Recent monitoring by SOCRadar’s Dark Web Team has uncovered a series of alarming underground posts, including the alleged sale of a zero-day remote code execution (RCE) exploit targeting Discord, a claimed source code leak of the NOXIPOM ULTIMATE ransomware, and two significant database breach allegations involving Repediu and WormGPT.
Discord Zero-Day RCE Exploit Offered for Sale
A threat actor has posted on a dark web forum advertising the sale of what is claimed to be a zero-day RCE exploit against Discord. The exploit is reportedly effective across all desktop architectures and is being offered for $900. According to the listing, the vulnerability is based on a “protocol confusion” issue that requires a chained attack path and a single user interaction to trigger arbitrary code execution.
The seller is requesting payment in Monero and is only providing further technical details through private communication. This type of exploit, if genuine, could allow attackers to execute malicious code on a victim’s machine simply by interacting with a specially crafted Discord message or link.
NOXIPOM ULTIMATE Ransomware Source Code Leaked
Another post on the same forum claims to leak the source code of NOXIPOM ULTIMATE v4.0, a ransomware variant reportedly distributed as a heavily obfuscated Python script. The threat actor describes the malware as using a basic XOR encryption routine with a hardcoded password to encrypt files, appending a custom extension to affected files.
Despite the multiple layers of encoding intended to obscure its functionality, the post characterizes the ransomware’s implementation as technically unsophisticated. The source code is available for download, with the release framed as an act of exposure rather than a commercial transaction.
Repediu CRM Platform Allegedly Breached
A separate post alleges a significant data breach involving Repediu, a Brazil-based CRM and delivery management platform used by restaurants to manage sales, customer loyalty, and automated service operations. The threat actor claims the leaked dataset includes:
- Approximately 21.4 million customer records
- 1.2 million leads
- 2,633 user accounts
The sample data shared with the post contains structured CRM fields such as names, phone numbers, email addresses, company identifiers, purchase metrics, and demographic information. If verified, this breach could represent a major privacy and security incident for the restaurant industry in Brazil.
WormGPT Database Leak Claims
In a related development, a threat actor has claimed responsibility for a database leak involving WormGPT, a platform promoted in underground forums as an AI tool designed for offensive security operations, phishing, and other malicious activities. The post states that the incident occurred in February 2026 and that the database is now available for public download.
The alleged dataset reportedly contains over 19,000 user records, including email addresses, payment information, subscription details, user identifiers, and other account-related data. A screenshot was provided to support the claim, though the authenticity of the leak has yet to be independently verified.
Source: SoCRadar
