惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

N
News and Events Feed by Topic
S
Security @ Cisco Blogs
S
Secure Thoughts
Attack and Defense Labs
Attack and Defense Labs
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Hacker News - Newest:
Hacker News - Newest: "LLM"
Recent Commits to openclaw:main
Recent Commits to openclaw:main
H
Hacker News: Front Page
博客园 - 叶小钗
H
Heimdal Security Blog
Microsoft Security Blog
Microsoft Security Blog
Forbes - Security
Forbes - Security
AI
AI
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
T
Troy Hunt's Blog
罗磊的独立博客
Application and Cybersecurity Blog
Application and Cybersecurity Blog
爱范儿
爱范儿
GbyAI
GbyAI
The Last Watchdog
The Last Watchdog
TaoSecurity Blog
TaoSecurity Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
D
DataBreaches.Net
Recent Announcements
Recent Announcements
Schneier on Security
Schneier on Security
C
Cisco Blogs
美团技术团队
D
Docker
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
WordPress大学
WordPress大学
月光博客
月光博客
雷峰网
雷峰网
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
H
Hackread – Cybersecurity News, Data Breaches, AI and More
A
Arctic Wolf
B
Blog RSS Feed
Cisco Talos Blog
Cisco Talos Blog
C
Cybersecurity and Infrastructure Security Agency CISA
V
Vulnerabilities – Threatpost
V2EX - 技术
V2EX - 技术
Y
Y Combinator Blog
N
News and Events Feed by Topic
www.infosecurity-magazine.com
www.infosecurity-magazine.com
W
WeLiveSecurity
Security Archives - TechRepublic
Security Archives - TechRepublic
G
GRAHAM CLULEY
Jina AI
Jina AI
Hugging Face - Blog
Hugging Face - Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
The Hacker News
The Hacker News

