DARK WEB Archives - Cybersecurity News Everyday

Inside Hunters International Group: How a Retailer Became the Latest Ransomware Victim

Summary: In February 2025, the eSentire Threat Response Unit (TRU) uncovered a sophisticated ransomware campaign by the Hunters International group against a retail organization, utilizing vulnerabilities in FortiOS for initial access. The attack involved the creation of a super admin account, lateral movement within the network, and the deployment of a new variant of ransomware designed to evade detection and prevent data recovery.…

Cyber Attack

New VanHelsing ransomware targets Windows, ARM, ESXi systems

March 25, 2025 BleepingComputer

Summary: A new multi-platform ransomware-as-a-service operation called VanHelsing has emerged, targeting various operating systems, including Windows and Linux. It allows affiliates to keep 80% of ransom payments and employs sophisticated encryption methods and stealth tactics in its operations. The ransomware has already been used in attacks against at least three victims, with ransoms set at 0,000.…

Threat Research

Part 2: Validating the Breach Oracle Cloud Denied – CloudSEK’s Follow-Up Analysis

March 24, 2025 CloudSek

On March 21, 2025, a user claimed to have accessed Oracle Cloud’s login servers, selling sensitive data, including authentication credentials. CloudSEK authenticated the data, warning the community of potential supply chain attacks. Oracle denied any breach, but CloudSEK’s investigation confirmed the exposure of real customer data linked to the compromised servers.…

Cyber Attack

THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More

March 24, 2025 LeakNews

Summary: Recent cyber threats highlight vulnerabilities in open-source tools, escalating ad fraud through mobile apps, and advanced ransomware tactics targeting critical defenses. Notably, attacks have leveraged AI, and a supply chain breach at Coinbase exemplifies these risks. A rise in stolen credentials further underscores the urgent need for improved cybersecurity measures.…

Cyber Security News

Unmasking ALTDOS, DESORDEN, GHOSTR, and Omid16B: The Saga of a Cybercriminal

March 24, 2025 CybersecurityNews

Summary: After a four-year investigation, law enforcement successfully apprehended a cybercriminal known by multiple aliases, including ALTDOS and Omid16B. The criminal, motivated by financial gain, executed various attacks on companies, primarily focusing on extortion through data breaches. Group-IB played a pivotal role in tracking the actor’s activities across different identities until his arrest in Thailand on February 26, 2025.…

Youtube

The Dark Web’s Latest Cyber Weapon: Brute D!

March 22, 2025 admin

Summary: The video discusses the new automated brute-forcing framework developed by Black Basta ransomware, termed “Brute D.” This framework is designed to compromise Edge firewalls and VPNs, raising concerns about the security practices of users who often use default passwords on their devices.

Keypoints:

Black Basta ransomware has created an automated brute-forcing framework called “Brute D.”…

Threat Research

The Biggest Supply Chain Hack Of 2025: 6M Records For Sale Exfiltrated from Oracle Cloud Affecting over 140k Tenants

March 22, 2025 CloudSek

A significant data breach occurred involving a threat actor known as “rose87168,” who sold 6 million records extracted from Oracle Cloud’s SSO and LDAP systems. The compromised data includes sensitive credentials and key files, affecting over 140,000 tenants. The actor’s activities suggest they exploited a web application vulnerability, raising severe concerns regarding Oracle Cloud’s security.…

Threat Research

Dark Web Profile: FSociety (Flocker) Ransomware

March 20, 2025 SocRadar

FSociety, or Flocker ransomware, emerged as a Ransomware-as-a-Service in 2024, enabling cybercriminals to execute attacks with minimal technical skills. Utilizing double extortion tactics, it encrypts data and threatens to leak sensitive information, targeting a variety of sectors primarily in the U.S. The group collaborates with FunkSec to enhance their operations.…

Cyber Attack

Pennsylvania education union data breach hit 500,000 people

March 20, 2025 BleepingComputer

Summary: The Pennsylvania State Education Association (PSEA) reported a significant security breach in July 2024 affecting over half a million individuals, resulting in the theft of personal, financial, and health data. The Rhysida ransomware gang claimed responsibility for the attack, demanding a ransom to prevent the leak of the stolen information.…

