Daily Dose of Dark Web Informer - April 14th, 2026
Daily dark web threat digest covering breaches, ransomware, and critical infrastructure incidents across multiple
Summary
This is a curated daily threat intelligence digest aggregating multiple breach reports, ransomware claims, and vulnerability disclosures from dark web sources. Key incidents include alleged breaches of France's national ID agency (18M records), Venezuelan critical infrastructure SCADA compromise, Mexican telecom credentials exposure, and multiple ransomware group listings. The digest also covers CVE disclosures, iOS exploit kits, and various data dumps from government and commercial entities globally.
Full text
Dark Web Informer — Daily Threat Intelligence Digest 🔑 API Access Available High-volume threat intelligence, ransomware data, IOC exports, and comprehensive feed access for security teams and researchers. Explore API → 🔁 Follow across all official platforms — darkwebinformer.com/socials 🔥 Advertising Opportunities Reach a highly engaged audience of 75,300+ unique users monthly and growing. View details 75.3k Unique Visitors 154.1k Pageviews Last 30 days as of Mar 30, 2026. Next update Apr 30th. 🔒 Unlock Premium Intelligence Real-time breach tracking, expert analysis, high-resolution evidence, unredacted feeds, and 5,100+ blog posts. View all plans and features on the pricing page. View Plans & Subscribe → 📌 Legend 📰Law Enforcement — LEA updates, investigations ⚠️Dark Web Notices — forums, markets, announcements ❗️Urgent Threats — breaches, ransomware, vulnerabilities 💡Insights & Tools — guides, OSINT, learning resources 🔒Subscribers Only — X/Twitter subscribe 🧾 Today's Intelligence Threat Intelligence ❗️ Moroccan Biomedical School SUPTECH SANTE Breached, 231 Student Dossiers With National IDs, Diplomas, and ID Card Photos Exposed FREE ❗️ France's National ID Agency ANTS Allegedly Breached, 18 Million Citizen Records With Government-Verified Identities Listed for Sale FREE X/Twitter Updates ❗️ The IRGC (Islamic Revolutionary Guard Corps) surveillance system and Iranian police database have allegedly been leaked and posted for free download on a popular cybercrime forum. ❗️ MAJOR CLAIM: Threat actors claim to have achieved total persistence within Venezuela's National Electric System (SEN) operated by CORPOELEC, seizing direct SCADA control over critical infrastructure. ❗️ A dump of emails and passwords associated with Farmacias del Ahorro MX, one of Mexico's largest pharmacy chains, has allegedly been leaked on a popular cybercrime forum. ❗️ The ransomware group "TheGentlemen" has listed an unnamed major global manufacturer on their leak site. ❗️ The personal data of 598,154 members of the Logis Hotels ETIK loyalty program, covering bookings from 2012 to 2026, is allegedly being sold on a popular cybercrime forum. ❗️ A credential dump from Telmex MX, Mexico's largest telecommunications company, has allegedly been leaked on a popular cybercrime forum. ❗️ The dataset of the Spanish Wind Energy Association (AEE / Asociacion Empresarial Eolica), the voice of Spain's wind energy sector, has allegedly been leaked on a popular cybercrime forum. ❗️ Approximately 25 million documents have allegedly been exfiltrated from the infrastructure of the Corporate Affairs Commission (CAC) of Nigeria, the government agency responsible for company registrations. ❗️ Threat actor jza1337 claims to possess a Zadig & Voltaire customer database containing over 500,000 records with first name, last name, email, and gender information. 💡 Facts. Your PGP key is literally like having a Passport or any other sensitive ID, so keep it safe and stop sharing with others. ❗️ CVE-2025-58434 and CVE-2025-59528: Flowise Dual CVE PoC ❗️ An iOS exploit and C2 integrated attack panel called "iExploit Lab v1.0" is being advertised on a popular cybercrime forum, targeting iOS 13 through iOS 17.2.1 for $15,000. ❗️ McGraw-Hill confirmed to BleepingComputer a data breach, following an extortion threat ❗️ DarkForums now offers a free XMPP chat server for the DF community powered by darknet[.]im. 💡 Has anyone confirmed this? ❗️ .@telegram continues to host a sanctioned crypto laundering marketplace worth billions despite UK sanctions and repeated bans, Xinbi Guarantee keeps resurfacing on the messaging platform, raising hard questions about Telegram's willingness to police its own ecosystem. ❗️ Threat actor ekko2k is actively purchasing Brazilian digital assets and infrastructure access including shells, cPanel accounts, and employee credentials, with particular interest in e-commerce and payment systems on a popular Russian forum. ❗️ CVE-2025-2563: The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges ❗️ The customer and orders database of SpecProm, a Ukrainian military equipment shop, is allegedly being sold on a popular cybercrime forum. 💡 Fortinet vulns scanner... 💡 I updated with some bug fixes and improved the alert notifications with more options. Assuming that goes well this new News feed will go out to all paid subscribers Thursday.
Indicators of Compromise
- cve — CVE-2025-58434
- cve — CVE-2025-59528
- cve — CVE-2025-2563
- malware — iExploit Lab v1.0