AzAl Security

rmoskovy.github.io/posts/who-runs… The developer: AELS / Lavander / CrazyMark He went by several names. On Exploit.in he was Lavander. On GitHub he was aels and Lavander, with profiles that link directly back to his Exploit.in account. On X he was @AelsMartin with a bio that just says “I’m alive.” On Telegram he was @CrazyMark, until that account went silent on July 9, 2023. On XSS.is he had been posting since 2012, mostly about corporate email harvesting and phishing, until the admins deleted most of it after banning him.

Decided to share this quick tool I vibe-coded, I'm finding it useful for my research Grab-Bulk-CVE-Details - An all-in-one HTML applet for grabbing bulk details for a long list of CVE numbers. github.com/BushidoUK/Grab…

This is worth watching. It refers to events that I followed very closely. The CEO of @Coaxis was extremely transparent with me. Cherry on the cake? You'll to hear from @orangecyberdef, @AShukuhi, @Jon__DiMaggio, or @intel_anastasia #lockbit #ransomware youtube.com/watch?v=0pchn3…

@Cyberknow20 Allegedly Possibly Probable Plausible No evidence Evidence suggests Data points to Based on the estimate Based on experience

OSINT folks tracking the situation in the Middle East y'all need to stop talking in definitives... Noone has a full picture of the situation and cannot truly see in warfare. There is a reason intel folks use words of estimative probability.

Wtaf 😳

@AShukuhi @Br4t1slaBa @ransomboris Нееееет дудка это Аркадий Яковлев из Мичурикнска

@Br4t1slaBa @ransomboris Я дядя вам.

Каджит папа , стольман мама

@PunsCyber @RussianPanda9xx Please don’t Bahn mi for this like

@RussianPanda9xx What the pho did she expect?

I was at a dinner party yesterday and one of the Viet ladies was shocked that I was speaking fluent Vietnamese. I’m like… I think because I’m Viet, no? She was like “you are!!!?” Looked 300x into my face like she was running facial recognition. Ma’am, what do I look like to you?? Do I look Viet or have I been living a lie this whole time?

Looks like Killmilk is restarting Killnet. One of the most well-known pro-Russian hacktivist groups.

Google disrupts Chinese-linked hackers that attacked 53 groups globally reut.rs/4rxn4Xn reut.rs/4rxn4Xn

Stop trying to make Rehub happen

This is incredible — a truly AI-powered cybercrime operation targeting FortiGates a) DeepSeek generated attack plans b) Claude’s produced vuln assessments and executed OSTs. c) “ARXON” MCP server acted as a bridge 1. cyberandramen.net/2026/02/21/llm… 2. aws.amazon.com/blogs/security…

Added data from the awesome and amazing @RansomwareLive #Cyber #Threat #Intel #CTI #Ransomware

🚨Cyber Alert ‼️ WormGPT A threat actor known as Sythe claimed to have leaked the database of WormGPT, a cybercrime-focused AI platform, exposing data linked to more than 19,000 users. The leaked data allegedly includes email addresses, user IDs, and subscription and billing metadata. Sector: ICT Threat class: Cybercrime Observed: Feb 10, 2026 Status: Pending verification — About this post: Hackmanac provides early warning and cyber situational awareness through its social channels. This alert is based on publicly available information that our analysts retrieved from clear and dark web sources. No confidential or proprietary data was downloaded, copied, or redistributed, and sensitive details were redacted from the attached screenshot(s). For more details about this incident, our ESIX impact score, and additional context, visit HackRisk.io.

As part of the SYS initiative, @PRODAFT is notifying users affected by the RAMP forum database leak. Threat actors are being encouraged to assist with the de-anonymization of some of the most active cybercriminals and ransomware operators — developments that are expected to make headlines. Choose a better path for yourself. x.com/PRODAFT/status…

I expected more interest from hacktivist groups towards the Winter Olympics. So far, only Noname05716 is targeting Olympic Committee websites of several countries and also targeting Italy. #Olympics2026

hat tip to @RussianPanda9xx @gleeda at. al. @HuntressLabs 😎 huntress.com/blog/active-ex…

Weekend work, but we've seen compromises of SolarWinds WHD -- one especially gnarly case where threat actor set up: 1. Zoho Assist RMM 2. QEMU & Cloudflared 3. Velociraptor for C2 and a wild story (to tell more about soon 😎): an attacker controlled Elastic stack for exfil 🔗👇

@PRODAFT Great work!

RAMP Forum User Intelligence Available for Our Platform (U.S.T.A. & Catalyst) Members 🫶Our SYS initiative remains highly active, as a well-known forum member voluntarily contacted us. We are grateful for their contribution. Even when admins attempt to dox each other for 10 BTC, it's good to see some members doing it voluntarily for us. 🔍As a result, our team has acquired intelligence associated with 7,709 RAMP forum users, including the following high-value investigative datasets: 📧Private messages exchanged between threat actors, enabling reconstruction of operational planning and coordination; 👾Attachments sent and received between threat actors, supporting malware, tooling, and infrastructure attribution; 🔐Authentication and login activity, facilitating access-pattern analysis and operational security assessment; 🌌Forum search history, providing insight into intent, targeting, and operational focus; 🧐Profile information, including but not limited to registered email addresses, supporting identity correlation and cross-platform attribution; 🗣️Chat room and group communication metadata, indicating collaboration structures and coordinated activity across specific operations and campaigns. We will be correlating these datasets to support and advance multiple previously unsolved investigations. #cyberintelligence #ramp #LockBitSupp <3