Could also be Glassworm or another actor, and appreciate you saying as much. The bucharest-rack483.nodes.gen4[.]ninja and http.html:"nodes.gen4[.]ninja" querying along with the phpmyadmin dump of salumisantorso show a recent chain of activity that's more Glassworm and less SLSH

🚨 CYBER INTELLIGENCE ALERT: 🇮🇶 [UNCONFIRMED / CRITICAL] EXFILTRATION AND GEOLOCATION OF POPULATION DATA — ACTOR CYB3R DRAG0NZ KURDISH (IRAQ) [STATUS: UNCONFIRMED EXPOSURE OF PII WITH GEOGRAPHIC MAPPING] A massive campaign of exfiltration and sale of government, civilian, and automotive data from the Republic of Iraq has been detected, attributed to the threat actor "Cyb3r Drag0nz Kurdish." Through processed visual evidence from captured images, it has been confirmed that this actor has structured and put up for sale databases that compromise the privacy of millions of Iraqi citizens, organizing them by family groups and mapping their exact physical location. Threat Actor: Cyb3r Drag0nz Kurdish. Primary Affected Regions: Kirkuk, Erbil, Sulaymaniyah, Baghdad, Karbala, Basra, among other provinces in Iraq. Declared Data Volume: More than 200,000 detailed records in the Kirkuk module alone, supplemented by the national database of family allowances. 📂 Technical Analysis of the Evidence and Compromised Infrastructure The threat actor has fragmented the information into three major vectors of high-fidelity exfiltrated data: 1. Vehicle Registration and Checkpoint Data (Kirkuk and Kurdish Region) The capture reveals data tables in Arabic associated with vehicle registration, licenses, and local customs/checkpoint records. The visible data schema directly displays: Owner Information (PII): Full name of the vehicle owner Vehicle Details: Vehicle type, license plate type, and issuing province (predominantly Kirkuk, Salah al-Din, Erbil, Sulaymaniyah, and Al-Tamim). Control Identifiers: License plate numbers, annual serial numbers, receipt folio numbers, specific traffic forms, and distribution committee locations. 2. National Census and Family Distribution Database (2022 Forms) The screenshot reveals a severe structural compromise. It displays the design of an SQL database environment featuring relational tables categorized by Iraqi governorates. The table creation statements (CREATE TABLE) index sensitive information using the following format: Modules by Province: Tables titled FAMILY_Baghdad, FAMILY_Erbil, FAMILY_Kirkuk, FAMILY_Basrah, FAMILY_Karbala, FAMILY_Najaf, etc. The accompanying promotional text explicitly advertises the sale of data forms covering all of Iraq for the year 2022. 3. Geographic Intelligence and Household Mapping Platform (2025 Module) The screenshots demonstrate that the threat actor possesses a Geographic Information System (GIS) or an interactive web dashboard in Kurdish. On this platform, the exfiltrated population data has been cross-referenced with vector maps showing actual city streets. Each green dot on the map represents an indexed dwelling. Upon interacting with the nodes, the system displays a side panel containing resident information: full name, ID number, civil registry serial number, and exact home address. 🛡️ Recommended Actions (Investigative and Tactical Levels) Alerts Regarding Government Credential Reuse: Since the leak exposes the structure of the `LogIns` table from Iraqi family registration systems, warnings should be issued regarding potential secondary brute-force or credential-stuffing attacks targeting institutional portals of Iraqi ministries. Query Interface Isolation (Regional Recommendation): State agencies managing cadastre, census, and vehicle registration systems in the region must immediately audit their web control panels to ensure there are no API key leaks or internet-exposed phpMyAdmin panels that could facilitate the downloading of schemas identical to those described here. VECERT TOOLS Strategic Monitoring Tools & Intelligence Platform: 🌐 analyzer.vecert.io Security Verification & Monitoring: 🛡️ monitor.vecert.io #CyberSecurity 🔐 #ThreatIntelligence 📊 #Iraq #Cyb3rDrag0nzKurdish #DataBreach 📁 #PII #GeolocatedLeaks #Kirkuk #Sulaymaniyah #VECERT 🏢

