcba89b1794b0ce", "id": "cluster-cfcba89b1794b0ce", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T15:56:36Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 1, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 172.0, "score_global_percentile": 8.38, "score_source_percentile": 59.46, "source_rank_by_engagement": 16, "stars": 0, "views": 162 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡บ๐Ÿ‡ธ MoniCare allegedly targeted in breach exposing 40K+ consumers A threat actor on an underground forum is claiming to sell a dataset allegedly originating from MoniCare, a Chicago-based domestic staffing agency that places professional nannies, babysitters, housekeepers, household managers, personal assistants, and...", "fingerprint": "cfcba89b1794b0ce", "hashtags": [], "id": "sliceforlifeee-2009", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 944, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 137675, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2009", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2009" }, "media_type": "photo", "message_id": 2009, "original_text": "๐Ÿšจ๐Ÿ‡บ๐Ÿ‡ธ MoniCare allegedly targeted in breach exposing 40K+ consumers\n\nA threat actor on an underground forum is claiming to sell a dataset allegedly originating from MoniCare, a Chicago-based domestic staffing agency that places professional nannies, babysitters, housekeepers, household managers, personal assistants, and caregivers.\n\nThe actor claims the breach contains over 40K consumer records along with a collection of identity documents.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names\nโ€ข Email addresses\nโ€ข Phone numbers\nโ€ข Addresses\nโ€ข Ages\nโ€ข PDF document attachments (driver's licenses, identification cards, passports, resumes, reference letters, vaccination cards)\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: MoniCare\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: United States ๐Ÿ‡บ๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Staffing / Domestic Services\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: 2019\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked consumer database and identity documents\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 40K+ records (2 datasets)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T15:56:36Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2009", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2009" }, "telegram_url": "https://t.me/SliceForLifeee/2009", "text": "๐Ÿšจ๐Ÿ‡บ๐Ÿ‡ธ MoniCare allegedly targeted in breach exposing 40K+ consumers\n\nA threat actor on an underground forum is claiming to sell a dataset allegedly originating from MoniCare, a Chicago-based domestic staffing agency that places professional nannies, babysitters, housekeepers, household managers, personal assistants, and caregivers.\n\nThe actor claims the breach contains over 40K consumer records along with a collection of identity documents.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names\nโ€ข Email addresses\nโ€ข Phone numbers\nโ€ข Addresses\nโ€ข Ages\nโ€ข PDF document attachments (driver's licenses, identification cards, passports, resumes, reference letters, vaccination cards)\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: MoniCare\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: United States ๐Ÿ‡บ๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Staffing / Domestic Services\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: 2019\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked consumer database and identity documents\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 40K+ records (2 datasets)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2009/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "57a4350d411c36b3", "id": "cluster-57a4350d411c36b3", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T15:48:40Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 1, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 160.0, "score_global_percentile": 8.01, "score_source_percentile": 43.24, "source_rank_by_engagement": 22, "stars": 0, "views": 150 }, "english_status": "original_english", "excerpt": "โ€ผ๏ธ New Dark Web Informer Blog Post! Title: Australian Workplace Catering Platform Hampr Hit by Alleged 360K+ Record Leak Link: https://darkwebinformer.com/australian-workplace-catering-platform-hampr-hit-by-alleged-360k-record-leak/", "fingerprint": "57a4350d411c36b3", "hashtags": [], "id": "sliceforlifeee-2008", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 630, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 145225, "width": 1200 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2008", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2008" }, "media_type": "photo", "message_id": 2008, "original_text": "โ€ผ๏ธ New Dark Web Informer Blog Post!\n\nTitle: Australian Workplace Catering Platform Hampr Hit by Alleged 360K+ Record Leak\n\nLink: https://darkwebinformer.com/australian-workplace-catering-platform-hampr-hit-by-alleged-360k-record-leak/", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T15:48:40Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "darkwebinformer.com" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2008", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2008" }, "telegram_url": "https://t.me/SliceForLifeee/2008", "text": "โ€ผ๏ธ New Dark Web Informer Blog Post!\n\nTitle: Australian Workplace Catering Platform Hampr Hit by Alleged 360K+ Record Leak\n\nLink: https://darkwebinformer.com/australian-workplace-catering-platform-hampr-hit-by-alleged-360k-record-leak/", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2008/", "urls": [ "https://darkwebinformer.com/australian-workplace-catering-platform-hampr-hit-by-alleged-360k-record-leak/" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "deeb22168ffb08aa", "id": "cluster-deeb22168ffb08aa", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T15:38:44Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 1, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 166.0, "score_global_percentile": 8.2, "score_source_percentile": 51.35, "source_rank_by_engagement": 19, "stars": 0, "views": 156 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡บ๐Ÿ‡ธ Bridges Bay Resort allegedly targeted in database leak A threat actor on an underground forum is claiming to have leaked a database allegedly originating from Bridges Bay Resort, a lakeside resort and waterpark located in Okoboji, Iowa. The actor is releasing the data for free. The actor claims the leak contains...", "fingerprint": "deeb22168ffb08aa", "hashtags": [], "id": "sliceforlifeee-2007", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 906, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 154805, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2007", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2007" }, "media_type": "photo", "message_id": 2007, "original_text": "๐Ÿšจ๐Ÿ‡บ๐Ÿ‡ธ Bridges Bay Resort allegedly targeted in database leak\n\nA threat actor on an underground forum is claiming to have leaked a database allegedly originating from Bridges Bay Resort, a lakeside resort and waterpark located in Okoboji, Iowa. The actor is releasing the data for free.\n\nThe actor claims the leak contains 52,744 visitors and 85 users.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Visitor and user names\nโ€ข Email addresses\nโ€ข Phone numbers\nโ€ข Visitor consent and signature fields\nโ€ข Room numbers\nโ€ข Document/PDF links (hosted on S3)\nโ€ข User agents and source data\nโ€ข Account creation and update timestamps\nโ€ข Approval status and member counts\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Bridges Bay Resort\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: United States ๐Ÿ‡บ๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Hospitality / Tourism\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: MirrorShell\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 52,744 visitors and 85 users\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T15:38:44Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2007", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2007" }, "telegram_url": "https://t.me/SliceForLifeee/2007", "text": "๐Ÿšจ๐Ÿ‡บ๐Ÿ‡ธ Bridges Bay Resort allegedly targeted in database leak\n\nA threat actor on an underground forum is claiming to have leaked a database allegedly originating from Bridges Bay Resort, a lakeside resort and waterpark located in Okoboji, Iowa. The actor is releasing the data for free.\n\nThe actor claims the leak contains 52,744 visitors and 85 users.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Visitor and user names\nโ€ข Email addresses\nโ€ข Phone numbers\nโ€ข Visitor consent and signature fields\nโ€ข Room numbers\nโ€ข Document/PDF links (hosted on S3)\nโ€ข User agents and source data\nโ€ข Account creation and update timestamps\nโ€ข Approval status and member counts\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Bridges Bay Resort\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: United States ๐Ÿ‡บ๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Hospitality / Tourism\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: MirrorShell\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 52,744 visitors and 85 users\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 31, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2007/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "e51c5600247488c1", "id": "cluster-e51c5600247488c1", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T15:28:18Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 1, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 164.0, "score_global_percentile": 8.17, "score_source_percentile": 48.65, "source_rank_by_engagement": 20, "stars": 0, "views": 154 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ฎ๐Ÿ‡ฉ Ratakan allegedly targeted in free database leak exposing 80K records A threat actor on an underground forum is claiming to have published a database allegedly originating from Ratakan, an Indonesian digital marketplace and affiliate sales platform. The actor is releasing the data for free. The actor claims the...", "fingerprint": "e51c5600247488c1", "hashtags": [], "id": "sliceforlifeee-2005", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 855, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 137435, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2005", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2005" }, "media_type": "photo", "message_id": 2005, "original_text": "๐Ÿšจ๐Ÿ‡ฎ๐Ÿ‡ฉ Ratakan allegedly targeted in free database leak exposing 80K records\n\nA threat actor on an underground forum is claiming to have published a database allegedly originating from Ratakan, an Indonesian digital marketplace and affiliate sales platform. The actor is releasing the data for free.\n\nThe actor claims the leak contains roughly 80K records across user and sales data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Usernames and full names\nโ€ข Email addresses\nโ€ข Phone numbers\nโ€ข Passwords (plaintext and hashed)\nโ€ข Login tokens and device IDs\nโ€ข Account verification status\nโ€ข Profile, avatar, and banner image paths\nโ€ข Linked social media handles (Facebook, Instagram, Twitter, Google)\nโ€ข Sales, vendor, buyer, and affiliate commission data\nโ€ข Purchase status and payment account fields\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Ratakan\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Indonesia ๐Ÿ‡ฎ๐Ÿ‡ฉ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Retail / E-commerce\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Bambi\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Free database leak\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~80K records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T15:28:18Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "markets" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2005", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2005" }, "telegram_url": "https://t.me/SliceForLifeee/2005", "text": "๐Ÿšจ๐Ÿ‡ฎ๐Ÿ‡ฉ Ratakan allegedly targeted in free database leak exposing 80K records\n\nA threat actor on an underground forum is claiming to have published a database allegedly originating from Ratakan, an Indonesian digital marketplace and affiliate sales platform. The actor is releasing the data for free.\n\nThe actor claims the leak contains roughly 80K records across user and sales data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Usernames and full names\nโ€ข Email addresses\nโ€ข Phone numbers\nโ€ข Passwords (plaintext and hashed)\nโ€ข Login tokens and device IDs\nโ€ข Account verification status\nโ€ข Profile, avatar, and banner image paths\nโ€ข Linked social media handles (Facebook, Instagram, Twitter, Google)\nโ€ข Sales, vendor, buyer, and affiliate commission data\nโ€ข Purchase status and payment account fields\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Ratakan\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Indonesia ๐Ÿ‡ฎ๐Ÿ‡ฉ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Retail / E-commerce\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Bambi\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Free database leak\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~80K records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2005/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "3928e3cecef8efad", "id": "cluster-3928e3cecef8efad", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T15:18:18Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 1, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 180.0, "score_global_percentile": 8.52, "score_source_percentile": 70.27, "source_rank_by_engagement": 12, "stars": 0, "views": 170 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ฎ๐Ÿ‡ณ Mydukaan allegedly targeted in massive breach exposing 100M users A threat actor on an underground forum is claiming to sell a full database dump allegedly originating from Mydukaan, an e-commerce platform (described as similar to Shopify) widely used in India. The actor claims the dump contains roughly 100M...", "fingerprint": "3928e3cecef8efad", "hashtags": [], "id": "sliceforlifeee-2004", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 1185, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 166289, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2004", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2004" }, "media_type": "photo", "message_id": 2004, "original_text": "๐Ÿšจ๐Ÿ‡ฎ๐Ÿ‡ณ Mydukaan allegedly targeted in massive breach exposing 100M users\n\nA threat actor on an underground forum is claiming to sell a full database dump allegedly originating from Mydukaan, an e-commerce platform (described as similar to Shopify) widely used in India.\n\nThe actor claims the dump contains roughly 100M users, including purchase history and encrypted payment API keys.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Usernames, first and last names\nโ€ข Email addresses\nโ€ข Phone numbers\nโ€ข Passwords and account status fields\nโ€ข Full buyer addresses (line, city, state, pin, country)\nโ€ข Purchase and transaction history\nโ€ข Order, store lead, and seller data\nโ€ข Encrypted payment API keys\nโ€ข Activity logs and reseller SKU mapping\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Mydukaan\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: India ๐Ÿ‡ฎ๐Ÿ‡ณ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Retail / E-commerce\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: stalker8083\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Full database dump\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~100M users\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: $10,000 (open to negotiation)\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T15:18:18Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2004", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2004" }, "telegram_url": "https://t.me/SliceForLifeee/2004", "text": "๐Ÿšจ๐Ÿ‡ฎ๐Ÿ‡ณ Mydukaan allegedly targeted in massive breach exposing 100M users\n\nA threat actor on an underground forum is claiming to sell a full database dump allegedly originating from Mydukaan, an e-commerce platform (described as similar to Shopify) widely used in India.\n\nThe actor claims the dump contains roughly 100M users, including purchase history and encrypted payment API keys.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Usernames, first and last names\nโ€ข Email addresses\nโ€ข Phone numbers\nโ€ข Passwords and account status fields\nโ€ข Full buyer addresses (line, city, state, pin, country)\nโ€ข Purchase and transaction history\nโ€ข Order, store lead, and seller data\nโ€ข Encrypted payment API keys\nโ€ข Activity logs and reseller SKU mapping\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Mydukaan\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: India ๐Ÿ‡ฎ๐Ÿ‡ณ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Retail / E-commerce\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: stalker8083\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Full database dump\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~100M users\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: $10,000 (open to negotiation)\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2004/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity news perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "BleepingComputer", "handle": "bleepingcomputer", "id": "telegram:bleepingcomputer", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity news publisher.", "rank": 11, "risk_label": "Incident claims should be checked against affected-party statements", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "incident reporting" ], "tier": "Tier 2", "title": "BleepingComputer", "url": "https://t.me/bleepingcomputer" }, "channel_handle": "bleepingcomputer", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "86b4373ffc2c9316", "id": "cluster-86b4373ffc2c9316", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T15:13:17Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 6, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 499.0, "score_global_percentile": 14.2, "score_source_percentile": 72.73, "source_rank_by_engagement": 4, "stars": 0, "views": 439 }, "english_status": "original_english", "excerpt": "WP Maps Pro bug exploited to create admin accounts on WordPress sites Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. [...]...", "fingerprint": "86b4373ffc2c9316", "hashtags": [], "id": "bleepingcomputer-24785", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 900, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 171808, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24785", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24785" }, "media_type": "photo", "message_id": 24785, "original_text": "WP Maps Pro bug exploited to create admin accounts on WordPress sites\n\nHackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. [...]\n\nhttps://www.bleepingcomputer.com/news/security/wp-maps-pro-bug-exploited-to-create-admin-accounts-on-wordpress-sites/", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T15:13:17Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "incident-reporting", "bleepingcomputer.com", "exploit" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24785", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24785" }, "telegram_url": "https://t.me/bleepingcomputer/24785", "text": "WP Maps Pro bug exploited to create admin accounts on WordPress sites\n\nHackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. [...]