ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Newsletter
  • News Highlights
Weekly Darkweb in July W4
2025.07.30

☑️ Weekly Darkweb – July Week 4, 2025



🔍 Gmail phishing toolkit circulating on the dark web


• On July 21st, a listing for a Gmail phishing site toolkit was observed on the Russian dark‑web hacking forum “XSS.”


• The threat actor known as “facelesss” is selling a phishing toolkit that includes pages for entering credentials and authentication codes. Threat actor claimed that this toolkit can steal Gmail user account information and 2FA.


• The seller advertises that, although the phishing site was built for U.S. targets, the code can be modified to harvest credentials from users in other countries.


• An analysis of the author’s past posts using S2W products indicates continuous interest in phishing‑related activities (earlier posts: questions about ways to bypass email spam detection).



🔍 1 TB of French naval defense data, traded on the dark web


• On July 23rd, it was discovered that confidential information from the French naval defense company “N” was being traded on the DarkForums.


 The data offered for sale reportedly include 1TB of information consisting of source code for the Combat Management System (CMS), access to a developer virtual environment with a naval simulation program, and internal technical documents and messenger chat logs from the victim.


→ The CMS is a core system used on submarines and warships that integrates and manages all combat operations.


• A threat actor known as “Neferpitou” stated that if company N fails to negotiate within 72 hours, all the data will be released for free.



🔍 14 K records of Indonesian transport officials’ personal data being sold


• On July 22, it was observed that personal data belonging to employees and executives of Indonesia’s Ministry of Transportation were being sold on the DarkForums.


 The data offered for sale reportedly include about 14,000 records containing names, dates of birth, gender, residential addresses, etc.


• A forum user named “lCap0ne” is offering the entire dataset for USD 300 (0.005 BTC) or exclusive ownership for USD 700 (0.010 BTC).


• The seller claims the data were exfiltrated from the ministry’s backend in June and that the information could enable targeted phishing attacks to officials.



👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.
Subscribe on LinkedIn

This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.


Attachments
[S2W] Weekly Darkweb_250727_EN.pdf
Threat Analysis Brief Reports
Gunra Ransomware Report
2025.07.29
Previous
Threat Analysis Brief Reports
Microsoft SharePoint Vulnerability: CVE-2025-53770
2025.08.04
Next
List