Underground · what matters today
The underground stories that broke through this window. Gov/mil, access sales, ransomware, leaks, stealers. Screenshots and context on each.
Distribution by category · window
- Gov / Military5
- Access sale27
- Ransomware6
- Leak75
- Stealer0
- Other5
Window
Category
Severity
Arachne C2
Leaked source code for Arachne C2, a command-and-control framework that could be used to attack critical infrastructure.
Selling IA to 3 8+ figure companies
Initial access to three 8+ figure companies being sold, post is recent.
Selling IA to 3 8+ figure companies
Initial access to 3 unnamed 8+ figure companies offered for sale, very recent post.
Selling IA to 3 8+ figure companies
Selling initial access to three 8+ figure companies; potential for high-value compromise.
DEAD HAND 5 TB DATABASE | Api key | FREE ULP | Базы, Email, Combolist | Forumteam.Bet- минимум хайда, максимум информации
Massive 5 TB database shared with API key and free ULP, likely containing sensitive data from multiple sources.
Falhas do .gov.br denovo kkkkk - Exilio404
.gov.br (Brazil)
Post discusses vulnerabilities in Brazilian .gov.br domains, potentially affecting government infrastructure.
DATABASE [ L4TAMFUCK3RS ] BANAVIH BANCO NACIONAL DE VIVIENDA Y HÁBITAT | ⭐ DNA Forums ⭐
BANAVIH (Banco Nacional de Vivienda y Hábitat)
Database leak of Venezuelan state bank BANAVIH, a critical financial infrastructure in Latin America.
E-Bank Patagonia API W/C | Cracked.st
Banco Patagonia (Argentina)
Listing of E-Bank Patagonia API access/credentials, a major Argentine bank, potentially enabling unauthorized transactions.
⭐ WORLDWIDE ⭐ OPEN-UPS | BANKS, CRYPTO & MORE | EU, US, SOUTH AMERICA & MORE. | Cracked.st
South American financial services
Worldwide open-ups service including South America, offering access to bank and crypto accounts.
ComboLists - Active Web Shell Access Verified Remote Backdoor List | xReactor.org - Above Expectations
Active web shell backdoor list provides verified remote access to compromised servers, suitable for initial access.
Unlocked.ST WebShell/WP-Admins Marketplace
Marketplace selling webshells and WordPress admin access, providing initial access to potential targets.
Arachne C2
Fresh source code leak of Arachne C2 framework, a decentralized C2 tool that can be used for attacks against any target including Latin American entities.
🟢4.6 Millones de tarjetas filtradas de todo el mundo🟢 | Nodo313 - Más que un foro
Leak of 4.6 million credit cards worldwide, recent and large-scale, likely includes Latin American victims.
Secretline.top @StarLinkClouds Url:Login:Pass 4.458.614 Mıllıon Lınes
4.5 million URL:Login:Pass lines from stealer logs, fresh and large, usable for access.
DATABASE LEAK Mexico Coahuila Fiscal database - 125k | ⭐ DNA Forums ⭐
Coahuila Fiscal (Mexico)
Leak of state fiscal database from Coahuila, Mexico, exposing government financial records.
[#1]CHEAPEST OPENUPS,BANKS & KYC ⭐️TR⭐️ARG⭐️UA⭐️NGN⭐️IN⭐️ID⭐️UK⭐️EU⭐️PHP & More! | Niflheim World
Argentinian banks & KYC providers
Sale of bank and KYC access including Argentina (ARG) accounts, enabling financial fraud and identity theft.
Bolivya Devlet Sitesi Defaced | TurkHackTeam
Bolivya Devlet Sitesi
Defacement of a Bolivian government website, indicating a security breach.
Secretline.top @StarLinkClouds Url:Login:Pass 4.453.572 Mıllıon Lınes
Secretline.top / StarLinkClouds
Large credential dump of 4.45M URL:Login:Pass lines from Secretline, potentially including access to various services.
# 12.07.2026 Data Operasyonu | 35M Data Leak # | TurkHackTeam
35 million records leaked in a fresh data operation on TurkHackTeam, posing a risk if AR-LATAM entities are included.
[ WTS] Cloud Accounts | AWS, Digitalocean, Google Cloud, Azure, Kamatera, Vultr, Lino | Cracked.st
Sale of cloud accounts (AWS, Azure, GCP) provides direct initial access to cloud infrastructure.
# Hospital Gineco Obstétrico Isidro Ayora - Seized! # | TurkHackTeam
Hospital Gineco Obstétrico Isidro Ayora
Ecuadorian hospital claimed as seized, likely ransomware; critical healthcare infrastructure in Latin America.
Brezilya Lojistik ve Deniz Taşımacılığı #hacked | TurkHackTeam
Brezilya Lojistik ve Deniz Taşımacılığı
Brazilian logistics and maritime transport company reported hacked, posing risk to supply chain.
CHIAPAS - INSTITUTO TECNOLOGICO CAMPUS TUXTLA GUTIERREZ [5,000] | ⭐ DNA Forums ⭐
Instituto Tecnologico Campus Tuxtla Gutierrez (Chiapas, Mexico)
Database leak of 5,000 records from a Mexican public technical institute, relevant to Latin American education infrastructure.
Secretline.top @StarLinkClouds Url:Login:Pass 4.463.454 Mıllıon Lınes
Secretline.top / StarLinkClouds
Large stealer log dump with 4.46 million lines of credentials, potentially usable for initial access.