Daily Dose of Dark Web Informer - April 7th, 2026
Daily dark web threat intelligence digest covering breaches, CVEs, and threat actor activity.
Summary
The Dark Web Informer publishes a daily threat intelligence digest summarizing recent breaches, vulnerabilities, and cybercriminal activity. Notable items include breaches affecting KBank Vietnam (10.1M records), Colombian government entities, and compromised accounts from Coinbase, Robinhood, and Hisense. Multiple CVEs are cited including FortiClient EMS pre-auth bypass and Linux kernel vulnerabilities.
Full text
Dark Web Informer — Daily Threat Intelligence Digest 🔑 API Access Available High-volume threat intelligence, ransomware data, IOC exports, and comprehensive feed access for security teams and researchers. Explore API → 🔁 Follow across all official platforms — darkwebinformer.com/socials 🔥 Advertising Opportunities Reach a highly engaged audience of 75,300+ unique users monthly and growing. View details 75.3k Unique Visitors 154.1k Pageviews Last 30 days as of Mar 30, 2026. Next update Apr 30th. 🔒 Unlock Premium Intelligence Real-time breach tracking, expert analysis, high-resolution evidence, unredacted feeds, and 5,100+ blog posts. View all plans and features on the pricing page. View Plans & Subscribe → 📌 Legend 📰Law Enforcement — LEA updates, investigations ⚠️Dark Web Notices — forums, markets, announcements ❗️Urgent Threats — breaches, ransomware, vulnerabilities 💡Insights & Tools — guides, OSINT, learning resources 🔒Subscribers Only — X/Twitter subscribe 🧾 Today's Intelligence Threat Intelligence ❗️ Alleged Breach of KBank Vietnam Exposes 10.1 Million Credit Registration Records With National IDs, Salaries, Credit Scores, and Employer Details FREE ❗️ CVE-2026-35616: FortiClient EMS Pre-Auth API Bypass Under Active Exploitation FREE ❗️ Alleged Breach of Colombia's Huila Department Government Extranet Exposes Officer Data, Municipal Offices, and Government Operations Across 8 Municipalities FREE ❗️ Threat Actor Selling Root RCE Shell Access to Botswana Government Health Portal Firewall for $300 FREE ❗️ Threat Actor Selling 1.2 Million French FICOBA Banking Leads With IBANs, SSNs, and Tax IDs From 15+ Banks FREE X/Twitter Updates ❗️ Forum IP Leak: ascarding[.]net ❗️ The internal and confidential databases of Banco Agrario de Colombia, a state-owned Colombian bank, have allegedly been leaked on a popular cybercrime forum. ❗️ Threat actor Lvn4t1k0 allegedly leaked personal data from CONALEP Morelos including teacher information (RFC, CURP, Gmail, passwords, usernames, full names) and student credentials. ❗️ A threat actor claims to possess over 609,000 email records from Hisense USA obtained through various registration forms including TV QR code registration, product registration, and customer support forms. ❗️ A threat actor claims to have obtained databases from Plan Ceibal, a Uruguayan government technology agency, affecting 1.2 million users of the CREA social network and 1 million citizens device assignment records. ❗️ Threat actor JINKUSU advertises OMNITRIX IMAP service offering email account monitoring, attachment interception, IBAN replacement in documents, and email editing capabilities via IMAP access. ❗️ Threat actor McLovin is selling a database containing 810 million Chinese shopping delivery addresses for $1000. ❗️ Threat actor OnarDev is allegedly selling a dataset containing personal information of 2 million Coinbase users for $500 USD. ❗️ Threat actor McLovin is allegedly selling a database containing 4.6 million Robinhood Gold membership records for $3,190. ❗️ NyxarGroup and collaborators are allegedly selling personal information from Colombian government websites saul.cali.gov.co and sider.cali.gov.co. 💡 This Hacker (IntelBroker) Kept Embarrassing the FBI ❗️ The FBI has released a joint Cybersecurity Advisory on Iranian-Affiliated cyber actors exploiting programmable logic controllers across US critical infrastructure. 💡 Tor Browser 15.0.9 has been released, update if you haven't already done so. ❗️ CVE-2026-23398: Linux Kernel ICMP DoS Vulnerability ❗️ CVE-2026-28286: ZimaOS Privilege Escalation Vulnerability 💡 DOJ Disrupts Russian Military Intelligence DNS Hijacking Operation Through Court Order
Indicators of Compromise
- domain — ascarding.net
- cve — CVE-2026-35616
- cve — CVE-2026-23398
- cve — CVE-2026-28286
- malware — OMNITRIX IMAP