WhatsApp Number Leak, OpenVPN Access Sale, LiteLLM Exploit Scanner, BIN Leads Listing, and PHI Buyer Post

SOCRadar’s Dark Web Team identified multiple underground posts including a claimed leak of 20.65M Indonesian WhatsApp numbers, a verified-sounding sale of OpenVPN owner-level access to an Indian financial services firm, an exploit/scanner offering for CVE-2026-42208 affecting LiteLLM Proxy, an auction for 15M BIN-tagged leads (name/phone/email), and a buyer request seeking Western Europe PII and 1.5M PHI documents — all of which increase risk of large-scale fraud, targeted extortion, and data theft.