𝐀𝐬𝐬𝐚𝐮𝐥𝐭 𝐨𝐧 𝐈𝐧𝐝𝐞𝐩𝐞𝐧𝐝𝐞𝐧𝐭 𝐉𝐨𝐮𝐫𝐧𝐚𝐥𝐢𝐬𝐦: 𝐔𝐧𝐟𝐨𝐮𝐧𝐝𝐞𝐝 𝐋𝐞𝐠𝐚𝐥 𝐀𝐭𝐭𝐚𝐜𝐤𝐬 𝐨𝐯𝐞𝐫 𝐭𝐡𝐞 𝐁𝐥𝐚𝐜𝐤 𝐁𝐚𝐬𝐭𝐚 𝐈𝐧𝐯𝐞𝐬𝐭𝐢𝐠𝐚𝐭𝐢𝐨𝐧

On March 1, 2025, SuspectFile published an article on Black Basta based solely on the original, independent work of Valéry Rieß-Marchive, Editor-in-Chief of LeMagIT.

At no time did Valéry or SuspectFile copy from, or use, any original material by The Hacker News.

It was therefore surprising that The Hacker News’ law firm, Dennemeyer & Associates, sent SuspectFile a letter asserting copyright infringement of a Ravie Lakshmanan article on Black Basta, and demanding removal of our article within 24 hours or they would request takedown of our site and monetary damages...

https://www.suspectfile.com/assault-on-independent-journalism-unfounded-legal-attacks-over-the-black-basta-investigation/

#Black_Basta #Copyright_infringement #Dennemeyer #DMCA #Legal_action #LeMagIT #Nefedov #THN

And it's out!

Zack Whittaker and I have released our report on the pilot survey we conducted to increase awareness about threats security researchers and journalists who report on cybersecurity and cybercrime experience.

We are grateful to all those who responded to the survey and shared a bit of their experiences. Based on what we found in a pilot survey with a non-random sample, I really think we need to do a bigger study that can also do a deeper dive into some questions.

You can read the report in html or download the .pdf version:

html: https://databreaches.net/2026/02/02/under-pressure-exploring-the-effect-of-legal-and-criminal-threats-on-security-researchers-and-journalists/

pdf: https://databreaches.net/wp-content/uploads/security-researcher-journalist-threats-survey-2026.pdf

In conjunction with the release of the report, I've also added a new "Threats" category to DataBreaches.net.

You can also read some overview comments from Zack at
https://this.weekinsecurity.com/new-survey-reveals-how-security-researchers-and-journalists-experience-legal-and-criminal-threats/

My post explaining how this all started is at https://databreaches.net/2026/02/02/threats-results-of-a-pilot-survey-on-threats-and-a-new-category-on-databreaches-net/

#cybersecurity #securityresearch #legalthreats #threats #criminals #databreach #vulernabilities #malware #lawsuit #survey

@zackwhittaker @campuscodi @amvinfe @jgreig @dangoodin @GossiTheDog @lawrenceabrams @euroinfosec

Walnuts producer affected by Qilin ransomware in Chile

https://www.security-chu.com/2026/01/Valbifruit-productora-nueces-con-ataque-de-ransomware-qilin.html

#Chile #ransomware #qilin #cyberattack

𝐃𝐨𝐮𝐛𝐥𝐞 𝐑𝐚𝐧𝐬𝐨𝐦𝐰𝐚𝐫𝐞 𝐀𝐭𝐭𝐚𝐜𝐤 𝐇𝐢𝐭𝐬 𝐑𝐞𝐬𝐨𝐮𝐫𝐜𝐞 𝐂𝐨𝐫𝐩𝐨𝐫𝐚𝐭𝐢𝐨𝐧 𝐨𝐟 𝐀𝐦𝐞𝐫𝐢𝐜𝐚: 𝐌𝐞𝐝𝐮𝐬𝐚 𝐚𝐧𝐝 𝐐𝐢𝐥𝐢𝐧 𝐂𝐥𝐚𝐢𝐦 𝐒𝐞𝐩𝐚𝐫𝐚𝐭𝐞 𝐈𝐧𝐭𝐫𝐮𝐬𝐢𝐨𝐧𝐬

Medusa provided a statement clarifying the sequence of events from their perspective: both #Medusa and #Qilin stole sensitive data and encrypted RCA’s network.

https://www.suspectfile.com/double-ransomware-attack-hits-resource-corporation-of-america-medusa-and-qilin-claim-separate-intrusions/

#Data_Breach #HIPAA #RCA #Resource_Corporation_of_America

Chile's National Cybersecurity Agency launches ciberlupa to search for leaks of citizen data.