\n\nhttps://www.bleepingcomputer.com/news/security/wp-maps-pro-bug-exploited-to-create-admin-accounts-on-wordpress-sites/", "url": "https://news.jeremywhittaker.com/item/bleepingcomputer-24785/", "urls": [ "https://www.bleepingcomputer.com/news/security/wp-maps-pro-bug-exploited-to-create-admin-accounts-on-wordpress-sites/" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "6c1978398190fe53", "id": "cluster-6c1978398190fe53", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T14:58:06Z", "position": 1, "size": 1 }, "edited_at": "2026-05-31T17:31:54Z", "engagement": { "forwards": 2, "paid_reactions": 0, "reaction_breakdown": { "โค": 1 }, "reactions": 1, "replies": 0, "score_absolute": 202.0, "score_global_percentile": 8.91, "score_source_percentile": 86.49, "source_rank_by_engagement": 6, "stars": 0, "views": 180 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡จ๐Ÿ‡ด CNE (National Electoral Council) allegedly targeted by EsqueleSquad A threat actor on an underground forum, attributing the leak to a group called EsqueleSquad, is claiming to have obtained confidential material directly from the CNE (Consejo Nacional Electoral), Colombia's National Electoral Council, and related...", "fingerprint": "6c1978398190fe53", "hashtags": [], "id": "sliceforlifeee-2001", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 1212, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 184090, "width": 1200 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2001", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2001" }, "media_type": "photo", "message_id": 2001, "original_text": "๐Ÿšจ๐Ÿ‡จ๐Ÿ‡ด CNE (National Electoral Council) allegedly targeted by EsqueleSquad\n\nA threat actor on an underground forum, attributing the leak to a group called EsqueleSquad, is claiming to have obtained confidential material directly from the CNE (Consejo Nacional Electoral), Colombia's National Electoral Council, and related sources. The actor timed the post to coincide with Colombia's elections.\n\nThe actor claims to hold internal confidential documents and campaign financing records.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข CNE internal confidential documents (internal reports, audit findings, formal complaints about electoral irregularities)\nโ€ข Sensitive correspondence between CNE officials and campaign teams\nโ€ข Documents showing weaknesses and anomalies in the voter registry and polling stations\nโ€ข 2026 campaign financing records (declared and hidden donor lists)\nโ€ข Alleged dark money movements and suspicious transfers\nโ€ข Ghost companies and large contracts awarded to campaign donors\nโ€ข Discrepancies between official reports and actual financial movements\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: CNE (Consejo Nacional Electoral)\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Colombia ๐Ÿ‡จ๐Ÿ‡ด\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government / Elections\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Hydr0gen (EsqueleSquad)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Confidential electoral documents and campaign financing records\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Internal documents and financial records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T14:58:06Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "state-media" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/2001", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/2001" }, "telegram_url": "https://t.me/SliceForLifeee/2001", "text": "๐Ÿšจ๐Ÿ‡จ๐Ÿ‡ด CNE (National Electoral Council) allegedly targeted by EsqueleSquad\n\nA threat actor on an underground forum, attributing the leak to a group called EsqueleSquad, is claiming to have obtained confidential material directly from the CNE (Consejo Nacional Electoral), Colombia's National Electoral Council, and related sources. The actor timed the post to coincide with Colombia's elections.\n\nThe actor claims to hold internal confidential documents and campaign financing records.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข CNE internal confidential documents (internal reports, audit findings, formal complaints about electoral irregularities)\nโ€ข Sensitive correspondence between CNE officials and campaign teams\nโ€ข Documents showing weaknesses and anomalies in the voter registry and polling stations\nโ€ข 2026 campaign financing records (declared and hidden donor lists)\nโ€ข Alleged dark money movements and suspicious transfers\nโ€ข Ghost companies and large contracts awarded to campaign donors\nโ€ข Discrepancies between official reports and actual financial movements\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: CNE (Consejo Nacional Electoral)\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Colombia ๐Ÿ‡จ๐Ÿ‡ด\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government / Elections\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Hydr0gen (EsqueleSquad)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Confidential electoral documents and campaign financing records\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Internal documents and financial records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-2001/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity trade-publication perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "The Hacker News", "handle": "thehackernews", "id": "telegram:thehackernews", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity publication.", "rank": 8, "risk_label": "Technical reporting should be checked against vendor advisories", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "research source" ], "tier": "Tier 1", "title": "The Hacker News", "url": "https://t.me/thehackernews" }, "channel_handle": "thehackernews", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "0c75cc21779b370c", "id": "cluster-0c75cc21779b370c", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T12:23:27Z", "position": 1, "size": 1 }, "edited_at": "2026-05-31T12:25:52Z", "engagement": { "forwards": 22, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ‘": 3, "๐Ÿ‘": 10, "๐Ÿ”ฅ": 2, "๐Ÿ˜": 14, "๐Ÿค”": 5 }, "reactions": 34, "replies": 0, "score_absolute": 4750.0, "score_global_percentile": 62.16, "score_source_percentile": 62.5, "source_rank_by_engagement": 4, "stars": 0, "views": 4462 }, "english_status": "original_english", "excerpt": "Dutch authorities have dismantled a botnet comprising at least 17 million infected devices, including computers, smartphones, tablets, and IoT devices. More than 200 servers in the Netherlands supported the operation. Police seized a subset of the infrastructure, and the hosting provider subsequently took the network...", "fingerprint": "0c75cc21779b370c", "hashtags": [], "id": "thehackernews-9116", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 380, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 49821, "width": 728 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "thehackernews/9116", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9116" }, "media_type": "photo", "message_id": 9116, "original_text": "Dutch authorities have dismantled a botnet comprising at least 17 million infected devices, including computers, smartphones, tablets, and IoT devices.\n\nMore than 200 servers in the Netherlands supported the operation. Police seized a subset of the infrastructure, and the hosting provider subsequently took the network offline.\n\nRead: https://thehackernews.com/2026/05/dutch-authorities-dismantle-botnet.html", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T12:23:27Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "research-source", "thehackernews.com", "malware" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "thehackernews/9116", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9116" }, "telegram_url": "https://t.me/thehackernews/9116", "text": "Dutch authorities have dismantled a botnet comprising at least 17 million infected devices, including computers, smartphones, tablets, and IoT devices.\n\nMore than 200 servers in the Netherlands supported the operation. Police seized a subset of the infrastructure, and the hosting provider subsequently took the network offline.\n\nRead: https://thehackernews.com/2026/05/dutch-authorities-dismantle-botnet.html", "url": "https://news.jeremywhittaker.com/item/thehackernews-9116/", "urls": [ "https://thehackernews.com/2026/05/dutch-authorities-dismantle-botnet.html" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "f40139e8f6a0d9aa", "id": "cluster-f40139e8f6a0d9aa", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-31T01:13:34Z", "position": 1, "size": 1 }, "edited_at": "2026-05-31T01:49:21Z", "engagement": { "forwards": 0, "paid_reactions": 1, "reaction_breakdown": { "ReactionPaid()": 1 }, "reactions": 1, "replies": 0, "score_absolute": 63.0, "score_global_percentile": 4.28, "score_source_percentile": 8.11, "source_rank_by_engagement": 35, "stars": 1, "views": 36 }, "english_status": "original_english", "excerpt": "๐Ÿšจ FalkonC2 Windows RAT advertised on a Russian speaking underground forum A threat actor on an underground forum is advertising FalkonC2, a private Windows remote access trojan (RAT) written in C++ and assembly. The seller markets two payload variants, one aimed at consumer systems and one at corporate environments,...", "fingerprint": "f40139e8f6a0d9aa", "hashtags": [], "id": "sliceforlifeee-1999", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 923, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 186915, "width": 1650 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1999", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1999" }, "media_type": "photo", "message_id": 1999, "original_text": "๐Ÿšจ FalkonC2 Windows RAT advertised on a Russian speaking underground forum\n\nA threat actor on an underground forum is advertising FalkonC2, a private Windows remote access trojan (RAT) written in C++ and assembly. The seller markets two payload variants, one aimed at consumer systems and one at corporate environments, and claims the malware operates in memory and is designed to evade common antivirus and EDR products.\n\nThe listing promotes the tool to other forum members on a paid monthly subscription basis.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฏ๐—ฒ๐—ถ๐—ป๐—ด ๐—ฎ๐—ฑ๐˜ƒ๐—ฒ๐—ฟ๐˜๐—ถ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข A private Windows RAT (DLL and EXE payloads)\nโ€ข Two variants: one targeting consumer systems, one targeting corporate systems\nโ€ข Claimed antivirus and EDR/XDR evasion\nโ€ข Remote shell and remote management capabilities\nโ€ข Reconnaissance, persistence, and privilege escalation features\nโ€ข Multiple architecture outputs (x32, x64, arm64)\nโ€ข Claimed support across modern Windows desktop and server versions\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: N/A (offensive malware)\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Cybercrime Tooling / Malware-as-a-Service\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: DarkFalcon\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Selling private Windows RAT (FalkonC2)\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Remote access trojan with claimed AV/EDR evasion\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Monthly subscription (consumer tier โ‚ฌ249, corporate tier โ‚ฌ1,499)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 23, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-31T01:13:34Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "malware", "markets", "russia", "shipping" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1999", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1999" }, "telegram_url": "https://t.me/SliceForLifeee/1999", "text": "๐Ÿšจ FalkonC2 Windows RAT advertised on a Russian speaking underground forum\n\nA threat actor on an underground forum is advertising FalkonC2, a private Windows remote access trojan (RAT) written in C++ and assembly. The seller markets two payload variants, one aimed at consumer systems and one at corporate environments, and claims the malware operates in memory and is designed to evade common antivirus and EDR products.\n\nThe listing promotes the tool to other forum members on a paid monthly subscription basis.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฏ๐—ฒ๐—ถ๐—ป๐—ด ๐—ฎ๐—ฑ๐˜ƒ๐—ฒ๐—ฟ๐˜๐—ถ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข A private Windows RAT (DLL and EXE payloads)\nโ€ข Two variants: one targeting consumer systems, one targeting corporate systems\nโ€ข Claimed antivirus and EDR/XDR evasion\nโ€ข Remote shell and remote management capabilities\nโ€ข Reconnaissance, persistence, and privilege escalation features\nโ€ข Multiple architecture outputs (x32, x64, arm64)\nโ€ข Claimed support across modern Windows desktop and server versions\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: N/A (offensive malware)\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Cybercrime Tooling / Malware-as-a-Service\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: DarkFalcon\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Selling private Windows RAT (FalkonC2)\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Remote access trojan with claimed AV/EDR evasion\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Monthly subscription (consumer tier โ‚ฌ249, corporate tier โ‚ฌ1,499)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 23, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1999/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "85cc523cab48f2bf", "id": "cluster-85cc523cab48f2bf", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T23:51:00Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 62.0, "score_global_percentile": 4.26, "score_source_percentile": 5.41, "source_rank_by_engagement": 36, "stars": 0, "views": 62 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ฆ๐Ÿ‡บ RIC Publications allegedly targeted in breach exposing 116K+ customers A threat actor on an underground forum is claiming to sell a dataset allegedly originating from RIC Publications, an Australian educational publishing company that develops teaching resources, student workbooks, lesson plans, and...", "fingerprint": "85cc523cab48f2bf", "hashtags": [], "id": "sliceforlifeee-1997", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 739, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 133937, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1997", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1997" }, "media_type": "photo", "message_id": 1997, "original_text": "๐Ÿšจ๐Ÿ‡ฆ๐Ÿ‡บ RIC Publications allegedly targeted in breach exposing 116K+ customers\n\nA threat actor on an underground forum is claiming to sell a dataset allegedly originating from RIC Publications, an Australian educational publishing company that develops teaching resources, student workbooks, lesson plans, and curriculum-aligned classroom content for schools.\n\nThe actor claims the breach contains over 116K customer records.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข First and last names\nโ€ข Email addresses\nโ€ข Telephone numbers\nโ€ข Street addresses (city, state, post code)\nโ€ข IP addresses\nโ€ข Order IDs, order codes, and store codes\nโ€ข Payment method and payment details\nโ€ข Full price, paid price, and amounts\nโ€ข School and product names\nโ€ข POS codes and signature-required flags\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: RIC Publications\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Australia ๐Ÿ‡ฆ๐Ÿ‡บ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Education / Publishing\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: 2019\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked customer database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 116K+ records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Offer / one-time sale (BTC, ETH, XMR)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T23:51:00Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "bitcoin" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1997", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1997" }, "telegram_url": "https://t.me/SliceForLifeee/1997", "text": "๐Ÿšจ๐Ÿ‡ฆ๐Ÿ‡บ RIC Publications allegedly targeted in breach exposing 116K+ customers\n\nA threat actor on an underground forum is claiming to sell a dataset allegedly originating from RIC Publications, an Australian educational publishing company that develops teaching resources, student workbooks, lesson plans, and curriculum-aligned classroom content for schools.\n\nThe actor claims the breach contains over 116K customer records.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข First and last names\nโ€ข Email addresses\nโ€ข Telephone numbers\nโ€ข Street addresses (city, state, post code)\nโ€ข IP addresses\nโ€ข Order IDs, order codes, and store codes\nโ€ข Payment method and payment details\nโ€ข Full price, paid price, and amounts\nโ€ข School and product names\nโ€ข POS codes and signature-required flags\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: RIC Publications\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Australia ๐Ÿ‡ฆ๐Ÿ‡บ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Education / Publishing\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: 2019\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked customer database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 116K+ records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Offer / one-time sale (BTC, ETH, XMR)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1997/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "055b05232dfe21cd", "id": "cluster-055b05232dfe21cd", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T23:19:22Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T23:20:21Z", "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 69.0, "score_global_percentile": 4.4, "score_source_percentile": 16.22, "source_rank_by_engagement": 32, "stars": 0, "views": 69 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ฆ๐Ÿ‡บ Melbourne International Film Festival allegedly targeted in breach exposing 340K+ customers A threat actor on an underground forum is claiming to sell a dataset allegedly originating from the Melbourne International Film Festival (MIFF), Australia's largest and one of the world's oldest film festivals, running...", "fingerprint": "055b05232dfe21cd", "hashtags": [], "id": "sliceforlifeee-1996", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 773, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 124697, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1996", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1996" }, "media_type": "photo", "message_id": 1996, "original_text": "๐Ÿšจ๐Ÿ‡ฆ๐Ÿ‡บ Melbourne International Film Festival allegedly targeted in breach exposing 340K+ customers\n\nA threat actor on an underground forum is claiming to sell a dataset allegedly originating from the Melbourne International Film Festival (MIFF), Australia's largest and one of the world's oldest film festivals, running annually in Melbourne since 1952.\n\nThe actor claims the breach contains over 340K customer records across two datasets.