🎁 Another unexpected gift for the threat intelligence community. In March 2025, the VanHelsing ransomware group first emerged. Now, in a surprising turn of events, the group’s administrator has leaked the entire source code on the RAMP forum. The leak includes Tor keys,

We're excited to be exhibiting at Infosecurity Europe. Visit us at Booth #E25 ! We're also hosting a TLP:RED briefing room featuring a live feed from threat actors' infrastructure. If you're interested, please email us to book a slot. Availability is limited and filling up fast

Ready for Day 2 of Infosecurity Europe! Visit us at stand #E25. We've got great coffee and plenty of researchers eager to discuss our latest innovations. #InfosecurityEurope #PRODAFT #E25

🚨 Threat actors are actively exploiting Fortigate vulnerabilities (CVE-2024-21762, CVE-2024-55591, and others) to deploy Qilin ransomware. The attack is fully automated, with only victim selection done manually. Details in our flash alert on CATALYST: catalyst.prodaft.com/public/report/…

bloomberg.com/news/features/… “Kuprina hacked not only the SEC but also Citigroup, Nasdaq, Dow Jones, and even NASA.” When the SEC’s vaunted #EDGAR system was breached—opening a direct line to market-moving secrets—it wasn’t just a cyber incident. It was a wake-up call. I exposed a

🕵️Wanted: Dark Web Whistleblowers Explore how mindset, manipulation, and strategy are reshaping the fight against cybercrime: 🔗 forbes.com/councils/forbe…

Attackers recently exploited FortiGate to deploy Qilin ransomware, one of the most active campaigns. Patching fixes vulnerabilities but not stolen data. BLINDSPOT 🔍 contains stolen data from this and many other campaigns. See what attackers know 👉 blindspot.prodaft.com/welcome

💸 From dirty crypto to clean money: how Russophone cybercriminals launder illicit crypto profits? Fake inheritances, shady casinos, fake businesses, and shell companies. The real bottleneck? Legalization. 🔗 Link in comments #CTI #CryptoLaundering #DarkWeb

📌 In case you missed it: we exposed how the ransomware enterprise operates 💻💣. They're still active, with new ransomware variants but old habits 🔄. TTPs are hard to change. Stay ahead & read the full report 👉 catalyst.prodaft.com/public/report/… #threatintel #malware #IOC

🔥 RussianMarket is OPEN for business… and we have a front-row seat. This notorious marketplace active since 2014 and run by LARVA-456 (aka Professor) fuels cybercrime with stolen data. We’ve mapped the inner workings, tracking the sellers, buyers & data flows in order to

Hunters International discontinues its operations and releases a free decryption for affected companies.

🇷🇺 Russian-speaking threat group Hopeful Mantis, managing by LARVA-200 (farnetwork/efwnet), is now operating Sinobi ransomware, alongside INC Ransom & Lynx, following their previous operation of Nokoyawa. It’s crucial to understand the connections. #threatintel #ransomware

➡️ Fresh IOCs on Matanbuchus 3.0: github.com/prodaft/malwar… #malware #threatintel #IOC

🚨 LARVA-208 is back! Now targeting Web3 developers via fake AI platforms with job offers & portfolio reviews. Malware disguised as a Realtek HD Audio Driver is deployed during interviews. 📄 Read the full report: catalyst.prodaft.com/public/report/… 🔍 IOCs: github.com/prodaft/malwar…

🚨 Suspected admin of xss.is, a top Russian-speaking cybercrime forum, was arrested in Ukraine. The suspect, active for nearly 20 years, allegedly made €7M facilitating cybercrime. 🇫🇷🇺🇦🇪🇺 Operation led by France with Europol support. europol.europa.eu/media-press/ne…

Starting from Monday, we will no longer be accepting any accounts of XSS[.]is. Thank you for consistently providing accounts over the past months. We appreciate your business ! #SYSInitiative #SYS #PRODAFT #XMR

The XSS forum community is actively discussing the situation. However, it appears that moderators are removing all content where the admin (LARVA-27) is being discussed. This was confirmed in a Telegram chat by moderator LARVA-466 (Rehub). The goal is to suppress any narrative

Seriously? 🤯 Supernatural Cockroach (a.k.a. National Hazard Agency) exploiting basic default credentials on Fortinet, Palo Alto, Cisco & others…and deploying ransomware. Are we still seeing this in 2025? 📄Report (subscribed users only): catalyst.prodaft.com/public/report/…

🇮🇷 Iran-nexus espionage group Subtle Snail (UNC1549, TA455) linked to Charming Kitten is ramping up European ops, infecting telecom organizations and exfiltrating sensitive documents. They've impacted 10 organizations in the last week. Victim notification is ongoing. Do not skip

🚀 We've shared an IDA Pro decryption script for Matanbuchus 3.0, capable of decrypting ChaCha20 strings & resolving APIs/modules/syscalls using MurmurHash3. Fresh IOCs also available! 👉Check it out: github.com/prodaft/malwar… #threatintel #malware #IOC