Daily Dose of Dark Web Informer - March 27th, 2026
Dark Web Informer daily digest reports Handala Hack breaches at Lockheed Martin and Stryker, FBI Director compromise,
Summary
The Dark Web Informer daily threat intelligence digest for March 27, 2026 reports multiple significant security incidents including hacktivist group Handala Hack's claims of breaching Lockheed Martin, a 200,000-user Intune wipe at Stryker, and the compromise of FBI Director Kash Patel's email with leaked personal documents. Additional incidents include a major breach at Colombia's national health authority (Supersalud), alleged POS system compromises across US chain stores, and data leaks from various organizations including University of Georgia, C&A Modas, Sheraton Hotels, and healthcare provider Bienestar.org.
Full text
Dark Web Informer β Daily Threat Intelligence Digest π API Access Available High-volume threat intelligence, ransomware data, IOC exports, and comprehensive feed access for security teams and researchers. Explore API β π Follow across all official platforms β darkwebinformer.com/socials π₯ Advertising Opportunities Reach a highly engaged audience of 35,800+ unique users monthly and growing. View details 35.8k Unique Visitors 89.3k Pageviews Last 30 days as of Mar 2, 2026. Next update Mar 31st. π Unlock Premium Intelligence Real-time breach tracking, expert analysis, high-resolution evidence, unredacted feeds, and 5,100+ blog posts. View all plans and features on the pricing page. View Plans & Subscribe β π Support Dark Web Informer Contributions help continue monitoring threats and keeping the community informed. π MoneroXMR 89Z68A33B9sNRf941f5GczU4ZzarTQsWn6dyMVUbo6mk2zYEamh9hALH1odMiVZfynKhjKPS58ASAfDyFdTW9o29Mwf4ArZ Copied π‘ BitcoinBTC bc1qvs4pfwascp2uln90g3e3l4agnhnjrdn2t578we Copied π· EthereumETH / ERC-20 / USDT 0xbA6bCf2BF50F9789504401AFbf19E8c2CCaa773D Copied Click address to copy Β· ETH address accepts USDT, USDC, and other ERC-20 tokens π Legend π°Law Enforcement β LEA updates, investigations β οΈDark Web Notices β forums, markets, announcements βοΈUrgent Threats β breaches, ransomware, vulnerabilities π‘Insights & Tools β guides, OSINT, learning resources πSubscribers Only β X/Twitter subscribe π§Ύ Today's Intelligence Threat Intelligence βοΈ SnowTeam Launches Leak Bazaar, a Corporate Data Exchange With ML-Powered Dump Analysis, DBMS Reverse Engineering, and Ransomware Negotiation Support FREE π° CareCloud, Inc. Has Filed Form 8-K Due to a Cybersecurity Incident FREE X/Twitter Updates π‘ Caine, the current owner of BreachForums, sent the following email out... βοΈ 1/3 Handala Hack, the hacktivist group behind the data leak of senior engineers at Lockheed Martin and the 200,000-user Intune wipe of Stryker, has released personal photos and a document of current FBI Director Kash Patel on their public website and public Telegram channel. βοΈ BreachForums mod team has retired and Caine claims he was scammed out of $5,000 by Loki. βοΈ Reuters has confirmed FBI Director Kash Patel's email was indeed hacked. βοΈ A massive breach of the Superintendencia Nacional de Salud de Colombia (Supersalud), Colombia's national health oversight authority, is being leaked on a popular cybercrime forum. This is labeled as "Package 1" with more threatened to follow. βοΈ Handala Hack is currently claiming a breach of a widespread disruption in point-of-sale systems across chain stores throughout the United States. No other details were provided by the group. βοΈ The group ShadowByt3$ claims to have breached the University of Georgia, stealing approximately 3.2 MB of employee data in raw text files. No customer data was reportedly affected. π‘ BreachForums drama and FBI Director drama all in one day... βοΈ The Mexico dataset of C&A Modas, the international fashion retailer, has allegedly been leaked and made available for download on a popular cybercrime forum. βοΈ A database allegedly belonging to the Instituto TecnolΓ³gico Superior de Irapuato, a Mexican higher education institution, has been leaked on a popular cybercrime forum. π X Subscribers Only βοΈ The Dutch National Police have issued a press release stating they were targeted of a successful phishing attack, discovered it quickly, and immediately closed access. π X Subscribers Only βοΈ A database allegedly containing 318,000 user records from Bienestar.org, a healthcare organization serving the Latino Gay Community with HIV/AIDS treatment, sexual health, mental health, substance abuse counseling, and medication-assisted treatment since 1989, is being sold on a popular cybercrime forum. βοΈ Source code from multiple UAE websites has allegedly been leaked on a popular cybercrime forum, including exposed repositories and projects. βοΈ A threat actor claims to be selling admin access to an unidentified retail company from the UAE. π‘ A high-ranking forum moderator is publicly seeking to buy any data or access from active or defunct BreachForums clones, claiming the goal is to "put an end to these clones." π‘ I don't have much more to add to this tool to be honest. I'm just running some tests and need to create a Readme on GitHub. The only addition since this past update is it will provide a HTML file from the rolling updates you've done for that particular keyword. βοΈ Access to over 30 Claro Cloud user websites is allegedly being offered on a popular cybercrime forum, with claims that the telecom giant's cloud platform has severe security flaws allowing malicious code uploads and website infections. π X Subscribers Only π X Subscribers Only βοΈ Handala Hack claims "Tonight, your sons will deliver a surprise in a joint cyber-missile operation. Do not forget the recitation of Surah al-Fath." π‘ Just a FYI, you may see duplicate posts on the threat feed for the next 48 hours or so. It will be minimal, it's to provide better screenshots on the feed in the coming days/week. Ignore them unless you see them published on different claim sites. π‘ New infostealer. π X Subscribers Only βοΈ Sheraton Hotels and Resorts, the American international hotel chain owned by Marriott International, has allegedly been listed on a ransomware leak site with its status marked as "Disclosed." βοΈ Handala Hack's website is currently offline. Their previous website was seized by the FBI last week. It's possible that a new seizure could be taking place, but that is just my opinion for now. Nothing from the feds or Handala at this time. My FBI Watchdog script detected a change. π‘ A new Android Remote Administration Tool (RAT) called "Darkweb" is being sold on a popular cybercrime forum, marketed as "the most powerful" Android hacking tool available. π X Subscribers Only π‘ You guys had a chance in December. That chance is long gone now. π‘ Spear, I don't know if this a new forum IP being used or what, it wasn't there yesterday. Regardless, your IP is leaking, again. βοΈ The new admin of the BreachForums clone, Caine, just had his account hacked by Spear Forum; spear[.]cx.
Indicators of Compromise
- malware β Darkweb RAT