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names (first and surname)\nโ€ข Company names\nโ€ข Email addresses\nโ€ข Phone and mobile numbers\nโ€ข Addresses (street, suburb, state, post code)\nโ€ข Booking totals and registration dates\nโ€ข Member numbers and membership status\nโ€ข Unit price, membership type, and suspension status\nโ€ข Purchase dates and membership period dates\nโ€ข Shipping data\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Melbourne International Film Festival (MIFF)\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Australia ๐Ÿ‡ฆ๐Ÿ‡บ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Entertainment / Events\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: 2019\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked customer database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 340K+ records (2 datasets)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Offer / one-time sale (BTC, ETH, XMR)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T23:19:22Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "bitcoin", "shipping" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1996", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1996" }, "telegram_url": "https://t.me/SliceForLifeee/1996", "text": "๐Ÿšจ๐Ÿ‡ฆ๐Ÿ‡บ Melbourne International Film Festival allegedly targeted in breach exposing 340K+ customers\n\nA threat actor on an underground forum is claiming to sell a dataset allegedly originating from the Melbourne International Film Festival (MIFF), Australia's largest and one of the world's oldest film festivals, running annually in Melbourne since 1952.\n\nThe actor claims the breach contains over 340K customer records across two datasets.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names (first and surname)\nโ€ข Company names\nโ€ข Email addresses\nโ€ข Phone and mobile numbers\nโ€ข Addresses (street, suburb, state, post code)\nโ€ข Booking totals and registration dates\nโ€ข Member numbers and membership status\nโ€ข Unit price, membership type, and suspension status\nโ€ข Purchase dates and membership period dates\nโ€ข Shipping data\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Melbourne International Film Festival (MIFF)\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Australia ๐Ÿ‡ฆ๐Ÿ‡บ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Entertainment / Events\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: 2019\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked customer database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 340K+ records (2 datasets)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Offer / one-time sale (BTC, ETH, XMR)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1996/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "4d72a48bfc4f35d6", "id": "cluster-4d72a48bfc4f35d6", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T23:09:11Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 73.0, "score_global_percentile": 4.57, "score_source_percentile": 18.92, "source_rank_by_engagement": 31, "stars": 0, "views": 73 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡บ๐Ÿ‡ธ HungerRush allegedly targeted in breach exposing 26.8M+ customers A threat actor on an underground forum is claiming to have leaked a dataset allegedly originating from HungerRush, a U.S.-based restaurant technology company headquartered in Houston that provides cloud-based point-of-sale (POS) and restaurant...", "fingerprint": "4d72a48bfc4f35d6", "hashtags": [], "id": "sliceforlifeee-1995", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 894, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 185766, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1995", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1995" }, "media_type": "photo", "message_id": 1995, "original_text": "๐Ÿšจ๐Ÿ‡บ๐Ÿ‡ธ HungerRush allegedly targeted in breach exposing 26.8M+ customers\n\nA threat actor on an underground forum is claiming to have leaked a dataset allegedly originating from HungerRush, a U.S.-based restaurant technology company headquartered in Houston that provides cloud-based point-of-sale (POS) and restaurant management software for quick-service, fast-casual, and pizza restaurants.\n\nThe actor claims the breach contains over 26.8M customer records across two datasets.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names\nโ€ข Addresses (line 1, line 2, city, state, zip, country)\nโ€ข Phone numbers and fax numbers\nโ€ข Email addresses\nโ€ข Dates of birth\nโ€ข Owner and domain names\nโ€ข Twilio phone numbers\nโ€ข Account status and modification dates\nโ€ข Marketing, conversion, and survey report data\nโ€ข Brand and order source metadata\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: HungerRush\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: United States ๐Ÿ‡บ๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Technology / Restaurant POS\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: 2019\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked customer database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 26.8M+ records (2 datasets)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T23:09:11Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "markets", "shipping" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1995", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1995" }, "telegram_url": "https://t.me/SliceForLifeee/1995", "text": "๐Ÿšจ๐Ÿ‡บ๐Ÿ‡ธ HungerRush allegedly targeted in breach exposing 26.8M+ customers\n\nA threat actor on an underground forum is claiming to have leaked a dataset allegedly originating from HungerRush, a U.S.-based restaurant technology company headquartered in Houston that provides cloud-based point-of-sale (POS) and restaurant management software for quick-service, fast-casual, and pizza restaurants.\n\nThe actor claims the breach contains over 26.8M customer records across two datasets.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names\nโ€ข Addresses (line 1, line 2, city, state, zip, country)\nโ€ข Phone numbers and fax numbers\nโ€ข Email addresses\nโ€ข Dates of birth\nโ€ข Owner and domain names\nโ€ข Twilio phone numbers\nโ€ข Account status and modification dates\nโ€ข Marketing, conversion, and survey report data\nโ€ข Brand and order source metadata\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: HungerRush\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: United States ๐Ÿ‡บ๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Technology / Restaurant POS\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: 2019\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked customer database\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 26.8M+ records (2 datasets)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1995/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "c53878811242800f", "id": "cluster-c53878811242800f", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T22:55:34Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T23:04:36Z", "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ”ฅ": 1 }, "reactions": 1, "replies": 0, "score_absolute": 83.0, "score_global_percentile": 4.88, "score_source_percentile": 21.62, "source_rank_by_engagement": 30, "stars": 0, "views": 81 }, "english_status": "original_english", "excerpt": "๐Ÿšจ Bumble allegedly targeted in massive 32 million user database sale A threat actor on an underground forum is claiming to sell a dataset allegedly originating from Bumble, the dating app. The actor describes it as a clean JSON dump of fresh records. The actor claims the dataset contains roughly 32 million records...", "fingerprint": "c53878811242800f", "hashtags": [], "id": "sliceforlifeee-1994", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 917, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 181132, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1994", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1994" }, "media_type": "photo", "message_id": 1994, "original_text": "๐Ÿšจ Bumble allegedly targeted in massive 32 million user database sale\n\nA threat actor on an underground forum is claiming to sell a dataset allegedly originating from Bumble, the dating app. The actor describes it as a clean JSON dump of fresh records.\n\nThe actor claims the dataset contains roughly 32 million records including authentication hashes and detailed profile data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Email addresses\nโ€ข Authentication credentials (bcrypt hashed)\nโ€ข Phone numbers\nโ€ข Full bios (name, date of birth, work, education)\nโ€ข Location data\nโ€ข Habits and lifestyle fields (drinking, smoking, exercise)\nโ€ข Political and religious affiliations\nโ€ข Linked Instagram/Spotify accounts\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Bumble\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Technology / Dating\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Euphoric_Reply_5727\n๐—–๐—น๐—ฎ๐—ถ๐—บ: User database sale (clean JSON dump)\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~32,105,822 records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: $999\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T22:55:34Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1994", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1994" }, "telegram_url": "https://t.me/SliceForLifeee/1994", "text": "๐Ÿšจ Bumble allegedly targeted in massive 32 million user database sale\n\nA threat actor on an underground forum is claiming to sell a dataset allegedly originating from Bumble, the dating app. The actor describes it as a clean JSON dump of fresh records.\n\nThe actor claims the dataset contains roughly 32 million records including authentication hashes and detailed profile data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Email addresses\nโ€ข Authentication credentials (bcrypt hashed)\nโ€ข Phone numbers\nโ€ข Full bios (name, date of birth, work, education)\nโ€ข Location data\nโ€ข Habits and lifestyle fields (drinking, smoking, exercise)\nโ€ข Political and religious affiliations\nโ€ข Linked Instagram/Spotify accounts\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Bumble\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Technology / Dating\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Euphoric_Reply_5727\n๐—–๐—น๐—ฎ๐—ถ๐—บ: User database sale (clean JSON dump)\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~32,105,822 records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: $999\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1994/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "3d1e437fb0f90250", "id": "cluster-3d1e437fb0f90250", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T22:47:59Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 86.0, "score_global_percentile": 4.96, "score_source_percentile": 24.32, "source_rank_by_engagement": 29, "stars": 0, "views": 86 }, "english_status": "original_english", "excerpt": "โ€ผ๏ธ๐Ÿ‡บ๐Ÿ‡ธ Genesis Ransomware Claims 5 Victims ๐Ÿ‡บ๐Ÿ‡ธ A Roettgers - Fuel distributor and gas station operator. ๐Ÿ‡บ๐Ÿ‡ธ Cedar Street Capital - Private investment entity associated with Cynvestors Limited Partnership. ๐Ÿ‡บ๐Ÿ‡ธ Green Resource - Distributor of professional fertilizers, chemicals, and seeds for turf, lawn, and landscaping...", "fingerprint": "3d1e437fb0f90250", "hashtags": [], "id": "sliceforlifeee-1992", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 852, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 29871, "width": 980 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1992", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1992" }, "media_type": "photo", "message_id": 1992, "original_text": "โ€ผ๏ธ๐Ÿ‡บ๐Ÿ‡ธ Genesis Ransomware Claims 5 Victims\n\n๐Ÿ‡บ๐Ÿ‡ธ A Roettgers - Fuel distributor and gas station operator.\n\n๐Ÿ‡บ๐Ÿ‡ธ Cedar Street Capital - Private investment entity associated with Cynvestors Limited Partnership.\n\n๐Ÿ‡บ๐Ÿ‡ธ Green Resource - Distributor of professional fertilizers, chemicals, and seeds for turf, lawn, and landscaping markets.\n\n๐Ÿ‡บ๐Ÿ‡ธ Wentworth - DC Metro area design-build firm.\n\n๐Ÿ‡บ๐Ÿ‡ธ Cavalier Flooring Systems Inc. - Flooring and tile contractor.\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T22:47:59Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "energy", "malware", "markets" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1992", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1992" }, "telegram_url": "https://t.me/SliceForLifeee/1992", "text": "โ€ผ๏ธ๐Ÿ‡บ๐Ÿ‡ธ Genesis Ransomware Claims 5 Victims\n\n๐Ÿ‡บ๐Ÿ‡ธ A Roettgers - Fuel distributor and gas station operator.\n\n๐Ÿ‡บ๐Ÿ‡ธ Cedar Street Capital - Private investment entity associated with Cynvestors Limited Partnership.\n\n๐Ÿ‡บ๐Ÿ‡ธ Green Resource - Distributor of professional fertilizers, chemicals, and seeds for turf, lawn, and landscaping markets.\n\n๐Ÿ‡บ๐Ÿ‡ธ Wentworth - DC Metro area design-build firm.\n\n๐Ÿ‡บ๐Ÿ‡ธ Cavalier Flooring Systems Inc. - Flooring and tile contractor.\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1992/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "aa61ae5af3d42f26", "id": "cluster-aa61ae5af3d42f26", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T22:39:23Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T22:50:42Z", "engagement": { "forwards": 2, "paid_reactions": 0, "reaction_breakdown": { "โค": 1 }, "reactions": 1, "replies": 0, "score_absolute": 106.0, "score_global_percentile": 5.72, "score_source_percentile": 29.73, "source_rank_by_engagement": 27, "stars": 0, "views": 84 }, "english_status": "original_english", "excerpt": "๐Ÿšจ GoldenBullet cracking tool advertised on underground forum A threat actor on an underground forum marketplace is advertising GoldenBullet, an automation and web testing framework being promoted as a credential-stuffing and account-checking tool. The post markets version 2.1 with a refreshed UI and updated...", "fingerprint": "aa61ae5af3d42f26", "hashtags": [], "id": "sliceforlifeee-1987", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 1290, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 187060, "width": 1500 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1987", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1987" }, "media_type": "photo", "message_id": 1987, "original_text": "๐Ÿšจ GoldenBullet cracking tool advertised on underground forum\n\nA threat actor on an underground forum marketplace is advertising GoldenBullet, an automation and web testing framework being promoted as a credential-stuffing and account-checking tool. The post markets version 2.1 with a refreshed UI and updated libraries.\n\nThe actor is promoting the tool's account-cracking, proxy, and config management capabilities to other forum users.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฏ๐—ฒ๐—ถ๐—ป๐—ด ๐—ฎ๐—ฑ๐˜ƒ๐—ฒ๐—ฟ๐˜๐—ถ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Multi-run job engine with bot/proxy stats and hit outputs to database\nโ€ข Netflix cookie checker with auto-add to hits\nโ€ข ULP to Combo extraction and Logs to ULP conversion\nโ€ข Keyword remover for trimming ULP files\nโ€ข Proxy checker with auto type/country detection\nโ€ข Config manager supporting .tic, .opk, .loli, .svb formats\nโ€ข Captcha-solving blocks (ReCaptcha, Slide, PoW)\nโ€ข Hashing and utility blocks (MD5, SHA256, GenerateGUID, Unix time)\nโ€ข Multipart HTTP request builder and TLS bypass options\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: N/A (offensive tooling)\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Cybercrime Tooling\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: ticnico\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Selling/advertising GoldenBullet cracking tool (v2.1)\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Credential-stuffing and account-checking framework\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Listed in forum marketplace (sellers section)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T22:39:23Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "markets" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1987", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1987" }, "telegram_url": "https://t.me/SliceForLifeee/1987", "text": "๐Ÿšจ GoldenBullet cracking tool advertised on underground forum\n\nA threat actor on an underground forum marketplace is advertising GoldenBullet, an automation and web testing framework being promoted as a credential-stuffing and account-checking tool. The post markets version 2.1 with a refreshed UI and updated libraries.\n\nThe actor is promoting the tool's account-cracking, proxy, and config management capabilities to other forum users.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฏ๐—ฒ๐—ถ๐—ป๐—ด ๐—ฎ๐—ฑ๐˜ƒ๐—ฒ๐—ฟ๐˜๐—ถ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Multi-run job engine with bot/proxy stats and hit outputs to database\nโ€ข Netflix cookie checker with auto-add to hits\nโ€ข ULP to Combo extraction and Logs to ULP conversion\nโ€ข Keyword remover for trimming ULP files\nโ€ข Proxy checker with auto type/country detection\nโ€ข Config manager supporting .tic, .opk, .loli, .svb formats\nโ€ข Captcha-solving blocks (ReCaptcha, Slide, PoW)\nโ€ข Hashing and utility blocks (MD5, SHA256, GenerateGUID, Unix time)\nโ€ข Multipart HTTP request builder and TLS bypass options\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: N/A (offensive tooling)\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Cybercrime Tooling\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: ticnico\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Selling/advertising GoldenBullet cracking tool (v2.1)\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Credential-stuffing and account-checking framework\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Listed in forum marketplace (sellers section)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1987/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "5597dc9554738905", "id": "cluster-5597dc9554738905", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T21:46:04Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T22:28:32Z", "engagement": { "forwards": 1, "paid_reactions": 0, "reaction_breakdown": { "โค": 1 }, "reactions": 1, "replies": 0, "score_absolute": 120.0, "score_global_percentile": 6.47, "score_source_percentile": 32.43, "source_rank_by_engagement": 26, "stars": 0, "views": 108 }, "english_status": "original_english", "excerpt": "Here are SOME features coming to the new Threat Feed in June. - OCR Text Scanning. Click a button to scan the screenshot, wait a couple seconds and it will pull any links, session IDs, tox, telegrams from the screenshot back to you with easy to copy buttons - Threat report generation. You can run it per Threat Alert...", "fingerprint": "5597dc9554738905", "hashtags": [], "id": "sliceforlifeee-1986", "language": "en", "language_display": "English", "language_original": "en", "media": [], "media_type": "text", "message_id": 1986, "original_text": "Here are SOME features coming to the new Threat Feed in June.\n\n- OCR Text Scanning. Click a button to scan the screenshot, wait a couple seconds and it will pull any links, session IDs, tox, telegrams from the screenshot back to you with easy to copy buttons\n\n- Threat report generation. You can run it per Threat Alert or via bookmarks, the first 100 alerts, etc.\n\n- Ability to search different APIs. I don't want to name openly for now.\n\n- Search WhiteIntels stealer log database for any domain (no longer limited by alert). It will currently return only stats for that domain. But surely your company is safe, right? RIGHT?\n\n- Search filters that are also now bound to the filtered export button. Multiple exports daily, not limited to 1.\n\nMany new features coming. Just wanted to provide a simple update. Don't worry I'm cooking.", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T21:46:04Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "shipping", "telegram" ], "telegram_url": "https://t.me/SliceForLifeee/1986", "text": "Here are SOME features coming to the new Threat Feed in June.\n\n- OCR Text Scanning. Click a button to scan the screenshot, wait a couple seconds and it will pull any links, session IDs, tox, telegrams from the screenshot back to you with easy to copy buttons\n\n- Threat report generation. You can run it per Threat Alert or via bookmarks, the first 100 alerts, etc.