Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

One of the most pressing cyber threats businesses face today is the rampant rise in leaked credentials. Data from Cyberint, a Check Point company, reveals a staggering 160% increase in leaked credentials so far in 2025 compared to 2024. This isn’t just a statistic; it’s a direct threat to your organization’s security.

On July 23rd the notorious Russian-language hacking forum XSS.is was seized by French law enforcement agencies. Interestingly, just a few hours before the takedown, Cyberint, now a Check Point Company researchers were informed by “Loki,” a well-known moderator on BreachForums, that one of XSS’s admins had allegedly been arrested by the French. This follows a series of actions by French authorities, who have arrested BreachForums admins over the past few months.

Emerging between late 2022 and the beginning of 2023, Cloak Ransomware is a new ransomware group. Despite its activities, the origins and organizational structure of the group remain unknown. According to data from the group’s DLS (data leak site), Cloak has accessed 23 databases of small-medium businesses, selling 21 of them so far. Out of these, 21 victims paid the ransom and had their data deleted, 1 declined and 1 is still in negotiations, indicating a high payment rate of 91-96%.

Qilin operates as an affiliate program for Ransomware-as-a-Service, employing a Rust-based ransomware to target victims. Qilin ransomware attacks are often tailored for each victim to maximize their impact, utilizing tactics like altering filename extensions of encrypted files and terminating specific processes and services.

TEAM FEARLESS is a hacktivist group active in various cyber operations. Their activities are motivated by political and ideological beliefs, primarily in support of Palestine, and they have notably targeted organizations and government entities associated with Israel. The group primarily conducts Distributed Denial of Service (DDoS) attacks and has claimed responsibility for disrupting services of various organizations.

Cyber security is now a major focus for organizations of all sizes and across all industries. Despite the increased attention on cyber—and corresponding boost in budgets—many organizations still struggle to effectively measure and report on their cyber program. This challenge has broader implications, as justifying your budget and headcount is much more difficult if you can’t clearly show results and success to the board.

DarkComet is a notorious Remote Access Trojan (RAT) malware employed in targeted attacks. It enables attackers to gain remote control over a victim’s computer, extract sensitive data, and conduct various malicious activities, including installing additional harmful software and creating botnets for spam distribution.

These days, the most worrisome phishing threats against businesses often don’t arrive via email. Instead, threat actors are increasingly turning to phishing variations in the form of vishing and smishing—techniques that use alternative communication channels to deliver messages designed to elicit or outright steal sensitive information from employees or customers. These attacks often leverage social engineering, malicious links, and other tactics.

Original Article published Decmber 2023. Update May 22nd 2025: The FBI has seized user panels and other Lumma C2 infrastructure. As of now, we don’t see the Lumma info-stealer disappearing from the arena. Our team is on guard to check and analyze the changes. This case shares similarities with the so called seizure of infrastructure of RedLine and Metta info stealers in October 2024 by the FBI, DOJ, Dutch authorities, etc.

The bigger your business, often the larger the size of the attack surface you need to secure. That’s why multi-national enterprises typically face a different set of cyber security priorities than SMBs. Here’s another, less often discussed factor that can complicate security and risk management: Whether your company is a multiple entity or a single entity.