The VanHelsing ransomware-as-a-service operation leaked its source code, including the affiliate panel and Windows encryptor builder, after an ex-developer attempted to sell it on a hacking forum. While the leak provides some useful tools for threat actors, it lacks key components like the Linux builder and databases, which could have aided law enforcement efforts. This incident highlights the ongoing trend of ransomware source code leaks facilitating new cyber attacks.

Scattered Lapsus$ Hunters has initiated a crowdsourced extortion scheme, offering $10 in Bitcoin to individuals who will pressure executives of organizations they claim to have breached into paying ransoms. The group has already reportedly paid out $1,000 and lists 39 alleged victims on its data leak site, threatening further action if demands are not met by a specified deadline. Despite claims of a breach, Salesforce has stated that there is no indication of compromise on its platform.

Law enforcement in the U.S. and France has seized domains associated with the BreachForums hacking forum, known for selling stolen data and hacked credentials. Despite this action, a dark web version of BreachForums remains active, and the Scattered LAPSUS$ Hunters group claims it will still leak one billion Salesforce customer records. The ongoing struggle against cybercrime infrastructure emphasizes the resilience of such underground networks.