Major hackdown ๐Ÿ‘€ on cybercrime forums ๐Ÿ’ฌ

Jan 31 2025

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome toย Gone Phishing, your weekly cybersecurity newsletter thatโ€™s celebrating its 400th edition! ๐ŸŽ‰๐Ÿพ๐Ÿฅ‚ Thanks for reading folks ๐Ÿ™๐Ÿป

Patch of the Week!ย ๐Ÿฉนย 

First thingโ€™s first, folks. Our weekly segment goes by many names. Patch of the Week, Tweak of the week. Okay, thatโ€™s itโ€ฆ ๐Ÿ˜ณย 

Congrats to Cacti, the cybercriminals are no matchโ€ฆ for your patch! ๐Ÿฉน

Check out this freshly hatched patch ๐Ÿฃ

Cactus if you can ๐Ÿ˜

๐Ÿšจ Cacti RCE Alert โ€“ Patch Now! ๐Ÿ”ง

A critical security flaw (CVE-2025-22604, CVSS 9.1) has been found in Cacti, the open-source network monitoring tool. An authenticated attacker could exploit this to achieve remote code execution (RCE) and compromise affected servers. ๐Ÿšจ

โšก Key Details:

1๏ธโƒฃ CVE-2025-22604 (Critical RCE)

Flaw in SNMP result parsing allows authenticated users to inject commands.

Affects versions 1.2.28 and earlier โ€“ Fixed in 1.2.29.

Attackers could steal, modify, or delete sensitive data.

2๏ธโƒฃ CVE-2025-24367 (PHP Script Injection, CVSS 7.2):

Lets authenticated attackers plant arbitrary PHP scripts in the web root.

Can be abused via graph creation functionality for further RCE.

๐Ÿ”ง Action Required:

โœ… Update to Cacti 1.2.29 ASAP!

โœ… Restrict device management permissions.

โœ… Monitor for suspicious activity โ€“ past Cacti flaws have been actively exploited!

Stay safe and keep your network secure! ๐Ÿ”’โœจ

Now, on to this weekโ€™s hottest cybersecurity news stories:ย 

  • ๐Ÿ‘ฎ๐Ÿปโ€โ™‚๏ธ Popular hacking forum domains seized in international sting ๐Ÿ

  • ๐Ÿค– DeepSeek AI Database leak! 1M+ log lines, secret keys exposed ๐Ÿ”‘Abra, Abracadabra, I wanna reach out and hack ya ๐Ÿง™โ€โ™‚๏ธ

Major hackdown ๐Ÿ‘€ on cybercrime forums ๐Ÿ’ฌ

Knock Knock GIF

Gif by chasingcheese32 on Giphy

๐Ÿšจ Cybercrime Crackdown! ๐Ÿš”

๐ŸŒ Major Takedown! An international law enforcement operation has shut down major cybercrime platforms, including Cracked, Nulled, Sellix, and StarkRDP! ๐Ÿ’€๐Ÿ”’

๐Ÿ›‘ Sites Seized!

The following domains were confiscated as part of Operation Talent:

โœ…ย www.cracked.io

โœ…ย www.nulled.to

โœ…ย www.mysellix.io

โœ…ย www.sellix.io

โœ…ย www.starkrdp.io

Now, visitors see a seizure banner warning users their data has been taken by authorities. ๐Ÿšจ๐Ÿ‘€

๐Ÿ•ต๏ธโ€โ™‚๏ธ Who Was Involved?

The crackdown was led by officials from Australia, France, Greece, Italy, Romania, Spain, the U.S., and Europol. ๐ŸŒ๐Ÿค

๐Ÿ’ป What Were These Sites Doing?

๐Ÿ”น Selling hacking tools & stolen data ๐Ÿ’พ

๐Ÿ”น Hosting malware obfuscation engines ๐Ÿฆ 

๐Ÿ”น Offering AI-based attack tools ๐Ÿค–

Cracked and Nulled had 10+ million users and made over โ‚ฌ1 million ($1.04M) in profits! ๐Ÿ’ฐ

๐Ÿš” Arrests & Seizures!

๐Ÿ”ธ 2 suspects arrested ๐Ÿ‘ฎโ€โ™‚๏ธ

๐Ÿ”ธ 7 properties raided ๐Ÿ ย 

๐Ÿ”ธ 17 servers & 50+ devices seized ๐Ÿ–ฅ๏ธ๐Ÿ“ฑ

๐Ÿ”ธ โ‚ฌ300K in cash & crypto confiscated ๐Ÿ’ธ

๐Ÿ”ฅ The Fight Continues!

Authorities are cracking down on cybercrime marketplaces, stopping hackers from profiting & making attacks easier for criminals! ๐Ÿšซ๐Ÿ‘จโ€๐Ÿ’ป

Thereโ€™s a reason 400,000 professionals read this daily.

