Daily Dose of Dark Web Informer - May 6th, 2026
Dark Web Informer daily digest aggregates threat intel including zero-days, breaches, and malware.
Summary
This is a daily threat intelligence digest from Dark Web Informer covering May 6th, 2026, aggregating multiple security threats including actively exploited zero-days (PAN-OS CVE-2026-0300), critical vulnerabilities (Apache HTTP/2), malware campaigns (CloudZ RAT, Nimrod Stealer), and numerous data breaches across multiple countries. The digest includes IOC feeds, breach notifications, ransomware reports, and security tool releases, presented as a curated daily briefing for security professionals and researchers.
Full text
Dark Web Informer — Daily Threat Intelligence Digest 🔑 API Access Available High-volume threat intelligence, ransomware data, IOC exports, and comprehensive feed access for security teams and researchers. Explore API → 🔁 Follow across all official platforms — darkwebinformer.com/socials 🔥 Advertising Opportunities Reach a highly engaged audience of 75,300+ unique users monthly and growing. View details 75.3k Unique Visitors 154.1k Pageviews Last 30 days as of Mar 30, 2026. Next update Apr 30th. 🔒 Unlock Premium Intelligence Real-time breach tracking, expert analysis, high-resolution evidence, unredacted feeds, and 5,100+ blog posts. View all plans and features on the pricing page. View Plans & Subscribe → 📌 Legend 📰Law Enforcement — LEA updates, investigations ⚠️Dark Web Notices — forums, markets, announcements ❗️Urgent Threats — breaches, ransomware, vulnerabilities 💡Insights & Tools — guides, OSINT, learning resources 🔒Subscribers Only — X/Twitter subscribe 🧾 Today's Intelligence Threat Intelligence 📰 Palo Alto Networks Warns of Actively Exploited PAN-OS Zero-Day Granting Root Access FREE 📰 Critical Apache HTTP/2 Double-Free Flaw Enables Denial-of-Service and Potential Remote Code Execution FREE 📰 52.3 Bitcoin and a Suburban Search Warrant: Inside One of Australia's Biggest Crypto Seizures FREE 📰 CloudZ RAT: A Stealthy New Trojan Hijacks Microsoft Phone Link to Steal Your SMS OTPs FREE X/Twitter Updates ❗️ TomodachiShare allegedly exposing 145K user accounts ❗️ CAF (Caisse d'Allocations Familiales) allegedly breached exposing 22 million records ❗️ KGI (http://kgi.com.hk) allegedly breached exposing 5M+ Hong Kong stock investor records ❗️ Croesus (http://croesus.com) allegedly breached exposing 19,220 Canadian user records ❗️ IUNGO Cloud (http://iungo.cloud) allegedly leaked exposing 21M corporate email addresses ❗️ Määrdekeskus allegedly breached exposing customer and affiliate records from the Estonian lubricant retailer ❗️ Instituto Consorcio Clavijero allegedly breached exposing 39,000 student records from the Veracruz education platform ❗️ VIP Buenaventura allegedly leaked exposing 70,000 user records from the Colombian taxi app ❗️ CEMIG allegedly breached exposing a 190GB Watson instance dump from the Brazilian energy utility ❗️ https://x.com/DarkWebInformer/status/2052074824629985734?s=20 💡 I am moving up the release of the IOC Live Feed and History Feed to tomorrow instead of Friday. There will be 30-60 minutes of downtime. I will let everyone know before the cutover. ❗️ Over 24 million Mexican civilian records allegedly leaked across two combined files 💡 XForums is currently offline. 💡 The Register is reporting that Arctic Wolf has laid off 250 employees to save money for AI ❗️ Nuclei template for fingerprinting the PAN-OS CVE-2026-0300 zero-day: ❗️ 1/2 Argentine government and http://crónica.com allegedly breached exposing 80M credentials and sensitive admin data 💡 Anthropic has agreed to a partnership with @SpaceX that will increase their compute capacity. ❗️ CACPE Pastaza allegedly breached exposing 18 million Ecuadorian civil registry records via an unprotected API ❗️ Nimrod Stealer source code allegedly shared on a hacking forum for credential and browser data theft 💡 I am currently building the historical feed... ❗️ SAFEPAY Ransomware Claims 9 Victims ❗️ NRJ Mobile allegedly leaked exposing 266K customer records from the French MVNO ❗️ TransmiteNota allegedly leaked exposing 20 million records from the Brazilian e-invoicing platform ❗️ Leroy Merlin France allegedly leaked exposing 367,462 loyalty program records ❗️ Systemd Backdoor: A simple script to automate systemd backdoor ❗️ Marlon Ferro, who went by the online handle "GothFerrari," has been sentenced to
Indicators of Compromise
- cve — CVE-2026-0300
- malware — CloudZ RAT
- malware — Nimrod Stealer
- malware — SAFEPAY Ransomware
- malware — Systemd Backdoor