Yesterday I provided a repo for DarkForumsCTI.

Now from the same author is...

XSS.isCTI: Specialized investigative framework to investigate cases of malicious actors in the OSINT and backup XSS Forum

56,309 posts backed up in CSV format.

GitHub: https://github.com/VECERTUSA/XSS.isCTI

🚨🇮🇳 Alleged Network Access Sale to an Unnamed Indian Corporation

• Category: Initial Access
• Threat Actor: warri0r
• Forum: XSS
• Network: Dark Web

• Details: Access to an Indian company with over 4,000 hosts is being offered for sale. The organization reportedly generates over $400 million in revenue. Access is via VPN and RDP with Domain Admin privileges. Price: 2000$–2500$.

🚨🇮🇩 Alleged Leak of Indonesia Consumer SMS Logs

• Category: Data Leak
• Threat Actor: WUDA123
• Forum: BreachForums
• Network: Clearnet, Dark Web

• Details: A dataset of over 93,000 consumer SMS records from Indonesia allegedly leaked. The SMS logs include OTPs, verification codes, telecom operator metadata, timestamps, mobile numbers, and app-specific codes (Shopee, TikTok, Samsung, LAZADA, AirAsia).

🚨🇲🇩Alleged Data Breach of Orange Moldova

• Category: Telecom Credentials Leak
• Threat Actor: Wieko
• Forum: BreachForums
• Network: Clearnet, Dark Web

• Details: Over 6,190 unique credentials allegedly leaked from Orange Moldova, a major telecom provider. Data was aggregated and filtered for valid entries and includes plaintext passwords in the format: URL:EMAIL/LOGIN:PLAINTEXT PASSWORD. No MFA was observed across multiple endpoints. Breach dated July 28, 2025. Data offered in .txt format for 8 forum credits.

Daily Dose of Dark Web Informer - 28th of July 2025

https://darkwebinformer.com/daily-dose-of-dark-web-informer-28th-of-july-2025/

Threat Attack Daily - 28th of July 2025

https://darkwebinformer.com/threat-attack-daily-28th-of-july-2025/

Ransomware Attack Update for the 28th of July 2025

https://darkwebinformer.com/ransomware-attack-update-for-the-28th-of-july-2025/

🚨🇸🇦Alleged Hack of KAC Bank's Official Website

• Category: Bank Website Compromise
• Threat Actor: Jokerir_07x with Dr. SHell 08x
• Forum: BreachForums
• Network: Clearnet, Dark Web

• Details: The Dark Hell 07x team claims responsibility for hacking the official website of KAC Bank. The post references access to 12 bank accounts offered for 50 USDT. The message includes geopolitical taunts targeting Saudi Arabia and Morocco.

OrangeFren is a privacy-focused platform that serves as a directory for cryptocurrency swaps, over-the-counter (OTC) deals, and fiat-to-crypto purchases.

Clearnet: orangefren.com

Onion: http://rnwis2whetqcj4oknksnc5l24jbh33nflunifff3xtjjonnoxu3ld6id[.onion

🚨Alleged Sale of Global KYC Bypass Kits

• Category: Identity Documents & Video Selfies
• Threat Actor: x0day
• Forum: XSS
• Network: Dark Web

• Details: Fresh database of residents from the UK, EU, and other countries. Kits include video selfies, passport/driver’s license scans, phone, email, physical address, and often utility bills or bank statements. Claimed to be ideal for bypassing KYC verification. Price per set: $25-$100. Discounts for bulk buyers. Free samples by age/gender.