SOCRADAR’S Dark Web Team identified several new underground posts, including an alleged Discord database leak and an alleged Google Gemini database leak shared for free, along with an alleged Cisco Secure Firewall Management Center RCE tied to CVE-2026-20131. The Cisco leak is described in connection with an unauthenticated remote code execution scenario linked to insecure deserialization, and CVSS v3.1 scores the flaw at 10.0.
A separate post advertised a stealer tool called xia, described as a ~500 KB DLL stealer promoting DLL sideloading and “fully undetected” runtime behaviour. In addition, SOCRadar reported an alleged sale of 3,225,614 IMSS blood donor record PDF files for $500 USD, highlighting the sensitivity of the data involved.
The posts illustrate how datasets and tools marketed on the dark web can create risks such as targeted phishing, identity enrichment, and potential medical fraud, underscoring the need for password hygiene, 2FA, and vigilant monitoring of associated threat activity.