Dating app companies Bumble and Match Group reported cybersecurity incidents after the ShinyHunters group claimed to have leaked internal documents and millions of user records. Both firms say access was limited and contained, with Match notifying affected customers and Bumble confirming no impact to member accounts or private messages. #ShinyHunters #MatchGroup…
Tag: DARK WEB
Cyble uncovered ShadowHS, a fileless Linux post‑exploitation framework that uses an encrypted, obfuscated POSIX shell loader to reconstruct and execute a weaponized variant of hackshell entirely in memory. The framework emphasizes stealth and operator-driven control—fingerprinting EDR/AV, enabling covert GSocket-backed rsync exfiltration, credential theft, lateral movement, and on‑demand cryptomining—while leaving no persistent disk artifacts. #ShadowHS #hackshell
Eventing South Africa, the official body for eventing competitions and memberships in South Africa, is alleged to have been compromised with a database posted on a dark web forum dated January 16, 2026. The leak reportedly contains sensitive administrative and user data including full names, email addresses, login credentials, membership details,…
A threat actor using the handle “JustAnon69” posted an auction on the Exploit forum offering unauthorized admin panel credentials and web shell access to a UK-based Magento e-commerce store. The seller provided SQL outputs showing the site processes over 400 monthly orders (primarily via Stripe), with the auction starting at $2,000…
The Sinobi ransomware group claims to have breached LeMatic, a Jackson, Michigan–based leader in automated baking technology (maker of AutoOp® and AutoEye®), and has listed the company on its dark web leak site. Screenshots posted by the actor indicate deep access to LeMatic’s virtualization environment — identifying VMware ESXi hosts esx2.lematic.domain…
A threat actor using the handle “Sorb” claims to have exfiltrated the full MySQL database from French IT services platform reseau.site and posted proof on BreachForums on January 28, 2026. The alleged 184 MB dataset reportedly contains over 24,000 unique email addresses, 65,000+ phone numbers, 29,000+ mobile numbers, full names, physical…
![Cybersecurity News | Daily Recap [27 Jan 2026]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [27 Jan 2026]")
Daily Recap, emergency fixes have been issued for Microsoft’s Office zero-day CVE-2026-21509 and a critical VMware vCenter DCERPC flaw (CVE-2024-37079) that attackers are already exploiting, with patches and mitigations urging rapid remediation. The roundup also highlights Dormakaba Exos flaws enabling remote door access, the Stanley malware-as-a-service for Chrome extensions, the Amatera infostealer via in-memory PowerShell with the ClickFix method, extortion-linked data breaches at Nike and by ShinyHunters, a Sandworm-linked DynoWiper attempt against Poland’s power grid, a Cloudflare BGP leak, and regulatory actions around Grok, AI privacy and platform governance. #OfficeZeroDay #CVE-2026-21509 #VMwareVCenter #CVE-2024-37079 #DormakabaExos #StanleyService #Amatera #DynoWiper #Sandworm #PolandPowerGrid #Nike #WorldLeaks #ShinyHunters #Cloudflare #BGPLeak #Grok #X
A Virginia man who co-created Empire Market pleaded guilty to federal drug conspiracy charges after operating a TOR-accessible AlphaBay clone that facilitated about $430 million in illicit transactions from 2018 to 2020. Authorities documented extensive drug sales, undercover purchases, seizures of drugs and roughly $75 million in cryptocurrency, and the defendants agreed to large forfeitures while facing lengthy federal prison terms. #EmpireMarket #RaheimHamilton
The Sinobi ransomware group claims responsibility for breaching multiple organizations and has listed several victims on its dark web leak site. Reportedly compromised data includes Active Directory dumps with user credentials, proof packs of internal documents and client records, and proprietary files encrypted by the group. #Sinobi #ActiveDirectory…
A Slovakian national, Alan Bill (also known as “Vend0r” or “KingdomOfficial”), admitted he helped operate Kingdom Market—a darknet marketplace that sold narcotics, cybercrime tools, fake IDs, and stolen personal information. He pleaded guilty to conspiracy to distribute controlled substances, surrendered the market domains and cryptocurrency assets, and faces sentencing on May 5 with a mandatory minimum five-year term. #KingdomMarket #AlanBill
A threat actor operating as “Saturned33” is auctioning unauthorized RDP and shell access to an unidentified Spain-based business services organization on the Exploit forum. The listing claims Domain Admin and SYSTEM privileges across more than 20 hosts, disabled Windows Defender, access to over 5TB of internal data and two NAS devices,…
A threat actor using the handle markopollo is auctioning unauthorized CMS administrator access to an unidentified New Zealand e-commerce store on the Exploit forum. The listing claims admin-level CMS access and a deployed payment redirection intercepting Afterpay, internet banking, and credit card payments, with 4,400 total orders (Oct 1, 2025–Jan 27,…
Ransomware in 2025 has evolved from a file-encryption problem into systematized extortion that weaponizes stolen data, legal liability, and psychological pressure. Defenders must shift from backup-driven recovery to legal and communications readiness, intelligence-driven vulnerability prioritization, and targeted configuration audits to detect and mitigate data exposure. #SafePay #Cl0p
Nike is investigating a reported “potential cyber security incident” after the World Leaks gang published 1.4 TB of allegedly stolen Nike data on its dark web leak site. The leak listing was later removed, suggesting possible negotiation or payment, while researchers link World Leaks to the Hunters International group and related attacks like OVERSTEP installations on SonicWall SMA 100 devices. #WorldLeaks #Nike
CloudSEK identified interconnected phishing campaigns impersonating Canadian government bodies and national brands (traffic-ticket portals, CRA, Canada Post, Air Canada) to harvest PII and financial data using SMS lures, typosquatted domains, and fake payment gateways. The activity aligns with the PayTool ecosystem and is being commoditized on underground forums by a seller advertising specialized phishing kits. #PayTool #theghostorder01