☑️ Weekly Darkweb – April Week 1, 2026

🔍 NATO & Global Military Intelligence Reports Surface on Dark Web

• On April 27, Military equipment inventories, defense budget data, and strategic analysis reports from NATO member states, the U.S., Ukraine, and Japan were listed for sale at $1,000 on ‘Exploit’, a Russian dark web forum.

• Threat actor "DataHouse" cited Japan's defense technology assessments, multi-nation air and naval equipment inventories, and UAV analysis documents among the offered materials.

• The leaked data's inclusion of geopolitical risk analysis raises concerns it could be exploited by hostile actors for strategic planning, beyond simply exposing military capabilities and budget structures.

🔍 French National Police Internal Infrastructure Schematics and API Permissions Leaked

• On March 28, internal GitLab infrastructure schematics of France's National Police (Police Nationale) were detected for sale on dark web hacking forum ‘DarkForums’.

• The leaked data includes API query definitions, vulnerability structures, user permissions, and deployment keys.

• The exposure is effectively equivalent to a full blueprint of the system's architecture and access control structure, raising concerns that threat actors could leverage it to craft targeted exploits or establish a foothold into police internal networks.

🔍 Japanese Automaker 'N' Suffers Additional Data Leak by Everest

• On April 1, additional data from Japanese automaker N was detected posted on the Everest ransomware gang's leak site.

• The gang initially compromised ‘N’ in January 10, successfully exfiltrating 900GB of data, and has since published an additional 10GB on its active leak site.

• The gang attributed the successful attack to poor credential management.

→ Infiltration was traced to server credentials exposed across 30+ leak databases since September 2023, with three systemic failures identified: ① passwords unchanged for 3+ years, ② no MFA enforcement ③ shared accounts with external partners left unmanaged.

👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.

Subscribe on LinkedIn

This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.

Attachments

[S2W] Weekly Darkweb_20260405_EN.pdf

Threat Intelligence Reports

Iran APT Landscape Report: State-Sponsored Cyber Threats in an Era of Active Conflict

2026.04.08

AI Trends

4 Key Considerations for Teams Planning an AI Transformation (AX)

2026.04.15

List

File download request

This is a consent popup for collecting personal information in order to send you an attachment of S2W's Resource. Please enter the following items and submit, and the attachment will be sent to the email you provided. All information you provide will be subject to S2W's privacy policy.

Name *

Email *

Contact number *

Company / Institute name *

How did you find us?*

Agree to all

[Required] Terms of Service View all

[Required] Collection and Use of Personal Information View all

[Optional] Collection and Use of Information for Marketing Purposes

Collected items: Required : Name, Country, Company/Institute Name,Job Title, Email, Contact Number
Purpose of use: For online/offline marketing and advertising purpose Name, Job Title, Email, Contact Number; Delivery of product brochures, newsletters, event information, etc.
Retention period: Until consent for marketing use is withdrawn.