Join The AI Report, trusted by 400,000+ professionals at Google, Microsoft, and OpenAI. Get daily insights, tools, and strategies to master practical AI skills that drive results.

Sign up now for free and work smarter, not harder.

DeepSeek and destroy ๐Ÿš€

๐Ÿšจ DeepSeekโ€™s AI Data Leak! ๐Ÿค–

๐Ÿ”ฅ Rising AI Star Exposed! DeepSeek, a booming AI startup, accidentally left a database wide open on the internet, risking sensitive data leaks! ๐Ÿ›‘๐Ÿ’ป

๐Ÿดโ€โ˜ ๏ธ What Was Exposed?

๐Ÿ”น 1M+ log entries ๐Ÿ“œ

๐Ÿ”น Chat history & secret keys ๐Ÿ”‘

๐Ÿ”น Backend & API secrets ๐Ÿ•ต๏ธ

๐Ÿ”น Full database control ๐Ÿ˜ฑ

Security researcher Gal Nagli (Wiz) warned that hackers couldโ€™ve taken over DeepSeekโ€™s systems without any login! ๐Ÿšจ

๐Ÿ”ง Fixedโ€ฆ But Too Late?

DeepSeek closed the security gap after Wiz reached out, but itโ€™s unclear if bad actors got in first. The issue stemmed from a ClickHouse database, accessible via a simple web browser request! ๐ŸŒ

๐Ÿ“‰ AI's Growing Pains

DeepSeekโ€™s R1 reasoning model is shaking up the AI world, rivaling OpenAIโ€”but it's facing:

๐Ÿ”ธ Massive cyberattacks ๐Ÿ›ก๏ธ

๐Ÿ”ธ Privacy concerns ๐Ÿ”

๐Ÿ”ธ Scrutiny from U.S. officials ๐Ÿ‡บ๐Ÿ‡ธ

๐Ÿšซ Banned in Italy!

Italyโ€™s data watchdog is questioning how DeepSeek handles user data, leading to app removals. Ireland is also investigating. โš–๏ธ

๐Ÿ” OpenAI & Microsoft Investigating!

Reports suggest DeepSeek may have copied OpenAIโ€™s API outputsโ€”a technique called distillation. OpenAI warns Chinese firms are actively replicating U.S. AI models. ๐Ÿงฉ๐Ÿค–

DeepSeekโ€™s meteoric rise just hit a serious security roadblock! ๐Ÿšง๐Ÿ‘€

Fact-based news without bias awaits. Make 1440 your choice today.

Overwhelmed by biased news? Cut through the clutter and get straight facts with your daily 1440 digest. From politics to sports, join millions who start their day informed.

Sign up now!

I Mitel someone about this ๐Ÿ˜ฌ๐Ÿ˜ฌ๐Ÿ˜ฌ

๐Ÿšจ Aquabot Botnet Targets Mitel Phones! โš ๏ธ

๐ŸŽฏ DDoS Attack Alert! A new Mirai botnet variant, Aquabot, is actively hijacking Mitel phones to launch massive DDoS attacks! ๐ŸŒ๐Ÿ’ฅ

๐Ÿ”“ Security Flaw Exploited!

Hackers are targeting CVE-2024-41710 (command injection bug, CVSS 6.8) to take control of:

๐Ÿ”น Mitel 6800, 6900, 6900w Series SIP Phones ๐Ÿ“ž

๐Ÿ”น Mitel 6970 Conference Unit ๐Ÿข

โš ๏ธ Patch released in July 2024โ€”but many devices remain vulnerable!

๐Ÿ”ฅ How Aquabot Works

๐Ÿฆ  Mirai-based malware, known since Nov 2023

๐Ÿ› ๏ธ Uses shell scripts & wget to infect devices

๐Ÿ•ต๏ธ Disguises itself as "httpd.x86" for stealth

๐Ÿ”„ Kills competing malware & reports activity to its C2 server

๐ŸŒ Selling DDoS Attacks on Telegram?

๐Ÿ’ฐ Hackers may be renting out compromised devices for DDoS attacks under names like:

๐Ÿ”ธ Cursinq Firewall

๐Ÿ”ธ The Eye Services

๐Ÿ”ธ The Eye Botnet

๐Ÿ” Stay Safe!

๐Ÿ”น Update your Mitel devices NOW! ๐Ÿ“ข

๐Ÿ”น Change default passwords ๐Ÿ”‘

๐Ÿ”น Monitor for unusual traffic ๐Ÿšฆย 

Mirai-based botnets arenโ€™t going awayโ€”secure your devices before theyโ€™re turned into cyber weapons! ๐Ÿšซ๐Ÿ’ป

๐Ÿ—ž๏ธ Extra, Extra! Read all about it! ๐Ÿ—ž๏ธ

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ๐Ÿ›ก๏ธ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday ๐Ÿ“…

  • ๐Ÿ’ตCrypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for ๐Ÿ†“

  • ๐Ÿ“ˆBitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future ๐Ÿ‘พ

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles