Daily Dose of Dark Web Informer - April 20th, 2026

Summary

This daily threat intelligence digest aggregates recent dark web activity, including major data breaches affecting Nigerian bankers, Egyptian investors, Mexican emergency services, Israeli security institute, and Malaysian Agoda users. The report also documents ransomware claims against financial institutions and healthcare providers, plus the guilty plea of a Scattered Spider member involved in wire fraud and identity theft.

Full text

Dark Web Informer — Daily Threat Intelligence Digest 🔑 API Access Available High-volume threat intelligence, ransomware data, IOC exports, and comprehensive feed access for security teams and researchers. Explore API → 🔁 Follow across all official platforms — darkwebinformer.com/socials 🔥 Advertising Opportunities Reach a highly engaged audience of 75,300+ unique users monthly and growing. View details 75.3k Unique Visitors 154.1k Pageviews Last 30 days as of Mar 30, 2026. Next update Apr 30th. 🔒 Unlock Premium Intelligence Real-time breach tracking, expert analysis, high-resolution evidence, unredacted feeds, and 5,100+ blog posts. View all plans and features on the pricing page. View Plans & Subscribe → 📌 Legend 📰Law Enforcement — LEA updates, investigations ⚠️Dark Web Notices — forums, markets, announcements ❗️Urgent Threats — breaches, ransomware, vulnerabilities 💡Insights & Tools — guides, OSINT, learning resources 🔒Subscribers Only — X/Twitter subscribe 🧾 Today's Intelligence Threat Intelligence ❗️ Chartered Institute of Bankers of Nigeria (CIBN) Database Breached: 250GB Including Member PII, Source Code, and ID Documents Leaked FREE ❗️ Taiseer (taiseer.co) Database Breached: Threat Actor Sorb Offering PII of Egyptian Gold Investors for Sale FREE X/Twitter Updates ❗️ SSEDOMEX (Secretaría de Seguridad del Estado de México), the public security ministry of Mexico's most populous state, has allegedly had a decade of 911 and 089 emergency call records put up for sale on a popular cybercrime forum at $1,200 USD. ❗️ Emaar Properties and Select Group, two major Dubai based real estate developers, have allegedly had owner and rental information from their servers put up for sale on a popular cybercrime forum at $8,000 USD for both datasets combined. ❗️ INSS (Institute for National Security Studies), Israel's leading national security think tank, affiliated with Tel Aviv University, has allegedly suffered an unauthorized access of its internal research environment, with a claimed 15.92 TB archive put up for sale on a ❗️ Agoda (http://agoda.com), a Booking Holdings owned travel platform, has allegedly had 82 million customer records associated with Malaysian users put up for sale on a popular cybercrime forum. ❗️ The Gobernación del Valle del Cauca (Colombia), specifically the SAR (Sistema Administrador de Recaudo Departamental) server at http://serveriissar.valledelcauca.gov.co, has allegedly suffered an unauthorized access, with the data put up for sale on a popular cybercrime forum at $500 USD. ❗️ Vercel Breach Traced to Suspected February Infostealer Infection at Context.ai ❗️ A threat actor identified as SCTH is allegedly selling a database purportedly belonging to SGK Türkiye (Turkish Social Security Institution) containing over 20 million records. ❗️ Lovable has allegedly been breached, all the details. ❗️ Scattered Spider member, Tyler Robert Buchanan, 24, of Dundee, Scotland, pleaded guilty to one count of conspiracy to commit wire fraud and one count of aggravated identity theft. ❗️ Citizens Bank has been claimed a victim to Everest Ransomware ❗️ Frost Bank has been claimed a victim to Everest Ransomware ❗️ Cooperativa de Hospitales de Antioquia - COHAN has been claimed a victim to Qilin Ransomware ❗️ Qilin Ransomware Claims 4 companies below as victims: 💡 BlueSky's Status page has been suspended by UptimeRobot.

Indicators of Compromise

• domain — taiseer.co
• url — http://serveriissar.valledelcauca.gov.co
• url — http://agoda.com
• malware — Everest Ransomware
• malware — Qilin Ransomware

Entities