Get Your Free Report
Start for Free
SOCRadar® Cyber Intelligence Inc. | Alleged Wendy’s Franchise Data Listing, WhatsApp Exploit, and Origin GPT Surface on Forums
Feb 23, 2026
4 Mins Read
Moon

Alleged Wendy’s Franchise Data Listing, WhatsApp Exploit, and Origin GPT Surface on Forums

SOCRadar’s Dark Web Team identified several new underground posts this week, including an alleged Wendy’s franchise database leak, a low-cost exploit listing targeting WhatsApp, and two AI-related services marketed for cybercriminal use. The advertisements reference operational franchise data, mobile disruption scripts, uncensored AI guidance tools, and automated AI-driven outbound calling platforms.

Receive a Free Dark Web Report for Your Organization:

Alleged Database of Wendy’s is Leaked

Alleged Database of Wendy's is Leaked

SOCRadar Dark Web Team detected a threat actor post on a dark web forum alleging a database leak involving Wendy’s. The threat actor claims to have uploaded what is described as an international franchise database for public download.

According to the post, the alleged dataset contains franchise-related information including names, addresses, email accounts, system usage details, and other operational metadata. The threat actor also claims the exposure of API-related credentials and additional technical configuration elements. A download link was referenced in the listing.

Alleged Exploit of WhatsApp is on Sale

Alleged Exploit of WhatsApp is on Sale

SOCRadar Dark Web Team detected a threat actor post on a dark web forum advertising the sale of an alleged exploit targeting WhatsApp. The listing promotes multiple disruptive capabilities affecting both Android and iOS devices.

According to the post, the claimed features include crash triggers for mobile devices, group freeze functionality, call and video call bombing, pairing-related crashes, and spam-based attacks. The threat actor describes the tool as an open-source script priced at $30 and states it can be executed without a VPS, requiring only a virtual number connection.

“Origin GPT” Uncensored AI Service for Cybercriminal Activities is Detected

“Origin GPT

SOCRadar Dark Web Team detected a threat actor post on a dark web forum promoting an alleged uncensored AI service named Origin GPT, positioned as a tool designed to support cybercriminal activities. The listing markets the platform as unrestricted, high-speed, and privacy-focused, emphasizing the absence of content filtering and query logging.

According to the advertisement, the service claims to provide step-by-step guidance across areas such as hacking techniques, social engineering tactics, fraud strategies, cryptocurrency operations, and other legally questionable activities. The operator promotes anonymous payment options via cryptocurrency and offers tiered subscription plans, including monthly and lifetime access.

Alleged Automated AI Outbound Call Service (AI Call Center) is Detected

Alleged Automated AI Outbound Call Service (AI Call Center) is Detected

SOCRadar Dark Web Team detected a threat actor post on a dark web forum promoting an alleged automated AI outbound call service described as an AI call center solution. The listing markets the platform as capable of conducting single or batch outbound calls with concurrent limits, caller ID rotation, automated retries, answering machine detection, and transfer to human operators.

According to the advertisement, the service integrates real-time voice agents combining speech-to-text, text-to-speech, large language model processing, and voice activity detection. The threat actor claims support for customizable scripts, multilingual operation, data collection during calls, DTMF interaction, and mid-call actions such as SMS, email, webhooks, and call transfers. Campaign management features, analytics dashboards, transcript logging, and Telegram-based control panels are also highlighted.

From a threat perspective, AI-driven outbound calling platforms of this nature may enable large-scale phishing, voice fraud, and social engineering campaigns with automation and personalization at scale. Even when positioned as generic marketing tools, features such as caller ID rotation, data harvesting, and real-time scripting indicate potential misuse in scam and impersonation operations.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.