\n\n- Ability to search different APIs. I don't want to name openly for now.\n\n- Search WhiteIntels stealer log database for any domain (no longer limited by alert). It will currently return only stats for that domain. But surely your company is safe, right? RIGHT?\n\n- Search filters that are also now bound to the filtered export button. Multiple exports daily, not limited to 1.\n\nMany new features coming. Just wanted to provide a simple update. Don't worry I'm cooking.", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1986/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "38103acd153dd1f5", "id": "cluster-38103acd153dd1f5", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T19:34:44Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T19:34:52Z", "engagement": { "forwards": 13, "paid_reactions": 0, "reaction_breakdown": { "โค": 110, "๐ŸŽ‰": 2, "๐Ÿ”ฅ": 2, "๐Ÿคฃ": 9, "๐Ÿคฏ": 8, "๐Ÿฅฐ": 32 }, "reactions": 163, "replies": 0, "score_absolute": 2750.0, "score_global_percentile": 43.8, "score_source_percentile": 28.57, "source_rank_by_engagement": 11, "stars": 0, "views": 2294 }, "english_status": "original_english", "excerpt": "This is beautiful. The kids are finding FREE MALWARE and understand the beauty of free malware. Thank you, Skinpack.", "fingerprint": "38103acd153dd1f5", "hashtags": [], "id": "vxunderground-8888", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 719, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 79859, "width": 779 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "vxunderground/8888", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8888" }, "media_type": "photo", "message_id": 8888, "original_text": "This is beautiful.\n\nThe kids are finding FREE MALWARE and understand the beauty of free malware.\n\nThank you, Skinpack.", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T19:34:44Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "vxunderground/8888", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8888" }, "telegram_url": "https://t.me/vxunderground/8888", "text": "This is beautiful.\n\nThe kids are finding FREE MALWARE and understand the beauty of free malware.\n\nThank you, Skinpack.", "url": "https://news.jeremywhittaker.com/item/vxunderground-8888/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "0d00c2d70ed0a215", "id": "cluster-0d00c2d70ed0a215", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T19:27:33Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T19:27:40Z", "engagement": { "forwards": 8, "paid_reactions": 0, "reaction_breakdown": { "โค": 38, "๐Ÿ”ฅ": 3, "๐Ÿฅฐ": 5 }, "reactions": 46, "replies": 0, "score_absolute": 2499.0, "score_global_percentile": 40.11, "score_source_percentile": 7.14, "source_rank_by_engagement": 14, "stars": 0, "views": 2327 }, "english_status": "original_english", "excerpt": "Hello I have added more malware to the malware collection place. I have added 150,000 malwares and a bunch of malware reversing papers coupled with malwares. Please download the malware. vx-underground.org/Updates", "fingerprint": "0d00c2d70ed0a215", "hashtags": [], "id": "vxunderground-8887", "language": "en", "language_display": "English", "language_original": "en", "media": [], "media_type": "text", "message_id": 8887, "original_text": "Hello\n\nI have added more malware to the malware collection place. I have added 150,000 malwares and a bunch of malware reversing papers coupled with malwares.\n\nPlease download the malware.\n\nvx-underground.org/Updates", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T19:27:33Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware" ], "telegram_url": "https://t.me/vxunderground/8887", "text": "Hello\n\nI have added more malware to the malware collection place. I have added 150,000 malwares and a bunch of malware reversing papers coupled with malwares.\n\nPlease download the malware.\n\nvx-underground.org/Updates", "url": "https://news.jeremywhittaker.com/item/vxunderground-8887/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "OSINT/cyber research perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "Cyber Detective", "handle": "cybdetective", "id": "telegram:cybdetective", "item_count": 0, "language": "en", "priority": 78, "provenance_note": "Public Telegram feed used for cyber OSINT and investigation leads.", "rank": 10, "risk_label": "Tool and lead references need operator verification", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "research source", "OSINT" ], "tier": "Tier 1", "title": "Cyber Detective", "url": "https://t.me/cybdetective" }, "channel_handle": "cybdetective", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "f0950be458257e29", "id": "cluster-f0950be458257e29", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T19:13:04Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T19:21:32Z", "engagement": { "forwards": 28, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ‘": 7 }, "reactions": 7, "replies": 5, "score_absolute": 1032.0, "score_global_percentile": 20.86, "score_source_percentile": 25.0, "source_rank_by_engagement": 4, "stars": 0, "views": 718 }, "english_status": "original_english", "excerpt": "KRONIKIER If you havenโ€™t been able to find the contact details on a particular website today, that doesnโ€™t mean theyโ€™ve never been there The Internet Archive API and Kronikier may find contact details that have been removed very quickly https://github.com/soxoj/kronikier Creator @soxoj_insides", "fingerprint": "f0950be458257e29", "hashtags": [], "id": "cybdetective-3505", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 888, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 189771, "width": 1588 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "cybdetective/3505", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/cybdetective/3505" }, "media_type": "photo", "message_id": 3505, "original_text": "KRONIKIER\n\nIf you havenโ€™t been able to find the contact details on a particular website today, that doesnโ€™t mean theyโ€™ve never been there\n\nThe Internet Archive API and Kronikier may find contact details that have been removed very quickly\n\nhttps://github.com/soxoj/kronikier\n\nCreator @soxoj_insides", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T19:13:04Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "research-source", "osint", "github.com" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "cybdetective/3505", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/cybdetective/3505" }, "telegram_url": "https://t.me/cybdetective/3505", "text": "KRONIKIER\n\nIf you havenโ€™t been able to find the contact details on a particular website today, that doesnโ€™t mean theyโ€™ve never been there\n\nThe Internet Archive API and Kronikier may find contact details that have been removed very quickly\n\nhttps://github.com/soxoj/kronikier\n\nCreator @soxoj_insides", "url": "https://news.jeremywhittaker.com/item/cybdetective-3505/", "urls": [ "https://github.com/soxoj/kronikier" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "74621041a0693644", "id": "cluster-74621041a0693644", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T19:06:25Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 169.0, "score_global_percentile": 8.32, "score_source_percentile": 56.76, "source_rank_by_engagement": 17, "stars": 0, "views": 169 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡จ๐Ÿ‡ด Colombian government systems allegedly compromised by EsqueleSquad (150 GB) A threat actor group on an underground forum, identifying as EsqueleSquad, is claiming to have compromised 15 official Colombian government databases, extracted directly from internal servers. The actors are threatening to release the...", "fingerprint": "74621041a0693644", "hashtags": [], "id": "sliceforlifeee-1983", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 1040, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 167892, "width": 1200 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1983", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1983" }, "media_type": "photo", "message_id": 1983, "original_text": "๐Ÿšจ๐Ÿ‡จ๐Ÿ‡ด Colombian government systems allegedly compromised by EsqueleSquad (150 GB)\n\nA threat actor group on an underground forum, identifying as EsqueleSquad, is claiming to have compromised 15 official Colombian government databases, extracted directly from internal servers. The actors are threatening to release the full package after election day.\n\nThe actors claim to hold roughly 150 GB of data and around 75 million rows across critical national systems.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข DIAN - taxes, RUT, income tax returns, companies (48.5 GB)\nโ€ข Registradurรญa - IDs, biometrics, civil registry, electoral data (28.3 GB)\nโ€ข ICETEX - educational debts of millions (19.7 GB)\nโ€ข Colpensiones - pensions and financial data of retirees (16.8 GB)\nโ€ข ICFES - student exam results and educational data (24.7 GB combined)\nโ€ข Migraciรณn Colombia - passports, visas, migration records (9.1 GB)\nโ€ข Seguridad Social - EPS health affiliations and social security (7.4 GB)\nโ€ข Policรญa - internal National Police data (3.2 GB)\nโ€ข Fiscalรญa - criminal investigations and legal cases (2.8 GB)\nโ€ข DANE, CNSC, Gobierno Bogotรก, Medellรญn, Datos.gov (national statistics, public competitions, city government, open data)\nโ€ข Intelligence reports, SISBEN + Prosperidad Social (15M+ records), and 2026 campaign financing data\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Multiple Colombian government agencies\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Colombia ๐Ÿ‡จ๐Ÿ‡ด\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Skull1172 (EsqueleSquad)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: 15 official government databases compromised\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~75 million rows (~155 GB total)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free (samples now, full release threatened after election day)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T19:06:25Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "state-media" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1983", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1983" }, "telegram_url": "https://t.me/SliceForLifeee/1983", "text": "๐Ÿšจ๐Ÿ‡จ๐Ÿ‡ด Colombian government systems allegedly compromised by EsqueleSquad (150 GB)\n\nA threat actor group on an underground forum, identifying as EsqueleSquad, is claiming to have compromised 15 official Colombian government databases, extracted directly from internal servers. The actors are threatening to release the full package after election day.\n\nThe actors claim to hold roughly 150 GB of data and around 75 million rows across critical national systems.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข DIAN - taxes, RUT, income tax returns, companies (48.5 GB)\nโ€ข Registradurรญa - IDs, biometrics, civil registry, electoral data (28.3 GB)\nโ€ข ICETEX - educational debts of millions (19.7 GB)\nโ€ข Colpensiones - pensions and financial data of retirees (16.8 GB)\nโ€ข ICFES - student exam results and educational data (24.7 GB combined)\nโ€ข Migraciรณn Colombia - passports, visas, migration records (9.1 GB)\nโ€ข Seguridad Social - EPS health affiliations and social security (7.4 GB)\nโ€ข Policรญa - internal National Police data (3.2 GB)\nโ€ข Fiscalรญa - criminal investigations and legal cases (2.8 GB)\nโ€ข DANE, CNSC, Gobierno Bogotรก, Medellรญn, Datos.gov (national statistics, public competitions, city government, open data)\nโ€ข Intelligence reports, SISBEN + Prosperidad Social (15M+ records), and 2026 campaign financing data\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Multiple Colombian government agencies\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Colombia ๐Ÿ‡จ๐Ÿ‡ด\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Skull1172 (EsqueleSquad)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: 15 official government databases compromised\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~75 million rows (~155 GB total)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free (samples now, full release threatened after election day)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1983/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "0f1d438d4271b16b", "id": "cluster-0f1d438d4271b16b", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T19:00:00Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 121.0, "score_global_percentile": 6.58, "score_source_percentile": 35.14, "source_rank_by_engagement": 25, "stars": 0, "views": 121 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ญ๐Ÿ‡ฐ Hong Kong school and food sector orgs allegedly targeted in 120K database leak A threat actor group on an underground forum, identifying as Anka Red Team (TurkHackTeam), is claiming to have dumped a database allegedly originating from Hong Kong based school and food sector entities. The actors claim the leak...", "fingerprint": "0f1d438d4271b16b", "hashtags": [], "id": "sliceforlifeee-1981", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 1144, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 140037, "width": 1501 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1981", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1981" }, "media_type": "photo", "message_id": 1981, "original_text": "๐Ÿšจ๐Ÿ‡ญ๐Ÿ‡ฐ Hong Kong school and food sector orgs allegedly targeted in 120K database leak\n\nA threat actor group on an underground forum, identifying as Anka Red Team (TurkHackTeam), is claiming to have dumped a database allegedly originating from Hong Kong based school and food sector entities.\n\nThe actors claim the leak contains roughly 120,000 records, with targets listed as a Hong Kong education institution and a food sector company.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Member and company names\nโ€ข Member language and address fields\nโ€ข Usernames and login names\nโ€ข Passwords (hashed)\nโ€ข User emails\nโ€ข Account creation IPs and timestamps\nโ€ข User roles (including Administrator accounts)\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Hong Kong school and food sector entities\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Hong Kong ๐Ÿ‡ญ๐Ÿ‡ฐ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Education / Food\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: 'SALDIRGAN (Anka Red Team / TurkHackTeam)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Database dump\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~120,000 records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: 3 Credits\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T19:00:00Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1981", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1981" }, "telegram_url": "https://t.me/SliceForLifeee/1981", "text": "๐Ÿšจ๐Ÿ‡ญ๐Ÿ‡ฐ Hong Kong school and food sector orgs allegedly targeted in 120K database leak\n\nA threat actor group on an underground forum, identifying as Anka Red Team (TurkHackTeam), is claiming to have dumped a database allegedly originating from Hong Kong based school and food sector entities.\n\nThe actors claim the leak contains roughly 120,000 records, with targets listed as a Hong Kong education institution and a food sector company.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Member and company names\nโ€ข Member language and address fields\nโ€ข Usernames and login names\nโ€ข Passwords (hashed)\nโ€ข User emails\nโ€ข Account creation IPs and timestamps\nโ€ข User roles (including Administrator accounts)\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Hong Kong school and food sector entities\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Hong Kong ๐Ÿ‡ญ๐Ÿ‡ฐ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Education / Food\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: 'SALDIRGAN (Anka Red Team / TurkHackTeam)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Database dump\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~120,000 records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: 3 Credits\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1981/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity news perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "BleepingComputer", "handle": "bleepingcomputer", "id": "telegram:bleepingcomputer", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity news publisher.", "rank": 11, "risk_label": "Incident claims should be checked against affected-party statements", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "incident reporting" ], "tier": "Tier 2", "title": "BleepingComputer", "url": "https://t.me/bleepingcomputer" }, "channel_handle": "bleepingcomputer", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "6185ba12b37b7732", "id": "cluster-6185ba12b37b7732", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T18:09:41Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 7, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 405.0, "score_global_percentile": 12.5, "score_source_percentile": 45.45, "source_rank_by_engagement": 7, "stars": 0, "views": 335 }, "english_status": "original_english", "excerpt": "Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. [...]...", "fingerprint": "6185ba12b37b7732", "hashtags": [], "id": "bleepingcomputer-24784", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 900, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 170233, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24784", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24784" }, "media_type": "photo", "message_id": 24784, "original_text": "Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks\n\nPalo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. [...]\n\nhttps://www.bleepingcomputer.com/news/security/palo-alto-globalprotect-vpn-auth-bypass-flaw-now-exploited-in-attacks/", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T18:09:41Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "incident-reporting", "bleepingcomputer.com", "cve", "exploit" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24784", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24784" }, "telegram_url": "https://t.me/bleepingcomputer/24784", "text": "Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks\n\nPalo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. [...]\n\nhttps://www.bleepingcomputer.com/news/security/palo-alto-globalprotect-vpn-auth-bypass-flaw-now-exploited-in-attacks/", "url": "https://news.jeremywhittaker.com/item/bleepingcomputer-24784/", "urls": [ "https://www.bleepingcomputer.com/news/security/palo-alto-globalprotect-vpn-auth-bypass-flaw-now-exploited-in-attacks/" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "ea575165c5eb3ab0", "id": "cluster-ea575165c5eb3ab0", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T17:16:32Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T18:46:29Z", "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": { "โค": 1 }, "reactions": 1, "replies": 0, "score_absolute": 148.0, "score_global_percentile": 7.79, "score_source_percentile": 40.54, "source_rank_by_engagement": 23, "stars": 0, "views": 146 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ฒ๐Ÿ‡ฝ INCODIS allegedly targeted in leak exposing 20,000+ users with disabilities A threat actor on an underground forum, attributing the leak to a group called Olympus_Group, is claiming to have leaked data allegedly originating from INCODIS, the State of Colima's institute for the inclusion and protection of people...", "fingerprint": "ea575165c5eb3ab0", "hashtags": [], "id": "sliceforlifeee-1980", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 725, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 127496, "width": 1200 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1980", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1980" }, "media_type": "photo", "message_id": 1980, "original_text": "๐Ÿšจ๐Ÿ‡ฒ๐Ÿ‡ฝ INCODIS allegedly targeted in leak exposing 20,000+ users with disabilities\n\nA threat actor on an underground forum, attributing the leak to a group called Olympus_Group, is claiming to have leaked data allegedly originating from INCODIS, the State of Colima's institute for the inclusion and protection of people with disabilities in Mexico. The actor is releasing the data for free.