-
Scania Insurance Files Leaked
In June 2025, Scania, a Swedish manufacturer of heavy trucks, industrial and marine engines, confirmed that they have been a subject of an cyberattack. According to the company their systems were breached on 28th May 2025, where a threat actor used leaked credentials from an infostealer infection to gain the foothold. The company has confirmed…
-
AURA Stealer
A new infostealer MaaS, named AURAStealer, was advertised on the XSS forum. Below is the machine translation of forum post. The machine translation is done by using DeepL.com. All the screenshots are taken from the XSS forum. I have skipped few screenshots of the MaaS’s panel due to them being nearly the same as other…
-
123 Stealer
A new stealer has popped up. Below is a copy-paste of the thread from the XSS forum. Machine translated with some minor edits by me. Stealer, collects browser data, cookies, passwords, file grabber, process grabber, Chrome browser extensions, crypto wallet collection, well basically default stuff like every other stealer collects. You will need your own…
-
Bee Stealer
I know, I did a boo-boo. I saw the posting of Bee Stealer (BeeStealer) on the XSS forum in the first half of May, but somehow it didn’t register in the back-end (brain), and therefore missed to include it earlier. Better late than never. Below is a copy-paste of the thread from the XSS forum.…
-
Basic analysis of Kidflix users’ passwords
On 11 March 2025, one of the biggest child sexual abuse material (CSAM) platforms, named Kidflix, was taken down in an international law enforcement effort dubbed Operation Stream. Kidflix launched in 2021 and hosted over 91,000 unique videos while it was active. The investigation into the platform started in 2022 and resulted in 79 arrests,…
-
StealC V2 – A Major Update to a Popular Infostealer
In the beginning of March 2025, user of XSS forum “plymouth” made a post in their stealer thread about the upcoming major update to the infostealer. Finally, on 30th March they posted announcement and details of the StealC V2 release. According to the user, the development of the second version took half a year, and…
-
Nightly claims to have access to Commercial Bank of Qatar
A user on a Russian-speaking forum XSS claims to have access to database of Commercial Bank of Qatar. User of the forum, who goes by name of nightly, has made a thread with minimal information about the access and hasn’t shared any (sample/full) data yet. However, given the past behaviour of the user, we can…
-
Okta Source Code Leak
A user on XSS forum, named nightly, has started a thread “Okta Source Code”, where they have shared some screenshots which allegedly depict their access. Might update this post if have time to analyse or get more info. Screenshot from XSS forum Below are screenshots shared by the user on the XSS forum:
-
Yet another stealer targeting macOS
Seems that infostealer developers are paying more and more attention to the macOS user base (or rather victim base). In the recent past, few strains of infostealer malware targeting macOS platform were found operating and there are some deeper analyses of the malware by security vendors. Recently, while browsing the infamous XSS forum, I stumbled…
-
Leak of FIFA World Cup 2018 Visitors
I haven’t kept this blog nicely updated, have I? Well, family, work, seasonal depressions, you know, usual excuses. However, recently I came across of an interesting leak, allegedly containing personal information of the visitors of the FIFA World Cup 2018, which was held in Russia. The database, posted over at BreachForums in the end of…