Dark web this week:
WhatsApp — 3B records claimed
OnlyFans — 340M records for sale
BlockFi — crypto customer emails leaked
VSP Security Wholesale — security industry breach
PowerSchool — $17.25M settlement; breach traced to 2021
#ThreatIntel#DarkWeb#InfoSec
UAC-0057 (Russia-linked) active phishing vs Ukrainian state orgs
Deploying: OYSTERFRESH, OYSTERSHUCK, OYSTERBLUES
Delivery via compromised trusted sender accounts — DMARC won't save you
Detection rules: CERT-UA + SOC Prime
#ThreatIntel#APT#Phishing#UAC0057
ACR Stealer via fake Claude AI pages
Search Claude → fake page → infostealer → creds/wallets exfil to Telegram bot
High-value targets: devs with SSH keys, API keys, cloud tokens
Detect: api[.]telegram[.]org from non-browser procs
#ThreatIntel#Phishing#ACRStealer