DarkFeed: Cyber Threat Intelligence Platform

Home
Israel
Tel Aviv
DarkFeed: Cyber Threat Intelligence Platform

DarkFeed is a Tel Aviv-based cybersecurity startup providing real-time threat intelligence on ransomware, cyber extortion, and dark web activity.

Our platform offers affordable monitoring solutions for businesses of all sizes. Learn more: DarkFeed.io 🚀

12/06/2026

🚨 ShinyHunters continues its aggressive campaign, adding several new organizations to its victim list.

Among the latest reported victims are:

• A U.S.-based sports marketing and event management company involved in major international sporting events and partnerships.

• One of the largest and most recognizable retail brands in the United States, serving millions of customers through both physical stores and online platforms.

• A global digital infrastructure operator that manages communication towers and connectivity assets supporting mobile and data networks worldwide.

• A major telecommunications and network services provider delivering fiber, cloud, and connectivity solutions across North America and Europe.

The latest additions highlight the group's continued focus on large organizations across multiple industries, including sports, retail, telecommunications, and critical digital infrastructure.

If you'd like to monitor ShinyHunters activity for free — as well as groups such as Lapsus$ and TeamPCP — explore our dedicated tracking dashboard:

👉 https://darkfeed.io/groups-timeline/

11/06/2026

🚨 ShinyHunters Adds Two More High-Profile Victims

Shortly after publishing a warning to organizations allegedly contacted by the group, ShinyHunters has added two additional victims to its leak site.

The first organization is a major U.S. media and broadcasting company operating television stations across the United States and reaching millions of viewers daily. The group claims to have compromised a large volume of internal corporate data, including customer-related information and records associated with a major CRM platform.

The second victim is a globally recognized luxury fashion company whose brands are sold worldwide and have become household names across the retail and apparel industry.

The latest activity follows a public message from ShinyHunters stating that organizations that fail to engage before the group's deadline may face data exposure and additional consequences.

🔎 Follow our free ShinyHunters intelligence tracker for victim claims, activity updates, and threat intelligence reports:

https://darkfeed.io/get-started/

11/06/2026

🚨 Significant Qilin Victim Surge Observed

The Qilin ransomware group has added more than 10 new victims to its leak site in a short period of time.

What makes this activity particularly interesting is the apparent pattern across the victim set. A significant portion of the affected organizations appear to be law firms and companies operating within the legal sector. In addition, the majority of the victims are located in the United States.

While further analysis is required, the concentration of victims within the same industry raises questions about whether a shared third-party provider, software platform, or supply chain component may have played a role.

Qilin continues to be one of the most active ransomware operations in the threat landscape, having claimed more than 1,500 victims overall since becoming active.

🔎 Want to monitor Qilin, ransomware groups, and cyber extortion activity in real time?

Get started here:
https://darkfeed.io/get-started/

10/06/2026

🚨 WorldLeaks Expands Victim List with Three High-Profile Organizations

The WorldLeaks ransomware group has added three notable victims to its leak site.

The affected organizations span multiple critical sectors:

🏦 A long-established financial institution in the United States serving individuals, businesses, and local communities.

🏭 A major electronics manufacturer from India that plays a significant role in global electronics and semiconductor supply chains.

🌾 A large agricultural cooperative in the United States supporting farmers, agribusiness operations, and rural communities.

The targeting of organizations across financial services, manufacturing, and agriculture highlights the diverse range of sectors currently being impacted by ransomware and cyber extortion groups.

🔎 Want to monitor ransomware groups, victims, darknet activity, and cyber extortion operations with us?

Get started here:
https://darkfeed.io/get-started/

04/06/2026

🚨 High-Profile Access Sale Advertised on Underground Forum

A threat actor is offering what they claim to be persistent access to a government-affiliated environment for **$10,000 XMR**, advertising web-based access, remote code ex*****on capabilities, and the ability to maintain access across reboots.

While underground forum claims should always be treated with caution until independently verified, posts like this provide valuable insight into the growing market for initial access sales and the broader cybercrime ecosystem.

Initial access brokers continue to play a key role in enabling ransomware operations, data theft campaigns, and other malicious activities by providing threat actors with footholds into potentially high-value environments.

Monitoring these discussions can provide early warning indicators of future cyber threats and emerging attack trends.

🔎 Want to track darknet forums, access sales, ransomware activity, and underground cyber threats with us?

