Cybercriminals continue to exploit weak points such as misconfigurations, stale components, and trusted systems like OAuth to gain unauthorized access. Recent threats include sophisticated malware like Lumma Stealer and Vidar Stealer 2.0, as well as large-scale scams leveraging fake ads and open-source supply chain attacks. #LummaStealer #VidarStealer #OAuth #SupplyChainRisks…
Tag: DARK WEB
The Biden administration’s prosecution of Binance CEO Changpeng Zhao has been overturned by a presidential pardon issued by Donald Trump. The case involved allegations of facilitating criminal activities including ransomware, darknet markets, and sanctions violations, but the pardon signals a shift in how cryptocurrency enforcement is viewed in the U.S. #ChangpengZhao…
Russian cybercriminals are now directly managed by the government, with the state leveraging them as geopolitical tools. International law enforcement efforts have increased pressure, leading to more targeted arrests and strategic shifts within Russia’s cybercrime ecosystem. #OperationEndgame #Conti #TrickBot #DarkCovenant…
The report details multiple cyber incidents affecting financial institutions worldwide, including database leaks, large-scale ransomware attacks (notably by Qilin), and statistics on malware and leaked account credentials targeting the finance sector. It highlights supply-chain infection vectors, data sale attempts on cybercrime forums, and recommends stronger data integrity verification and response strategies….
A threat actor claims to have compromised Rad TV, a US-based streaming platform focused on Web3, VR, and AI content, and is selling the user database on a dark web forum. The breach reportedly exposes sensitive PII of 884,000 users, including usernames, emails, and crypto wallet addresses. #RadTV #Web3Security…
The Qilin ransomware group has claimed to have compromised multiple international companies, including Northern Light Technologies and Applied Technology Resources, by exfiltrating hundreds of gigabytes of data. The group has issued a 72-hour deadline for each victim before their stolen data is made public. #QilinRansomware #DataLeak…
Allegations suggest that sensitive data related to Bolivia’s Ministry of Health and Sports has been allegedly sold on the dark web. This incident highlights potential breaches involving personal and government health information. #Bolivia #MinistryofHealth #DataLeak…
Lumma infostealer is distributed via MaaS and phishing sites disguised as pirated software to steal credentials, browser cookies, cryptocurrency wallets, and VPN/RDP account data for use in account takeover and fraud. Strengthening EDR with behavior-based detection and integrating threat intelligence are recommended defenses. #Lumma #MEGA
Operation Endgame (May 2024–May 2025) triggered multinational takedowns targeting loaders, botnets, and cash-out services, prompting selective Russian domestic enforcement that dismantled monetization nodes (e.g., Cryptex, UAPS) while higher-value ransomware operators with alleged intelligence ties (e.g., Conti, Trickbot) largely remained insulated. The resulting trust erosion in the underground drove tighter OPSEC, closed affiliate recruitment, rebrands, and decentralization as attackers adapted to sustained Western pressure and a conditional Russian “politics of protection.” #OperationEndgame #Cryptex #Conti #Trickbot
The decline of Lumma Stealer malware is linked to an underground doxxing campaign that exposed its operators and infrastructure, causing a significant drop in its activity. This development has benefited rival infostealers like Vidar and StealC, and has increased competition among malware-as-a-service providers. #LummaStealer #WaterKurita #Infostealer #DarkWebThreats…
Organizations are experiencing fewer ransomware attacks, but those that pay are facing significantly higher ransom demands, averaging over $3.6 million. The report highlights rising attack surfaces, increased attack complexity, and challenges in detection, especially in healthcare and government sectors. #DarkWeb #RansomPayments…
CISA has added five significant vulnerabilities from Microsoft, Apple, and Oracle to its KEV catalog, highlighting ongoing threats to various systems. Notably, these include high-severity flaws exploited by ransomware groups such as CL0P and targeted at organizations like Harvard University and American Airlines. #CISAKEV #CL0Pransomware…
A threat actor claims to have stolen and is selling a database from Ustundag Turizm in Turkey, containing sensitive PII for $10,000 in Monero. The compromised data includes personal details such as names, addresses, passwords, and Turkish ID numbers. #UstundagTurizm #DataBreach #DarkWeb #PII #TurkishIDNumbers…
A data breach involving TripWorks has been allegedly reported, raising concerns over exposed personal information. The incident underscores the importance of cybersecurity vigilance for travel and hospitality companies. #TripWorks #DataBreach…
Airlines are increasingly targeted by cybercriminals due to the valuable personal data they hold, especially passports and government IDs. Recent breaches, like the Qantas leak, highlight the ongoing threat from threat groups such as LAPSUS$ and CL0P, and the importance of proactive personal security measures. #LAPSUS$ #CL0P…