🚨 Threat actor is auctioning WordPress admin + shell access to a US-based online shop, allegedly processing payments via Braintree and Authorize.Net. 📌 United States 🇺🇸 ▪️ Platform: WordPress ▪️ Type: Initial Access ▪️ Threat Actor: Reve ▪️ Samples: Yes Claims include: ▪️ WP admin + shell access ▪️ Braintree iframe + Authorize.Net native form ▪️ Claimed average order value: ~$926 Claimed order volume: ▪️October: 363 orders ▪️December: 350+ orders (Braintree: 230 • Authorize.Net: 63 • PayPal: 40) ▪️ Seller claims ~95% unique orders Auction details: ▪️ Start: $2,500 • Step: $500 • Blitz: $4,000

🚨 PLAY Ransomware Claims 3 Victims 🇺🇸 Mill Brothers 🇺🇸 Due Doyle Fanning 🇩🇪 Autohaus Pichel GmbH

dwipe: A tool to wipe disks and partitions for Linux to help secure your data. dwipe aims to reduce mistakes by providing ample information about your devices during selection. GitHub:

GitHub

GitHub - joedefen/dwipe: Tool to securely and efficiently wipe devices and partiitions for Linux

Tool to securely and efficiently wipe devices and partiitions for Linux - joedefen/dwipe

🚨 Threat actor is auctioning WordPress admin + shell access to a US-based online shop, with an alleged Stripe payment iframe in place. 📌 United States 🇺🇸 ▪️ Platform: WordPress ▪️ Type: Initial Access ▪️ Threat Actor: Reve ▪️ Samples: Yes Claims include: ▪️ WP admin + shell access ▪️ Stripe payment iframe Claimed order volume: ▪️October: 61 orders ▪️November: 93 orders ▪️December: 91 orders Auction details: ▪️ Start: $500 • Step: $100 • Blitz: $800

🚨 Emurasoft is warning users that the Japanese version of the EmEditor website was compromised between December 31, 2025, and January 2, 2026, during which time the download link for the latest EmEditor installer (emed64_25.4.4.msi) was modified by a third party. As a result, visitors may have inadvertently downloaded a malware-containing, unsigned installer instead of the legitimate file. The malicious installer, which was signed by an unrelated entity and not created by Emurasoft, has since been removed. The company states that only the Japanese site was affected and that other language sites were not impacted. Emurasoft also provides guidance on how users can verify whether they downloaded the compromised file using digital signatures and SHA-256 hashes, outlines which download methods were not affected (such as auto-update, portable and store versions, and winget), and urges potentially impacted users to verify and appropriately handle any downloaded installers.

X (formerly Twitter)

EmEditor (@Emurasoft) on X

【重要】EmEditor ホームページに関する不正リンク（マルウェア）について 誠に遺憾ながら、再度インシデン�...

🚨 Threat actor claims to have leaked a database allegedly belonging to toppols.ru, a Russian flooring and construction information website. 📌 Russia 🇷🇺 ▪️Industry: Construction / Flooring ▪️Type: Data Leak ▪️Threat Actor: daghetiaw ▪️Samples: Yes Alleged data includes: ▪️User and company details ▪️Contact information (emails, phone numbers) ▪️Order and product-related records ▪️Data size: ~203MB ▪️Records: ~1,131,850 lines ▪️Users claimed: ~115,622 ▪️Format: SQL

🚨 Threat actor claims to be sharing ~17GB of audio-visual education content allegedly from EMC, a French private higher-education institution. 📌 France 🇫🇷 ▪️ Organization: EMC ▪️ Industry: Higher Education ▪️ Type: Data Leak / Intellectual Property ▪️ Threat Actor: HexDex2 Content allegedly includes: ▪️ Audio-visual training materials ▪️ 3D animation & motion design resources ▪️ PDFs, project files, course documents ▪️ Multi-year BTS program materials Seller claims a “cost value” of ~€20,000. Samples and file tree shared.

🚨 Threat actor is advertising a new “Brutus” brute-force tool allegedly targeting Fortinet (FORTI) services ▪️ Threat Actor: RedTeam ▪️ Price: $1,500 Advertised features include: ▪️ SSH/RDP/VNC/Shell targeting ▪️ Built-in scanner ▪️ SOCKS/HTTP proxy support + rotating proxies ▪️ Cross-platform (written in Go) ▪️ Credential combo loading (url:login:pass, ip.txt, login.txt, pass.txt) ▪️ On-the-fly combo generation

🚨 Threat actor claims to have leaked data from zakupki.gov.ru, Russia’s official public procurement portal, and is offering the dataset for download. 📌 Russia 🇷🇺 ▪️ Type: Database Leak ▪️ Threat Actor: lulzintel ▪️ Records claimed: ~300,000 organizations Compromised data allegedly includes: ▪️ Organization names ▪️ Email addresses ▪️ Phone numbers ▪️ Physical addresses ▪️ Procurement-related records