SOCRADAR’S Dark Web Team identified several new underground posts this week, including an alleged sale of United States and Canada tipline database records and claims of high-end exploitation tooling for iOS and Adobe Reader, plus multiple RDWeb access listings marketed with elevated privileges.
The Alleged Data of American Police is on Sale describes a dataset said to contain 8.3 million records from a threat actor posting under P3Global / CrimeStoppers, with a starting bid of $5,000, a $200 step, and a $12,000 “blitz” price and a guarantor. A post from a threat actor claims to be selling a full-chain exploit for iOS 18 through 18.7, bundled with GhostBlade Stealer and advertised at a negotiable $50,000 price.
The unauthorized RDWeb access listings purport to tie to organisations in Austria, India and the United States, with mentions of cloud admin privileges and AV/EDR solutions to suggest high-value footholds. An Adobe Acrobat Reader 0-day/1-day exploit is also advertised, described as targeting JavaScript handling with code execution through a crafted PDF, and is linked to ongoing discussion of CVE-2026-34621.
Recruitment for the Gunra ransomware affiliate program is detected, with claims of cross-platform support and a revenue-share model, excluding CIS countries.