Ransomware Attack Update - February 4th, 2026

Ransomware Attack Update - February 4th, 2026

‼️ The IOC darkforums[.]io domain has been suspended. The new IOC domain is darkforums[.]me

‼️A known initial access broker is selling firewall and network admin panel access to three government entities: 🇹🇭 Thailand Government-Owned Visa Program: Root RCE + shell access on a Linux firewall, priced at $300. 🇵🇸 Palestinian Government Agency (Foreign Aid Portal): Same level of access on a Linux firewall, priced at $400. 🇮🇩 Indonesian Government Land Authority: Root RCE + shell + network admin panel on a Linux firewall, priced at $300.

‼️CVE-2026-25049: N8n AI Workflow Remote Code Execution "This vulnerability allows an attacker to execute arbitrary system commands through misconfigured or insecure AI workflow execution paths. When chained correctly, it can lead to full server compromise depending on deployment configuration." Video Credit: youtube.com/@SecureLayer7

‼️🇷🇸 A data set for GiftOnCard, a Serbia-based gift card platform, is being sold with the seller claiming to still have active access. The leak includes 152,000 web user records with passwords, 130,000 card registration entries, and 2.7 million gift card records containing detailed cardholder PII, transaction data, and loyalty program information.

‼️ PLAY Ransomware claims 3 victims 🇺🇸 Woodfield 🇺🇸 CBH Homes 🇺🇸 ISTS

‼️ 139 TB of data? No shot.

TLDFinder: A streamlined tool for discovering private TLDs for security research. GitHub:

GitHub

GitHub - projectdiscovery/tldfinder: A streamlined tool for discovering private TLDs for security research.

A streamlined tool for discovering private TLDs for security research. - projectdiscovery/tldfinder

▪️TLD based DNS lookups (Passive) ▪️TLD based DNS lookups (Active) ▪️STD IN/OUT and TXT/JSON output

‼️ A large collection of email-only crypto databases is being offered for sale, covering U.S. and mixed geographies from 2021–2026. The actor is providing a list of available databases and samples, with purchases handled via Telegram on a per-database basis.

‼️🇫🇷 Two French educational institutions allegedly breached... Lycée Notre-Dame des Dunes and Lycée Saint-Charles. The data has been posted freely for download. The group also claims to hold 7 TB of unreleased databases from across the French sector, totaling 378 million records, and is threatening further leaks.