Group-IB researchers have uncovered a Chinese-speaking threat actor, designated #GHOSTSTADIUM, operating over 300 fraudulent domains with a pixel-perfect React based #phishing kit built on the Layui 2.7.6 framework, a Chinese UI library virtually unknown outside the Chinese developer community. The kit clones tournament's official PingIdentity SSO flow using a legitimate client_id and includes password reset authorization to lock victims out after credential capture. #ThreatIntel

Strong partnerships are built on trust, collaboration, and a shared commitment to delivering real value to customers. In this new partner spotlight video, Nubatech shares valuable insights on their strategic collaboration with  Group-IB and how working together has helped strengthen their cybersecurity offerings and customer impact in the fight against cybercrime. From service differentiation to measurable client value, this video highlights why collaboration is essential for driving innovation, stronger cybercrime resilience, and sustainable growth in today’s cybersecurity landscape. A big thank you to Nubatech and Eduardo Beltrán for their continued trust and collaboration. Together, we are building a safer digital world. Learn More: group-ib.com/partner-program… #Cybersecurity #CybercrimePrevention #Innovation #DigitalSecurity #CyberResilience #PartnerSpotlight

Cybersecurity at Full Throttle 🏁 and Group-IB didn't come to idle. At RISK Conference Slovenia 🇸🇮, we joined some of the sharpest minds in security for two days of sessions, workshops, and real conversations about the threats that matter right now. 📌 Day 1 — Andrew Parshin on how consortium-backed intelligence is dismantling organized cybercrime networks. 🛠️ Workshop — Ivan Ivković & Matija Č. from CS Computer Systems on putting threat intelligence to work through security automation. 📌 Day 2 — Vladimir Goliashev on the cascading, often underestimated consequences of supply chain breaches. 🔵 Breakout — Ivan Ivković & Alex Crgol from Kontron SI on building proactive supply chain defense with Group-IB Threat Intelligence. Full throttle means nothing without direction. Ours is clear: adversary-focused intelligence that helps organizations get ahead of attacks — not just respond to them. A big thank you to the RISK Conference organisers for putting together such a well-run event and creating the space for conversations that genuinely move the industry forward. Missed us at the booth? Reach out: group-ib.com/talk-to-sales/ The intelligence doesn't stop when the conference does. #RISKConference #Cybersecurity #GroupIB #ThreatIntelligence #SupplyChainSecurity #Cybersecurity

28% of stolen funds leave mule accounts within 15 minutes. Yet confirmed cases are shared hours, even days, later. Fraudsters collaborate in real time. The industry responds in silos. Group-IB’s Cyber Fraud Intelligence Platform changes that: real-time signals, patented tokenization, up to 90% fraud prevention. Watch how it works 👇 Learn more: group-ib.com/products/cyber-… #FraudPrevention #FinancialCrime #GroupIB

Group-IB supported @INTERPOL_HQ and the Algerian National Police in dismantling #SniperDz, a phishing-as-a-service (PhaaS) platform that operated for nearly a decade and enabled cybercriminals to launch phishing campaigns at scale. Key findings: 🔹 20,000 domains linked to the ecosystem 🔹 30 global brands impersonated 🔹 80 phishing templates across five languages 🔹 45,000 victim records reported by the platform in 2016 alone Following a multi-month investigation, the operation led to the disruption of SniperDz infrastructure and the arrest of its primary developer and administrator. The takedown of a platform operating at this scale is a major blow to the #phishing ecosystem and helps better protect users of financial, telecom, entertainment, and other online services. 🔗 Read the full story: link.group-ib.com/4efG6we @INTERPOL_Cyber

Success in cybersecurity is never achieved alone. It is built through collaboration, trust, and strong partnerships that evolve alongside today’s threat landscape. In this new #partnerspotlight, @Adaptive_CL shares how integrating Group-IB’s solutions has helped deliver actionable intelligence, strengthen customer protection, and stay ahead of constantly evolving #cyberthreats. We are proud to work alongside partners who share our commitment to innovation, resilience, and protecting organizations in an increasingly complex digital world. Thank you to Adaptive Security and Miguel Rosales for growing with us and for making collaboration the foundation of success.

Attackers are constantly searching for new tools that provide stealth, stability, and stronger monetization opportunities. Our latest research examines #SilabRAT, a Malware-as-a-Service platform sold on underground forums that combines credential theft, browser profile cloning, HVNC, Chrome App-Bound Encryption bypass techniques, and cryptocurrency-focused capabilities into a single offering. Key findings: 🔹 SilabRAT has been marketed on underground forums since late 2025 for $5,000/month 🔹 Leverages HVNC for invisible interaction with victim systems; other session access options include browser profile cloning, cookie theft 🔹 Includes functionality to bypass Chrome App-Bound Encryption (ABE) and extract protected browser data 🔹 Features automated #cryptocurrency wallet targeting and password recovery capabilities 🔹 Observed in real-world campaigns leveraging ClickFix #socialengineering techniques As cybercriminals move beyond simple credential theft toward full session compromise, understanding emerging #RAT capabilities is critical for defenders. 🔗 Read the full analysis: link.group-ib.com/4xluZub

ShinyHunters defaced the login pages of 9,000 schools mid-finals week. 275 million students, teachers and staff exposed across Canvas, the world's most widely used Learning Management System. 3.65 terabytes stolen. An “agreement reached” with extortionists.This is the largest educational data breach on record and it did not start with Canvas.