🚨 CYBER INTELLIGENCE ALERT: 🇸🇾 [UNCONFIRMED] POSSIBLE EXFILTRATION OF CIVILIAN AND EMPLOYMENT IDENTITY DATA — SYRIA MINISTRY OF SOCIAL AFFAIRS AND LABOR [STATUS: UNCONFIRMED / GOVERNMENT BREACH / CRITICAL PII TRAFFICKING] A post has been detected on underground forums where a threat actor using the pseudonym "Evilx," allegedly affiliated with the "1915 TEAM" group, claims to have deeply compromised the digital infrastructure of the Syrian Ministry of Social Affairs and Labor (mosal.gov.sy). The attacker has put up for sale a massive data dump that compromises government databases and biometric/documentary information of citizens and workers. Threat Actor: Evilx / 1915 TEAM Target Affected: Syrian Ministry of Social Affairs and Labor (mosal.gov.sy) Size: 67 GB distributed across 50 main files, containing approximately 4,520 lines of structured data. Reported Incident Date: Originally recorded on May 19, 2026. 📂 Technical Analysis and Visible Evidence (PoC) Through the proof-of-concept (PoC) evidence shown in the screenshot, explicit evidence can be validated that supports the authenticity of the perimeter compromise and exfiltration: Structured Database Compromise (phpMyAdmin): One of the screenshots shows an exposed, active phpMyAdmin database administration interface. The data shows tables with records in Arabic containing indexed columns with birth dates, names, government identifiers, and employment statuses, confirming direct access to the ministry's server backend. Massive Exfiltration of Identity Documents (Critical PII): The most serious evidence consists of a mosaic of attachments. The images clearly display photographs of official civil identity cards, international passports, citizens' passport-style headshots, and business cards or work credentials. ⚠️ Risk and Strategic Impact Considerations Risk of Fraud and International Impersonation: Leaked scanned copies of valid passports and national identity documents are highly sought-after assets on the black market. Transnational cybercrime networks use these documents to bypass biometric security controls, open fraudulent bank accounts remotely, register profiles on cryptocurrency exchanges while evading KYC (Know Your Customer) regulations, or facilitate the creation of synthetic identities. 🛡️ Recommended Actions (Tactical Level) Document Impersonation Alerts: Notify the verification and fraud prevention systems of partner platforms to increase scrutiny regarding registration or identity validation requests involving passports or IDs issued by the Syrian Arab Republic, while monitoring for patterns of automation or reuse associated with the compromised dataset. VECERT TOOLS Strategic Monitoring Tools & Intelligence Platform: 🌐 analyzer.vecert.io Security Verification & Monitoring: 🛡️ monitor.vecert.io #CyberSecurity 🔐 #Syria 🇸🇾 #DataBreach 📁 #GovTech #PII #PassportLeak #FinancialInvestigation 💸 #ThreatIntelligence 📊 #VECERT 🏢

my phpmyadmin lan spreader now is add to my rootkit/c2 as a module .. w00t w00t!

so done with phpmyadmin demo faaah

I usually use Google Chrome developer tools switch to desired device and screenshot everything. I've made some custom backends that connect the admin area to mysql phpmyadmin and custom cmd terminal. I could probably find the screenshots or make more to show you, if interested.

i can give you dynamic encode sql injections that will not run on phpmyadmin even on root level but will work on aeroplane. you think sey db management na to just dey deploy db. no bro . funny how we are still on sql not even rce, command injection and bro said AI fix vulnerabilities.

even phpmyadmin dont allow you to do anything with you db, me also dont allow myself to do anything with my db, cause i can be a victim of mitm or keylog attacks that will take my account login details for a platform like aeroplane that manages db bro implement filtering

Asphyxia Rootkit - phpmyadmin worm module,w00t w00t

Database migration for 47,000 products Don't use phpMyAdmin for this size. Use: mysqldump -u user -p database_name > backup.sql mysql -u user -p new_database < backup.sql This is faster, more reliable, and doesn't time out. After import, run a wp search-replace to update URLs: wp search-replace "oldsite .com" "newsite .com"

Bro. It's not about "beauty". Something can be ugly as shit but still be easy to navigate, case in point; PhpMyAdmin. Those platforms I listed look bad and are bad to navigate, especially goddamn Meta for Developers.

Goodbye phpMyAdmin 3.5MB Replaces 70MB – This Open Source Database Manager is a Game Changer piedpay.medium.com/goodbye-p…

download and exec payload works good in my phpmyadmin lan spreader. w00t w00t

OPEN JOKI BASIS DATA NIH ♡☆ ✅️ ERD ✅️ EER ✅️ Normalisasi 1NF-3NF ✅️ SQL ✅️ phpMyAdmin ✅️ CDM, PDM ✅️ DDL, DML fee start 10k #jokibasisdata #jokitugas #zonauang #zonab

Meilisearchの管理ツールみたいなのないんかな。 phpMyAdminみたいなの。 ざっと見たい時があるんよね。

Discover how to install and use phpMyAdmin on your Ubuntu system with our detailed walkthrough. Tutorial: pimylifeup.com/ubuntu-phpmya… pimylifeup.com/ubuntu-phpmya…

lakini phpmyadmin noma 😂

2/ what are they doing?.. checking for wordpress, azure pipelines, docker, sql backups, phpmyadmin ( still?! ).. and host of other layman software i last used 15 years ago