Get Your Free Report
Start for Free
SOCRadar® Cyber Intelligence Inc. | Alleged n8n Exploit, iOS Full-Chain Sale, and Instagram Data
Jan 12, 2026
5 Mins Read
Moon

Alleged n8n Exploit, iOS Full-Chain Sale, and Instagram Data

SOCRadar’s Dark Web Team identified several new underground posts this week, including a broad “hacking service” offering, an alleged exploit sale targeting n8n, a resurfaced dataset claimed to involve Instagram users, and an advertised full-chain exploit for Apple iOS devices. The listings range from questionable service claims to exploit and data offerings previously seen in underground circulation.

Receive a Free Dark Web Report for Your Organization:

New Hacking Service is Detected

New Hacking Service is Detected

SOCRadar Dark Web Team detected a threat actor post on a dark web forum advertising a broad “hacking service” offering. The listing promotes a wide range of activities, spanning account compromise, device intrusion, network disruption, social media access and recovery, denial-of-service attacks, and various forms of digital manipulation. The services are presented as on-demand capabilities rather than tooling for sale.

The post claims coverage across multiple domains, including Wi-Fi and network attacks, mobile device access, social media account takeovers, messaging platform compromise, website intrusion and recovery, credential abuse, and other high-risk activities. Several offerings listed are commonly associated with scams or exaggerated capabilities, particularly those involving account recovery, device tracking, academic record changes, and financial or reputation manipulation.

Alleged Exploit of N8N is on Sale

Alleged Exploit of N8N is on Sale

SOCRadar Dark Web Team detected a threat actor post on a dark web forum advertising the sale of alleged exploit material targeting n8n. The threat actor claims to have identified multiple private GitHub projects hosted on a VPS linked to a penetration testing platform and offers the associated exploit material for sale at a low price point.

According to the post, the most notable item is described as an automated scanner capable of identifying and exploiting n8n-related vulnerabilities, which the threat actor positions as more than a proof of concept. The offering is presented as privately tested and available via direct contact.

Alleged Global User Data of Instagram are Leaked

SOCRadar Dark Web Team detected a threat actor post on a dark web forum advertising an alleged dataset linked to Instagram, claimed to contain data of more than 17 million users worldwide. The listing describes the data as a social or profile-related leak and states that the dataset includes usernames, full names, user IDs, email addresses, phone numbers, country information, and partial location data, shared in JSON and TXT formats.

Alleged Global User Data of Instagram are Leaked

Based on SOCRadar Threat Hunting queries, the sample data shared in the post shows similarities with datasets previously identified by SOCRadar. Further analysis indicates that the same or highly similar data was circulated on BreachForums, which was shut down in 2025, where it was described as originating from a breach that allegedly occurred in 2022.

socradar threat hunting Alleged Global User Data of Instagram are Leaked

From a threat perspective, this activity appears to reflect the resurfacing or repackaging of older leaked data rather than a newly identified compromise. While the dataset may still be abused for phishing, spam, or social engineering, it should not be assessed as a fresh Instagram data leak.

Alleged Full Chain Exploit of iOS is on Sale

Alleged Full Chain Exploit of iOS is on Sale

SOCRadar Dark Web Team detected a threat actor post on a dark web forum advertising the sale of an alleged full-chain exploit targeting Apple iOS devices. The threat actor claims the exploit supports iPhone models from the 11 through 16 series and affects iOS versions prior to 18.6.2.

From a threat perspective, very low-priced full-chain exploit offerings are often used to attract attention and do not necessarily reflect a mature or reliable exploit chain. Nevertheless, claims involving full-chain iOS exploitation are monitored closely due to their potential impact if validated.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.