✨ What a fantastic start to CAISEC 2026! Day 1 was filled with impactful customer meetings, insightful panel discussions, engaging media interviews, and countless conversations with security leaders tackling today's most pressing cybersecurity challenges. From sharing the latest cybercrime trends to discussing strategies for threat intelligence, fraud prevention, and digital risk protection, the Group-IB team has been fully immersed in helping organizations strengthen their cyber resilience. Beyond the business discussions, the atmosphere has been incredible—great conversations, new connections, and a shared commitment to making the digital world safer. If you missed us on Day 1, there's still time! Visit the Group-IB booth on Day 2 to meet our experts, explore our latest cybersecurity innovations, and discover how we can help your organization stay ahead of evolving threats. 👋 See you at CAISEC! #GroupIB #CAISEC2026 #CyberSecurity

200M compromised cards are circulating on #darkweb markets. E-commerce and iGaming operators can’t see any of them. New blog: The $48 billion blind spot — why merchants pay for card breaches they can’t see, and what’s changing. Read More: link.group-ib.com/4fA6iE8 #FraudPrevention #EcommerceSecurity

Cyber threats and fraud are increasingly interconnected, requiring a new approach to digital resilience. At CAISEC ’26, Group-IB is showcasing its Cyber Fusion approach, helping organizations across Egypt and Africa gain a complete view of the threat landscape and move from reactive response to predictive defense. Key highlights: 🔹 Demonstrating Group-IB's Unified Risk Platform, combining Threat Intelligence, Fraud Protection, Digital Risk Protection, XDR, Attack Surface Management, and more within a single ecosystem 🔹 Leveraging insights from 1,550 high-tech crime investigations across 60 countries 🔹 Delivering adversary-centric intelligence to help organizations understand the tactics, motivations, and infrastructure behind modern cybercrime 🔹 Combining global threat intelligence with local expertise through Group-IB's Cairo-based team and growing presence across Africa Visit our experts at CAISEC ’26 to discover how intelligence-driven cybersecurity can help strengthen resilience against today's evolving cyber and fraud threats. 📍 Cairo, Egypt 📅 8-9 June 2026 Read More: link.group-ib.com/43YBqpu #CAISEC2026 #CyberFusion #CyberSecurity

✨ We are proud to be a Platinum Sponsor of #CAISEC26, the region's premier Cyber & Information Security Exhibition and Conference, launching this year under the patronage of His Excellency Prime Minister Dr. Mostafa Madbouly. At the official press conference marking the launch of this milestone 5th edition, Group-IB's Regional Sales Director, Ahmed Tharwat, represented the company alongside government leaders, industry pioneers, and global cybersecurity innovators. This year's theme "Guarding the Future: Securing the Unpredictable", reflects exactly what we stand for. As cyber threats grow more sophisticated and increasingly intersect with the geopolitical realities of the Middle East and Africa, the need for predictive, intelligence-led security has never been greater. As Platinum Sponsor, Group-IB is committed to bringing our most advanced capabilities to CAISEC '26, from cutting-edge threat intelligence and AI-driven detection to our latest innovations in #fraudprevention and cyber resilience. We are here not just to participate, but to lead the conversation on what the future of cybersecurity looks like for this region. Join us at CAISEC '26 — June 8–9, Cairo, Egypt 🇪🇬 and visit the Group-IB stand to see how we are helping organizations across #META stay ahead of adversaries. 👋

Prevyn AI is the cognitive core of the Group-IB Unified Risk Platform, live in Threat Intelligence and Managed XDR. It reasons over our proprietary Intelligence Data Lake, built from decades of active cybercrime investigation, not aggregated public feeds. In Threat Intelligence, it orchestrates 11 specialist agents that run multi-step investigations in minutes, improving research output quality by more than 20% across accuracy, completeness, and analytical depth. In Managed XDR, it surfaces context, generates incident reports, and prepares remediation workflows for one-click execution. In both modes, analysts stay in control. Every AI-recommended action requires human approval. That isn't a setting. It's the architecture. Swipe through for the whole picture. Contact us for a no-strings attached demo: group-ib.com/talk-to-sales/ #PrevynAI #CyberSecurity #ManagedXDR #ThreatIntelligence