Shadowcat Labs

Verified account

@shadowcatLabs

Telegram & darknet monitoring. Tracking CVV markets, RDP shops, data breaches & more — so analysts get signal, not noise.

world

Joined March 2026

24 Following

13 Followers

40 Posts

Pinned Tweet

2 months ago

We built a Telegram & darknet monitoring platform. → Vetted cybercrime channels tracked → IOCs extracted automatically → Multi-language, translated to English → Built for investigators, not dashboards Follow for weekly threat intel from real data. https://t.co/6WjXiVHiGM

0

0

0

0

189

2 days ago

⚠️ #RipperSec issued explicit threat against South Korea over Israel support. Active DDoS orders in channel. SK gov/finance orgs. Prior record of government-targeting campaigns. #Hacktivism #DDoS #CTI

0

2

0

0

45

5 days ago

Crypto drainer tools + ChainFlip manipulation bookmarks actively distributed on Telegram. Free Netflix phishing kit + SSN/DOB/DL combos in same marketplace. Actors: cobraexploit, ionicstaropsv2. #CTI #CryptoFraud #Phishing

0

1

0

1

79

10 days ago

#EyeLocker ransomware dropped a 2026 update and they are marketing it on Telegram in English and Chinese. The panel has live map of infected machines, keylogger, file manager, remote shutdown, password dumping. Claims to be fully undetectable. if you have samples or more context on this one hit us up. #ThreatIntel #CTI #ransomware

shadowcatLabs's tweet photo. #EyeLocker ransomware dropped a 2026 update and they are marketing it on Telegram in English and Chinese. The panel has live map of infected machines, keylogger, file manager, remote shutdown, password dumping.

Claims to be fully undetectable.

if you have samples or more context on this one hit us up.

#ThreatIntel #CTI #ransomware

0

0

0

0

51

11 days ago

#LunarisSec claims breach of MBDA Systems (European defense/missile manufacturer) . On telegram they advertise 270k records incl. SSNs alleged. Authenticity unconfirmed. #CTI #DefenseSector #DataBreach

0

0

0

0

63

14 days ago

Stealc dev just shipped v2.22.0 with actual patch notes. 🔹 Continued review and expansion of supported crypto wallet plugins 🔹 Added anti-VM protection based on user feedback 🔹 Major runtime cleanup and optimization Newly supported wallets/services include Moon, https://t.co/OvTg6dgal8 Crypto-Cardholder, Conla, GoBo, INTMAX, Elseware, LuckyCoin, MWC, Astrone, XFS, Grind, Saros, Orbiter, Pluto, and many more. #ThreatIntel #CTI #infostealer

0

0

0

0

49

15 days ago

New Russia-linked group 'GREYVIBE' active since Aug 2025. Targets: Ukrainian military, gov, commercial. Uses GenAI-assisted ops, custom loaders, fake CAPTCHA & adult lure sites. #GREYVIBE #ThreatIntel #Ukraine

0

0

0

0

96

16 days ago

BLACKNET-00 released TRK25 SCADA exploitation tool & claims to have taken down Noi Bai International Airport (Vietnam) network.Also selling ransomware; 10+ victims claimed incl. Rolling Hills Bank. #ICS #SCADA #CriticalInfrastructure

0

0

0

0

45

27 days ago

Apparently LAPSUS$ is hiring. Candidate must be employed at a major tech or telecom company, willing to provide internal network access, require no experience. Imagine glassdoor review: "great pay, flexible hours, might get you arrested" #ThreatIntel #CTID

shadowcatLabs's tweet photo. Apparently LAPSUS$ is hiring. Candidate must be employed at a major tech or telecom company, willing to provide internal network access, require no experience.

