SOCRADAR’S Dark Web Team identified several new underground posts, including a kernel-level “EDR/XDR terminator” package advertised as source code plus a compiled driver, and a post claiming an 832.87GB “Adobe Business” dataset, among other government-focused data listings.
According to SOCRadar, the 0-day EDR XDR Terminator Sale post framed it as a ring-0 kernel driver designed to terminate endpoint security processes and marketed it for use with follow-on payload execution, with pricing of $8,000 for the base package and $12,000 with an upsell, plus “one buyer only” exclusivity and short-term support terms.
Alleged posts claim a Serbian Ministry of Interior data sale, describing 180,000 records split between 150,000 foreign nationals and 30,000 Serbian citizens, including identity-like fields. They also mention Argentina’s BCRA, IOMA and GDEBA data leaks, with claims of large counts such as BCRA “+32 million” scraping and IOMA “+1 million” or larger affiliate-related datasets, suggesting targets for identity fraud, impersonation, or long-tail privacy harm.
Across these listings, threat actors emphasise high-volume data and identity-heavy fields, signalling fraud, extortion, or follow-on access operations, according to SOCRadar Dark Web Team.