Cyjax operates within the dark web and ‘hidden service’ spaces to ensure a rich and current intelligence picture for its clients, enabling them to understand the changing threat landscape and prepare for incoming attacks and mitigate existing ones. Predicting an attack can be difficult, but fun!

This report will provide an overview of the various extortion groups, hacktivists, and initial access brokers (IABs) targeting the Middle East throughout 2024 and highlight the relevant observed trends. Specifically, this report will look at incidents affecting Egypt, Iran, Iraq, Saudi Arabia, Yemen, Syria, Jordan, United Arab Emirates, Israel, Lebanon, Oman, Kuwait, Qatar, and Bahrain.

Following the emergence of data-leak sites (DLSs) for extortion group’s Morpheus and GD LockerSec in January 2025, Cyjax has discovered a DLS which claims that the infamous Babuk ransomware group has returned. Read on to find out what we know so far.

Ransomware is one of the most prominent cybersecurity threats today, often spreading via phishing emails, malicious links, infected attachments, or exploiting software vulnerabilities. It is a type of malware designed to block access to files, data, or entire systems until a ransom is paid, usually in cryptocurrency. Beyond the financial impact, ransomware causes operational disruption and long-term reputational damage. The frequency and scale of ransomware attacks have surged in recent years.

Following the emergence of data-leak sites (DLSs) for extortion group Morpheus earlier this year, Cyjax has discovered a DLS for a new extortion outfit going by the name GD LockerSec. Read on to find out what we know so far.

The threat landscape is evolving at an unprecedented rate, with organisations facing increasingly complex and malicious cyber threats. As cyber-attacks grow in frequency and sophistication, Cyber Threat Intelligence (CTI) has emerged as a critical focus for many organisations striving to counter these rising challenges effectively.

The global threat intelligence market size was valued at USD 5.80 billion in 2024. The market is projected to grow from USD 6.87 billion in 2025 to USD 24.05 billion by 2032, exhibiting a CAGR of 19.6% during the forecast period. This tremendous growth translates into an increase in both the supply and demand for skilled professionals in threat intelligence.

Defenders often discuss security vulnerabilities on GitHub, Stack overflow, X (formerly Twitter), and other platforms to share knowledge of these threats and ensure users know when patches are available. Cybercriminals have a similar process, choosing to share vulnerability news, exploit code, and engage in technical discussions on cybercriminal forums. However, in contrast to defenders, these threat actors share this knowledge for the purpose finding unpatched systems and exploiting them.

On 13 March 2024, the US House of Representatives approved a bill which demands that the China-based ByteDance divests the popular social media platform TikTok, effectively banning it in the country. The measure was passed with a 352 to 65 vote after being introduced on 5 March 2024 by Republican Mike Gallagher and Democrat Raja Krishnamoorthi.

As 2025 progresses into its second week, it has not taken long for a new data-leak site (DLS) for an extortion group to emerge. December 2024 saw the emergence of LeakedData, FunkSec, and Bluebox. This week, the new group goes by the name Morpheus. Read on to find out what Cyjax knows about this new entrant into the extortion scene so far.