Personal Opinion:

I find ANCI's Ciberlupa incredibly useful: a Chilean "Have I Been Pwned" tool that helps people find out if their email/RUT (Chilean tax ID) has been leaked, with good privacy (strong authentication, anonymized database). But there's a critical point that can't be ignored: the risk that, in order to keep it updated and "complete," the line might be crossed at some point, and they might start buying dumps on the dark web or black markets (as has happened in other countries with law enforcement). That would be counterproductive: it would finance more data theft and lose all legitimacy. A concrete proposal: ANCI should publicly commit to strict limits—only open/published sources (Telegram, hacker forums that upload for free, CERT collaborations, reports from victims/companies). No purchases, not even for "specific investigations," in this citizen-led tool.

https://www.security-chu.com/2026/01/ciberlupa-buscador-filtraciones-de-datos-de-ciudadanos.html

#privacy #hacking #dataprotection #Chile

@PogoWasRight @campuscodi @amvinfe @zackwhittaker @jgreig @lawrenceabrams

𝐖𝐡𝐞𝐧 𝐒𝐢𝐥𝐞𝐧𝐜𝐞 𝐁𝐞𝐜𝐨𝐦𝐞𝐬 𝐌𝐚𝐧𝐝𝐚𝐭𝐨𝐫𝐲: 𝐀 𝐂𝐡𝐫𝐨𝐧𝐢𝐜𝐥𝐞 𝐨𝐟 𝐚𝐧 𝐈𝐧𝐣𝐮𝐧𝐜𝐭𝐢𝐨𝐧

Writing about cybersecurity required time, study, and rigour for work I felt was necessary. One article naturally led to the next; one case connected to the previous one. It was demanding but manageable, and above all, consistent with the journalistic principles I had chosen to uphold.

https://www.suspectfile.com/when-silence-becomes-mandatory-a-chronicle-of-an-injunction/

@campuscodi @zackwhittaker
@jgreigj @lawrenceabrams @briankrebs @PogoWasRight

#HCRG #Injunctions #Law #Private_Life #UK_High_Court_Injunction

𝐔𝐩𝐝𝐚𝐭𝐞: 𝐒𝐜𝐨𝐩𝐞 𝐨𝐟 𝐭𝐡𝐞 𝐀𝐯𝐨𝐬𝐢𝐧𝐚 𝐇𝐞𝐚𝐥𝐭𝐡𝐜𝐚𝐫𝐞 𝐒𝐨𝐥𝐮𝐭𝐢𝐨𝐧𝐬 𝐃𝐚𝐭𝐚 𝐁𝐫𝐞𝐚𝐜𝐡 𝐂𝐥𝐚𝐫𝐢𝐟𝐢𝐞𝐝

In our previous article, we reported on the ransomware attack against Avosina Healthcare Solutions, a company providing billing and IT support services to healthcare organizations in the United States[...]
[...]Additional clarity has now emerged through a disclosure filed with the Office of the Maine Attorney General.

https://www.suspectfile.com/update-scope-of-the-avosina-healthcare-solutions-data-breach-clarified/

#AvosinaMed #Data_Breach #Infosec #Qilin #Ransomware

𝐓𝐡𝐞 𝐀𝐥𝐥𝐢𝐚𝐧𝐜𝐞 𝐓𝐡𝐚𝐭 𝐍𝐞𝐯𝐞𝐫 𝐖𝐚𝐬: 𝐀 𝐂𝐫𝐢𝐭𝐢𝐜𝐚𝐥 𝐀𝐧𝐚𝐥𝐲𝐬𝐢𝐬 𝐨𝐟 𝐭𝐡𝐞 𝐑𝐚𝐧𝐬𝐨𝐦𝐰𝐚𝐫𝐞 “𝐀𝐥𝐥𝐢𝐚𝐧𝐜𝐞” 𝐀𝐧𝐧𝐨𝐮𝐧𝐜𝐞𝐝 𝐛𝐲 𝐒𝐭𝐨𝐫𝐦𝐨𝐮𝐬

One of the clearest examples of this pattern is the alleged seven-group ransomware alliance announced by Stormous in October 2025—an initiative that, in practice, never became operational.

https://www.suspectfile.com/the-alliance-that-never-was-a-critical-analysis-of-the-ransomware-alliance-announced-by-stormous/

#Alliance #RaaS #StormouS #Nova #Radar

We have posted a new update on the case.

