Summary: After a four-year investigation, law enforcement successfully apprehended a cybercriminal known by multiple aliases, including ALTDOS and Omid16B. The criminal, motivated by financial gain, executed various attacks on companies, primarily focusing on extortion through data breaches. Group-IB played a pivotal role in tracking the actor’s activities across different identities until his arrest in Thailand on February 26, 2025.…
Read More Tag: DARK WEB
Summary: The video discusses the new automated brute-forcing framework developed by Black Basta ransomware, termed “Brute D.” This framework is designed to compromise Edge firewalls and VPNs, raising concerns about the security practices of users who often use default passwords on their devices.
Read More Keypoints:
Black Basta ransomware has created an automated brute-forcing framework called “Brute D.”…
A significant data breach occurred involving a threat actor known as “rose87168,” who sold 6 million records extracted from Oracle Cloud’s SSO and LDAP systems. The compromised data includes sensitive credentials and key files, affecting over 140,000 tenants. The actor’s activities suggest they exploited a web application vulnerability, raising severe concerns regarding Oracle Cloud’s security.…
Read More 
FSociety, or Flocker ransomware, emerged as a Ransomware-as-a-Service in 2024, enabling cybercriminals to execute attacks with minimal technical skills. Utilizing double extortion tactics, it encrypts data and threatens to leak sensitive information, targeting a variety of sectors primarily in the U.S. The group collaborates with FunkSec to enhance their operations.…
Read More 
Summary: The Pennsylvania State Education Association (PSEA) reported a significant security breach in July 2024 affecting over half a million individuals, resulting in the theft of personal, financial, and health data. The Rhysida ransomware gang claimed responsibility for the attack, demanding a ransom to prevent the leak of the stolen information.…
Read More 
Summary: A newly discovered information-stealing malware named Arcane is targeting a wide range of user data, including VPN credentials, gaming clients, and messaging apps. Originating from a campaign launched in November 2024, it has a distinct infection chain, often using YouTube promotions for game cheats to lure in victims.…
Read More 
Summary: A dark web forum post has emerged, claiming to offer a new database containing 2 million credit card records, which include sensitive financial and personal information. The dataset, reportedly acquired in March 2025, is being marketed as an exclusive offer, with a sample shared to entice buyers.…
Read More 
Summary: A dark web post is offering South African and Angolan government email addresses for sale at low prices, potentially exposing sensitive information. The seller claims bulk pricing options and suggests the emails can be used for various applications. Such compromised emails pose significant risks, including phishing attacks and identity fraud.…
Read More 
Summary: A threat actor claims to have acquired a database with personal information of about 1.8 million Mexican citizens, including 1.2 million email addresses. The compromised data is said to be approximately 200MB and in CSV format. This incident follows the significant “Guacamaya” breach from September 2022, involving sensitive communications related to national security.…
Read More 
Summary: A threat actor has advertised on a dark web forum the sale of approximately 10GB of stolen login credentials for 0. This cache reportedly includes usernames and passwords from various sectors, including government and cryptocurrency accounts, and offers a “free trial” via a Telegram bot.…
Read More 
Summary: PTS News, a Tamil-language news website, has reportedly suffered a significant data breach, with an alleged 2.37 GB of data stolen. Threat actors claimed to have leaked nearly 3.8 million lines of information on a dark web forum. If confirmed, this breach could impact the large readership relying on the platform for diverse news coverage.…
Read More 
Summary: A threat actor on a dark web forum has claimed to be selling network access to a major power company in the UAE, boasting administrative domain access to its systems. The asking price for this access is ,000, with indications that it is negotiable, potentially targeting a company with significant revenue in the water and electric power sector.…
Read More Summary: The video discusses Jack Rhysider’s interview with Chris Monteiro, a cybersecurity expert who explores the dark web, particularly the hitman-for-hire site, Besa Mafia. Chris reveals the challenges and dangers of investigating such sites, including threats and real-life consequences stemming from the scams taking place. Throughout the discussion, they delve into the ethics of intervening in potentially lethal situations and the broader implications of dark web crimes.…
Read More 
This report discusses the ongoing exploitation of older VPN vulnerabilities, particularly CVE-2018-13379 and CVE-2022-40684, highlighting how attackers, including cybercriminal and state-sponsored groups, continue to target these flaws for credential theft and administrative control. The research indicates substantial growth in discussions around Fortinet VPN vulnerabilities on cybercriminal forums, illustrating their significance in the current threat landscape.…
Read More 
Summary: The article explores the quirky and humorous names of various threat groups active in 2025, highlighting the creativity and sometimes odd choices hackers make for branding. It discusses groups utilizing themes from fantasy characters and whimsical elements, while also touching on some serious hacktivist names that reflect their political agendas.…
Read More 
In February 2025, multiple significant cyber incidents revealed ongoing risks across various industries worldwide. Notable attacks included the Qilin ransomware incident at Lee Enterprises, which disrupted media distribution, and a .5 billion cryptocurrency theft attributed to North Korea’s Lazarus Group. Breaches at DISA Global Solutions, Orange, and LANIT highlighted severe vulnerabilities in finance, telecom, healthcare, media, and government sectors.…
Read More 
In a significant data breach, the HELLCAT ransomware group has leaked gigabytes of sensitive data from Jaguar Land Rover (JLR), exploiting compromised Jira credentials harvested from infected employees. This attack highlights the ongoing threat of infostealer malware and its capability to enable long-term exploitation of credentials.…
Read More 
Summary: A dual Russian-Israeli citizen and lead developer of the LockBit ransomware group, Rostislav Panev, has been extradited to the US after being arrested in 2023. The group has reportedly attacked over 2,500 victims globally, accumulating at least 0 million in ransom payments. Panev’s extradition may lead to further investigations and arrests within LockBit’s network.…
Read More 
The increasing sophistication of e-commerce malware has led to serious security threats for platforms such as WordPress WooCommerce. A recent case uncovered a coordinated attack involving a credit card skimmer, a hidden backdoor file manager, and a reconnaissance script, aimed at stealing customer data and maintaining long-term access.…
Read More
Summary: Rostislav Panev, a dual Russian and Israeli national, has been extradited to the United States to face charges related to his role as a key developer in the LockBit ransomware group. This significant development comes after Panev’s arrest in Israel and highlights the ongoing efforts to combat sophisticated cybercrime.…
Read More