Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Following the emergence of data-leak sites (DLSs) for extortion group’s Morpheus and GD LockerSec in January 2025, Cyjax has discovered a DLS which claims that the infamous Babuk ransomware group has returned. Read on to find out what we know so far.

Ransomware is one of the most prominent cybersecurity threats today, often spreading via phishing emails, malicious links, infected attachments, or exploiting software vulnerabilities. It is a type of malware designed to block access to files, data, or entire systems until a ransom is paid, usually in cryptocurrency. Beyond the financial impact, ransomware causes operational disruption and long-term reputational damage. The frequency and scale of ransomware attacks have surged in recent years.

Following the emergence of data-leak sites (DLSs) for extortion group Morpheus earlier this year, Cyjax has discovered a DLS for a new extortion outfit going by the name GD LockerSec. Read on to find out what we know so far.

The threat landscape is evolving at an unprecedented rate, with organisations facing increasingly complex and malicious cyber threats. As cyber-attacks grow in frequency and sophistication, Cyber Threat Intelligence (CTI) has emerged as a critical focus for many organisations striving to counter these rising challenges effectively.

The global threat intelligence market size was valued at USD 5.80 billion in 2024. The market is projected to grow from USD 6.87 billion in 2025 to USD 24.05 billion by 2032, exhibiting a CAGR of 19.6% during the forecast period. This tremendous growth translates into an increase in both the supply and demand for skilled professionals in threat intelligence.

Defenders often discuss security vulnerabilities on GitHub, Stack overflow, X (formerly Twitter), and other platforms to share knowledge of these threats and ensure users know when patches are available. Cybercriminals have a similar process, choosing to share vulnerability news, exploit code, and engage in technical discussions on cybercriminal forums. However, in contrast to defenders, these threat actors share this knowledge for the purpose finding unpatched systems and exploiting them.

On 13 March 2024, the US House of Representatives approved a bill which demands that the China-based ByteDance divests the popular social media platform TikTok, effectively banning it in the country. The measure was passed with a 352 to 65 vote after being introduced on 5 March 2024 by Republican Mike Gallagher and Democrat Raja Krishnamoorthi.

As 2025 progresses into its second week, it has not taken long for a new data-leak site (DLS) for an extortion group to emerge. December 2024 saw the emergence of LeakedData, FunkSec, and Bluebox. This week, the new group goes by the name Morpheus. Read on to find out what Cyjax knows about this new entrant into the extortion scene so far.

Cybercrime targeting law firms has surged by 77% in the past year, raising significant concerns for the legal sector. The frequency, nature, and motivations of these attacks are evolving, putting law firms in a vulnerable position. Due to the sensitive nature of their data and high stakes, law firms are frequent targets for financially motivated cybercriminals, hacktivists, and even state-sponsored groups.

Data leaks sites (DLSs) commonly debut with a small number of claimed victims. When Cyjax discovered them, newly found DLSs for extortion groups FunkSec and Kairos claimed 11 and six victims, respectively. In contrast, a newly identified possible extortion group which aptly calls itself ’LeakedData’ has emerged onto the scene with an alleged total of 41 victims.