[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fhHADuc1Ojqnbk3j088s0R4Qrx1sgyMMrWepdSVYQWbo":3},{"article":4,"iocs":55},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":32,"category":33,"article_tags":37},"0a0de4a5-b1db-4795-bafe-71fbefa8208b","Daily Dose of Dark Web Informer - May 21st, 2026","daily-dose-of-dark-web-informer-may-21st-2026-cc8386","This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X\u002FTwitter posts.","The Dark Web Informer's daily digest highlights several security incidents, including alleged data exposures from Happipad, Kuwait Central Statistical Bureau, and Almerys. It also notes new victims claimed by BrainCipher, Payload, Qilin, and The Gentlemen ransomware groups. The FBI issued warnings about First VPN Service being used by ransomware groups and the emergence of the Kali365 Phishing-as-a-Service platform.","Dark Web Informer reports on data leaks, ransomware victims, and a VPN used for malicious activity.","Dark Web Informer — Daily Threat Intelligence Digest 🔑 API Access Available High-volume threat intelligence, ransomware data, IOC exports, and comprehensive feed access for security teams and researchers. Explore API → 🔁 Follow across all official platforms — darkwebinformer.com\u002Fsocials 🔥 Advertising Opportunities Reach a highly engaged audience. View details 56.2k Unique Visitors 122.1k Pageviews Last 30 days as of May 11, 2026. Next update June 11th. 🔒 Unlock Premium Intelligence Real-time breach tracking, expert analysis, high-resolution evidence, unredacted feeds, and 5,100+ blog posts. View all plans and features on the pricing page. View Plans & Subscribe → 📌 Legend 📰Law Enforcement — LEA updates, investigations ⚠️Dark Web Notices — forums, markets, announcements ❗️Urgent Threats — breaches, ransomware, vulnerabilities 💡Insights & Tools — guides, OSINT, learning resources 🧾 Today's Intelligence Threat Intelligence ❗️ Mexican Citizenship Document Service Advertised on Underground Forum FREE ❗️ ATOA Allegedly Exposed: 23,685 Fintech Records and 326 KYC Document Archives FREE X\u002FTwitter Updates ❗️ 🇨🇦 Happipad | Alleged Customer Database Exposure ❗️ Yikes 💡 CVE Lite CLI: Vulnerability scanning that belongs in your terminal, not your CI pipeline. Scan your lockfile, get copy-and-run fix commands, and ship clean code. ❗️ 🇰🇼 Kuwait Central Statistical Bureau | Alleged Citizen Database Leak ❗️ CVE-2026-0300: PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID Authentication Portal ❗️ 🇦🇺 The Shepparton Adviser, the largest circulating and privately-owned free newspaper in the Goulburn and Murray Valley regions of Victoria, Australia has been claimed a victim to BrainCipher Ransomware ❗️ The Gentlemen Ransomware Claims 3 New Victims ❗️ Payload Ransomware Claims 4 New Victims ❗️ The FBI has issued a FLASH advisory warning that ransomware groups are using First VPN Service to conduct network reconnaissance and carry out computer intrusions. Promoted on criminal forums, First VPN is reportedly leveraged to support botnets, DDoS attacks, hacking operations, ❗️ Qilin Ransomware Claims 2 New Victims ❗️ Multiple users are reporting that Kash Patel’s apparel site is serving a ClickFix-style malware lure. ❗️ 🇫🇷 Almerys | Alleged Dataset Exposure ❗️ The FBI has issued a Public Service Announcement warning about Kali365, an emerging Phishing-as-a-Service platform first observed in April 2026.","https:\u002F\u002Fdarkwebinformer.com\u002Fdaily-dose-of-dark-web-informer-may-21st-2026\u002F","https:\u002F\u002Fstorage.ghost.io\u002Fc\u002F6b\u002F16\u002F6b16ac9c-cd67-432f-b0f3-bbec941084ff\u002Fcontent\u002Fimages\u002Fsize\u002Fw1200\u002F2026\u002F02\u002F23597862398746923879872364987342598723.png","2026-05-21T22:16:34+00:00","2026-05-21T23:00:08.313+00:00",9,[18,21,23,25,27,30],{"name":19,"type":20},"BrainCipher Ransomware","threat_actor",{"name":22,"type":20},"Payload Ransomware",{"name":24,"type":20},"Qilin Ransomware",{"name":26,"type":20},"The Gentlemen Ransomware",{"name":28,"type":29},"PAN-OS","product",{"name":31,"type":29},"First VPN Service","e7b231c8-5f79-4465-8d38-1ef13aea5a14",{"id":32,"icon":34,"name":35,"slug":36},null,"Threat Intelligence","threat-intelligence",[38,43,48,53],{"category":39},{"id":40,"icon":34,"name":41,"slug":42},"2e06f76c-d5b9-4f54-9eef-4d3447b10730","Breaches","breaches",{"category":44},{"id":45,"icon":34,"name":46,"slug":47},"7d8b5ab8-ea0b-4ced-ae97-ec251b86993a","Ransomware","ransomware",{"category":49},{"id":50,"icon":34,"name":51,"slug":52},"80544778-fabb-4dcd-aa35-17492e5dcf4f","Vulnerabilities","vulnerabilities",{"category":54},{"id":32,"icon":34,"name":35,"slug":36},[56,60,63,64,65,66],{"type":57,"value":58,"context":59},"cve","CVE-2026-0300","PAN-OS Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID Authentication Portal",{"type":61,"value":19,"context":62},"malware","Ransomware group claiming victim",{"type":61,"value":22,"context":62},{"type":61,"value":24,"context":62},{"type":61,"value":26,"context":62},{"type":61,"value":67,"context":68},"Kali365","Phishing-as-a-Service platform"]