Daily Dose of Dark Web Informer - March 18th, 2026
Dark Web Informer's daily digest aggregates multiple active threats including alleged breaches of government databases (Tanzania BRELA, Bangladesh/India exporters), credential sales for law enforcement portals, a critical Electron misconfiguration in Session Desktop, and CVE-2026-21236 affecting Windows. The digest reports on ransomware-as-a-service offerings, stolen API access auctions, and claims of Iranian nuclear facility compromise.
Summary
Dark Web Informer's daily digest aggregates multiple active threats including alleged breaches of government databases (Tanzania BRELA, Bangladesh/India exporters), credential sales for law enforcement portals, a critical Electron misconfiguration in Session Desktop, and CVE-2026-21236 affecting Windows. The digest reports on ransomware-as-a-service offerings, stolen API access auctions, and claims of Iranian nuclear facility compromise.
Full text
Dark Web Informer — Daily Threat Intelligence Digest 🔑 API Access Available High-volume threat intelligence, ransomware data, IOC exports, and comprehensive feed access for security teams and researchers. Explore API → 🔁 Follow across all official platforms — darkwebinformer.com/socials 🔥 Advertising Opportunities Reach a highly engaged audience of 35,800+ unique users monthly and growing. View details 35.8k Unique Visitors 89.3k Pageviews Last 30 days as of Mar 2, 2026. Next update Mar 31st. 🔒 Unlock Premium Intelligence Real-time breach tracking, expert analysis, high-resolution evidence, unredacted feeds, and 5,100+ blog posts. View all plans and features on the pricing page. View Plans & Subscribe → 💚 Support Dark Web Informer Contributions help continue monitoring threats and keeping the community informed. 🟠 MoneroXMR 89Z68A33B9sNRf941f5GczU4ZzarTQsWn6dyMVUbo6mk2zYEamh9hALH1odMiVZfynKhjKPS58ASAfDyFdTW9o29Mwf4ArZ Copied 🟡 BitcoinBTC bc1qvs4pfwascp2uln90g3e3l4agnhnjrdn2t578we Copied 🔷 EthereumETH / ERC-20 / USDT 0xbA6bCf2BF50F9789504401AFbf19E8c2CCaa773D Copied Click address to copy · ETH address accepts USDT, USDC, and other ERC-20 tokens 📌 Legend 📰Law Enforcement — LEA updates, investigations ⚠️Dark Web Notices — forums, markets, announcements ❗️Urgent Threats — breaches, ransomware, vulnerabilities 💡Insights & Tools — guides, OSINT, learning resources 🔒Subscribers Only — X/Twitter subscribe 🧾 Today's Intelligence Website Posts ❗️ Partial Leak of Knownsec Corporate Documents Resurfaces With Espionage Tradecraft, Offensive Cyber Tools, and Global Targeting Evidence FREE ❗️ Alleged Breach of Daryn Online Exposes 4 Million User Records From Kazakhstan's Largest Education Platform FREE ❗️ Sector Drainer Advertised as Crypto Wallet Drainer-as-a-Service With 0-Day Phantom Bypass, Hidden Drain, and Autowithdraw Capabilities FREE ❗️ Alleged Breach of Tanzania's BRELA Government Database Exposes 10.2 Million Records Including 8 Million Individuals FREE 📰 Metropolitan Police Seize Dark Web Drug Marketplace With Nearly £2 Million in Annual Sales FREE X/Twitter Updates DWI Intel Feed ❗️ A threat actor claiming affiliation with "Team CyberCrime Indonesia" has allegedly leaked data on Bangladesh and India garment exporters for free. 💡 Community Alert: Security researcher Ryan Moran has published a writeup on Session for Desktop (@session_app) detailing a critical Electron misconfiguration that escalates any XSS or code injection bug into a full remote account compromise. ❗️ A threat actor is auctioning Shopify API access to a Canadian e-commerce store processing approximately 1,213 weekly orders. The listing includes API privileges. ❗️ A threat actor is allegedly selling Iraqi electoral register databases for citizens aged 18 and above, with multiple versions available spanning several years. ❗️ A threat actor is allegedly selling scraped data from the Fédération Française de Rugby (French Rugby Federation) spanning 2003 to 2026. ❗️ A threat actor claims to have conducted a large-scale breach targeting the surveillance and data systems of an unnamed Iranian nuclear facility, classified as "Top Secret." 💡 Cybersecurity and Infrastructure Security Agency (CISA) has just purchased the domain name "aliens.gov" ❗️ A threat actor is selling government and police email access along with law enforcement portal credentials for Emergency Data Requests (EDRs) across multiple countries. ❗️ A threat actor claims to be selling a database from Credit Institute Vietnam containing 100 million records with customer personal and financial information including names, phone numbers, emails, dates of birth, tax codes, credit card numbers, and account balances. ❗️ CVE-2026-21236: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability 💡 CISA has added 2 vulnerabilities to the KEV Catalog 💡 One change is coming this weekend and another in the coming week. I will be removing the Pro/Elite feed. ❗️ A threat actor has allegedly leaked the database of Remote3.co, a popular crypto work finder platform, exposing over 46,000 unique users.
Indicators of Compromise
- cve — CVE-2026-21236
- malware — Sector Drainer
- malware — Session Desktop Electron Misconfiguration