\n\nThe actor claims the leak contains over 20,000 users and 6,000 documents and photos.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names\nโ€ข Photos\nโ€ข Personal documents\nโ€ข 6,000 documents and photos in total\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: INCODIS (State of Colima)\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Mexico ๐Ÿ‡ฒ๐Ÿ‡ฝ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government / Social Services\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Hermes_Olymp (Olympus_Group)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked user records, documents, and photos\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 20,000+ users, 6,000 documents and photos\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T17:16:32Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1980", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1980" }, "telegram_url": "https://t.me/SliceForLifeee/1980", "text": "๐Ÿšจ๐Ÿ‡ฒ๐Ÿ‡ฝ INCODIS allegedly targeted in leak exposing 20,000+ users with disabilities\n\nA threat actor on an underground forum, attributing the leak to a group called Olympus_Group, is claiming to have leaked data allegedly originating from INCODIS, the State of Colima's institute for the inclusion and protection of people with disabilities in Mexico. The actor is releasing the data for free.\n\nThe actor claims the leak contains over 20,000 users and 6,000 documents and photos.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Full names\nโ€ข Photos\nโ€ข Personal documents\nโ€ข 6,000 documents and photos in total\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: INCODIS (State of Colima)\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Mexico ๐Ÿ‡ฒ๐Ÿ‡ฝ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government / Social Services\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Hermes_Olymp (Olympus_Group)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked user records, documents, and photos\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 20,000+ users, 6,000 documents and photos\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1980/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "590bb385c6122182", "id": "cluster-590bb385c6122182", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T16:13:21Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T16:15:52Z", "engagement": { "forwards": 1, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ˜ญ": 1 }, "reactions": 1, "replies": 0, "score_absolute": 183.0, "score_global_percentile": 8.54, "score_source_percentile": 72.97, "source_rank_by_engagement": 11, "stars": 0, "views": 171 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ช๐Ÿ‡ธ Bambuy allegedly targeted in free database leak A threat actor on an underground forum is claiming to have published a database allegedly originating from Bambuy, a Spanish e-commerce platform. The actor is releasing the data for free. The actor claims the leaked SQL database contains customer and address...", "fingerprint": "590bb385c6122182", "hashtags": [], "id": "sliceforlifeee-1979", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 628, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 91622, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1979", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1979" }, "media_type": "photo", "message_id": 1979, "original_text": "๐Ÿšจ๐Ÿ‡ช๐Ÿ‡ธ Bambuy allegedly targeted in free database leak\n\nA threat actor on an underground forum is claiming to have published a database allegedly originating from Bambuy, a Spanish e-commerce platform. The actor is releasing the data for free.\n\nThe actor claims the leaked SQL database contains customer and address records.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข First and last names\nโ€ข Company and alias fields\nโ€ข Addresses, postal codes, and cities\nโ€ข Phone and mobile numbers\nโ€ข VAT numbers and DNI (national ID)\nโ€ข Country and state data\nโ€ข Account creation and update timestamps\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Bambuy\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Spain ๐Ÿ‡ช๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Retail / E-commerce\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Bambi\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Free database leak\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Customer and address records (SQL database)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T16:13:21Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1979", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1979" }, "telegram_url": "https://t.me/SliceForLifeee/1979", "text": "๐Ÿšจ๐Ÿ‡ช๐Ÿ‡ธ Bambuy allegedly targeted in free database leak\n\nA threat actor on an underground forum is claiming to have published a database allegedly originating from Bambuy, a Spanish e-commerce platform. The actor is releasing the data for free.\n\nThe actor claims the leaked SQL database contains customer and address records.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข First and last names\nโ€ข Company and alias fields\nโ€ข Addresses, postal codes, and cities\nโ€ข Phone and mobile numbers\nโ€ข VAT numbers and DNI (national ID)\nโ€ข Country and state data\nโ€ข Account creation and update timestamps\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Bambuy\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Spain ๐Ÿ‡ช๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Retail / E-commerce\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Bambi\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Free database leak\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Customer and address records (SQL database)\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Free\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1979/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "9999c049f6b8e8da", "id": "cluster-9999c049f6b8e8da", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T16:03:08Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 169.0, "score_global_percentile": 8.3, "score_source_percentile": 54.05, "source_rank_by_engagement": 18, "stars": 0, "views": 169 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ช๐Ÿ‡ธ Podoservice allegedly targeted in 100K database sale A threat actor on an underground forum is claiming to sell a database allegedly originating from Podoservice, a Spanish podiatry services platform. The actor claims the database contains roughly 100K records across customer and contact data. ๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜†...", "fingerprint": "9999c049f6b8e8da", "hashtags": [], "id": "sliceforlifeee-1978", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 1309, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 157857, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1978", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1978" }, "media_type": "photo", "message_id": 1978, "original_text": "๐Ÿšจ๐Ÿ‡ช๐Ÿ‡ธ Podoservice allegedly targeted in 100K database sale\n\nA threat actor on an underground forum is claiming to sell a database allegedly originating from Podoservice, a Spanish podiatry services platform.\n\nThe actor claims the database contains roughly 100K records across customer and contact data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข First and last names\nโ€ข Company and alias fields\nโ€ข Addresses, postal codes, and cities\nโ€ข Phone and mobile numbers\nโ€ข VAT numbers and DNI (national ID)\nโ€ข Email addresses\nโ€ข Passwords (hashed)\nโ€ข Dates of birth\nโ€ข Newsletter, registration IP, and account metadata\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Podoservice\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Spain ๐Ÿ‡ช๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Healthcare / Podiatry Services\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Sophia\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Database sale\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~100K records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Not disclosed (contact to purchase)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T16:03:08Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1978", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1978" }, "telegram_url": "https://t.me/SliceForLifeee/1978", "text": "๐Ÿšจ๐Ÿ‡ช๐Ÿ‡ธ Podoservice allegedly targeted in 100K database sale\n\nA threat actor on an underground forum is claiming to sell a database allegedly originating from Podoservice, a Spanish podiatry services platform.\n\nThe actor claims the database contains roughly 100K records across customer and contact data.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข First and last names\nโ€ข Company and alias fields\nโ€ข Addresses, postal codes, and cities\nโ€ข Phone and mobile numbers\nโ€ข VAT numbers and DNI (national ID)\nโ€ข Email addresses\nโ€ข Passwords (hashed)\nโ€ข Dates of birth\nโ€ข Newsletter, registration IP, and account metadata\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Podoservice\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Spain ๐Ÿ‡ช๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Healthcare / Podiatry Services\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Sophia\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Database sale\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~100K records\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Not disclosed (contact to purchase)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 30, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1978/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "OSINT/cyber research perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "Cyber Detective", "handle": "cybdetective", "id": "telegram:cybdetective", "item_count": 0, "language": "en", "priority": 78, "provenance_note": "Public Telegram feed used for cyber OSINT and investigation leads.", "rank": 10, "risk_label": "Tool and lead references need operator verification", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "research source", "OSINT" ], "tier": "Tier 1", "title": "Cyber Detective", "url": "https://t.me/cybdetective" }, "channel_handle": "cybdetective", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "8952b7918d434a4d", "id": "cluster-8952b7918d434a4d", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T15:57:57Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T18:29:54Z", "engagement": { "forwards": 41, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ‘": 1 }, "reactions": 1, "replies": 2, "score_absolute": 1433.0, "score_global_percentile": 26.74, "score_source_percentile": 75.0, "source_rank_by_engagement": 2, "stars": 0, "views": 1013 }, "english_status": "original_english", "excerpt": "AgenticEarth An AI assistant with access to 123 geospatial datasets. It allows you to gather a wealth of information about any location on Earth and visualise the results on a map. Free trial. https://agenticearth.app/ #geoint", "fingerprint": "8952b7918d434a4d", "hashtags": [ "geoint" ], "id": "cybdetective-3504", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 1262, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 296913, "width": 2560 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "cybdetective/3504", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/cybdetective/3504" }, "media_type": "photo", "message_id": 3504, "original_text": "AgenticEarth\n\nAn AI assistant with access to 123 geospatial datasets. It allows you to gather a wealth of information about any location on Earth and visualise the results on a map.\n\nFree trial.\n\nhttps://agenticearth.app/\n\n#geoint", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T15:57:57Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "geoint", "cyber-hacking", "cyber", "verification-anchor", "research-source", "osint", "agenticearth.app" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "cybdetective/3504", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/cybdetective/3504" }, "telegram_url": "https://t.me/cybdetective/3504", "text": "AgenticEarth\n\nAn AI assistant with access to 123 geospatial datasets. It allows you to gather a wealth of information about any location on Earth and visualise the results on a map.\n\nFree trial.\n\nhttps://agenticearth.app/\n\n#geoint", "url": "https://news.jeremywhittaker.com/item/cybdetective-3504/", "urls": [ "https://agenticearth.app/" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "2abe0e981fa9312a", "id": "cluster-2abe0e981fa9312a", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T15:42:15Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T16:02:35Z", "engagement": { "forwards": 3, "paid_reactions": 0, "reaction_breakdown": { "โค": 3 }, "reactions": 3, "replies": 0, "score_absolute": 228.0, "score_global_percentile": 9.28, "score_source_percentile": 97.3, "source_rank_by_engagement": 2, "stars": 0, "views": 192 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ช๐Ÿ‡ธ Spain allegedly targeted in massive 19 million biometric photos and ID cards leak A threat actor group on an underground forum, identifying as EsqueleSquad, is claiming to expose more than 19 million Spanish citizens and politicians in a consolidated 13 GB database. The actors claim the credentials were taken...", "fingerprint": "2abe0e981fa9312a", "hashtags": [], "id": "sliceforlifeee-1975", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 997, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 136401, "width": 1200 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1975", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1975" }, "media_type": "photo", "message_id": 1975, "original_text": "๐Ÿšจ๐Ÿ‡ช๐Ÿ‡ธ Spain allegedly targeted in massive 19 million biometric photos and ID cards leak\n\nA threat actor group on an underground forum, identifying as EsqueleSquad, is claiming to expose more than 19 million Spanish citizens and politicians in a consolidated 13 GB database. The actors claim the credentials were taken from the General Directorate of the Police system.\n\nThe actors claim the dataset contains biometric photos, ID cards, residence information, and emails.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Biometric photos of citizens\nโ€ข National ID cards (DNI)\nโ€ข Residence information\nโ€ข Email addresses\nโ€ข Full names and personal details\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: General Directorate of the Police (Spain)\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Spain ๐Ÿ‡ช๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government / Law Enforcement\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Skull1172 (EsqueleSquad)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked biometric photos and ID cards\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 19M+ records (~13 GB)\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T15:42:15Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1975", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1975" }, "telegram_url": "https://t.me/SliceForLifeee/1975", "text": "๐Ÿšจ๐Ÿ‡ช๐Ÿ‡ธ Spain allegedly targeted in massive 19 million biometric photos and ID cards leak\n\nA threat actor group on an underground forum, identifying as EsqueleSquad, is claiming to expose more than 19 million Spanish citizens and politicians in a consolidated 13 GB database. The actors claim the credentials were taken from the General Directorate of the Police system.\n\nThe actors claim the dataset contains biometric photos, ID cards, residence information, and emails.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Biometric photos of citizens\nโ€ข National ID cards (DNI)\nโ€ข Residence information\nโ€ข Email addresses\nโ€ข Full names and personal details\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: General Directorate of the Police (Spain)\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Spain ๐Ÿ‡ช๐Ÿ‡ธ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government / Law Enforcement\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: Skull1172 (EsqueleSquad)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Leaked biometric photos and ID cards\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: 19M+ records (~13 GB)\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1975/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity news perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "BleepingComputer", "handle": "bleepingcomputer", "id": "telegram:bleepingcomputer", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity news publisher.", "rank": 11, "risk_label": "Incident claims should be checked against affected-party statements", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "incident reporting" ], "tier": "Tier 2", "title": "BleepingComputer", "url": "https://t.me/bleepingcomputer" }, "channel_handle": "bleepingcomputer", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "f908bde7e7f75b9a", "id": "cluster-f908bde7e7f75b9a", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T14:39:00Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 7, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 501.0, "score_global_percentile": 14.24, "score_source_percentile": 81.82, "source_rank_by_engagement": 3, "stars": 0, "views": 431 }, "english_status": "original_english", "excerpt": "New CIFSwitch Linux flaw gives root on multiple distributions A newly discovered local privilege escalation vulnerability dubbed 'CIFSwitch' in the Linux kernel could allow attackers to forge CIFS authentication key descriptions, abuse the kernel's key request mechanism, and gain root privileges. [...]...", "fingerprint": "f908bde7e7f75b9a", "hashtags": [], "id": "bleepingcomputer-24783", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 900, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 157835, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24783", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24783" }, "media_type": "photo", "message_id": 24783, "original_text": "New CIFSwitch Linux flaw gives root on multiple distributions\n\nA newly discovered local privilege escalation vulnerability dubbed 'CIFSwitch' in the Linux kernel could allow attackers to forge CIFS authentication key descriptions, abuse the kernel's key request mechanism, and gain root privileges. [...]\n\nhttps://www.bleepingcomputer.com/news/security/new-cifswitch-linux-flaw-gives-root-on-multiple-distributions/", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T14:39:00Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "incident-reporting", "bleepingcomputer.com", "cve" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24783", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24783" }, "telegram_url": "https://t.me/bleepingcomputer/24783", "text": "New CIFSwitch Linux flaw gives root on multiple distributions\n\nA newly discovered local privilege escalation vulnerability dubbed 'CIFSwitch' in the Linux kernel could allow attackers to forge CIFS authentication key descriptions, abuse the kernel's key request mechanism, and gain root privileges. [...]