The Underground’s Favorite Messenger: Telegram’s Reign Continues

The data and visualizations presented on this webpage are based on information collected from January 2024 to January 2025. These graphs are static and do not reflect real-time updates or recent developments. Any trends, insights, or conclusions should be interpreted with this timeframe in mind. Executive Summary Telegram remains the dominant messaging platform in the […]

MOVEit Repackaged and Recycled

The largest repackage and re-post of an old leak In November 2024, a hacker known as “Nam3L3ss” allegedly released previously undisclosed data from the MOVEit breach in May 2023. This leak consisted of millions of records, including sensitive employee and big brand corporate information, significantly escalating the breach’s impact. Digging into this story reveals that […]

Infostealer Malware: An Introduction

This article was updated on June 26, 2025 with updated information Stolen credentials are big business among cybercriminals. According to Verizon’s latest Data Breach Investigation Report (DBIR), credentials were involved in 88% of basic web application attack breaches, making them the most common initial attack vector — and sometimes, the only vector used in an […]

Launching Leaky Weekly with Flare, Cybercrime Current Events Podcast

There’s so much to keep up with in the world of cybercrime…especially for security practitioners. Leaky Weekly is a cybercrime current events podcast hosted by security researcher Nick Ascoli as he dives into the most pressing stories on data leaks, cybercrime, and the dark web in the last week or so. On this episode of […]

Ransomware in Context: 2024, A Year of Tumultuous Change

Gradient blue background. There is a light orange oval with the white text "BLOG" inside of it. Below it there's white text: "Ransomware in Context: 2024, A Year of Tumultuous Change" with a light orange arrow pointing down.

2024 has started off dramatic shifts in the ransomware landscape. In December of 2023 international law enforcement took down the BlackCat leaks site, leading to the group removing all ethical restrictions for their affiliates and declaring all organizations in Western Europe and the United States viable targets to include nuclear power plants and childrens hospitals. […]

LockBit’s Conversation on XSS Forum with an Initial Access Broker

Gradient blue background. There is a light orange oval with the white text "BLOG" inside of it. Below it there's white text: "LockBit's Conversation on XSS Forum with an Initial Access Broker" with a light orange arrow pointing down.

In February of 2024, admins of the Russian hacking forum XSS banned the primary LockBit account active on the forum. The ban was the result of a dispute between LockBit, and an initial access broker operating under the username “aa.”  The following is a conversation between AA and LockBit, posted on XSS as aa sought […]