Imagine glassdoor review: "great pay, flexible hours, might get you arrested"
#ThreatIntel #CTID https://t.co/nTjucUF7Jq

0

1

0

0

71

27 days ago

#DieNet claimed DDoS on Czech govt portals incl. https://t.co/AiI3MxO9Kg, https://t.co/NhiUuqA7Di & https://t.co/hDUFdS3QZx. Also targeted Imperva for hosting Israeli gov sites. #DDoS #Czech #ThreatIntel

0

0

0

0

200

28 days ago

SCADA/HMI credentials for Ukrainian critical infrastructure leaked on Telegram by #ITARMYRU. Actors also recruiting for new RAT/stealer/botnet. OT/ICS defenders: validate & rotate exposed creds NOW. #ICS #SCADA #CTI #Ukraine

0

0

0

0

88

30 days ago

HITECKGROOP claims leak of 1.8 BILLION records from Indian cellular operators which includes full names, father names & Aadhaar national IDs. Corroborated via TrueCaller/Ulektz. Effectively full-population national ID exposure. #DataBreach #India #Aadhaar #CTI

0

0

0

1

131

about 1 month ago

Threat actor 'Ben Jones' claims unauthorized access to British Airways Crew Portal and Cognino AI 360 Suite, exposing employee medical and financial records. Data and credentials offered for $1,000 via Monero or Bitcoin. #DarkWeb #CTI #ThreatIntel

0

0

0

0

146

shadowcatLabs retweeted

about 1 month ago

Good news everyone Shai-Hulud, that spoopy Git worm thingy everyones been yapping about, has been open-sourced. What does this mean? TeamPCP, or someone else, has released the fully weaponized worm for you. https://t.co/Ov7VYAGQIz

81

2K

266

1K

277K

about 1 month ago

BLACKNET-00 ransomware framework sold w/ full source code ($500, 2 buyers). Features: Defender/SmartScreen bypass, crypto theft, browser cred harvesting, file encryption, RAT. #CTI #Ransomware

0

0

0

0

65

about 1 month ago

Development of a new RaaS platform called BLACKNET-00 was announced on Telegram, alongside a forum for selling malware, ransomware, and scam tools. Operates on a rental model, with additional features expected soon. #RaaS

0

0

0

0

55

about 1 month ago

shinyhunters website: "we are not commenting and have no further comment to make regarding this global incident" shinyhunters telegram impersonator: doing press interviews "rooting your systems since '19 ;)" but can't root out their own fake account #ThreatIntel #CTI

shadowcatLabs's tweet photo. shinyhunters website: "we are not commenting and have no further comment to make regarding this global incident"

shinyhunters telegram impersonator: doing press interviews

"rooting your systems since '19 ;)" but can't root out their own fake account

#ThreatIntel #CTI https://t.co/Pv6zB3AGxB

0

0

0

0

120

about 1 month ago

DarkStorm Team claims DDoS on National Police of Denmark. Also advertising commercial DDoS-for-hire & DB dumping against EU targets via @glitchservices1. #DarkStorm #OpEurope #CTI

0

1

1

0

55

about 1 month ago

#EVEREST extortion group hit 16+ orgs incl. Gemini, NutraBio, HBX Group & PT Brantas Abipraya. Exploiting CVE-2025-0193 & CVE-2024-3412 w/ Cobalt Strike C2. Data releases if demands unmet. #ThreatIntel #CTI #Ransomware Seen at 👉https://t.co/6WjXiVHiGM

0

1

0

1

1K

about 1 month ago

Unidentified actor claims access to power grid control system at a Norwegian underground research facility. TA discussed disabling the system and referenced a SCADA-targeting malware tool called. 'VoltRuptor'. #ICS #SCADA #OT #VoltRuptor

0

0

0

0

67

about 1 month ago

CVE-2026-0740 exploited in the wild. Attacker claims full compromise of DHI (https://t.co/XwbLPmgs6c): DB access, admin control, 100+ confidential docs exfiltrated. Patch immediately if your stack is exposed. #CVE20260740 #ThreatIntel #CTI

shadowcatLabs's tweet photo. CVE-2026-0740 exploited in the wild. Attacker claims full compromise of DHI (https://t.co/XwbLPmgs6c): DB access, admin control, 100+ confidential docs exfiltrated. Patch immediately if your stack is exposed. #CVE20260740 #ThreatIntel #CTI https://t.co/3JBsZ9PZKb

0

0

0

0

100

Last Seen Users on Sotwe

Trends for you

Most Popular Users