\n\nhttps://www.bleepingcomputer.com/news/security/new-cifswitch-linux-flaw-gives-root-on-multiple-distributions/", "url": "https://news.jeremywhittaker.com/item/bleepingcomputer-24783/", "urls": [ "https://www.bleepingcomputer.com/news/security/new-cifswitch-linux-flaw-gives-root-on-multiple-distributions/" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "7de38186d89e8409", "id": "cluster-7de38186d89e8409", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T09:21:29Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T09:22:08Z", "engagement": { "forwards": 78, "paid_reactions": 0, "reaction_breakdown": { "โค": 142, "โคโ€๐Ÿ”ฅ": 6, "๐Ÿ’ฏ": 3, "๐Ÿ˜ข": 28, "๐Ÿ˜ฑ": 1, "๐Ÿค“": 1, "๐Ÿค”": 3, "๐Ÿฅฐ": 5, "๐Ÿซก": 25 }, "reactions": 214, "replies": 0, "score_absolute": 4760.0, "score_global_percentile": 62.2, "score_source_percentile": 92.86, "source_rank_by_engagement": 2, "stars": 0, "views": 3552 }, "english_status": "original_english", "excerpt": "A long long time ago, when I first got into malware, I met a kid who was a little older than me who, by all standards of measurement, was significantly more intelligent and gifted than me. He made me feel like a moron. Very quickly he established a reputation on IRC for being \"the guy\", despite being like, 16. His...", "fingerprint": "7de38186d89e8409", "hashtags": [], "id": "vxunderground-8886", "language": "en", "language_display": "English", "language_original": "en", "media": [], "media_type": "text", "message_id": 8886, "original_text": "A long long time ago, when I first got into malware, I met a kid who was a little older than me who, by all standards of measurement, was significantly more intelligent and gifted than me.\n\nHe made me feel like a moron.\n\nVery quickly he established a reputation on IRC for being \"the guy\", despite being like, 16. His parents were financially well off and extremely supportive and sent him to DEFCON. He had a really great PC setup. He had it all lined up. He was destined for an amazing and strong career in information security. I was extremely envious of him because he also had a super pretty girlfriend while somehow being a massive nerd. His parents bought him a car. In my eyes he had it all.\n\nOn my side, I had some old piece of crap computer. I didn't even have a computer chair, I used some ghetto dining room table chair made from janky wood. It was all beat up and yucky.\n\nI struggled learning C. On IRC I was basically the village idiot and memed all the time (although in good jest). My friend would become frustrated with me because of how slow I learned.\n\nI was a poor kid. I wasn't like, poor-poor like, homeless or whatever, but his parents has significantly more money than mine and were capable for providing for their son in ways my family could not.\n\nI'm not entirely sure what happened because, despite him learning faster, retaining more information, having more resources, having amazing opportunities, ... he threw it away. I have no idea why. He lost his focus somehow and ended up working at a restaurant for a little bit as a server. He later worked at a mall kiosk.\n\nI ended up being the successful one. I ended up having an amazing career in cybersecurity. I ended up knowing far more than him.\n\nSometimes I reflect on it and it blows my mind. I only surpassed him because I had endurance and was willing to continue the grind.\n\nHe had everything on a silver platter. He had so many amazing opportunities. He could have gone so far, he was so incredibly gifted and smart.\n\nI have no idea what he was thinking to make him squander it all.\n\nI guess the moral of the story is that turtle and the rabbit thingy has truth to it.", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T09:21:29Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware" ], "telegram_url": "https://t.me/vxunderground/8886", "text": "A long long time ago, when I first got into malware, I met a kid who was a little older than me who, by all standards of measurement, was significantly more intelligent and gifted than me.\n\nHe made me feel like a moron.\n\nVery quickly he established a reputation on IRC for being \"the guy\", despite being like, 16. His parents were financially well off and extremely supportive and sent him to DEFCON. He had a really great PC setup. He had it all lined up. He was destined for an amazing and strong career in information security. I was extremely envious of him because he also had a super pretty girlfriend while somehow being a massive nerd. His parents bought him a car. In my eyes he had it all.\n\nOn my side, I had some old piece of crap computer. I didn't even have a computer chair, I used some ghetto dining room table chair made from janky wood. It was all beat up and yucky.\n\nI struggled learning C. On IRC I was basically the village idiot and memed all the time (although in good jest). My friend would become frustrated with me because of how slow I learned.\n\nI was a poor kid. I wasn't like, poor-poor like, homeless or whatever, but his parents has significantly more money than mine and were capable for providing for their son in ways my family could not.\n\nI'm not entirely sure what happened because, despite him learning faster, retaining more information, having more resources, having amazing opportunities, ... he threw it away. I have no idea why. He lost his focus somehow and ended up working at a restaurant for a little bit as a server. He later worked at a mall kiosk.\n\nI ended up being the successful one. I ended up having an amazing career in cybersecurity. I ended up knowing far more than him.\n\nSometimes I reflect on it and it blows my mind. I only surpassed him because I had endurance and was willing to continue the grind.\n\nHe had everything on a silver platter. He had so many amazing opportunities. He could have gone so far, he was so incredibly gifted and smart.\n\nI have no idea what he was thinking to make him squander it all.\n\nI guess the moral of the story is that turtle and the rabbit thingy has truth to it.", "url": "https://news.jeremywhittaker.com/item/vxunderground-8886/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "b8efe05dd3356240", "id": "cluster-b8efe05dd3356240", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T07:19:00Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T07:19:28Z", "engagement": { "forwards": 59, "paid_reactions": 0, "reaction_breakdown": { "โค": 3, "๐Ÿ”ฅ": 47, "๐Ÿ˜": 14, "๐Ÿคฃ": 3 }, "reactions": 67, "replies": 0, "score_absolute": 4915.0, "score_global_percentile": 62.86, "score_source_percentile": 100.0, "source_rank_by_engagement": 1, "stars": 0, "views": 4191 }, "english_status": "original_english", "excerpt": "Hello, If you're a person who enjoys malware and/or knows Python and wants to see malware that targets STEAM and GAMERS, I have the source code to a malware I have named \"Stealer.Python.GMBA.Manipulator\". This malware was originally noted on Xitter from GMBA. In summary, this Python malware kills the Steam process...", "fingerprint": "b8efe05dd3356240", "hashtags": [], "id": "vxunderground-8885", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 1080, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 86629, "width": 1920 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "vxunderground/8885", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8885" }, "media_type": "photo", "message_id": 8885, "original_text": "Hello,\n\nIf you're a person who enjoys malware and/or knows Python and wants to see malware that targets STEAM and GAMERS, I have the source code to a malware I have named \"Stealer.Python.GMBA.Manipulator\".\n\nThis malware was originally noted on Xitter from GMBA.\n\nIn summary, this Python malware kills the Steam process and relaunches it with the \"-cef-enable-debugging\" flag. Because Steam is a Chromium app, this allows the malware payload to manipulate Steam web pages with web socket gunk and Javascript gunk.\n\nThis malware can \"modify\" user inventories, \"block users\", etc. It is all a facade designed to trick and social engineer Steam users into giving their expensive Counter Strike stuff to them.\n\nIt appears to be written using AI. Regardless of that fact this malware is creative and I like it.\n\nThe malware source code to this can be found under the \"/Python/\" directory. It is named \"Stealer.Python.GMBA.Manipulator.7z\".\n\nThis malware campaign is still active and the C2 is still live. If you execute the __main__.py file you might cook yourself, so be careful. Alternatively, you can run this in a VM and send the malware campaign authors pictures of Goatse.\n\nhttps://github.com/vxunderground/MalwareSourceCode", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T07:19:00Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware", "github.com" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "vxunderground/8885", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8885" }, "telegram_url": "https://t.me/vxunderground/8885", "text": "Hello,\n\nIf you're a person who enjoys malware and/or knows Python and wants to see malware that targets STEAM and GAMERS, I have the source code to a malware I have named \"Stealer.Python.GMBA.Manipulator\".\n\nThis malware was originally noted on Xitter from GMBA.\n\nIn summary, this Python malware kills the Steam process and relaunches it with the \"-cef-enable-debugging\" flag. Because Steam is a Chromium app, this allows the malware payload to manipulate Steam web pages with web socket gunk and Javascript gunk.\n\nThis malware can \"modify\" user inventories, \"block users\", etc. It is all a facade designed to trick and social engineer Steam users into giving their expensive Counter Strike stuff to them.\n\nIt appears to be written using AI. Regardless of that fact this malware is creative and I like it.\n\nThe malware source code to this can be found under the \"/Python/\" directory. It is named \"Stealer.Python.GMBA.Manipulator.7z\".\n\nThis malware campaign is still active and the C2 is still live. If you execute the __main__.py file you might cook yourself, so be careful. Alternatively, you can run this in a VM and send the malware campaign authors pictures of Goatse.\n\nhttps://github.com/vxunderground/MalwareSourceCode", "url": "https://news.jeremywhittaker.com/item/vxunderground-8885/", "urls": [ "https://github.com/vxunderground/MalwareSourceCode" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "d25f9aaccfad2e8f", "id": "cluster-d25f9aaccfad2e8f", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T07:07:53Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T07:08:46Z", "engagement": { "forwards": 48, "paid_reactions": 0, "reaction_breakdown": { "โค": 7, "๐Ÿ”ฅ": 6, "๐Ÿ˜": 1, "๐Ÿค“": 19, "๐Ÿคฃ": 4, "๐Ÿฅฐ": 52 }, "reactions": 89, "replies": 0, "score_absolute": 3578.0, "score_global_percentile": 54.68, "score_source_percentile": 64.29, "source_rank_by_engagement": 6, "stars": 0, "views": 2920 }, "english_status": "original_english", "excerpt": "I learned quite a bit from this actually. I didn't know Steam was a Chromium app. Hence, you can kill Steam then relaunch it with the \"-cef-enable-debugging\" flag. Once you'll launched Steam with this, you can inject Javascript into Steam using Chromium \"webSocketDebuggingUrl\" stuff. This malware has a whole...", "fingerprint": "d25f9aaccfad2e8f", "hashtags": [], "id": "vxunderground-8884", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 657, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 50908, "width": 1133 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "vxunderground/8884", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8884" }, "media_type": "photo", "message_id": 8884, "original_text": "I learned quite a bit from this actually.\n\nI didn't know Steam was a Chromium app. Hence, you can kill Steam then relaunch it with the \"-cef-enable-debugging\" flag.\n\nOnce you'll launched Steam with this, you can inject Javascript into Steam using Chromium \"webSocketDebuggingUrl\" stuff.\n\nThis malware has a whole pseudo-framework of Javascript that can do:\n- Alert Bell (?)\n- Block pages\n- \"Help page\" (?)\n- Inventory manipulation\n- Steam library manipulation\n- Profile manipulation\n- Steam redirections\n\nBasically, this malware payload switches Steam into a Chromium debug state, then sends web debug requests (kind of like Chrome Dev Tools?) to manipulate the Steam pages. It injects Javascript.\n\nThe chat window that spawns is from a remote host they control. This is really cool.\n\nIs it AI slop? Yes\n\nIs this code EXTREMELY easy to reverse engineer? Yes\n\nDid they unironically document their entire code base in Russian because it was (probably) written using Claude and the authors probably speak Russian? Yes\n\nIs this extremely creative and cool? Yes\n\nSpecial thanks to \"pro\" from 2c44. He handed me the payload and the decompiled Python. The malware .py was Base64 encoded ... so obtaining the original source was ridiculously easy.", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T07:07:53Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware", "russia" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "vxunderground/8884", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8884" }, "telegram_url": "https://t.me/vxunderground/8884", "text": "I learned quite a bit from this actually.\n\nI didn't know Steam was a Chromium app. Hence, you can kill Steam then relaunch it with the \"-cef-enable-debugging\" flag.\n\nOnce you'll launched Steam with this, you can inject Javascript into Steam using Chromium \"webSocketDebuggingUrl\" stuff.\n\nThis malware has a whole pseudo-framework of Javascript that can do:\n- Alert Bell (?)\n- Block pages\n- \"Help page\" (?)\n- Inventory manipulation\n- Steam library manipulation\n- Profile manipulation\n- Steam redirections\n\nBasically, this malware payload switches Steam into a Chromium debug state, then sends web debug requests (kind of like Chrome Dev Tools?) to manipulate the Steam pages. It injects Javascript.\n\nThe chat window that spawns is from a remote host they control. This is really cool.\n\nIs it AI slop? Yes\n\nIs this code EXTREMELY easy to reverse engineer? Yes\n\nDid they unironically document their entire code base in Russian because it was (probably) written using Claude and the authors probably speak Russian? Yes\n\nIs this extremely creative and cool? Yes\n\nSpecial thanks to \"pro\" from 2c44. He handed me the payload and the decompiled Python. The malware .py was Base64 encoded ... so obtaining the original source was ridiculously easy.", "url": "https://news.jeremywhittaker.com/item/vxunderground-8884/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity trade-publication perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "The Hacker News", "handle": "thehackernews", "id": "telegram:thehackernews", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity publication.", "rank": 8, "risk_label": "Technical reporting should be checked against vendor advisories", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "research source" ], "tier": "Tier 1", "title": "The Hacker News", "url": "https://t.me/thehackernews" }, "channel_handle": "thehackernews", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "66feffad7fa3a9e4", "id": "cluster-66feffad7fa3a9e4", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T06:44:09Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T06:57:38Z", "engagement": { "forwards": 34, "paid_reactions": 0, "reaction_breakdown": { "๐Ÿ‘": 3, "๐Ÿ”ฅ": 6, "๐Ÿ˜": 4, "๐Ÿคฏ": 1 }, "reactions": 14, "replies": 0, "score_absolute": 5194.0, "score_global_percentile": 63.9, "score_source_percentile": 100.0, "source_rank_by_engagement": 1, "stars": 0, "views": 4826 }, "english_status": "original_english", "excerpt": "๐Ÿšจ CVE-2026-0257, a PAN-OS and Prisma Access authentication bypass flaw, is under active exploitation. The CVSS 7.8 bug can enable unauthorized VPN access and, in some observed cases, access to internal networks. Patch immediately or apply mitigations. Details:...", "fingerprint": "66feffad7fa3a9e4", "hashtags": [], "id": "thehackernews-9115", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 900, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 75404, "width": 720 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "thehackernews/9115", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9115" }, "media_type": "photo", "message_id": 9115, "original_text": "๐Ÿšจ CVE-2026-0257, a PAN-OS and Prisma Access authentication bypass flaw, is under active exploitation.\n\nThe CVSS 7.8 bug can enable unauthorized VPN access and, in some observed cases, access to internal networks.\n\nPatch immediately or apply mitigations.\n\nDetails: https://thehackernews.com/2026/05/pan-os-globalprotect-authentication.html", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T06:44:09Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "research-source", "thehackernews.com", "cve", "exploit" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "thehackernews/9115", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/thehackernews/9115" }, "telegram_url": "https://t.me/thehackernews/9115", "text": "๐Ÿšจ CVE-2026-0257, a PAN-OS and Prisma Access authentication bypass flaw, is under active exploitation.\n\nThe CVSS 7.8 bug can enable unauthorized VPN access and, in some observed cases, access to internal networks.\n\nPatch immediately or apply mitigations.