‼️🇪🇸 Guardia Civil Dismantled a Bank Mule Network in La Rioja Under Operation Vicentius, Spain's Guardia Civil has identified 12 suspects linked to fraud, money laundering, and unauthorized access to computer systems. The group allegedly operated fake cryptocurrency investment platforms and used remote access software to drain victims' bank accounts and take out loans in their names, causing an estimated €442,650 in total losses. Stolen funds were funneled to accounts in Denmark, Lithuania, the United Kingdom, and China. The investigation remains ongoing as authorities work to trace and recover the money. Source: Guardia Civil
‼️ .cz BreachForums was briefly defaced by what looks like a XSS vuln in XenForo. XenForo is a popular forum platform that I have seen used by a lot of actors, most of which I have identified in my Threat-Surface repo on GitHub. Credit to antisocial for sending the video. Seems the war is far from over.
Daily Dose of Dark Web Informer - February 4th, 2026
Daily Dose of Dark Web Informer - February 4th, 2026
Threat Attack Update - February 4th, 2026
Threat Attack Update - February 4th, 2026
Ransomware Attack Update - February 4th, 2026
Ransomware Attack Update - February 4th, 2026
‼️ The IOC darkforums[.]io domain has been suspended. The new IOC domain is darkforums[.]me image
‼️A known initial access broker is selling firewall and network admin panel access to three government entities: 🇹🇭 Thailand Government-Owned Visa Program: Root RCE + shell access on a Linux firewall, priced at $300. 🇵🇸 Palestinian Government Agency (Foreign Aid Portal): Same level of access on a Linux firewall, priced at $400. 🇮🇩 Indonesian Government Land Authority: Root RCE + shell + network admin panel on a Linux firewall, priced at $300.
image image image
‼️CVE-2026-25049: N8n AI Workflow Remote Code Execution "This vulnerability allows an attacker to execute arbitrary system commands through misconfigured or insecure AI workflow execution paths. When chained correctly, it can lead to full server compromise depending on deployment configuration." Video Credit: youtube.com/@SecureLayer7
‼️🇷🇸 A data set for GiftOnCard, a Serbia-based gift card platform, is being sold with the seller claiming to still have active access. The leak includes 152,000 web user records with passwords, 130,000 card registration entries, and 2.7 million gift card records containing detailed cardholder PII, transaction data, and loyalty program information. image
‼️ PLAY Ransomware claims 3 victims 🇺🇸 Woodfield 🇺🇸 CBH Homes 🇺🇸 ISTS image