Daily Dose of Dark Web Informer - May 21st, 2026
Dark Web Informer reports on data leaks, ransomware victims, and a VPN used for malicious activity.
Summary
The Dark Web Informer's daily digest highlights several security incidents, including alleged data exposures from Happipad, Kuwait Central Statistical Bureau, and Almerys. It also notes new victims claimed by BrainCipher, Payload, Qilin, and The Gentlemen ransomware groups. The FBI issued warnings about First VPN Service being used by ransomware groups and the emergence of the Kali365 Phishing-as-a-Service platform.
Full text
Dark Web Informer β Daily Threat Intelligence Digest π API Access Available High-volume threat intelligence, ransomware data, IOC exports, and comprehensive feed access for security teams and researchers. Explore API β π Follow across all official platforms β darkwebinformer.com/socials π₯ Advertising Opportunities Reach a highly engaged audience. View details 56.2k Unique Visitors 122.1k Pageviews Last 30 days as of May 11, 2026. Next update June 11th. π Unlock Premium Intelligence Real-time breach tracking, expert analysis, high-resolution evidence, unredacted feeds, and 5,100+ blog posts. View all plans and features on the pricing page. View Plans & Subscribe β π Legend π°Law Enforcement β LEA updates, investigations β οΈDark Web Notices β forums, markets, announcements βοΈUrgent Threats β breaches, ransomware, vulnerabilities π‘Insights & Tools β guides, OSINT, learning resources π§Ύ Today's Intelligence Threat Intelligence βοΈ Mexican Citizenship Document Service Advertised on Underground Forum FREE βοΈ ATOA Allegedly Exposed: 23,685 Fintech Records and 326 KYC Document Archives FREE X/Twitter Updates βοΈ π¨π¦ Happipad | Alleged Customer Database Exposure βοΈ Yikes π‘ CVE Lite CLI: Vulnerability scanning that belongs in your terminal, not your CI pipeline. Scan your lockfile, get copy-and-run fix commands, and ship clean code. βοΈ π°πΌ Kuwait Central Statistical Bureau | Alleged Citizen Database Leak βοΈ CVE-2026-0300: PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID Authentication Portal βοΈ π¦πΊ The Shepparton Adviser, the largest circulating and privately-owned free newspaper in the Goulburn and Murray Valley regions of Victoria, Australia has been claimed a victim to BrainCipher Ransomware βοΈ The Gentlemen Ransomware Claims 3 New Victims βοΈ Payload Ransomware Claims 4 New Victims βοΈ The FBI has issued a FLASH advisory warning that ransomware groups are using First VPN Service to conduct network reconnaissance and carry out computer intrusions. Promoted on criminal forums, First VPN is reportedly leveraged to support botnets, DDoS attacks, hacking operations, βοΈ Qilin Ransomware Claims 2 New Victims βοΈ Multiple users are reporting that Kash Patelβs apparel site is serving a ClickFix-style malware lure. βοΈ π«π· Almerys | Alleged Dataset Exposure βοΈ The FBI has issued a Public Service Announcement warning about Kali365, an emerging Phishing-as-a-Service platform first observed in April 2026.
Indicators of Compromise
- cve β CVE-2026-0300
- malware β BrainCipher Ransomware
- malware β Payload Ransomware
- malware β Qilin Ransomware
- malware β The Gentlemen Ransomware
- malware β Kali365