☑️ Weekly Darkweb – April Week 2, 2026

🔍 Taiwanese Aerospace Parts Manufacturer Targeted By WorldLeaks Ransomware

• On the 4th, approximately 500GB of internal data from Taiwanese aerospace components manufacturer N was posted on a leak site operated by the WorldLeaks ransomware gang.

✓ N is listed on the Taiwan Stock Exchange and reports annual revenue of approximately $100 million.

• The leaked data includes internal NAS files covering the full manufacturing process, along with customer data from global OEM company B and aircraft engine manufacturer G, as well as technical documents, certification records, and factory operations data.

✓ NAS (Network Attached Storage): A network-based storage system used within an organization to store and share files.

• If exploited, the data could expose core technologies and enable reverse engineering, while leaked customer documents could potentially trigger broader supply chain security incidents, underscoring the need for caution.

🔍 Sensitive Data of European Aerospace Company A Detected on the Dark Web

• On the 8th, a post distributing sensitive data from European aerospace company A was detected on the dark web hacking forum ‘PwnForums’.

• Forum user ‘AckLine’ claimed to have obtained a 16GB archive containing over 6,000 files, posting an encrypted link and password that allow users to download 16 compressed files.

✓ A similar post distributing Company A’s data was also identified on the Russian hacking forum ‘Exploit’ and the hacking forum ‘Spear’ on the 1st.

→ PwnForums is a newly created hacking forum launched on the 5th as a backup of BreachForums V6, presenting itself as a separate community from BreachForums.

🔍 Japanese Motorcycle Company’s Philippine Subsidiary Affected by Audit Ransomware

• On the 7th, the Philippine subsidiary of Japanese motorcycle company K was found listed on a leak site operated by the Audit ransomware gang.

✓ Company K is a Japan-based global motorcycle manufacturer with subsidiaries across North America, Europe, the Philippines, and Indonesia.

• The Audit ransomware gang claimed to have stolen more than 100GB of data and said it released sample files to verify the breach.

👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.

Subscribe on LinkedIn

This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.

Attachments

[S2W] Weekly Darkweb_20260412_EN.pdf

Threat Analysis Brief Reports

Overview of Chinese Cybersecurity Company Knownsec

2026.04.15

Threat Analysis Brief Reports

Axios CRLF Header Injection Chain Vulnerability: CVE-2026-40175

2026.04.22

List

File download request

This is a consent popup for collecting personal information in order to send you an attachment of S2W's Resource. Please enter the following items and submit, and the attachment will be sent to the email you provided. All information you provide will be subject to S2W's privacy policy.

Name *

Email *

Contact number *

Company / Institute name *

How did you find us?*

Agree to all

[Required] Terms of Service View all

[Required] Collection and Use of Personal Information View all

[Optional] Collection and Use of Information for Marketing Purposes

Collected items: Required : Name, Country, Company/Institute Name,Job Title, Email, Contact Number
Purpose of use: For online/offline marketing and advertising purpose Name, Job Title, Email, Contact Number; Delivery of product brochures, newsletters, event information, etc.
Retention period: Until consent for marketing use is withdrawn.