Prepare for Ransomware Negotiations: What Security Teams Need to Know

Negotiators manage complex communication and pressure to minimize damage to organizations. Different ransomware groups can have different communication styles, and being aware of these can help organizations be prepared. Security teams can equip themselves for ransomware scenarios using threat intelligence on several cybercriminal groups we’ll cover here. Why Do Organizations Engage in Ransomware Negotiations? Organizations […]
5 Things to Know About Defending Against Phishing Kits (as Shown by John Hammond)

Phishing kits are credential-harvesting operations that are cleverly disguised as standard web pages from Microsoft, Instagram, PayPal, and more. They can steal information from victims, then exfiltrate it to Discord or Telegram. They are unfortunately dangerously effective and widely available, but with the right knowledge, security teams can take advantage of them as intelligence assets. […]
4 Things You Didn’t Know About Telegram Cybercrime (Until John Hammond Showed You)

Stolen credentials fuel a big portion of the cybercrime ecosystem. So how are threat actors stealing them? Infostealer malware has exploded in growth in the last few years, and they can steal information saved on computer browsers such as: Stealer logs are the results of infostealer malware taking data from computers. Threat actors buy and […]
The Fall of LockBit and the Rise of 2025 Ransomware Chaos

In mid-2025, the state of ransomware was shaped by the fall of the once-dominant presence LockBit, and the ransomware chaos that has emerged in its vacuum. “Low-effort” ransomware groups have stepped in to fill the gap in the cybercrime ecosystem. In this episode of Leaky Weekly, our cybercrime current events podcast, Tammy Harper, Senior Threat […]
From Dirty Crypto to Clean Money – The Laundering Playbook of Russophone Cybercriminals

“A thief may sleep full-fed with stolen bread, But flames will one day burn his bed.” — Saadi Shirazi, The Rose Garden (Gulistan), 1258 According to TRM Labs’ 2025 Crypto Crime Report, illicit cryptocurrency transaction volumes reached at least $45 billion in 2024. Although that staggering sum covers every corner of the digital underground, including […]
Deciphering Black Basta’s Infrastructure from the Chat Leak

This article has originally appeared on Cybercrime Diaries On February 20, 2025, the cybersecurity community received an unexpected stroke of luck as internal strife seemingly spread within the infamous Black Basta ransomware group. On that day, an unknown individual using the alias ExploitWhispers released a file on Telegram, allegedly containing the group’s internal chat logs. […]
PowerSchool Hack; Takedowns and Arrests and Leaks, Oh My!; and ITRC Breach Report Findings

There’s been quite a few hacks, takedowns-arrests-leaks, and insights from the Identity Theft Resource Center (ITRC) 2024 Breach Report. Dive into the most pressing recent stories on data leaks, cybercrime, and the dark web with security researcher Nick Ascoli on the podcast Leaky Weekly. On this episode of Leaky Weekly, Nick covers: Tune in for […]
The Underground’s Favorite Messenger: Telegram’s Reign Continues

The data and visualizations presented on this webpage are based on information collected from January 2024 to January 2025. These graphs are static and do not reflect real-time updates or recent developments. Any trends, insights, or conclusions should be interpreted with this timeframe in mind. Executive Summary Telegram remains the dominant messaging platform in the […]
MOVEit Repackaged and Recycled

The largest repackage and re-post of an old leak In November 2024, a hacker known as “Nam3L3ss” allegedly released previously undisclosed data from the MOVEit breach in May 2023. This leak consisted of millions of records, including sensitive employee and big brand corporate information, significantly escalating the breach’s impact. Digging into this story reveals that […]
Infostealer Malware: An Introduction

This article was updated on June 26, 2025 with updated information Stolen credentials are big business among cybercriminals. According to Verizon’s latest Data Breach Investigation Report (DBIR), credentials were involved in 88% of basic web application attack breaches, making them the most common initial attack vector — and sometimes, the only vector used in an […]