Malwarebytes

Kali365 phishing kit bypasses MFA and steals Microsoft logins Company bragged phone mics could listen to conversations. They couldn’t. Fake LinkedIn emails abuse Adobe to track victims Fake software on GitHub and SourceForge distribute Deno RAT 700+ education and tech websites hijacked in huge ClickFix malware campaign Scammers pretending to be Microsoft had help from US executives A week in security (May 18 – May 24) Update Chrome now: Critical bugs could let attackers run code Microsoft Defender vulnerabilities are being exploited in the wild TikTok, YouTube, and Roblox face scrutiny, but age gates won’t fix child safety Catch spyware in the act with Windows Webcam Monitoring Researchers left AI agents alone in a virtual town and watched it all unravel Fake malware-signing service Fox Tempest dismantled by Microsoft Firefox 151 packs big privacy upgrades into a small update Biometrics, diagnoses, and bank details exposed in major healthcare breach Facebook scam promises cheap Aldi meat boxes, steals payment info instead YouTube wants your face to fight deepfakes Microsoft is changing Edge’s plaintext password behavior A week in security (May 11 – May 17) AI is distorting the Holocaust (Lock and Code S07E10) Attackers replaced JDownloader installer downloads with malware Meta’s confusing new approach to chat privacy Why Malwarebytes blocks some Yahoo Mail redirects Deepfake sextortion forces schools to remove student photos from websites Texas sued Netflix over claims it secretly collected and sold users’ data May 2026 Patch Tuesday: no zero-days but plenty to fix Fake Claude search results lure Mac users into ClickFix attack 1 in 8 employees have sold company logins or know someone who has Stolen Canvas data was “returned” after hacker agreement, Instructure says Yarbo responds to robot flaws that could mow down their owners A week in security (May 4 – May 10) Microsoft says Edge’s plaintext password behavior is “by design” ShinyHunters escalates Canvas attacks with school login defacements Massive AI investment scam network spans 15,500 domains If a fake moustache can fool age checks, is the Online Safety Act working? Google Chrome’s silent 4GB AI download problem Attackers adopt JavaScript runtime Bun to spread NWHStealer Millions of students’ personal data stolen in major education breach Update WhatsApp now: Two new flaws could expose you to malicious files Cyberattacks are raising your prices (Lock and Code S07E09) Thousands of Facebook accounts stolen by phishing emails sent through Google The 2026 World Cup scam economy is already running before the first whistle A week in security (April 27 – May 3) 3 easy-to-miss cybersecurity risks for small businesses Actively exploited cPanel bug exposes millions of websites to takeover More PayPal emails hijacked to deliver tech support scams Hackers stole hundreds of thousands of Roblox accounts: Here’s what to do Researchers built a chatbot that only knows the world before 1931 Microsoft won’t patch PhantomRPC: Feature or bug? Scam-checking just got a lot easier: Malwarebytes is now in Claude Fake CAPTCHA scam turns a quick click into a costly phone bill Chinese engineer stole US military and NASA software for years A week in security (April 20 – April 26) Medical data of 500,000 UK volunteers listed for sale on Alibaba How cyberattacks on companies affect everyone Apple fixes iOS bug that kept deleted notifications, including chat previews Roblox clamps down on chats and age checks as legal pressure builds Malicious trading website drops malware that hands your browser to attackers Researcher claims Claude Desktop installs “spyware” on macOS Fake Google Antigravity downloads are stealing accounts in minutes Real Apple notifications are being used to drive tech support scams Android 17 ends all-or-nothing access to your contacts Big Tech can stop scams. They just don’t (Lock and Code S07E08) Mythos: An AI tool too powerful for public release A week in security (April 13 – April 19) This old-school scam is still working “Your shipment has arrived” email hides remote access software Browser Guard gets even better with Access Control “iCloud storage is full” scam is back, and now it wants your payment details A fake Slack download is giving attackers a hidden desktop on your machine Booking.com breach gives scammers what they need to target guests AI clickbait can turn your notifications into a scam feed Fake YouTube copyright notices can steal your Google login From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhere April Patch Tuesday fixes two zero-days, including one under active attack Credit Resources Vault: Why this credit email set off our scam alarms Omnistealer uses the blockchain to steal everything it can ChatGPT under scrutiny as Florida investigates campus shooting Simply opening a PDF could trigger this Adobe Reader zero-day A week in security (April 6 – April 12) Fake Claude site installs malware that gives attackers access to your computer ClickFix finds a new way to infect Macs Scammers pose as Amazon support to steal your account NSFW app leak exposes 70,000 prompts linked to individual users 30,000 private Facebook images allegedly downloaded by Meta employee This fake Windows support website delivers password-stealing malware Your extensions leak clues about you, so we made sure Browser Guard doesn’t Russian hacking group targets home and small office routers to spy on users Timeshare owners warned to watch out for cartel-linked scams Traffic violation scams swap links for QR codes to steal your card details Support platform breach exposes Hims & Hers customer data A week in security (March 30 – April 5) Killer robots are here. Now what? (Lock and Code S07E07) That dream job offer from Coca-Cola or Ferrari? It’s a trap for your passwords Blocking children from social media is a badly executed good idea Apple expands “DarkSword” patches to iOS 18.7.7 Malwarebytes Privacy VPN receives full third-party audit Wikipedia’s AI agent row likely just the beginning of the bot-ocalypse WhatsApp on Windows users targeted in new campaign, warns Microsoft Why we’re still not doing April Fools’ Day
Inside the dark web: Stolen identities for 95¢, malware, and scams-for-hire
Malwarebytes Labs · 2026-06-23 · via Malwarebytes

Most people have heard of the dark web, but few understand what it actually looks like or what goes on there. To separate fact from fiction, our research team spent 48 hours exploring it firsthand and documenting what we found.

The dark web isn’t inherently bad. It also serves legitimate purposes, providing a layer of privacy for journalists, whistleblowers, activists, and others who need to communicate anonymously. Accessing it typically requires the Tor browser, and a number of reputable organizations operate official dark web sites. For example, the BBC’s news website is available through the following Tor address: http://bbcweb3hytmzhn5d532owbu6oqadra5z3ar726vq5kgwwn6aucdccrad.onion

But alongside these legitimate uses is a thriving criminal ecosystem.

What we discovered was an organized, active underground economy that operates in ways most people never imagine. Cybercriminals don’t work alone. They gather in underground cybercrime forums where they discuss emerging attack methods, share techniques, and collaborate on ways to target people around the world.