\n\nDetails: https://thehackernews.com/2026/05/pan-os-globalprotect-authentication.html", "url": "https://news.jeremywhittaker.com/item/thehackernews-9115/", "urls": [ "https://thehackernews.com/2026/05/pan-os-globalprotect-authentication.html" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "a5bb09136d38b7f1", "id": "cluster-a5bb09136d38b7f1", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T06:15:15Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T06:15:56Z", "engagement": { "forwards": 24, "paid_reactions": 0, "reaction_breakdown": { "โค": 2, "โคโ€๐Ÿ”ฅ": 2, "๐Ÿ˜": 56, "๐Ÿคฃ": 4, "๐Ÿฅฐ": 12 }, "reactions": 76, "replies": 0, "score_absolute": 3307.0, "score_global_percentile": 51.79, "score_source_percentile": 50.0, "source_rank_by_engagement": 8, "stars": 0, "views": 2915 }, "english_status": "original_english", "excerpt": "me reverse engineering malware that targets steam", "fingerprint": "a5bb09136d38b7f1", "hashtags": [], "id": "vxunderground-8883", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": 18.994, "height": 600, "kind": "video", "mime_type": "video/mp4", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 2111015, "width": 720 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "vxunderground/8883", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8883" }, "media_type": "video", "message_id": 8883, "original_text": "me reverse engineering malware that targets steam", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T06:15:15Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "vxunderground/8883", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8883" }, "telegram_url": "https://t.me/vxunderground/8883", "text": "me reverse engineering malware that targets steam", "url": "https://news.jeremywhittaker.com/item/vxunderground-8883/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "e3b0c44298fc1c14", "id": "cluster-e3b0c44298fc1c14", "is_burst": true, "label": "1116-post burst", "latest_published_at": "2026-06-01T18:54:18Z", "position": 1060, "size": 1116 }, "edited_at": null, "engagement": { "forwards": 31, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 3209.0, "score_global_percentile": 50.52, "score_source_percentile": 42.86, "source_rank_by_engagement": 9, "stars": 0, "views": 2899 }, "english_status": "original_english", "excerpt": "", "fingerprint": "e3b0c44298fc1c14", "hashtags": [], "id": "vxunderground-8882", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 566, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 16335, "width": 463 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "vxunderground/8882", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8882" }, "media_type": "photo", "message_id": 8882, "original_text": "", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T06:05:32Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "vxunderground/8882", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8882" }, "telegram_url": "https://t.me/vxunderground/8882", "text": "", "url": "https://news.jeremywhittaker.com/item/vxunderground-8882/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "4ec3ac6a5a7c483a", "id": "cluster-4ec3ac6a5a7c483a", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T06:05:31Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T06:06:40Z", "engagement": { "forwards": 28, "paid_reactions": 0, "reaction_breakdown": { "โค": 1, "๐Ÿ˜ข": 2, "๐Ÿคฃ": 90, "๐Ÿฅฐ": 7 }, "reactions": 100, "replies": 0, "score_absolute": 3334.0, "score_global_percentile": 52.06, "score_source_percentile": 57.14, "source_rank_by_engagement": 7, "stars": 0, "views": 2854 }, "english_status": "original_english", "excerpt": "Using this script you can also send these Russian people very important and private messages (I didn't message them this, this isn't my image, someone else did) Images via \"pro from 2c44\"", "fingerprint": "4ec3ac6a5a7c483a", "hashtags": [], "id": "vxunderground-8881", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 445, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 30683, "width": 1280 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "vxunderground/8881", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8881" }, "media_type": "photo", "message_id": 8881, "original_text": "Using this script you can also send these Russian people very important and private messages (I didn't message them this, this isn't my image, someone else did)\n\nImages via \"pro from 2c44\"", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T06:05:31Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware", "russia" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "vxunderground/8881", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8881" }, "telegram_url": "https://t.me/vxunderground/8881", "text": "Using this script you can also send these Russian people very important and private messages (I didn't message them this, this isn't my image, someone else did)\n\nImages via \"pro from 2c44\"", "url": "https://news.jeremywhittaker.com/item/vxunderground-8881/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "235cec03fc19287f", "id": "cluster-235cec03fc19287f", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T06:00:55Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T06:01:42Z", "engagement": { "forwards": 49, "paid_reactions": 0, "reaction_breakdown": { "โค": 4, "๐Ÿ”ฅ": 9, "๐Ÿ˜": 75, "๐Ÿ˜ฑ": 1, "๐Ÿค“": 1, "๐Ÿคฃ": 12, "๐Ÿฅฐ": 3 }, "reactions": 105, "replies": 0, "score_absolute": 3658.0, "score_global_percentile": 55.48, "score_source_percentile": 71.43, "source_rank_by_engagement": 5, "stars": 0, "views": 2958 }, "english_status": "needs_translation", "excerpt": "I got the payload to this malware. It is absurdly silly. This malware is killing me bro. It is so unbelievably silly. This was 100% written using Claude or ChatGPT. I've never seen a malware payload LEAVE NOTES describing what it's doing. The malware has a Powershell script that connects to the C2 for stinky malware...", "fingerprint": "235cec03fc19287f", "hashtags": [], "id": "vxunderground-8880", "language": "ru", "language_display": "Russian", "language_original": "ru", "media": [ { "downloaded": false, "duration": null, "height": 495, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 89496, "width": 1280 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "vxunderground/8880", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8880" }, "media_type": "photo", "message_id": 8880, "original_text": "I got the payload to this malware. It is absurdly silly. This malware is killing me bro. It is so unbelievably silly.\n\nThis was 100% written using Claude or ChatGPT. I've never seen a malware payload LEAVE NOTES describing what it's doing.\n\nThe malware has a Powershell script that connects to the C2 for stinky malware stuff. This module is responsible for persistence. Thankfully their persistence script documented the entire code base and file locations.\n\nVery cool. Thank you spoopy Russian Counter Strike scammers.\n\nEven more silly, the C2 is hardcoded as a string (seen in attached image). The C2 address shows it has been an active malware campaign since at least January 31st, 2026 based off of data present on VirusTotal. It was initially uploaded as \"9lixh\".\n\nThis persistence script was from a victim machine so I've censored some data. Regardless, the botched cyrillic notes also makes me giggle.\n\nRussian to English translations present in this silly script which documents everything for us:\n# ะŸัƒั‚ะธ ะดะปั ัƒะดะฐะปะตะฝะธั\n# Paths for deletion\n\n# ะ—ะฐะฒะตั€ัˆะฐะตะผ ะฟั€ะพั†ะตััั‹ python ะธ pythonw\n# Terminate/finish the python and pythonw processes\n\n# ะฃะดะฐะปัะตะผ ะฐะฒั‚ะพะทะฐะฟัƒัะบ ะธะท ั€ะตะตัั‚ั€ะฐ\n# Remove autorun from the registry\n\n# ะ—ะฐะฒะตั€ัˆะฐะตะผ ะฟั€ะพั†ะตัั ะผะพะฝะธั‚ะพั€ะฐ\n# Stop the monitoring process\n\n# ะะพะฒะฐั ั„ัƒะฝะบั†ะธั ะดะปั ะฟั€ะพะฒะตั€ะบะธ f.json ะธ ัƒะฑะธะนัั‚ะฒะฐ ะฟั€ะพั†ะตััะพะฒ\n# New function for checking f.json and killing processes\n\n# ะŸั€ะพะฒะตั€ัะตะผ ั„ะปะฐะณ library\n# Check the library flag\n\n# ะกะฟะธัะพะบ ะฟั€ะพั†ะตััะพะฒ ะดะปั ัƒะฑะธะนัั‚ะฒะฐ\n# List of processes to kill\n\n# ะŸั€ะพะฒะตั€ะบะฐ ั„ะปะฐะณะฐ ัƒะดะฐะปะตะฝะธั (ะบะฐะถะดั‹ะต 20 ัะตะบัƒะฝะด)\n# Check the deletion flag (every 20 seconds)\n\n# 20 ัะตะบัƒะฝะด ะฟั€ะธ ะธะฝั‚ะตั€ะฒะฐะปะต 2 ัะตะบัƒะฝะดั‹\n# 20 seconds with a 2-second interval\n\n# ะŸั€ะพะฒะตั€ะบะฐ f.json ะธ ัƒะฑะธะนัั‚ะฒะพ ะฟั€ะพั†ะตััะพะฒ (ะบะฐะถะดั‹ะต 4 ัะตะบัƒะฝะดั‹)\n# Check f.json and kill processes (every 4 seconds)", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T06:00:55Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware", "russia" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "vxunderground/8880", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8880" }, "telegram_url": "https://t.me/vxunderground/8880", "text": "I got the payload to this malware. It is absurdly silly. This malware is killing me bro. It is so unbelievably silly.\n\nThis was 100% written using Claude or ChatGPT. I've never seen a malware payload LEAVE NOTES describing what it's doing.\n\nThe malware has a Powershell script that connects to the C2 for stinky malware stuff. This module is responsible for persistence. Thankfully their persistence script documented the entire code base and file locations.\n\nVery cool. Thank you spoopy Russian Counter Strike scammers.\n\nEven more silly, the C2 is hardcoded as a string (seen in attached image). The C2 address shows it has been an active malware campaign since at least January 31st, 2026 based off of data present on VirusTotal. It was initially uploaded as \"9lixh\".\n\nThis persistence script was from a victim machine so I've censored some data. Regardless, the botched cyrillic notes also makes me giggle.\n\nRussian to English translations present in this silly script which documents everything for us:\n# ะŸัƒั‚ะธ ะดะปั ัƒะดะฐะปะตะฝะธั\n# Paths for deletion\n\n# ะ—ะฐะฒะตั€ัˆะฐะตะผ ะฟั€ะพั†ะตััั‹ python ะธ pythonw\n# Terminate/finish the python and pythonw processes\n\n# ะฃะดะฐะปัะตะผ ะฐะฒั‚ะพะทะฐะฟัƒัะบ ะธะท ั€ะตะตัั‚ั€ะฐ\n# Remove autorun from the registry\n\n# ะ—ะฐะฒะตั€ัˆะฐะตะผ ะฟั€ะพั†ะตัั ะผะพะฝะธั‚ะพั€ะฐ\n# Stop the monitoring process\n\n# ะะพะฒะฐั ั„ัƒะฝะบั†ะธั ะดะปั ะฟั€ะพะฒะตั€ะบะธ f.json ะธ ัƒะฑะธะนัั‚ะฒะฐ ะฟั€ะพั†ะตััะพะฒ\n# New function for checking f.json and killing processes\n\n# ะŸั€ะพะฒะตั€ัะตะผ ั„ะปะฐะณ library\n# Check the library flag\n\n# ะกะฟะธัะพะบ ะฟั€ะพั†ะตััะพะฒ ะดะปั ัƒะฑะธะนัั‚ะฒะฐ\n# List of processes to kill\n\n# ะŸั€ะพะฒะตั€ะบะฐ ั„ะปะฐะณะฐ ัƒะดะฐะปะตะฝะธั (ะบะฐะถะดั‹ะต 20 ัะตะบัƒะฝะด)\n# Check the deletion flag (every 20 seconds)\n\n# 20 ัะตะบัƒะฝะด ะฟั€ะธ ะธะฝั‚ะตั€ะฒะฐะปะต 2 ัะตะบัƒะฝะดั‹\n# 20 seconds with a 2-second interval\n\n# ะŸั€ะพะฒะตั€ะบะฐ f.json ะธ ัƒะฑะธะนัั‚ะฒะพ ะฟั€ะพั†ะตััะพะฒ (ะบะฐะถะดั‹ะต 4 ัะตะบัƒะฝะดั‹)\n# Check f.json and kill processes (every 4 seconds)", "url": "https://news.jeremywhittaker.com/item/vxunderground-8880/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "246ae7a804c3df3e", "id": "cluster-246ae7a804c3df3e", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T05:29:33Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T05:31:32Z", "engagement": { "forwards": 15, "paid_reactions": 0, "reaction_breakdown": { "โค": 22 }, "reactions": 22, "replies": 0, "score_absolute": 3178.0, "score_global_percentile": 50.05, "score_source_percentile": 35.71, "source_rank_by_engagement": 10, "stars": 0, "views": 2984 }, "english_status": "original_english", "excerpt": "Someone commented on Xitter immediately. Context for TG nerds: https://x.com/GMBA/status/2059692291028144219", "fingerprint": "246ae7a804c3df3e", "hashtags": [], "id": "vxunderground-8879", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 1012, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 102170, "width": 1200 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "vxunderground/8879", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8879" }, "media_type": "photo", "message_id": 8879, "original_text": "Someone commented on Xitter immediately. Context for TG nerds:\n\nhttps://x.com/GMBA/status/2059692291028144219", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T05:29:33Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware", "x.com" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "vxunderground/8879", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8879" }, "telegram_url": "https://t.me/vxunderground/8879", "text": "Someone commented on Xitter immediately. Context for TG nerds:\n\nhttps://x.com/GMBA/status/2059692291028144219", "url": "https://news.jeremywhittaker.com/item/vxunderground-8879/", "urls": [ "https://x.com/GMBA/status/2059692291028144219" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Malware-research community perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "vx-underground", "handle": "vxunderground", "id": "telegram:vxunderground", "item_count": 0, "language": "en", "priority": 82, "provenance_note": "Public Telegram feed monitored for malware and underground signals.", "rank": 12, "risk_label": "Underground-source claims require extra corroboration", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "research source", "malware" ], "tier": "Tier 2", "title": "vx-underground", "url": "https://t.me/vxunderground" }, "channel_handle": "vxunderground", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "bb36eaf7bbc001c8", "id": "cluster-bb36eaf7bbc001c8", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T05:26:31Z", "position": 1, "size": 1 }, "edited_at": "2026-05-30T05:26:39Z", "engagement": { "forwards": 34, "paid_reactions": 0, "reaction_breakdown": { "โค": 46, "๐Ÿ”ฅ": 1, "๐Ÿค”": 4, "๐Ÿฅฐ": 9 }, "reactions": 60, "replies": 0, "score_absolute": 3701.0, "score_global_percentile": 55.81, "score_source_percentile": 78.57, "source_rank_by_engagement": 4, "stars": 0, "views": 3241 }, "english_status": "original_english", "excerpt": "Hello, Awhile ago some guy on Xitter was talking about his friend being scammed and losing Counter Strike stuff. I'm not a gamer, I don't understand Counter Strike markets and stuff, but the gist of everything was he purchased an item and he was (in some capacity) scammed? He said Steam support was DMing him over...", "fingerprint": "bb36eaf7bbc001c8", "hashtags": [], "id": "vxunderground-8878", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 960, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 147975, "width": 1280 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "vxunderground/8878", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8878" }, "media_type": "photo", "message_id": 8878, "original_text": "Hello,\n\nAwhile ago some guy on Xitter was talking about his friend being scammed and losing Counter Strike stuff. I'm not a gamer, I don't understand Counter Strike markets and stuff, but the gist of everything was he purchased an item and he was (in some capacity) scammed?\n\nHe said Steam support was DMing him over Steam. People were memeing him, saying Steam doesn't communicate over Steam like an instant messenger client. People questioned the validity of the images.\n\nI had a bunch of people DM me, tag me on the post, etc. I saw it, but I was busy with my baby boy, so I put it on the back burner. However, it peaked my interest because it was extremely unusual. I do play stuff on Steam sometimes, and I've never seen or heard of malware which is curated to specifically target Steam coupled with social engineering work.\n\nTwo things\n\n1. I get tons of messages, DMs, and emails. I can't find the original post anymore. If you know what I'm describing please comment it below, or something, I don't know. The post itself is interesting and provides context to second part of this write-up.\n\n2. This is malware. I was on THE STREETS DAWG (talking with stinky nerds on Telegram) passively to see if anyone knew anything about this. I was able to receive the payload as well the decompiled source code (it's written in Python). This malware was developed by some nerds in Russia determined to ... drain people on Counter Strike and steal their items? Again, I'm not a gamer or Counter Strike nerd, so I don't understand the objective of this malware or the monetary value behind this, but apparently it is enough to motivate someone to create malware which injects itself into Steam to allow them to manipulate the application and impersonate Steam support (API hooking).\n\nI haven't had a chance to review the malware in totality yet. I've briefly skimmed it. It's got a bunch of different modules and stages. Someone seems to have put quite a bit of effort into this. I've never seen anything like this, so it's really cool.\n\nOn a side note, I've been noticing a trend of Threat Actors targeting Steam. It was initially by creating fake and malicious games. Now we are seeing malware payloads that inject themselves into the Steam application itself and manipulate it in ways to trick users into giving them valuable video game items or potentially pushing more malware to their machine.\n\nVery cool.", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T05:26:31Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "research-source", "malware", "markets", "russia", "shipping", "telegram" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "vxunderground/8878", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/vxunderground/8878" }, "telegram_url": "https://t.me/vxunderground/8878", "text": "Hello,\n\nAwhile ago some guy on Xitter was talking about his friend being scammed and losing Counter Strike stuff. I'm not a gamer, I don't understand Counter Strike markets and stuff, but the gist of everything was he purchased an item and he was (in some capacity) scammed?\n\nHe said Steam support was DMing him over Steam. People were memeing him, saying Steam doesn't communicate over Steam like an instant messenger client. People questioned the validity of the images.\n\nI had a bunch of people DM me, tag me on the post, etc. I saw it, but I was busy with my baby boy, so I put it on the back burner. However, it peaked my interest because it was extremely unusual. I do play stuff on Steam sometimes, and I've never seen or heard of malware which is curated to specifically target Steam coupled with social engineering work.\n\nTwo things\n\n1. I get tons of messages, DMs, and emails. I can't find the original post anymore. If you know what I'm describing please comment it below, or something, I don't know. The post itself is interesting and provides context to second part of this write-up.\n\n2. This is malware. I was on THE STREETS DAWG (talking with stinky nerds on Telegram) passively to see if anyone knew anything about this. I was able to receive the payload as well the decompiled source code (it's written in Python). This malware was developed by some nerds in Russia determined to ... drain people on Counter Strike and steal their items? Again, I'm not a gamer or Counter Strike nerd, so I don't understand the objective of this malware or the monetary value behind this, but apparently it is enough to motivate someone to create malware which injects itself into Steam to allow them to manipulate the application and impersonate Steam support (API hooking).\n\nI haven't had a chance to review the malware in totality yet. I've briefly skimmed it. It's got a bunch of different modules and stages. Someone seems to have put quite a bit of effort into this. I've never seen anything like this, so it's really cool.\n\nOn a side note, I've been noticing a trend of Threat Actors targeting Steam. It was initially by creating fake and malicious games. Now we are seeing malware payloads that inject themselves into the Steam application itself and manipulate it in ways to trick users into giving them valuable video game items or potentially pushing more malware to their machine.\n\nVery cool.", "url": "https://news.jeremywhittaker.com/item/vxunderground-8878/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "3c28718406cd3f3c", "id": "cluster-3c28718406cd3f3c", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T01:55:21Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 17.0, "score_global_percentile": 3.56, "score_source_percentile": 2.7, "source_rank_by_engagement": 37, "stars": 0, "views": 17 }, "english_status": "original_english", "excerpt": "โ€ผ๏ธ๐Ÿ‡บ๐Ÿ‡ธ DentaQuest has had 234GB+ leaked on to ShinyHunters Pay or Leak Dark Web portal ________________________________________ Main Channel: https://t.me/SliceForLifeee Backup Channel: https://t.me/SliceForLifeeee Website: darkwebinformer.com Pricing (Includes Crypto): darkwebinformer.com/pricing API Access:...", "fingerprint": "3c28718406cd3f3c", "hashtags": [], "id": "sliceforlifeee-1974", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 339, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 19879, "width": 302 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1974", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1974" }, "media_type": "photo", "message_id": 1974, "original_text": "โ€ผ๏ธ๐Ÿ‡บ๐Ÿ‡ธ DentaQuest has had 234GB+ leaked on to ShinyHunters Pay or Leak Dark Web portal\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T01:55:21Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1974", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1974" }, "telegram_url": "https://t.me/SliceForLifeee/1974", "text": "โ€ผ๏ธ๐Ÿ‡บ๐Ÿ‡ธ DentaQuest has had 234GB+ leaked on to ShinyHunters Pay or Leak Dark Web portal\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1974/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "On-chain scam-tracking perspective", "category": "cyber", "credibility": "Research source", "display_name": "MistTrack Alert", "handle": "misttrack_alert", "id": "telegram:misttrack_alert", "item_count": 0, "language": "en", "priority": 68, "provenance_note": "Public Telegram channel promoted after handle resolution and bounded ingest evidence on 2026-05-29.", "rank": 37, "risk_label": "Attribution and loss estimates require confirmation; low-context transfer tape is filtered unless the post includes clear scam, exploit, theft, laundering, or cybercrime context", "role": "research_source", "role_label": "Research Source", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "research source", "on-chain scam tracking", "cyber-context gated" ], "tier": "Tier 3", "title": "MistTrack Alert", "url": "https://t.me/misttrack_alert" }, "channel_handle": "misttrack_alert", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "7b54db22bd9500b5", "id": "cluster-7b54db22bd9500b5", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T00:34:54Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 5.0, "score_global_percentile": 3.26, "score_source_percentile": 50.0, "source_rank_by_engagement": 2, "stars": 0, "views": 5 }, "english_status": "original_english", "excerpt": "โš ๏ธโš ๏ธโš ๏ธ5.0 #BTC transferred from Kelp-Dao-Exploiter to bc1q4yqt0aygp4uzqv5kdfsfepvt0687562r8rhq6m. Go MistTrack | Transaction Details", "fingerprint": "7b54db22bd9500b5", "hashtags": [ "btc" ], "id": "misttrack-alert-453912", "language": "en", "language_display": "English", "language_original": "en", "media": [], "media_type": "text", "message_id": 453912, "original_text": "โš ๏ธโš ๏ธโš ๏ธ5.0 #BTC transferred from Kelp-Dao-Exploiter to bc1q4yqt0aygp4uzqv5kdfsfepvt0687562r8rhq6m.