ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Newsletter
  • News Highlights
Weekly Darkweb: June 2026, Week 1
2026.06.10

☑️ Weekly Darkweb – June Week 1, 2026



🔍 Taiwan Industrial Automation Company 'L’ Targeted By LockBit 5.0


• On June 3, Taiwan-based industrial automation company ‘L’ was listed on the leak site of the LockBit 5.0 ransomware gang.


✓ Founded in 1975, Company ‘L’ provides industrial automation and process control solutions to semiconductor, petrochemical, energy and advanced manufacturing firms, and reported $250 million in annual revenue in 2025.


• The ransomware gang has not released any evidence of the attack, such as sample files. However, it claimed that the compromised data will be published on June 18.


→ On the same day, Company ‘L’ was also identified as a victim on the leak site of the KRYBIT ransomware gang. KRYBIT claims that the stolen information will be disclosed on June 7, but did not provide specific details on the data samples or the scale of the breach.



🔍 Major German Insurance Company ‘A’ Source Code for Sale on the Dark Web


• On May 29, a post offering the source code data of a major German insurance company ‘A’ was detected on the dark web hacking forum ‘PwnForums.’


✓ One of the world’s top 30 companies, Company ‘A’ provides life insurance, property and casualty insurance, and asset management services to approximately 120 million customers worldwide. As of 2025, it reported revenue of about €186.9 billion.


• Forum user 'hackformetome' claimed to have obtained 40GB of data, including TLS private keys used to verify server identity in encrypted communications, CA certificates that validate the trustworthiness of digital certificates, API keys, and source code. As proof, the user released two screenshots containing file tree structures and sample files.


• If TLS private keys and CA certificates are leaked, they can be used to breach internal servers or intercept and alter communications. It is critical to urgently review their usage status and take security measures.



🔍 Saudi Travel Agency Database and Access Credentials for Sale on the Dark Web


• On June 4, a post offering a database and access credentials belonging to a well-known Saudi Arabian travel agency was identified on the Russian dark web hacking forum ‘Exploit’.


• The threat actor ‘DDEEAALLEERR’ claimed to have exfiltrated hotel and flight booking details, including reservation records, phone numbers, email addresses, full names, and detailed addresses. The actor also stated it would provide information on a vulnerability enabling further access and instructions on how to exploit it.


• The threat actor claimed that the access can be abused by buyers to obtain real-time booking information and use it for phishing purposes.



👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.
Subscribe on LinkedIn
This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.


Attachments
[S2W] Weekly Darkweb_202607_EN .pdf
Threat Intelligence Reports
Adobe Acrobat Vulnerability Analysis: CVE-2026-34621
2026.06.10
Previous
List