French startup MokN has secured €2.6 million to expand its deception-based identity protection technology that uses honeypots to trap cyber threat actors. The company’s innovative approach helps recover stolen credentials before they are exploited or sold on the dark web. #MokN #Honeypots #CyberDefense #DarkWebThreats…
Tag: DARK WEB
Gunra is a double-extortion ransomware group active since April 2025 that primarily targets non‑US organizations across multiple industries, using phishing, DoNoT loader routines, and high‑speed stream ciphers (Salsa20/ChaCha20) to encrypt large data volumes and publish exfiltrated data on a dark‑web DLS. The group operates a WhatsApp‑themed negotiation portal (Slack backend), hosts a clearnet mirror (datapub.news), and uses tools like Lumma Stealer and ConnectWise‑like payloads while listing victims on multiple TOR domains. #Gunra #DoNoT #datapub.news
ENISA’s 2025 Threat Landscape report highlights a growing focus on operational technology (OT) systems in cyberattacks targeting the EU, with 18.2% of threats aimed at these critical systems. Noteworthy threat groups such as Z-Pentest Alliance, Rippersec, and Infrastructure Destruction Squad are actively targeting OT infrastructure, often with politically motivated motives. #ENISA…
The Akira ransomware group has claimed responsibility for breaching two U.S.-based companies, leaking sensitive data on their dark web leak site. The data stolen includes personal, financial, and corporate information, raising significant cybersecurity concerns. #AkiraRansomware #DataLeak…
A ransomware attack on Motility Software Solutions compromised the personal information of 766,000 customers, with hackers encrypting systems and stealing files containing sensitive data. The company is monitoring dark web forums and offering free identity protection, but no evidence of data misuse has been found yet. #MotilitySoftwareSolutions #DarkwebMonitoring
The Inc ransomware group has claimed responsibility for breaching multiple international companies, posting their leaked data on its dark web site. The stolen information includes contracts, emails, design drawings, and technical reports, highlighting the severity of the attacks. #IncRansomware #DarkWebLeaks #LAMMCO #IdealBathrooms #NorthAmericaConstruction…
A threat actor claims to have stolen and is selling a portion of Avalara, Inc.’s database, affecting major clients like Amazon and Microsoft. The breach involves sensitive data such as API tokens, personal details, and shipping info. #Avalara #DataBreach #Amazon #Microsoft #MorganStanley…
A threat actor claims to have breached SuperEd, a fintech company serving the Australian superannuation industry, leaking sensitive customer and internal data. The breach involved a 1.5 GB SQL database containing personal information and internal IDs, which was shared freely on a dark web forum. #SuperEd #DarkWebLeak…
Asahi, Japan’s largest brewery, has experienced a cyberattack that caused a system shutdown, impacting its operations within Japan. Although no customer or business data was stolen, the disruption affected domestic shipping and call center systems, highlighting the vulnerability of major beverage companies. #Asahi #Cyberattack…
The Killsec ransomware group has claimed multiple breaches within the financial technology and brokerage sectors, threatening to release sensitive customer data. Victims include xChief and WalletKu, with leaked data containing personal identification information. #Killsec #xChief #WalletKu #KYCData #RansomThreats…
A threat actor claims to have breached Bolivia’s AGETIC and is selling 35.6 GB of stolen data on the dark web. The compromised data includes confidential information, private documents, and audit reports, possibly as retaliation for perceived transparency issues. #AGETIC #BoliviaCyberattack…
Medusa ransomware group claims to have attacked Comcast, exfiltrating over 834 GB of data and demanding a $1.2 million ransom. The group has provided screenshots and extensive file listings related to actuarial, insurance, and financial data, raising concerns about potential sensitive information exposure. #Medusa #Comcast #Ransomware #Cyberattack #DataLeak…
Threat actor KaruHunters claims to have leaked a 2.00 GB database from ITTell, a Ukrainian IT and telecom company, on September 26, 2025. The leak exposes sensitive information, raising concerns over data security in the region. #KaruHunters #ITTell #UkrainianCybersecurity…
A threat actor named Yrrrr is allegedly selling a 7 GB dataset associated with Holani Venture Capital Fund. The compromised data highlights potential risks to financial organizations and emphasizes the importance of data protection. #Yrrrr #HolaniVentureCapitalFund…
This week’s Threatsday Bulletin highlights recent cybersecurity threats including firmware updates to combat rootkit malware, vulnerabilities in mobile and geospatial platforms, and sophisticated cybercriminal activities like SIM swapping and supply chain worms. The report emphasizes the importance of timely updates, verifying sources, and proactive security measures to stay ahead of evolving…