Think of it less as a dark alley and more as a professional network for cybercriminals.

WWH is a Russian-language community that advertises itself as a meeting place for professionals
WWH is a Russian-language community that advertises itself as a meeting place for professionals
More than 115,000 members on the underground forum Dark Forums, a hub for stolen data and hacking tools
More than 115,000 members on the underground forum Dark Forums, a hub for stolen data and hacking tools

Beyond these forums, we encountered dedicated cybercrime marketplaces. These function like online stores where hackers and fraudsters can buy and sell a range of compromised digital goods, from stolen account credentials to hacking tools, all transacted anonymously using cryptocurrency.

Fun fact: Many of these marketplaces are named after well-known public figures, including US President Donald Trump.

A “Donald Trump Store” ad for stolen credit card data
A “Donald Trump Store” ad for stolen credit card data

The dark web compass

Cybercriminals come from every corner of the world, and like any global community, they need a way to find each other. That’s where link boards come in.

Link boards are directories that collect hundreds of underground forums and marketplaces. They’re organized by language, and act as a dark web compass.

A cybercriminal can operate within a community that speaks their native language or join larger English-language forums that attract an international audience.

Not all forums carry the same weight, though. In 2026, the community is largely concentrated around dominant platforms like BreachForums and DarkForums. More exclusive Russian-language forums such as Exploit and XSS tend to attract some of the underground’s more sophisticated cybercriminals.

The Link-Base directory
The Link-Base directory

Compromised data: Your information may already out there

Most people have no idea how much of their personal information is already circulating on the dark web. In many cases, the first challenge is simply knowing whether your information has been exposed at all. You can check yours here.

To understand the scale of the problem, it helps to compare what’s publicly known with what we found beneath the surface.

Publicly reported breaches are only part of the story. Since the beginning of 2026, Malwarebytes researchers have identified more than 7,500 compromised data sets containing over 8.4 billion records. These include data stolen in breaches, harvested through phishing campaigns, scraped from online services, and exposed through misconfigured systems.

Among the organizations affected are household names such as SoundCloud, ADT, Hallmark, Amtrak, Vimeo, and Instagram.

But as significant as those numbers are, they only tell part of the story.

A section of DarkForums dedicated to leaked databases
A section of DarkForums dedicated to leaked databases

When we examined the databases section on DarkForums, one of the underground’s most active platforms, we found 63 pages of listings posted since the start of 2026. With 20 listings per page, that’s over 1,200 small and medium-sized data breaches, most of which never made public headlines.

The picture on BreachForums was similar. Since the beginning of the year, the platform has accumulated 37 pages of database listings, each containing 20 entries, adding more than 700 additional compromised databases to the already huge pool of stolen data.

Add it all together, and the publicly reported breaches are only the tip of the iceberg. Much of the stolen personal data traded online changes hands quietly and out of sight.

Typical forum page listing compromised data
Typical forum page listing compromised data

US identities for sale

One of the most consistently sought-after commodities in the cybercrime underground is something hackers call “fullz”: a complete package of a real person’s identity information. In 2026, US identities remain especially valuable due to the country’s financial infrastructure, high credit limits, and wide range of services that can be exploited for fraud.

A typical fullz package includes a full name, Social Security Number (SSN), date of birth, address, and other personal details. In the wrong hands, this information is a ready-made toolkit for identity fraud. It allows cybercriminals to open fraudulent credit accounts, file fake tax returns, access financial accounts, or even obtain medical services under someone else’s name.

What makes fullz particularly dangerous is that victims often have no ideatheir identity has been compromised until long after the damage is done. Sometimes that’s months or even years later, when debt collectors come calling or a credit application gets unexpectedly denied.

It’s no surprise that the US remains one of the countries most heavily targeted by identity thieves. More than 1.15 million cases of identity theft were reported to the Federal Trade Commission (FTC) in the first three quarters of 2025 alone, already surpassing the total number reported during all of 2024.

During our research, we came across 9-Digits Market, one of many dark web marketplaces specializing in selling stolen identity data. What stood out was the price. A complete US identity profile was listed for as little as $0.95.

