sueden.social ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst.
Eine Community für alle, die sich dem Süden hingezogen fühlen. Wir können alles außer Hochdeutsch.

Serverstatistik:

1,9 Tsd.
aktive Profile

#DarkWeb

2 Beiträge2 Beteiligte1 Beitrag heute

Update:

Doesn't appear to be a breach, but, ya know, it's still good security practice to change your password and use 2FA anyway.

Original:

Two-factor your accounts, too, if you haven't!

You should probably change your Steam password: data from over 89 million Steam users is reportedly on the dark web following a vendor breach

vg247.com/steam-vendor-data-br

#Steam#Valve#DataBreach

Mapping China’s Fentanyl Supply Chain to the U.S.

This 16-page OSINT report exposes real vendors, domestic Chinese platforms, and digital trafficking infrastructure — far beyond what Google can see.
We dug into the real China’s internal ecosystem — domains, seller communications, logistics tactics — and mapped how fentanyl flows toward the U.S.

📄 Read the full report here:
🔗 epcyber.com/blog/f/mapping-chi

#Fentanyl#ChinaIntel#OSINT

🚨 AI, Automation, and the Dark Web Are Supercharging Cybercrime 🚨

The future of cyberattacks isn’t coming.
It’s already here — faster, smarter, and more dangerous than ever.

- FortiGuard Labs' 2025 Global Threat Report reveals a massive leap in attack speed and sophistication.
- Attackers now automate reconnaissance, weaponize vulnerabilities faster, and scale operations like never before.
- AI tools like FraudGPT, WormGPT, and BlackmailerV3 are making it easy for anyone to launch targeted attacks.

Here’s how the threat landscape is evolving:
- Automated scanners now launch 36,000 vulnerability scans per second.
- AI-generated phishing, deepfakes, and identity theft campaigns are exploding.
- Dark Web marketplaces are booming — with 42% more stolen credentials for sale year-over-year.
- Initial Access Brokers (IABs) are selling direct entry into corporate networks, VPNs, and admin panels.

No one is safe — and attackers no longer need technical skills.
A few clicks, a few dollars, and you have the tools to breach global enterprises.

Especially at risk:
- Manufacturing (attacks up 17%)
- Business Services (up 11%)
- Retail and Construction (up 9% each)

Defense strategies must evolve too:
- Think like an attacker — not just a defender.
- Emulate real-world adversaries through red and purple teaming.
- Prioritize rapid patch management and automate threat detection at scale.

In 2025, standing still is losing.
Security teams need to outpace — or be outplayed.

Have you ever walked into a supermarket, pharmacy, or department store looking to buy a specific item, only to find the layout confusing? Perhaps you ended up aimlessly strolling around, purchasing other items? This is deliberate, and known as the Gruen Transfer. The 'Transfer' part is the moment that you, as a consumer surrounded by a deliberately confusing layout, lose track of your original intentions.
We've all experienced it, and now it's starting to consume the internet. #Internet #GruenTransfer #DarkWeb #WWW #Enshitification

sebs.website/blog/the%20gruen-

sebs.websiteThe Gruen Transfer is consuming the internet<p>The Gruen Transfer is taking over social media. What is it and how can we avoid it?</p>

I had the pleasure of presenting at #FIRSTCTI25 in Berlin:

"The Art of Pivoting – How You Can Discover More from Adversaries with Existing Information."

The talk explored how unconventional indicators, like cookie names, QR codes, HTTP headers (HHHash), DOM structures, and reused Google Analytics IDs, can reveal surprising links across threat actor infrastructure and behavior.

We also shared real-world insights from our crawling and analysis with AIL, including:

  • How “weak” indicators can gain strength through composite correlation
  • Unexpected metadata reuse across Tor services and social platforms
  • How AIL enables more creative and effective pivoting workflows

🔗 Slides ail-project.org/assets/img/sli

#threatintel #threatintelligence #cti #opensource #cybersecurity #darkweb

@misp @ail_project @circl

Thanks to @terrtia for the crazy discussions around correlations!

⚠️ Major AI data breach: DeepSeek leaks 1M+ records to the Dark Web 🧠💥

China-based AI startup DeepSeek just exposed a staggering volume of sensitive data:
💬 1M+ chat logs
🔐 API keys, backend metadata
📡 Unencrypted traffic via iOS app (ATS disabled)
🔓 Open ClickHouse database with full control

This wasn’t just a lapse — it was a floodgate.

🛡️ AI companies (and anyone integrating LLMs) must:
🔍 Audit storage configs
🔐 Enforce secure transport policies
📊 Monitor for unintentional data exposure

The future of AI relies on building trust. That starts with securing it.

#AI #CyberSecurity #DataBreach #DarkWeb #InfoSec
darkreading.com/cyberattacks-d

🕵️ Prodaft is taking an aggressive new approach to threat intelligence:
They’re buying access to major dark web forums — including admin and moderator accounts — in exchange for cryptocurrency.

Here’s what they’re offering:
💸 Crypto payments, no questions asked
🔐 Full anonymity for sellers
📊 Access to five top-tier forums
🎯 Prioritized payouts for higher access levels

The move aims to give security teams unprecedented visibility into cybercriminal operations — but it also pushes ethical and operational boundaries.

Would your team use intel gathered this way?

#Cybersecurity #ThreatIntel #DarkWeb #InfoSec #Ethics

darkreading.com/threat-intelli

🩷 “Don’t do crime, CRIME IS BAD xoxo from Prague” — the Everest ransomware gang’s leak site was hacked and defaced this weekend.

techcrunch.com/2025/04/07/some

Funny? Sure. But here’s the dark side:

When ransomware gangs get hacked, victim data often ends up even more exposed—spreading further across the dark web, forums, and private channels.

Hackers hacking hackers isn’t justice. It’s just collateral damage for victims.

TechCrunch · Someone hacked ransomware gang Everest’s leak site | TechCrunch"Don't do crime," the ransomware gang's dark web leak site reads.