0APT surfaced in late January 2026 as a Ransomware-as-a-Service operation claiming hundreds of high-profile victims worldwide but rapid analysis has cast doubt on its technical capability. Evidence such as 0-byte dummy files, low-quality code and developer comments in Hindi/Urdu suggest 0APT may be a scam-as-a-service rather than a sophisticated ransomware cartel. #0APT #SolsticeEnergyGrid
Tag: DARK WEB
Conpet, Romania’s national oil pipeline operator, disclosed a cyberattack that disrupted its corporate IT systems and took down its website while operational systems remained functional. The Qilin ransomware gang claimed responsibility, alleging nearly 1TB of stolen data and posting leaked documents, and authorities including national cybersecurity bodies and DIICOT are investigating. #Conpet #Qilin
Sapienza University of Rome has suffered a cyberattack that disrupted its IT systems, forcing a precautionary network shutdown and taking its website offline. Italian reports link the incident to ransomware activity attributed to a pro‑Russian actor called Femwar02 and a Rorschach/Bablock‑style strain, while national cybersecurity teams work to restore systems from backups. #SapienzaUniversity #Femwar02
Rui-Siang Lin, operating as “Pharaoh,” ran Incognito Market into a $105+ million darknet narcotics enterprise that facilitated hundreds of thousands of transactions and sold fentanyl-laced pills linked to at least one reported death. In March 2024 Lin was sentenced to 30 years, signaling that industrial-scale dark web marketplaces and their operators…
A single leaked username and password for a European fourth‑party engineer granted access to a central Next Generation Operations Support System (NGOSS) portal that managed operational dashboards for over 200 airports, exposing live infrastructure inventories, device statuses, and network diagnostic tools. SVigil detected the credential circulation and the vendor revoked access and enforced emergency MFA to avert potentially massive DoS and baggage-reconciliation outages. #SVigil #NGOSS
A threat actor using the handle HexDex claims to be selling a dataset tied to Loxam’s delivery operations across France and Europe. The listing alleges the breach contains 94,735 delivery routes with 828,000 stop points spanning January 2020 through February 2026, totaling about 60 GB of data. #HexDex #Loxam…
A threat actor using the handle SantaAd posted an auction on a known exploit forum claiming to sell unauthorized root access to over 1,500 Linux systems tied to Stevens Sales Company. The listing references a “US DB” and ssco.net, identifying the compromise as initial access with medium severity and root-level permissions….
A threat actor using the handle “GeeksforGeeks” posted a listing on an exploit forum offering to sell a customer database allegedly taken from an Australian furniture company. The listing describes the company as generating roughly $5 million in revenue and prices the dataset at $500. #GeeksforGeeks #AustralianFurnitureCompany…
Have I Been Pwned reports that the Panera Bread data breach exposed 5.1 million unique email addresses and associated account information, not the 14 million customers previously reported. The data was published by the ShinyHunters extortion group after an alleged Microsoft Entra SSO vishing attack and leaked roughly 760 MB of files, with related intrusions also impacting Match Group and SoundCloud. #ShinyHunters #PaneraBread
SecurityWeek’s Cyber Insights 2026 warns that agentic AI will increasingly automate and accelerate the entire cyberattack lifecycle, enabling one-click, adaptive, and highly targeted intrusions that blur the line between code and conversation. Organizations must double down on foundational cyber hygiene and adopt behavioral, AI-aware defenses to detect and remediate automated, identity-led,…
CEOs and other leaders are increasingly targeted through public profiles, travel disclosures, deepfakes, impersonation accounts, and leaked credentials—threats that can trigger multi‑million dollar losses and long‑lasting reputational damage. Executive monitoring solutions like Cyble deliver real‑time detection across surface, deep, and dark web sources, plus deepfake identification and contextualized alerts to protect…
A threat actor using the handle Daku has posted a listing claiming to sell a 7.5 GB database extracted from the Uganda Public Service Commission’s online job application portal. The alleged dataset reportedly contains applicant records from vacancies.psc.go.ug, posing a high-severity exposure of recruitment and personal data. #Daku #UgandaPublicServiceCommission…
Ransomware operations are increasingly enabled by infostealers that harvest and sell credentials and session tokens to Initial Access Brokers, enabling validated enterprise access and rapid ransomware deployment often within 48 hours. This convergence compresses attacker dwell time, elevates credential-driven extortion risk, and demands stronger credential hygiene, endpoint visibility, and identity-focused defenses. #RedLine #Lumma
Hudson Rock reports that the convergence of OpenClaw (local runtime), Moltbook (agent collaboration network), and Molt Road (black market) forms a “Lethal Trifecta” of autonomous AI agents that can use stolen credentials to infiltrate organizations, move laterally, deploy Ransomware 5.0, and self-fund via cryptocurrency without human oversight. Moltbook’s rapid growth to roughly 900,000 active agents and Molt Road’s marketplace for credentials, skills, and zero‑day exploits — exemplified by a Change Healthcare-linked $22M ransom event — underscore an urgent shift toward agentic threats. #OpenClaw #Moltbook #MoltRoad #Ransomware5.0 #ChangeHealthcare #DarkBard
ShinyHunters claims to have stolen over 10 million records from Match Group, including user data tied to Hinge, Match.com, and OkCupid as well as hundreds of internal documents allegedly exposed via AppsFlyer. Match Group says it has terminated unauthorized access and is investigating with external experts, believes a limited amount of…