Get started here:
https://darkfeed.io/get-started/

03/06/2026

🚀 DarkFeed – The AI Platform That Keeps You Ahead of Cyber Threats

DarkFeed is an AI-powered cyber threat intelligence platform that turns the noise of the darknet into clear, actionable insight.
Here's what it does for security teams and enterprises:

🔍 Real-time monitoring of ransomware and cyber-extortion groups
🧠 AI analysis of posts from darknet forums, Telegram and leak blogs
📢 Real-time alerts + seamless API integration into your existing workflows
🔌 New MCP Server — pull live ransomware intelligence directly into your AI agents
🛡️ CISA KEV – Ransomware Vulnerability Intelligence — track the CVEs actually being exploited in ransomware campaigns
📑 Real-time intelligence reports to keep you informed, 24/7

Smarter, faster and more affordable cybersecurity intelligence — built for the teams on the front line.
👉 Take the first step today: https://darkfeed.io/get-started/

02/06/2026

🚨 New Ransomware Group Added to DarkFeed

Meet Black X, the latest ransomware group added to the DarkFeed intelligence platform.

The group's darknet leak site currently lists approximately four victims across multiple countries, including 🇩🇪 Germany, 🇰🇷 South Korea, 🇿🇦 South Africa, and 🇵🇭 the Philippines.

The victims span several industries, highlighting the group's broad targeting strategy and growing activity.

As we continue monitoring ransomware and cyber extortion operations worldwide, Black X is now fully tracked within DarkFeed alongside hundreds of other threat actors.

🔎 Want to follow ransomware activity with us?

Get started here:
https://darkfeed.io/get-started/

02/06/2026

🚀 Introducing the DarkFeed Ransomware MCP Server — live threat intelligence, native to your AI.

Ransomware moves in hours, not quarters. By the time a static report lands on your desk, the victim's already on a leak site and the next access broker is surfacing on a forum.

So we built something different.

Our new Model Context Protocol (MCP) server plugs DarkFeed's entire ransomware intelligence database — victims, threat groups, sectors, countries and darknet forum chatter — directly into your AI agents, SOC copilots and security workflows.

No scraping. No stale exports. No new dashboard to babysit.

Just ask a question in plain language, and your AI calls our intelligence in real time:
🔹 "Which ransomware groups hit healthcare this week?"
🔹 "Show me the latest victims in Germany."
🔹 "Who's the most active group right now?"

Every answer is source-verified, group-attributed and AI risk-scored — the same intelligence that powers the DarkFeed platform, now reasoning right inside the tools your analysts already use.

✅ 8 intelligence tools
✅ Works with Claude, GPT and any MCP-compatible client
✅ Continuously updated, 24/7
✅ Built for SOC teams, enterprises and CTI analysts

This is what it looks like when the darknet becomes part of your AI stack.

👉 Watch the walkthrough and get access: https://darkfeed.io/mcp/

02/06/2026

🚨 RAlord (Nova) Claims Affiliate Error Behind CIS Victim Incident

The ransomware operation RAlord (Nova) has published an unusual statement acknowledging what it describes as a mistaken targeting of a CIS-based organization.

According to the group, an affiliate allegedly conducted the operation against the wrong company, resulting in an automated victim listing before internal review processes identified the organization as belonging to a region excluded from the group's targeting policy.

Nova claims it has:
• Banned the responsible affiliate
• Prevented any public data leak related to the case
• Introduced manual review requirements before victim posts are published
• Enhanced CIS detection mechanisms within its tooling

While these claims cannot be independently verified, the incident provides a rare glimpse into the internal controls, affiliate management practices, and geographic targeting restrictions maintained by some ransomware operations.

For a full intelligence update, additional context, and ongoing threat actor monitoring, visit the DarkFeed Intelligence Platform:

🔗 https://darkfeed.io/get-started/

29/05/2026

🚨 Major Update: The Groups-Timeline Just Got Bigger — Free & Open to Everyone

We have expanded our dedicated threat actor tracking! What started as a standalone page for one of the darknet's most active groups has now evolved into a comprehensive Groups-Timeline, and we’ve just added two major threat groups: Lapsus$ and TeamPCP alongside ShinyHunters.

We have aggregated everything we know about these high-profile groups into a single, chronological timeline—ransomware victims, underground forum activity, and third-party intelligence—updated in real-time.

What’s inside the timeline:
🔶 Ransomware Operations — Confirmed victim claims published directly on the groups' darknet leak sites, including company, sector, and country data.
🔴 Direct Operations & Forum Activity — Posts authored by these actors across underground forums, covering data sales, breach announcements, and extortion activity.

All events are AI-classified and risk-scored by DarkFeed's real-time monitoring engine.

✅ 100% free. No login required. If your organization tracks threat actors and needs to map out campaign history, this is the place to start.

Explore the timeline now: 👇
https://darkfeed.io/groups-timeline/

Address

Tel Aviv

Website

http://darkfeed.io/

Alerts

Be the first to know and let us send you an email when DarkFeed: Cyber Threat Intelligence Platform posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

DarkFeed: Cyber Threat Intelligence Platform

12/06/2026

11/06/2026

11/06/2026

10/06/2026

04/06/2026

03/06/2026

02/06/2026

02/06/2026

02/06/2026

29/05/2026

Address

Website

Alerts

Shortcuts

Share

Category