The alleged administrator of the Russian-speaking hack forum XSS[.]is was arrested by Ukrainian authorities at the request of the Paris Prosecutor’s Office. Shortly thereafter, the site was shut down by law enforcement agencies.
XSS — a Russian-speaking hacker forum that has been operational since 2013, boasting around 50,000 registered users and considered one of the main hubs for cybercriminal activities. Law enforcement officers report that XSS was used to sell and advertise malicious software, access to hacked systems, promote RaaS platforms, and more.
French authorities announced that the investigation into the activities of XSS began about four years ago and uncovered activities related to extortion and other cybercrimes that generated multi-million profits for the perpetrators.
It is worth noting that in May 2021, a ban was introduced on any topics related to ransomware on XSS.
“The investigation, initiated on July 2, 2021, by the Paris Public Prosecutor’s Office’s Cybercrime Unit and assigned to the Cybercrime Department of the Judicial Police of the Paris Prefecture, led to a court-authorized interception of messages from the Jabber server thesecure[.]biz,” stated the French authorities. “The intercepted messages revealed numerous instances of illegal activities related to cybercrime and extortion. It was determined that these actions generated a profit of no less than 7 million USD for the criminals.”
Law enforcement officials clarified that they managed to compromise the server thesecure[.]biz to be able to monitor the users’ communications.
Intercepted messages led to the initiation of an investigation that began on November 9, 2021, on the facts of complicity in attacks on information systems, extortion, and participation in a criminal conspiracy.
During the second phase of message interception, the identity of the alleged forum administrator was established. As a result, this week the suspect, whose name has not been disclosed, was apprehended by Ukrainian authorities in the presence of French police and with the assistance of Europol.
“The administrator of the forum was not only its technical operator. It is also assumed that he played a central role in facilitating criminal activities,” states the Europol announcement. “Acting as a trusted third party, he resolved disputes between criminals and ensured the security of transactions. Additionally, he is suspected of managing thesecure[.]biz, a private messaging service tailored to the needs of the cybercriminal underground. The investigation believes that he has been active in the cybercriminal ecosystem for nearly 20 years and maintained close ties with several major figures in the cybercriminal community.”
On July 23, 2025, members of the XSS forum suspected that the site might have been seized by law enforcement authorities. Shortly thereafter, the resource was indeed taken offline, and a notice appeared on the site informing visitors about the domain’s confiscation.
Considering that law enforcement officials may have gained access to the forum’s backend and arrested its alleged administrator, it is quite likely that they now have evidence against other participants of XSS, which could lead to further arrests in the future.
2025.04.16 — Android devices will restart every three days to protect user data
Google introduces a new security feature for Android devices: locked and unused devices will be automatically restarted after three days of inactivity to return their memory to an…
Full article →
2025.02.18 — Chrome Enhanced Protection mode is now powered by AI
The Enhanced Protection mode in Google Chrome has been updated. Now it uses AI to protect users from dangerous sites, downloads, and extensions in real time.…
Full article →
2025.02.10 — Failed attempt to block phishing link results in massive Cloudflare outage
According to the incident report released by Cloudflare, an attempt to block a phishing URL on the R2 platform accidentally caused a massive outage; as a result, many Cloudflare…
Full article →
2025.01.29 — Google to disable Sync in older Chrome versions
Google announced that in early 2025, Chrome Sync will be disabled in Chrome versions older than four years. Chrome Sync enables users to save and sync their…
Full article →
2025.03.18 — Black Basta ransomware group developed its own automated brute-forcing framework
According to EclecticIQ, Black Basta Ransomware-as-a-Service (RaaS) group has developed its own automated brute-forcing framework dubbed BRUTED. It's used to hack edge network devices…
Full article →
2025.04.25 — Asus patches vulnerability in AMI's MegaRAC enabling attackers to brick servers
Asus released patches for the CVE-2024-54085 vulnerability that allows attackers to seize and disable servers. The security hole affects the American Megatrends International (AMI) MegaRAC Baseboard Management…
Full article →
2025.03.07 — YouTube warns of scam video featuring its CEO
According to YouTube, scammers use an AI-generated video of the company's CEO in phishing attacks to steal user credentials. The scammers attack content creators by sending them…
Full article →
2025.04.04 — Privilege escalation vulnerability in Google Cloud resulting in sensitive data leaks finally patched
Tenable Research revealed details of a recently patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run enabling an attacker to gain access to container images…
Full article →
2025.01.25 — 18,000 script kiddies have been infected with backdoor via XWorm RAT builder
According to CloudSEK analysts, malefactors attack novice hackers using a fake malware builder. Script kiddies' systems become infected with a backdoor that steals data and subsequently…
Full article →
2025.02.21 — Microsoft fixes vulnerability in Power Pages exploited by cybercriminals
Microsoft patched a severe privilege escalation vulnerability in Power Pages used by hackers as a 0-day. The vulnerability tracked as CVE-2025-24989 (CVSS score 8.2) pertains…
Full article →