Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Originally Published May 15th 2024 Updated April 29th 2025 On May 15, 2024, the FBI and DOJ, working alongside international partners like the NCA and New Zealand Police, took control of one of the major dark web forums, BreachForums. This action came shortly after a significant data leak from the Europol portal surfaced on the forum. The site was then relaunched by ShinyHunters, but now appears to be offline again. Several copies/potential successors have emerged. See our analysis below.

Safepay is a newcomer to the ransomware landscape. Since its first published attack in October 2024, the group has attacked over 50 organizations worldwide. SafePay maintains a dark web blog and a presence on the TON network for victim communications. The group employs the increasingly common double extortion model, combining data encryption with the theft of sensitive information to pressure victims into payment.

Your organization’s attack surface extends far beyond your direct control. Exposed cloud assets, vulnerable APIs, and the security posture of your third-party vendors all introduce significant risks. Understanding and managing this external exposure is paramount. Effective External Risk Management (ERM) provides the critical visibility and intelligence needed to proactively address these threats.

Initial Access Brokers (IABs) are threat actors who infiltrate networks, systems, or organizations and sell this unauthorized access to other malicious actors. Instead of executing the entire cyber attack, IABs focus on the initial breach and monetize it by selling access to compromised systems. They assist ransomware operations, particularly RaaS schemes, by streamlining attacks and reducing workload at the start.