Daily Dose of Dark Web Informer - April 27th, 2026
Dark Web Informer daily digest reports multiple breaches across government, healthcare, and commercial entities
Summary
This daily threat intelligence digest aggregates multiple alleged data breaches and cyber incidents reported on dark web forums and criminal marketplaces, affecting organizations in Norway, Canada, Guatemala, Portugal, Uganda, Mexico, France, Iraq, and the US. Incidents include government agencies (Ministry of Labor Guatemala, CTT Portugal, MAAIF Uganda), educational institutions (University of Kerbala, USAC Guatemala, Universidad Rafael Landívar), healthcare providers (Choice Health Insurance, claims affecting Humana, United Healthcare, Anthem), and commercial entities (TotalEnergies, eBay Japan/US, Checkmarx). The digest also reports exploitation toolkit sales (React2Shell) and cryptocurrency wallet monitoring alerts.
Full text
Dark Web Informer — Daily Threat Intelligence Digest 🔑 API Access Available High-volume threat intelligence, ransomware data, IOC exports, and comprehensive feed access for security teams and researchers. Explore API → 🔁 Follow across all official platforms — darkwebinformer.com/socials 🔥 Advertising Opportunities Reach a highly engaged audience of 75,300+ unique users monthly and growing. View details 75.3k Unique Visitors 154.1k Pageviews Last 30 days as of Mar 30, 2026. Next update Apr 30th. 🔒 Unlock Premium Intelligence Real-time breach tracking, expert analysis, high-resolution evidence, unredacted feeds, and 5,100+ blog posts. View all plans and features on the pricing page. View Plans & Subscribe → 📌 Legend 📰Law Enforcement — LEA updates, investigations ⚠️Dark Web Notices — forums, markets, announcements ❗️Urgent Threats — breaches, ransomware, vulnerabilities 💡Insights & Tools — guides, OSINT, learning resources 🔒Subscribers Only — X/Twitter subscribe 🧾 Today's Intelligence Threat Intelligence ❗️ Den kulturelle skolesekken (DKS) Database Breached: 1,389,534 Records Exposed from Norway's National Cultural-Schoolbag Programme FREE ❗️ LCBO (Liquor Control Board of Ontario) Database Breached: 165,840 Customer Records Exposed from Ontario's Crown Corporation FREE X/Twitter Updates ❗️ The Ministerio de Trabajo y Previsión Social (Ministry of Labor and Social Welfare of Guatemala) has allegedly been breached, with 200,000+ user records and 40 GB of resume PDFs up for sale on a popular cybercrime forum. ❗️ CTT (Correios de Portugal), Portugal's national postal carrier, has allegedly been breached, with customer data and internal infrastructure details from its Locky smart parcel locker network leaked on a popular cybercrime forum. ❗️ Uganda's Ministry of Agriculture, Animal Industry and Fisheries (MAAIF) has allegedly been breached, with its E-Extension System database leaked on a popular cybercrime forum. ❗️ Bordeaux Métropole's tourist tax (taxe de séjour) system has allegedly been breached, with a partial database covering 11,000 accommodations leaked on a popular cybercrime forum. 💡 Telegram scraper script will have a viewer you can use sometime on Friday. It will be uploaded to the same repo at: https://github.com/DarkWebInformer/telegram-scraper ❗️ Choice Health Insurance has allegedly been breached, with 2.1 million client and patient records leaked on a popular cybercrime forum. The actor claims the leak also affects other major U.S. healthcare providers including Humana, United Healthcare, Anthem, WellCare, and ❗️ The University of Kerbala (http://uokerbala.edu.iq), an Iraqi public university, has allegedly been breached, with G Suite user data leaked on a popular cybercrime forum. ❗️ 1/2 The Oyo State Ministry of Trade, Industry, Investment and Cooperatives (oyostatecommerce) has allegedly been breached, with 275,000 commerce identity card images leaked on a popular cybercrime forum for free. ❗️ 313 Team is claiming a DDoS attack on eBay Japan and eBay US ❗️ https://x.com/DarkWebInformer/status/2048822956164296967?s=20 ❗️ TotalEnergies, a major French energy company that produces and sells oil, gas, and renewable energy, has allegedly been breached, with 79,000 customer records up for sale on a popular cybercrime forum. ❗️ Checkmarx confirms GitHub repository data posted... ❗️ The University of San Carlos of Guatemala (USAC) has allegedly been breached, with employee financial information from its SIIF system leaked on a popular cybercrime forum. 💡 Arkham script is monitoring over 1,000 cybercrime wallets and Government wallets. The alert threshold is anything over $1,000,000 USD. Alerts will come to the main TG channel. https://t.me/SliceForLifeee ❗️ Universidad Rafael Landívar, a Jesuit university in Guatemala, has allegedly been breached, with 84,620 photos of students and professors leaked on a popular cybercrime forum. ❗️ A threat actor is allegedly selling a React2Shell exploitation toolkit on a popular cybercrime forum, pitched as a way to mass-scan, exploit, and dump databases from vulnerable React-based servers. ❗️ A threat actor is allegedly selling a full backup of an unnamed crypto B2B affiliate company on a popular cybercrime forum, containing 46 separate product databases tied to crypto, NFT, and AI agent platforms. Pricing starts at $30,000. ❗️ The MORENA political movement in Tabasco, Mexico has allegedly been breached, with founder records and ID images leaked on a popular cybercrime forum. 💡 This is the only way.
Indicators of Compromise
- url — https://github.com/DarkWebInformer/telegram-scraper
- url — http://uokerbala.edu.iq
- url — https://t.me/SliceForLifeee
- malware — React2Shell