We have updated the article

𝐄𝐱𝐜𝐥𝐮𝐬𝐢𝐯𝐞 – 𝐑𝐚𝐧𝐬𝐨𝐦𝐰𝐚𝐫𝐞 𝐚𝐭𝐭𝐚𝐜𝐤 𝐚𝐠𝐚𝐢𝐧𝐬𝐭 𝐂𝐨𝐩𝐞𝐜: 𝐀𝐧𝐮𝐛𝐢𝐬 𝐜𝐥𝐚𝐢𝐦𝐬 𝐞𝐱𝐟𝐢𝐥𝐭𝐫𝐚𝐭𝐢𝐨𝐧 𝐨𝐟 𝟔 𝐓𝐁 𝐨𝐟 𝐝𝐚𝐭𝐚

According to Anubis, approximately 6 terabytes of corporate data were exfiltrated from compromised servers during the operation. The group also claims that it was unable to encrypt Copec’s entire network, despite having gained initial access to internal systems by exploiting a vulnerability in a corporate VPN.

https://www.suspectfile.com/exclusive-ransomware-attack-against-copec-anubis-claims-exfiltration-of-6-tb-of-data/

#Copec #Anubis #Ransomware #Infosec #Data_Breach

We have updated with an editorial note.

𝐂𝐨𝐧𝐝𝐞́ 𝐍𝐚𝐬𝐭 𝐔𝐧𝐝𝐞𝐫 𝐀𝐭𝐭𝐚𝐜𝐤: 𝐓𝐞𝐥𝐥𝐢𝐧𝐠 𝐭𝐡𝐞 𝐂𝐨𝐦𝐩𝐥𝐞𝐱𝐢𝐭𝐲 𝐨𝐟 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲

The recent incident involving Condé Nast is more than a simple data breach: it is a concrete example of how cybersecurity journalism often unfolds in real time, with incomplete information and through direct interactions with individuals outside official channels.

https://www.suspectfile.com/conde-nast-under-attack-telling-the-complexity-of-cybersecurity/

#Condè_Nast #Business_Sector

𝐀𝐧𝐮𝐛𝐢𝐬 𝐑𝐚𝐧𝐬𝐨𝐦𝐰𝐚𝐫𝐞: 𝐈𝐧𝐬𝐢𝐝𝐞 𝐭𝐡𝐞 𝐌𝐢𝐧𝐝𝐬𝐞𝐭 𝐚𝐧𝐝 𝐌𝐞𝐭𝐡𝐨𝐝𝐬 𝐨𝐟 𝐚 𝐌𝐨𝐝𝐞𝐫𝐧 𝐑𝐚𝐧𝐬𝐨𝐦𝐰𝐚𝐫𝐞 𝐆𝐫𝐨𝐮𝐩

The group also displays explicit contempt for what it defines as human incompetence: unprepared administrators, insufficient investments in security, and managerial decisions driven by short-term cost savings. In this narrative, the victim is not merely a target, but also partially responsible for its own damage...

https://www.suspectfile.com/anubis-ransomware-inside-the-mindset-and-methods-of-a-modern-ransomware-group/

#Interview #Anubis #RaaS #Ransomware

ANNOUNCE: Survey on threats experienced by journalists and security researchers

Are you a security researcher or a journalist in the cybersecurity/cybercrime space?

DataBreaches.net and Zack Whittaker at this.weekinsecurity.com are conducting a survey on the types of threats researchers and journalists have faced, including legal threats or legal process and threats of violence from cybercriminals.

The survey is at https://forms.gle/P9jr6VxfD1LV6odg9

Please complete the survey and share the link on social media and with your colleagues and friends to help us understand how widespread some problems may be.

Reposts with more tags to other individuals would be appreciated.