For less than the cost of a cup of coffee, a cybercriminal can buy enough information to devastate someone’s financial life.

9-Digits marketplace selling stolen US identities
9-Digits marketplace selling stolen US identities

How cybercriminals use malware to target your computer

Data breaches aren’t the only way your personal information ends up on the dark web. Sometimes the source is much closer to home: your own computer. During our time on the dark web, we encountered the developers behind a particularly dangerous category of malware known as infostealers, or just “stealers”. The concept is simple, which is partly why it’s so effective.

Once installed, an infostealer silently searches a device for anything valuable. That can include saved usernames and passwords, autofill data, stored payment details, cryptocurrency wallets and other sensitive information. That stolen data is then sent back to the attacker.

Below is a sneak peek at the STORM stealer panel, which compromised a US-based computer and stole 87 username-and-password combinations from the device.

STORM infostealer discovered on a Russian-language cybercrime forum
STORM infostealer discovered on Russian-language cybercrime forum 
STORM infostealer management panel
STORM infostealer management panel
STORM infostealer capabilities
STORM infostealer capabilities

Perhaps the most alarming part is how accessible this type of malware has become. In 2026, any aspiring cybercriminal can rent an infostealer on a subscription basis, requiring little technical knowledge and no major financial investment. Cybercrime-as-a-service has dramatically lowered the barrier to entry.

The STORM infostealer can be rented by cybercriminals
The STORM infostealer can be rented by cybercriminals 

The stolen data is then sold or leaked on underground forums and marketplaces. We were shocked by the sheer volume involved.

On any given day, millions of stolen credentials are shared across these platforms. Behind each of those rows is a real person, completely unaware that their digital life is being picked apart and traded like a commodity.

Datasets of leaked usernames and passwords shared on the dark web
Datasets of leaked usernames and passwords shared on the dark web 
Correlations of leaked usernames and passwords shared on the dark web
Correlations of leaked usernames and passwords shared on the dark web 

Fake investments and cryptocurrency scams

Not all cybercrime revolves around stolen passwords or leaked databases. Some criminals chase much more lucrative payouts through carefully planned social engineering scams. One of the most sophisticated and damaging examples we encountered were crypto investment scams, also known as pig butchering.

The tactic behind it is highly effective. Criminals invest considerable time and effort into building what appears to be a genuine relationship with their target through dating apps, social media, or messaging platforms.

They are patient, friendly, and convincing, slowly earning the victim’s trust over days or even weeks. Only after establishing trust do they introduce what appears to be an exciting investment opportunity. By the time the victim realizes something is wrong, their money is gone and the person they trusted has vanished without a trace.

Active crypto scam operation on a dark web forum
Active crypto scam operation on a dark web forum 

During our research, we observed a large-scale crypto fraud operation already fully up and running, targeting new victims with polished, high-end fake investment platforms specifically designed to keep victims hooked for long periods.

The operation offered:

  • Full documentation, scripts, and credibility props. Everything needed to appear legitimate from day one.
  • Carefully crafted communication guides and social engineering playbooks designed to psychologically pressure victims into maxing out credit cards, taking out loans, and repeatedly investing more money.
  • In-house development teams building fake trading platforms that closely mimic legitimate investment services.
Ongoing scam project on a dark web forum
Ongoing scam project on a dark web forum 

Our researchers also managed to gain access to one of these fraudulent platforms, and we were unsettled by the level of sophistication.

These are not amateur operations. They are well-funded, professionally run criminal enterprises that treat deception as a business.

Sneak peek into real investment scam project
Sneak peek into real investment scam project 

In just 48 hours, we found stolen identities, malware-for-hire, leaked passwords, and industrial-scale fraud operations. Most people will never visit the dark web, but its effects can still reach them through data breaches, malware infections, and scams.

Malwarebytes helps protect against each of those threats. Our data breach monitoring service alerts you if your personal information appears in a known breach. Identity Theft Protection monitors sensitive information, including your Social Security number, while Scam Guard uses AI-powered detection to help identify suspicious texts, emails, links, and phone numbers before they can cause harm.

The dark web thrives on stolen information. Knowing when your data is exposed is the first step to staying ahead of it.