Tea App and TeaOnHer, and Salesforce Tenant Breaches

The past few months have shown how social engineering, misconfigurations, and rushed development can lead to unfortunate outcomes for organizations, and the people who trust them with their personal data. In this Leaky Weekly recap, we break down three major stories: Tune in as host and security researcher Nick Ascoli covers these stories below at […]
PowerSchool and Snowflake Arrests (Use a Stealer Log, Go to Prison: Part 2)

Stealer logs have quietly become one of the most important drivers of cybercrime today. From ransomware to large-scale data breaches, these stolen digital records are often the first step in an attack. In part two of our Leaky Weekly (cybercrime current events podcast) mini-series: Use a Stealer Log, Go to Prison, we explore two major […]
Inside the Cybercrime Economy: How Threat Actors Operate Like Businesses

If cybercrime were a country, it would have the world’s third-largest gross domestic product (GDP). Cybercrime is worth $10.5 trillion, according to researchers, placing it just behind the U.S. and China’s economies. It’s also growing; the threat actor economy is projected to expand to $12.2 trillion by 2031. As with any economy, cybercrime has stabilized, […]
IntelBroker and Scattered Spider Arrests (Use a Stealer Log, Go to Prison: Part 1)

Stealer logs are at the center of today’s cybercrime economy. They’ve become a key enabler for ransomware, account takeovers, and corporate breaches, and law enforcement has taken notice. In part one of our Leaky Weekly cybercrime current events podcast mini-series: Use a Stealer Log, Go to Prison, we cover the importance of stealer logs in […]
Prepare for Ransomware Negotiations: What Security Teams Need to Know

Negotiators manage complex communication and pressure to minimize damage to organizations. Different ransomware groups can have different communication styles, and being aware of these can help organizations be prepared. Security teams can equip themselves for ransomware scenarios using threat intelligence on several cybercriminal groups we’ll cover here. Why Do Organizations Engage in Ransomware Negotiations? Organizations […]
5 Things to Know About Defending Against Phishing Kits (as Shown by John Hammond)

Phishing kits are credential-harvesting operations that are cleverly disguised as standard web pages from Microsoft, Instagram, PayPal, and more. They can steal information from victims, then exfiltrate it to Discord or Telegram. They are unfortunately dangerously effective and widely available, but with the right knowledge, security teams can take advantage of them as intelligence assets. […]
4 Things You Didn’t Know About Telegram Cybercrime (Until John Hammond Showed You)

Stolen credentials fuel a big portion of the cybercrime ecosystem. So how are threat actors stealing them? Infostealer malware has exploded in growth in the last few years, and they can steal information saved on computer browsers such as: Stealer logs are the results of infostealer malware taking data from computers. Threat actors buy and […]
The Fall of LockBit and the Rise of 2025 Ransomware Chaos

In mid-2025, the state of ransomware was shaped by the fall of the once-dominant presence LockBit, and the ransomware chaos that has emerged in its vacuum. “Low-effort” ransomware groups have stepped in to fill the gap in the cybercrime ecosystem. In this episode of Leaky Weekly, our cybercrime current events podcast, Tammy Harper, Senior Threat […]
From Dirty Crypto to Clean Money – The Laundering Playbook of Russophone Cybercriminals

“A thief may sleep full-fed with stolen bread, But flames will one day burn his bed.” — Saadi Shirazi, The Rose Garden (Gulistan), 1258 According to TRM Labs’ 2025 Crypto Crime Report, illicit cryptocurrency transaction volumes reached at least $45 billion in 2024. Although that staggering sum covers every corner of the digital underground, including […]
Deciphering Black Basta’s Infrastructure from the Chat Leak

This article has originally appeared on Cybercrime Diaries On February 20, 2025, the cybersecurity community received an unexpected stroke of luck as internal strife seemingly spread within the infamous Black Basta ransomware group. On that day, an unknown individual using the alias ExploitWhispers released a file on Telegram, allegedly containing the group’s internal chat logs. […]