PUBLISHED on 20 April 2026, SOCRadar’s Dark Web Team identified multiple new underground posts, including an alleged Vercel access key and source code sale framed as a supply chain risk, and a separate listing claiming a 1.5 million record Binance dataset. The Binance listing purportedly includes fields such as email, password, phone, country data, last login, 2FA status, and KYC status, with a claimed balance field.
Another post claimed a leak of Israeli Facebook user data, listing phone numbers, Facebook IDs, names, and location-style attributes. A new FALKONc2 remote access trojan was advertised as a private RAT built for stealth and small payload size, with mentions of in-memory operation and EDR/XDR evasion. The report also notes recruitment for “Gmail callers” offering access to “high quality private USA data” and a profit-share model, suggesting structured fraud workflows rather than opportunistic scams.