SOCRADAR’S Dark Web Team identified several new underground posts this week, including an alleged Discord RCE 0-day exploit sale, a claimed leak of NOXIPOM ULTIMATE ransomware tool source code, and database breach claims involving Repediu and WormGPT[.]AI.
The Discord post advertises a supposed remote code execution zero-day for $900 with desktop platform coverage across all architectures, describing a protocol confusion vulnerability that requires a chained attack path and a single user interaction, and it claims arbitrary code execution capability with private contact requested and payment in Monero.
The NOXIPOM ULTIMATE leak is described as the ransomware’s source code, with the malware allegedly encrypting files using a basic XOR routine and a hardcoded password, amid claims the release is framed as exposure rather than a sale. The Repediu dataset is claimed to contain about 21.4 million customer records, 1.2 million leads, and 2,633 user accounts.
The WormGPT[.]AI breach claims a database leak with more than 19,000 users, including emails, payment data, and subscription details, and states the database has been uploaded for public download in February 2026, according to SOCRadar.