\n\nGo MistTrack | Transaction Details", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T00:34:54Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "btc", "cyber-hacking", "cyber", "research-source", "on-chain-scam-tracking", "cyber-context-gated", "bitcoin", "exploit" ], "telegram_url": "https://t.me/misttrack_alert/453912", "text": "โš ๏ธโš ๏ธโš ๏ธ5.0 #BTC transferred from Kelp-Dao-Exploiter to bc1q4yqt0aygp4uzqv5kdfsfepvt0687562r8rhq6m.\n\nGo MistTrack | Transaction Details", "url": "https://news.jeremywhittaker.com/item/misttrack-alert-453912/", "urls": [], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "e6161a18e6170c9e", "id": "cluster-e6161a18e6170c9e", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-30T00:25:34Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 65.0, "score_global_percentile": 4.32, "score_source_percentile": 10.81, "source_rank_by_engagement": 34, "stars": 0, "views": 65 }, "english_status": "original_english", "excerpt": "๐Ÿšจ Keybe.ai allegedly targeted in customer database leak A threat actor on an underground forum is claiming that Keybe.ai, an AI platform, suffered a data breach in May 2026 resulting in the full compromise of its customer database. The actor claims the leak contains roughly 1.9M CSV records (~156M in size), partially...", "fingerprint": "e6161a18e6170c9e", "hashtags": [], "id": "sliceforlifeee-1973", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 1015, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 141489, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1973", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1973" }, "media_type": "photo", "message_id": 1973, "original_text": "๐Ÿšจ Keybe.ai allegedly targeted in customer database leak\n\nA threat actor on an underground forum is claiming that Keybe.ai, an AI platform, suffered a data breach in May 2026 resulting in the full compromise of its customer database.\n\nThe actor claims the leak contains roughly 1.9M CSV records (~156M in size), partially released.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Names and surnames\nโ€ข Cities\nโ€ข Email addresses\nโ€ข Phone numbers\nโ€ข Account status and creation dates\nโ€ข Service, campaign, and lead source data\nโ€ข Commercial agent and WhatsApp update fields\nโ€ข Comments and contact history\nโ€ข Various marketing and CRM metadata\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Keybe.ai\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Technology / AI Platform\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: zSenior\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Full customer database compromise\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~1,919,063 records (~156M)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 29, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-30T00:25:34Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "markets" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1973", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1973" }, "telegram_url": "https://t.me/SliceForLifeee/1973", "text": "๐Ÿšจ Keybe.ai allegedly targeted in customer database leak\n\nA threat actor on an underground forum is claiming that Keybe.ai, an AI platform, suffered a data breach in May 2026 resulting in the full compromise of its customer database.\n\nThe actor claims the leak contains roughly 1.9M CSV records (~156M in size), partially released.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Names and surnames\nโ€ข Cities\nโ€ข Email addresses\nโ€ข Phone numbers\nโ€ข Account status and creation dates\nโ€ข Service, campaign, and lead source data\nโ€ข Commercial agent and WhatsApp update fields\nโ€ข Comments and contact history\nโ€ข Various marketing and CRM metadata\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Keybe.ai\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Technology / AI Platform\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: zSenior\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Full customer database compromise\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: ~1,919,063 records (~156M)\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 29, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1973/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "3a76eb4158569847", "id": "cluster-3a76eb4158569847", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-29T22:15:46Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 0, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 136.0, "score_global_percentile": 7.17, "score_source_percentile": 37.84, "source_rank_by_engagement": 24, "stars": 0, "views": 136 }, "english_status": "original_english", "excerpt": "John Daghita aka \"lick\" will be extradited back to the United States after a judge approved it. h/t: @vxdb https://rci.fm/deuxiles/infos/Justice/Le-hacker-John-Daghita-soupconne-dun-vol-de-46-millions-de-dollars-en-cryptommonaie", "fingerprint": "3a76eb4158569847", "hashtags": [], "id": "sliceforlifeee-1971", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 630, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 64068, "width": 1200 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1971", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1971" }, "media_type": "photo", "message_id": 1971, "original_text": "John Daghita aka \"lick\" will be extradited back to the United States after a judge approved it. h/t: @vxdb\n\nhttps://rci.fm/deuxiles/infos/Justice/Le-hacker-John-Daghita-soupconne-dun-vol-de-46-millions-de-dollars-en-cryptommonaie", "provenance_label": "Public Telegram post", "published_at": "2026-05-29T22:15:46Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "rci.fm" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1971", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1971" }, "telegram_url": "https://t.me/SliceForLifeee/1971", "text": "John Daghita aka \"lick\" will be extradited back to the United States after a judge approved it. h/t: @vxdb\n\nhttps://rci.fm/deuxiles/infos/Justice/Le-hacker-John-Daghita-soupconne-dun-vol-de-46-millions-de-dollars-en-cryptommonaie", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1971/", "urls": [ "https://rci.fm/deuxiles/infos/Justice/Le-hacker-John-Daghita-soupconne-dun-vol-de-46-millions-de-dollars-en-cryptommonaie" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "bfb640d552723dff", "id": "cluster-bfb640d552723dff", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-29T22:05:06Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 2, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 178.0, "score_global_percentile": 8.5, "score_source_percentile": 67.57, "source_rank_by_engagement": 13, "stars": 0, "views": 158 }, "english_status": "original_english", "excerpt": "๐Ÿšจ๐Ÿ‡ฒ๐Ÿ‡ฆ Multiple Moroccan government and corporate databases allegedly listed for sale A threat actor on an underground forum is claiming to sell a bunch of Moroccan databases, attributed to a group/dumper known as PKA291. The listing spans both government-related and corporate datasets. The actor claims the combined...", "fingerprint": "bfb640d552723dff", "hashtags": [], "id": "sliceforlifeee-1970", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 556, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 80532, "width": 1200 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1970", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1970" }, "media_type": "photo", "message_id": 1970, "original_text": "๐Ÿšจ๐Ÿ‡ฒ๐Ÿ‡ฆ Multiple Moroccan government and corporate databases allegedly listed for sale\n\nA threat actor on an underground forum is claiming to sell a bunch of Moroccan databases, attributed to a group/dumper known as PKA291. The listing spans both government-related and corporate datasets.\n\nThe actor claims the combined datasets total millions of records across justice, transport, training, and private sector entities.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Ministry of Justice (2 million documents, 150K lawsuit cases) - $3,000\nโ€ข NARSA (2 million lines) - $800\nโ€ข RADEM Maroc (1.1 million documents) - $600\nโ€ข OFPPT (400K lines) - $300\nโ€ข LNM6 (95K documents) - $500\nโ€ข Delivery companies (8 million lines) - $1,800\nโ€ข Insurance company (initial access) - $600\nโ€ข Other companies (500K lines) - $350\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Multiple Moroccan government and corporate entities\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Morocco ๐Ÿ‡ฒ๐Ÿ‡ฆ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government / Multiple\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: anisanas2 (dumped by PKA291)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Multiple databases for sale\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Millions of records across multiple datasets\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Individual listings $300 to $3,000; special offer $5,500 for all\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 29, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-29T22:05:06Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "state-media" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1970", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1970" }, "telegram_url": "https://t.me/SliceForLifeee/1970", "text": "๐Ÿšจ๐Ÿ‡ฒ๐Ÿ‡ฆ Multiple Moroccan government and corporate databases allegedly listed for sale\n\nA threat actor on an underground forum is claiming to sell a bunch of Moroccan databases, attributed to a group/dumper known as PKA291. The listing spans both government-related and corporate datasets.\n\nThe actor claims the combined datasets total millions of records across justice, transport, training, and private sector entities.\n\n๐—ช๐—ต๐—ฎ๐˜'๐˜€ ๐—ฎ๐—น๐—น๐—ฒ๐—ด๐—ฒ๐—ฑ๐—น๐˜† ๐—ฒ๐˜…๐—ฝ๐—ผ๐˜€๐—ฒ๐—ฑ:\n\nโ€ข Ministry of Justice (2 million documents, 150K lawsuit cases) - $3,000\nโ€ข NARSA (2 million lines) - $800\nโ€ข RADEM Maroc (1.1 million documents) - $600\nโ€ข OFPPT (400K lines) - $300\nโ€ข LNM6 (95K documents) - $500\nโ€ข Delivery companies (8 million lines) - $1,800\nโ€ข Insurance company (initial access) - $600\nโ€ข Other companies (500K lines) - $350\n\n๐——๐—ฒ๐˜๐—ฎ๐—ถ๐—น๐˜€:\n\n๐—ง๐—ฎ๐—ฟ๐—ด๐—ฒ๐˜: Multiple Moroccan government and corporate entities\n๐—–๐—ผ๐˜‚๐—ป๐˜๐—ฟ๐˜†: Morocco ๐Ÿ‡ฒ๐Ÿ‡ฆ\n๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ: Government / Multiple\n๐—”๐—ฐ๐˜๐—ผ๐—ฟ: anisanas2 (dumped by PKA291)\n๐—–๐—น๐—ฎ๐—ถ๐—บ: Multiple databases for sale\n๐—˜๐˜…๐—ฝ๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ: Millions of records across multiple datasets\n๐—ฃ๐—ฟ๐—ถ๐—ฐ๐—ฒ: Individual listings $300 to $3,000; special offer $5,500 for all\n๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฑ: May 29, 2026\n\n๐Ÿ’ฅ Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1970/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cyber underground-monitoring perspective", "category": "cyber", "credibility": "Fast-alert source", "display_name": "Slice For Life", "handle": "SliceForLifeee", "id": "telegram:SliceForLifeee", "item_count": 0, "language": "en", "priority": 70, "provenance_note": "Public Telegram channel monitored for cyber and underground alerting.", "rank": 25, "risk_label": "Treat breach/underground claims as unverified until confirmed; link-only or low-context media reposts are filtered unless the post includes breach, leak, scam, threat-actor, or underground-forum context", "role": "fast_alert_sensor", "role_label": "Fast Alert Sensor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "fast-alert sensor", "cyber-context gated", "underground signal" ], "tier": "Tier 3", "title": "Slice For Life", "url": "https://t.me/SliceForLifeee" }, "channel_handle": "SliceForLifeee", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "e3451baa1a44393c", "id": "cluster-e3451baa1a44393c", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-29T20:09:48Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 2, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 200.0, "score_global_percentile": 8.87, "score_source_percentile": 83.78, "source_rank_by_engagement": 7, "stars": 0, "views": 180 }, "english_status": "original_english", "excerpt": "๐Ÿšจ 0day Syndicate has a security check page... /verify.php?id=1&confirm_hash= that tells people not to scrape their information. The funny thing is that the onion url at the bottom of the security check message goes to 0APT which shows the hacked KRYBIT message from earlier this month. Clicking the verify human button...", "fingerprint": "e3451baa1a44393c", "hashtags": [], "id": "sliceforlifeee-1966", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 631, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 54464, "width": 583 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1966", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1966" }, "media_type": "photo", "message_id": 1966, "original_text": "๐Ÿšจ 0day Syndicate has a security check page... /verify.php?id=1&confirm_hash= that tells people not to scrape their information.\n\nThe funny thing is that the onion url at the bottom of the security check message goes to 0APT which shows the hacked KRYBIT message from earlier this month.\n\nClicking the verify human button takes you to 0day Syndicate.\n\nPossible rebrand?\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "provenance_label": "Public Telegram post", "published_at": "2026-05-29T20:09:48Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "fast-alert-sensor", "cyber-context-gated", "underground-signal", "t.me", "exploit" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "SliceForLifeee/1966", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/SliceForLifeee/1966" }, "telegram_url": "https://t.me/SliceForLifeee/1966", "text": "๐Ÿšจ 0day Syndicate has a security check page... /verify.php?id=1&confirm_hash= that tells people not to scrape their information.\n\nThe funny thing is that the onion url at the bottom of the security check message goes to 0APT which shows the hacked KRYBIT message from earlier this month.\n\nClicking the verify human button takes you to 0day Syndicate.\n\nPossible rebrand?\n________________________________________\n\nMain Channel: https://t.me/SliceForLifeee\nBackup Channel: https://t.me/SliceForLifeeee\nWebsite: darkwebinformer.com\nPricing (Includes Crypto): darkwebinformer.com/pricing\nAPI Access: darkwebinformer.com/api-details\nSocials: darkwebinformer.com/socials\nDonations: darkwebinformer.com/donations", "url": "https://news.jeremywhittaker.com/item/sliceforlifeee-1966/", "urls": [ "https://t.me/SliceForLifeee", "https://t.me/SliceForLifeeee" ], "verification_state": "source-attributed" }, { "channel": { "bias_label": "Cybersecurity news perspective", "category": "cyber", "credibility": "Verification anchor", "display_name": "BleepingComputer", "handle": "bleepingcomputer", "id": "telegram:bleepingcomputer", "item_count": 0, "language": "en", "priority": 95, "provenance_note": "Public Telegram feed from a cybersecurity news publisher.", "rank": 11, "risk_label": "Incident claims should be checked against affected-party statements", "role": "verification_anchor", "role_label": "Verification Anchor", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "section_order": 5, "source_labels": [ "verification anchor", "cyber", "incident reporting" ], "tier": "Tier 2", "title": "BleepingComputer", "url": "https://t.me/bleepingcomputer" }, "channel_handle": "bleepingcomputer", "claim_label": "Telegram source claim", "cluster": { "fingerprint": "5365fef5277089bb", "id": "cluster-5365fef5277089bb", "is_burst": false, "label": "Single-source post", "latest_published_at": "2026-05-29T19:10:09Z", "position": 1, "size": 1 }, "edited_at": null, "engagement": { "forwards": 4, "paid_reactions": 0, "reaction_breakdown": {}, "reactions": 0, "replies": 0, "score_absolute": 218.0, "score_global_percentile": 9.14, "score_source_percentile": 18.18, "source_rank_by_engagement": 10, "stars": 0, "views": 178 }, "english_status": "original_english", "excerpt": "ChatGPT share links abused to host fake outage pages to deliver malware Threat actors are abusing ChatGPT's content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. [...]...", "fingerprint": "5365fef5277089bb", "hashtags": [], "id": "bleepingcomputer-24782", "language": "en", "language_display": "English", "language_original": "en", "media": [ { "downloaded": false, "duration": null, "height": 900, "kind": "photo", "mime_type": "image/jpeg", "public_path": null, "reason": "Local media is not mirrored; Telegram-hosted preview is used when the post is public.", "render_as": "unavailable", "size": 238163, "width": 1600 } ], "media_preview": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24782", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24782" }, "media_type": "photo", "message_id": 24782, "original_text": "ChatGPT share links abused to host fake outage pages to deliver malware\n\nThreat actors are abusing ChatGPT's content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. [...]\n\nhttps://www.bleepingcomputer.com/news/security/chatgpt-share-links-abused-to-host-fake-outage-pages-to-deliver-malware/", "provenance_label": "Public Telegram post", "published_at": "2026-05-29T19:10:09Z", "section": "cyber-hacking", "section_label": "Cyber & Hacking", "tags": [ "cyber-hacking", "cyber", "verification-anchor", "incident-reporting", "bleepingcomputer.com", "malware" ], "telegram_embed": { "label": "Telegram-hosted post preview", "post": "bleepingcomputer/24782", "provider": "telegram", "script": "https://telegram.org/js/telegram-widget.js?22", "served_by": "Telegram", "type": "post", "url": "https://t.me/bleepingcomputer/24782" }, "telegram_url": "https://t.me/bleepingcomputer/24782", "text": "ChatGPT share links abused to host fake outage pages to deliver malware\n\nThreat actors are abusing ChatGPT's content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. [...]\n\nhttps://www.bleepingcomputer.com/news/security/chatgpt-share-links-abused-to-host-fake-outage-pages-to-deliver-malware/", "url": "https://news.jeremywhittaker.com/item/bleepingcomputer-24782/", "urls": [ "https://www.bleepingcomputer.com/news/security/chatgpt-share-links-abused-to-host-fake-outage-pages-to-deliver-malware/" ], "verification_state": "source-attributed" } ] }