On February 6, 2025, the threat actor “emirking” posted on BreachForums they allegedly have access to “over 20 million account access codes in OpenAI.” The actor offered to BreachForums’ users to reach out to him if they are “interested”, possibly intending to sell these accounts. It is worth noting that the post is written in […] The post No, OpenAI Wasn’t Breached—The Real Threat Comes from Infostealers appeared first on KELA Cyber Threat Intelligence.| KELA Cyber Threat Intelligence
“Get stronger without any physical effort.” No, unfortunately we’re not talking about that new year’s weight-lifting resolution you scribbled on a napkin — we’re focused on your cybersecurity posture. It might sound too good to be true, but there’s one way to strengthen your cybersecurity without adding headcount to the SOC team or finding more […] The post Work Smarter in 2025: 7 Benefits of Automating CTI into SOC Activities appeared first on KELA Cyber Threat Intelligence.| KELA Cyber Threat Intelligence
Don’t feel like reading? Listen to the BlogCast instead >>NOTE: this Blogcast was lovingly crafted using AI tools (though not DeepSeek, in case you were wondering). While they try their best to sound polished and informed, they may occasionally stumble over pronunciation, conjure up a random “fact,” or take some creAItive liberties. Think of them as […] The post Alibaba’s Qwen 2.5-VL Model is Also Vulnerable to Prompt Attacks appeared first on KELA Cyber Threat Intelligence.| KELA Cyber Threat Intelligence
In January 2025, a new alleged ransomware group named GDLockerSec emerged, sharing details of a few victims on their website. Interestingly, the group made the bold claim of targeting a high-value entity, Amazon’s AWS. KELA has investigated this assertion. Who is GDLockerSec? Emerging...| kelacyber
KELA's mission is to provide 100% actionable intelligence on threats emerging from the cybercrime underground to support cybercrime prevention.| KELA Cyber Threat Intelligence
Navigate the complex cyber threat landscape with our resources. Get actionable intelligence, proactive strategies, and expert insights to reduce your risk.| kelacyber
KELA explores a possible link between the Belsen Group and ZeroSevenGroup, two cybercriminal entities with ties to Yemen. The Belsen Group surfaced in January 2025, leaking Fortinet data and selling network access, while ZeroSevenGroup had been active earlier, breaching companies and monetizing stolen data. Notably, both groups share similarities in writing style and post formatting. […] The post Could The Belsen Group Be Associated With ZeroSevenGroup? appeared first on KELA Cyber Threat I...| KELA Cyber Threat Intelligence
Discover the latest findings on Black Basta leak's victim details and their ransomware strategies based on KELA's analysis.| kelacyber
Pavel Durov, the founder and CEO of Telegram, was arrested in Paris on August 25, 2024 on charges related to his platform allegedly being used for illegal activities. Three days later, he was indicted and released on bail, with six charges related to illicit activity on Telegram.| kelacyber
A major leak has exposed the inner workings of Black Basta, one of the most active כransomware groups, offering a rare glimpse into how these cybercriminals infiltrate and exploit their victims. KELA conducted an in-depth analysis of the leaked data, uncovering key tactics and operational details used by the group. KELA’s latest report breaks down […] The post Inside the Black Basta Leak: How Ransomware Operators Gain Access appeared first on KELA Cyber Threat Intelligence.| KELA Cyber Threat Intelligence
2024 was a defining year for cybercrime. Infostealers fueled credential leaks at an unprecedented scale, ransomware gangs shifted their tactics, and AI-powered threats emerged as a new battleground. As cybercriminals evolved, so did their methods—blurring the lines between financially motivated attacks, hacktivist operations, and state-sponsored campaigns. KELA’s newly released report, The State of Cybercrime 2024, […] The post The State of Cybercrime 2024: Key Threats & What’s Coming...| KELA Cyber Threat Intelligence
Recently, a new ransomware group, dubbed Anubis, emerged. KELA has observed representatives of Anubis on both RAMP (using the moniker ‘superSonic’) and XSS (using the moniker ‘Anubis__media’). Read more in our blog.| KELA Cyber Threat Intelligence
Discover how Telegram's 'clouds of logs' are reshaping cybercrime, offering easy access to compromised credentials for ransomware and phishing attacks.| kelacyber
Analysis of Related Threat Actors: DarkRaaS and CornDB In October and November 2024, two notable threat actors, DarkRaaS and CornDB, emerged on BreachForums, displaying striking similarities in their operations, targets, and methodologies. This analysis examines the activities of...| kelacyber
Discover the security flaws in DeepSeek R1, a Chinese AI model with advanced reasoning capabilities. KELA's analysis reveals vulnerabilities, outdated safeguards, and privacy risks, emphasizing the need for robust testing in generative AI applications.| kelacyber