Cyber Attack

New Arcane infostealer infects YouTube, Discord users via game cheats

March 20, 2025 BleepingComputer

Summary: A newly discovered information-stealing malware named Arcane is targeting a wide range of user data, including VPN credentials, gaming clients, and messaging apps. Originating from a campaign launched in November 2024, it has a distinct infection chain, often using YouTube promotions for game cheats to lure in victims.…

Cyber Attack

Threat Actor Claims to Have 2M Stolen Credit Card Records

March 20, 2025 DailyDarkWeb

Summary: A dark web forum post has emerged, claiming to offer a new database containing 2 million credit card records, which include sensitive financial and personal information. The dataset, reportedly acquired in March 2025, is being marketed as an exclusive offer, with a sample shared to entice buyers.…

Cyber Attack

Threat Actor Sells Alleged South African and Angolan Government Emails

March 20, 2025 DailyDarkWeb

Summary: A dark web post is offering South African and Angolan government email addresses for sale at low prices, potentially exposing sensitive information. The seller claims bulk pricing options and suggests the emails can be used for various applications. Such compromised emails pose significant risks, including phishing attacks and identity fraud.…

Cyber Attack

Alleged Data Breach of Mexican Citizen Information Exposed 1.8M Records

March 19, 2025 DailyDarkWeb

Summary: A threat actor claims to have acquired a database with personal information of about 1.8 million Mexican citizens, including 1.2 million email addresses. The compromised data is said to be approximately 200MB and in CSV format. This incident follows the significant “Guacamaya” breach from September 2022, involving sensitive communications related to national security.…

Cyber Attack

Threat Actor Claims to Possess 10GB of Stolen Login Credentials

March 19, 2025 DailyDarkWeb

Summary: A threat actor has advertised on a dark web forum the sale of approximately 10GB of stolen login credentials for 0. This cache reportedly includes usernames and passwords from various sectors, including government and cryptocurrency accounts, and offers a “free trial” via a Telegram bot.…

Cyber Attack

Data Breach Allegedly Hits PTS News Website, Millions of Records Claimed Stolen

March 19, 2025 DailyDarkWeb

Summary: PTS News, a Tamil-language news website, has reportedly suffered a significant data breach, with an alleged 2.37 GB of data stolen. Threat actors claimed to have leaked nearly 3.8 million lines of information on a dark web forum. If confirmed, this breach could impact the large readership relying on the platform for diverse news coverage.…

Cyber Attack

Threat Actor Claims Access to UAE Power Company’s Network

March 18, 2025 DailyDarkWeb

Summary: A threat actor on a dark web forum has claimed to be selling network access to a major power company in the UAE, boasting administrative domain access to its systems. The asking price for this access is ,000, with indications that it is negotiable, potentially targeting a company with significant revenue in the water and electric power sector.…

Youtube

There’s No Way This “Hitman for Hire” Website Is Real…Right?Darknet Diaries Ep. 156: Kill List

March 18, 2025 Youtube

Summary: The video discusses Jack Rhysider’s interview with Chris Monteiro, a cybersecurity expert who explores the dark web, particularly the hitman-for-hire site, Besa Mafia. Chris reveals the challenges and dangers of investigating such sites, including threats and real-life consequences stemming from the scams taking place. Throughout the discussion, they delve into the ethics of intervening in potentially lethal situations and the broader implications of dark web crimes.…

Threat Research

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

March 18, 2025 Reliaquest

This report discusses the ongoing exploitation of older VPN vulnerabilities, particularly CVE-2018-13379 and CVE-2022-40684, highlighting how attackers, including cybercriminal and state-sponsored groups, continue to target these flaws for credential theft and administrative control. The research indicates substantial growth in discussions around Fortinet VPN vulnerabilities on cybercriminal forums, illustrating their significance in the current threat landscape.…

Cyber Security News

Weirdest Threat Group Names: The Funny, Scary and Just Plain Weird

March 18, 2025 CybersecurityNews

Summary: The article explores the quirky and humorous names of various threat groups active in 2025, highlighting the creativity and sometimes odd choices hackers make for branding. It discusses groups utilizing themes from fantasy characters and whimsical elements, while also touching on some serious hacktivist names that reflect their political agendas.…

Tag: DARK WEB