Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Effective ‘dark web monitoring’ is essential for modern businesses. This intelligence practice goes beyond traditional dark web forums, actively scanning the deep web, open web, and social media platforms. It uncovers threats and risks wherever cyber criminals operate – from hidden marketplaces to public social channels – providing crucial visibility into your external threat landscape.

Organizations are increasingly recognizing that threats can emerge from various external-facing assets, including web applications, cloud infrastructure, APIs, and even shadow IT. This necessitates a robust Attack Surface Management (ASM) strategy, supported by specialized software solutions.

Originally Published May 15th 2024 Updated April 29th 2025 On May 15, 2024, the FBI and DOJ, working alongside international partners like the NCA and New Zealand Police, took control of one of the major dark web forums, BreachForums. This action came shortly after a significant data leak from the Europol portal surfaced on the forum. The site was then relaunched by ShinyHunters, but now appears to be offline again. Several copies/potential successors have emerged. See our analysis below.

Safepay is a newcomer to the ransomware landscape. Since its first published attack in October 2024, the group has attacked over 50 organizations worldwide. SafePay maintains a dark web blog and a presence on the TON network for victim communications. The group employs the increasingly common double extortion model, combining data encryption with the theft of sensitive information to pressure victims into payment.

Your organization’s attack surface extends far beyond your direct control. Exposed cloud assets, vulnerable APIs, and the security posture of your third-party vendors all introduce significant risks. Understanding and managing this external exposure is paramount. Effective External Risk Management (ERM) provides the critical visibility and intelligence needed to proactively address these threats.

Initial Access Brokers (IABs) are threat actors who infiltrate networks, systems, or organizations and sell this unauthorized access to other malicious actors. Instead of executing the entire cyber attack, IABs focus on the initial breach and monetize it by selling access to compromised systems. They assist ransomware operations, particularly RaaS schemes, by streamlining attacks and reducing workload at the start.

Lookalike domains – meaning domains where threat actors host content designed to impersonate your business or brand – can be gravely harmful. “Look-alikes prey on users’ inattention to verifying legitimate websites, and sometimes rely on human mistakes, such as entering a typo in a URL, to capture victims,” as Dark Reading notes. The good news, however, is that lookalike domains can take some time to roll out fully.

Managed Security Service Providers (MSSPs) are increasingly frustrated with their External Risk solutions, and for good reason. The tools they rely on are often not designed with their unique needs in mind, leading to stagnation rather than growth.

As we head into the third month of 2025, many Managed Security Service Providers (MSSPs) are looking for effective strategies to boost their revenue. Here are three actionable ways to achieve this goal.

The RansomHub ransomware group has emerged as a significant player in the ransomware landscape, making bold claims and substantiating them with data leaks. The group emerged after the Federal Bureau of Investigation (FBI) disrupted ALPHV’s ransomware operation on December 19, 2023. There are assumptions that RansomHub is a “spiritual successor” of the ALPHV group and operates with the help of former ALPHV affiliates.