Alleged TrakCare Access, PowerLab Leak, U.S. Driver IDs, Hong Kong HA Data and More

SOCRadar’s Dark Web Team identified several new underground posts this week, including an alleged unauthorized access offering tied to TrakCare and InterSystems environments, a small French retailer database leak claim, and multiple high-risk datasets marketed with identity and healthcare-related fields. Another post discussed a WordPress plugin vulnerability affecting Smart Slider installations and highlighted continued exposure across hundreds of thousands of sites.

Receive a Free Dark Web Report for Your Organization:

The Alleged Unauthorized Network Access Sale is Detected for TrakCare and InterSystems

SOCRadar Dark Web Team detected a threat actor post on a dark web forum advertising the sale of exclusive access to infrastructures allegedly using TrakCare and InterSystems solutions.

The seller claimed they could obtain medical records across many countries and asked interested parties to contact them via private messages for proof and pricing discussions. Listings framed as “access to infrastructure” typically align with initial access brokering behavior and can be leveraged for follow-on attacks such as data theft or ransomware.

The Alleged Database of PowerLab is Leaked

SOCRadar Dark Web Team detected a threat actor post on a dark web forum claiming to have uploaded a database tied to Powerlab.fr, described as a French custom PC and gaming hardware retailer.

The listing stated the dataset included 15,000 customer accounts and mentioned fields such as user account IDs, names, email addresses, newsletter or partner offer indicators, registration dates, and last visit details. Even when limited to contact and account metadata, databases of this type are commonly used to fuel targeted phishing, spam campaigns, and credential reuse testing.

The Alleged U.S. Car Owner Driver’s License and ID Dataset is on Sale

SOCRadar Dark Web Team detected a threat actor post on a dark web forum advertising a dataset described as 4.8 million U.S. car owner records.

The actor claimed the database included a wide set of PII, including names, emails, phone numbers, SSNs, dates of birth, driver’s license identifiers and state fields, full address data, and IP addresses. The listing shared sample rows and suggested geographic concentration within the United States, which increased the risk of identity fraud, impersonation attempts, and highly tailored social engineering.

The Alleged Database of Hospital Authority Hong Kong is Leaked

SOCRadar Dark Web Team detected a threat actor post on a dark web forum claiming a leak tied towww.ha.org[.]hk and referencing Hospital Authority Hong Kong.

The post alleged exposure affecting 200,000+ patient records and listed fields such as HKID, full name, gender, date of birth, and a patient number or identifier. The actor also shared sample content that appeared to reference medical or treatment-related entries. Posts involving healthcare identifiers are especially high-risk due to the potential for identity misuse, medical fraud, and targeted scam activity.

CVE-2026-3098 Vulnerability is Shared for WordPress Smart Slider Plugin

SOCRadar Dark Web Team detected a forum post discussing CVE-2026-3098, described as a file read issue affecting WordPress sites using the Smart Slider plugin.

The post claimed the weakness could be abused by authenticated low-privilege users on affected versions and highlighted that a large number of sites remained exposed despite a patch release. Public forum discussion of widely deployed plugin flaws often increases opportunistic scanning and exploitation attempts, especially when patch adoption lags.