Daily Dose of Dark Web Informer - March 26th, 2026

Summary

This daily threat intelligence digest aggregates multiple cybersecurity incidents including alleged data leaks affecting educational institutions, nonprofits, automotive firms, financial entities, and government operations. Notable incidents include Handala Hack's claimed breach of FBI systems and Interlock Ransomware's attack on Goodwill Industries; a Brazilian debt collection platform exposure of 2.3M records; and sale of compromised credentials and access vectors across dark web forums.

Full text

Dark Web Informer — Daily Threat Intelligence Digest 🔑 API Access Available High-volume threat intelligence, ransomware data, IOC exports, and comprehensive feed access for security teams and researchers. Explore API → 🔁 Follow across all official platforms — darkwebinformer.com/socials 🔥 Advertising Opportunities Reach a highly engaged audience of 35,800+ unique users monthly and growing. View details 35.8k Unique Visitors 89.3k Pageviews Last 30 days as of Mar 2, 2026. Next update Mar 31st. 🔒 Unlock Premium Intelligence Real-time breach tracking, expert analysis, high-resolution evidence, unredacted feeds, and 5,100+ blog posts. View all plans and features on the pricing page. View Plans & Subscribe → 💚 Support Dark Web Informer Contributions help continue monitoring threats and keeping the community informed. 🟠 MoneroXMR 89Z68A33B9sNRf941f5GczU4ZzarTQsWn6dyMVUbo6mk2zYEamh9hALH1odMiVZfynKhjKPS58ASAfDyFdTW9o29Mwf4ArZ Copied 🟡 BitcoinBTC bc1qvs4pfwascp2uln90g3e3l4agnhnjrdn2t578we Copied 🔷 EthereumETH / ERC-20 / USDT 0xbA6bCf2BF50F9789504401AFbf19E8c2CCaa773D Copied Click address to copy · ETH address accepts USDT, USDC, and other ERC-20 tokens 📌 Legend 📰Law Enforcement — LEA updates, investigations ⚠️Dark Web Notices — forums, markets, announcements ❗️Urgent Threats — breaches, ransomware, vulnerabilities 💡Insights & Tools — guides, OSINT, learning resources 🔒Subscribers Only — X/Twitter subscribe 🧾 Today's Intelligence ❗️ Alleged Data Leak of Rouzbeh Educational Complex Exposes 202,383 Records Including Student and Employee Social Security Numbers, Passwords, and National IDs FREE 📰 Dark Web Drug Ring Busted in Fulton County: Four Arrested in Rochester Investigation FREE X/Twitter Updates DWI Intel Feed ❗️ The hacktivist group Handala Hack has followed through on their earlier threat, launching what they call a new phase of "Operation Lockheed Martin" via their Telegram channel and website. ❗️ Interlock Ransomware has listed Goodwill Industries of North Central Pennsylvania (goodwillinc.org) on their leak site, publishing a full data dump of the nonprofit organization that provides employment across 15 counties in Pennsylvania and one county in New York. 💡 New BreachForums clone. ❗️ A post on a popular cybercrime forum is selling a massive data package from BMW Group, including internal documents, access vectors, and data from dozens of other automotive brands exposed through BMW's infrastructure. ❗️ A post on a popular cybercrime forum is selling Spanish IBAN banking data containing 14 million records. 🔒 X Subscribers Only ❗️ A post on a popular cybercrime forum claims to be sharing U.S. Air Force Air Mobility Command operations logs related to Operation Lions Roar / Epic Fury 2026. 🔒 X Subscribers Only 💡 Spear forum, you have several IPs leaking, I would suggest changing them. ❗️ Personal data of 447,445 members of the Fédération Française de Voile (French Sailing Federation) is allegedly being sold on a popular cybercrime forum. 🔒 X Subscribers Only 💡 A utility tool called "Logs Guru v1.4" is being advertised on a popular cybercrime forum, designed for processing and managing stolen credential logs at scale. Written in Rust, it claims to support terabyte-sized text files. ❗️ Handala Hack, the hacktivist group behind the mass data Intune wipe of the company Stryker and the data leak of senior employees of Lockheed Martin, is now claiming a security breach of the FBI. ❗️ A dataset allegedly containing 2.3 million unique user records from adiplix.com.br, a Brazilian debt collection management platform, is being sold on a popular cybercrime forum. ❗️ Firewall access to an Asian oil company based in Laos with an estimated revenue of $7 million is claimed to be for sale on a popular cybercrime forum. ❗️ Internal and confidential documents from Nu Bank via EmergiaCC Conalcreditos Colombia are allegedly being sold on a popular cybercrime forum, posted in collaboration with NyxarGroup. 🔒 X Subscribers Only ❗️ Threat actor hexvior is allegedly selling 1,000 USA personal identity records containing full names, emails, phone numbers, addresses, dates of birth, Social Security numbers, driver license information, and cashout amounts for $0.40 each. 💡 When Hackers Get Fedded ❗️ The database of Banco Agropecuario Peru has allegedly been leaked on a popular cybercrime forum. ❗️ The database of ProCamps, a U.S.-based sports event management and marketing company specializing in professional athlete experiences, is allegedly being sold on a popular cybercrime forum.

Indicators of Compromise

• malware — Interlock Ransomware
• malware — Handala Hack
• malware — NyxarGroup
• malware — hexvior
• domain — goodwillinc.org
• domain — adiplix.com.br
• malware — Logs Guru v1.4