☑️ Weekly Darkweb – June Week 4, 2026
🔍 Cyprus Government Site Vulnerabilities and Personal Data for Sale
• On June 22, a post offering file upload vulnerabilities on the official Cyprus government website and stolen data was detected on the dark web hacking forum 'BreachForums.'
• User 'Patrick_Bateman' claimed to have obtained an arbitrary file upload vulnerability on websites using the Cyprus government domain and personal data of 40,000 citizens.
• As there is a potential for secondary damage, such as phishing and malware distribution exploiting the trustworthiness of government domains, it is critical to urgently patch the upload vulnerabilities of the website and review domain security status.
✓ For example, there is a very high risk of exploiting government links to distribute malware like Trojans, or conducting sophisticated phishing attacks by sending fake invoices and announcements based on the leaked emails of 40,000 citizens to steal credit card and financial information.
🔍 Cambodia’s Ministry of Commerce Network Infrastructure Diagram Leaked on Hacking Forum
• On June 23, PowerPoint slides containing network infrastructure diagrams of Cambodia’s Ministry of Commerce (MOC) were posted on dark web hacking forum ‘BreachForums.’
• The user uploaded screenshots of two slides, comparing the architectural differences and logical network topologies of the old data center and the new data center of MOC.
• There were no indications that the leaked data was being offered for sale as no external link to download the complete slide deck or pricing information was provided.
• Government agencies’ network asset information leaks can be exploited as an infrastructure map for internal server intrusions and targeted cyberattacks, so it is imperative to change internal infrastructure identifiers and re-inspect all assets.
🔍 Database of 30,000 UAE Police Personnel Information Up for Sale
• On June 20, a dark web hacking forum post on 'DarkForums' was found offering for sale a database containing personal information on UAE police personnel
• The user 'BigBrother' claimed to be selling the personal details of around 30,000 UAE police officers, including their job role, rank, name, UID, phone number, work phone number, and email address.
• The user provided a link to download sample data and uploaded screenshots showing the detailed contents of the CSV dataset file.
• Throughout June, the same user has been actively leaking data, posting more than 10 listings related to Israel, Saudi Arabia, Qatar, and other neighboring MEA countries.
*The full report is available upon request and for XARVIS subscribers.