#journalism #pressfreedom #cybersecurity #risk #threats

@campuscodi @zackwhittaker @jgreig @lawrenceabrams @briankrebs @amvinfe

𝐒𝐞𝐜𝐮𝐫𝐨𝐭𝐫𝐨𝐩: 𝐟𝐫𝐨𝐦 𝐚𝐟𝐟𝐢𝐥𝐢𝐚𝐭𝐢𝐨𝐧 𝐭𝐨 𝐢𝐧𝐝𝐞𝐩𝐞𝐧𝐝𝐞𝐧𝐜𝐞, 𝐭𝐡𝐞 𝐞𝐯𝐨𝐥𝐮𝐭𝐢𝐨𝐧 𝐨𝐟 𝐚 𝐲𝐨𝐮𝐧𝐠 𝐫𝐚𝐧𝐬𝐨𝐦𝐰𝐚𝐫𝐞 𝐠𝐫𝐨𝐮𝐩

This updated interview provides a direct look at Securotrop’s current modus operandi, the technological innovations of their proprietary ransomware, and the strategic choices that have allowed the group to consolidate itself as an independent actor.

https://www.suspectfile.com/securotrop-from-affiliation-to-independence-the-evolution-of-a-young-ransomware-group/

#Interview #Qilin #RaaS #Ransomware #Securotrop

𝐑𝐚𝐧𝐬𝐨𝐦𝐰𝐚𝐫𝐞 𝐢𝐧 𝐩𝐮𝐛𝐥𝐢𝐜 𝐬𝐞𝐫𝐯𝐢𝐜𝐞𝐬: 𝐰𝐡𝐞𝐧 𝐚 𝐜𝐲𝐛𝐞𝐫𝐚𝐭𝐭𝐚𝐜𝐤 𝐛𝐞𝐜𝐨𝐦𝐞𝐬 𝐚𝐧 𝐢𝐧𝐬𝐭𝐢𝐭𝐮𝐭𝐢𝐨𝐧𝐚𝐥 𝐜𝐫𝐢𝐬𝐢𝐬

When a ransomware attack hits a hospital, an educational institution, or a government agency, official narratives often describe it as an “IT incident.” It is a reassuring definition, but profoundly misleading. In these contexts, ransomware is not a technical problem: it is an institutional crisis event, capable of disrupting fundamental rights, exposing sensitive data, and putting the entire public decision-making chain under pressure.

https://www.suspectfile.com/ransomware-in-public-services-when-a-cyberattack-becomes-an-institutional-crisis/

#Ransomware #Infosec #Healthcare #Education #Government_Agencies

I commented on an attack on Trumbull County, Ohio, by Anubis that @amvinfe reported this week. I will continue to try to follow up, but in the meantime, I posted this:

"Tell the truth, or someone will tell it for you — Trumbull County, Ohio edition."
https://databreaches.net/2025/12/09/tell-the-truth-or-someone-will-tell-it-for-you-trumbull-county-ohio-edition/

#databreach #ransomware #wiper #govsec #incidentresponse #transparency #Anubis #Trumbull_County

Updated my post on the Anubis attack on Mid South Pulmonary Specialists after getting additional info from Anubis.

It seems they used their wiper to delete all of MSPS's backups, and then encrypted all of their systems.

That sounds pretty grim. MSPS has not posted anything (perhaps they can't) or issued any notice anywhere about whether patient care has been affected at all by any breach.

https://databreaches.net/2025/12/07/theyve-escaped-a-lot-of-media-attention-but-anubis-raas-is-a-threat-to-the-medical-sector/

#HIPAA #healthsec #cybersecurity #databreach #ransomware #Anubis #wiper #backups #incidentresponse

@campuscodi @amvinfe

𝐓𝐡𝐞 𝐃𝐚𝐭𝐚 𝐁𝐫𝐞𝐚𝐜𝐡 𝐭𝐡𝐞 𝐓𝐫𝐮𝐦𝐛𝐮𝐥𝐥 𝐂𝐨𝐮𝐧𝐭𝐲 𝐃𝐞𝐧𝐢𝐞𝐝: 𝟑𝟓𝟎 𝐆𝐁 𝐨𝐟 𝐒𝐞𝐧𝐬𝐢𝐭𝐢𝐯𝐞 𝐃𝐚𝐭𝐚 𝐏𝐮𝐛𝐥𝐢𝐬𝐡𝐞𝐝 𝐛𝐲 𝐭𝐡𝐞 𝐀𝐧𝐮𝐛𝐢𝐬 𝐆𝐫𝐨𝐮𝐩

The group also claims to have remained active inside the network the entire time:
“We remained inside their network the entire time.”
“We watched them perform their security audit and collect artifacts… They prepared a report saying ‘Everything is fine and secure.’ We laughed for a long time.”

https://www.suspectfile.com/the-data-breach-the-trumbull-county-denied-350-gb-of-sensitive-data-published-by-the-anubis-group/

#Trumbull_County #Anubis #Ransomware #Infosec #HIPAA