DMZ//THREAT INTEL
FEED ACTIVELAST SYNC: 06:03:37ZSOURCES: 14CRITICAL: 15
⚠ ACTIVE ALERTS
SYLVANITE CRITICAL — SYLVANITE is a newly named Dragos-tracked threat group identified as a dedicated… /// @MsftSecIntel CRITICAL — We are tracking TeamPCP (UNC6780) activity following the GitHub internal repository… /// @GossiTheDog CRITICAL — The GitHub / TeamPCP breach is now being monetized on BreachForums. Listing is up — $95k… /// @struppigel CRITICAL — SUPPLY CHAIN ALERT: Laravel-Lang PHP packages backdoored May 22-23 via hijacked GitHub… /// @MalwareHunterTeam CRITICAL — Seeing fresh DebugElevator stealer log batches already appearing for sale on Exploit.in —…
15Critical Threats
8Active CVEs
0IOCs Tracked
0New Advisories
INTEL FEED/ARCHIVE/DARK-WEB
DMZ INTEL DESK//FILED: 2026-05-23//08:47Z
HIGH#dark web

TripleX, CoinbaseCartel, Bashe Post Fresh Victims on Leak Sites — State Bank, Aerospace Avionics, Pharma Manufacturer Hit in 24-Hour Window

Leak site monitoring (May 22) shows a concentrated burst of new victim postings: TripleX listed Bank Negara Indonesia (state-owned, $90B+ in assets); CoinbaseCartel claimed Panasonic Avionics Corporation, the aerospace and in-flight entertainment supplier to major carriers; and Bashe posted Alkaloid AD Skopje, a Macedonian pharmaceutical and chemical manufacturer. None of the three organizations have publicly confirmed the incidents. The Panasonic Avionics listing is particularly significant given that avionics supply chains intersect with civil aviation safety systems and sensitive passenger data at scale.

This intelligence brief has been compiled from open-source reporting and corroborated across multiple threat intelligence sources. Defenders should treat the high severity rating as a guide to prioritization within their environment.

For the latest indicators of compromise, formatted SIEM queries, and unredacted actor intelligence related to this brief, DMZ Operator subscribers receive automated IOC packages via email the moment new advisories are published.

FILED UNDER:
triplex · coinbasecartel · bashe · bank-negara-indonesia · panasonic-avionics · alkaloid · leak-site · extortion · financial-sector · aerospace
STAY AHEAD OF THREATS
Daily intel briefs and IOC packages — delivered to your inbox the moment a new advisory drops.
SUBSCRIBE — $29/MO →
SHARE BRIEF:✕ Post on Xin Share on LinkedIn

RELATED ACTORS

ACTOR
APT73 / Bashe
CRIMINAL

MORE FROM ARCHIVE

# DARK WEB
2026-05-26
CISA Contractor (Nightwing) Exposed AWS GovCloud Admin Keys and Plaintext Credentials in Public GitHub Repo for Six Months
# DARK WEB
2026-05-25
The Gentlemen RaaS Internal Chats and Backend Data Leaked on Breached Forum — Rare Visibility Into 10% of 2026 Global Ransomware Victims, Affiliate Economics, and EDR-Killer Tooling
# DARK WEB
2026-05-24
Operation Saffron: Europol Seizes First VPN Used by 25+ Ransomware Groups, Captures Full User Database of 5,000+ Criminal Accounts After Covert Traffic Interception
# DARK WEB
2026-05-22
ShinyHunters Confirms 600K-Record Salesforce Exfiltration from 7-Eleven; 9.4GB Archive Leaked After Ransom Refusal — Part of Ongoing SaaS CRM Campaign Hitting Dozens of Enterprises