Find notable cyber news and cases, enriched with sources, timelines, and signals.

Lumma Stealer activity decline after doxxing and Telegram compromise

Malware Activity
First reported
Last updated
Happening score
H score 29
1 unique sources, 1 articles

Summary

Hide ▲

The Lumma Stealer malware-as-a-service operation saw a sharp drop in C&C infrastructure activity, disrupting customer communications and slowing infostealer operations. The decline followed exposure of five alleged core members' identities and a reported Telegram account compromise. The operation had rebuilt after a May law-enforcement action and remained active through June to September before the slowdown. The shift pushed cybercriminals toward Vidar, StealC, and Amadey as replacement options.

Related Happenings

FBI takedown of Outsider Enterprise phishing service

Law Enforcement
H score63 First: 14.06.2026 17:36 Last: 14.06.2026 17:36 Sources 1

About this happening: The **FBI** and partners **dismantled** **Outsider Enterprise**, a **phishing-as-a-service** operation tied to **thousands of phishing websites** and large-scale credential theft....

REMUS infostealer browser-session and password-manager collection expansion

Malware Activity
H score21 First: 15.05.2026 17:02 Last: 15.05.2026 17:02 Sources 1

About this happening: **REMUS** expanded its **session-theft** and **password-manager** collection capabilities, increasing the malware’s ability to capture authenticated access and browser-side data....

UAE and Gulf cyberattack surge after Iran conflict escalation

Trend
H score29 First: 06.05.2026 08:30 Last: 06.05.2026 08:30 Sources 1

About this happening: Cyberattack volume surged across the **UAE** and wider **Gulf** after military operations against **Iran** began, pushing daily breach attempts to **600,000 to 800,000** and raisi...

Scattered Spider SMS phishing and SIM-swap crypto theft campaign

Campaign
H score53 First: 20.04.2026 16:33 Last: 20.04.2026 16:33 Sources 1

About this happening: The **Scattered Spider** campaign used **SMS phishing** and **SIM swap** attacks to steal employee credentials, hijack phone numbers, and take over email and **virtual currency wa...

Interpol-led Operation Synergia III cybercrime takedown

Law Enforcement
H score11 First: 13.03.2026 18:15 Last: 13.03.2026 18:15 Sources 1

About this happening: **Interpol** coordinated **Operation Synergia III**, and the **94 arrests** plus infrastructure seizures materially disrupted a cross-border **phishing** and **ransomware** case n...

Timeline

  1. 20.10.2025 15:42 2 articles · 8mo ago

    Lumma Stealer slowdown after doxxing and Telegram compromise

    Initial Disclosure

    Trend Micro reported that Lumma Stealer activity had decreased over the past couple of months after the identities of five alleged core members were exposed in an underground doxxing campaign targeting the Lumma Stealer group, also tracked as Water Kurita and Storm-2477. The disclosures published on Lumma Rats included personal, social media, financial, and password data, and the group's Telegram account was reportedly compromised, disrupting customer communications and sharply reducing C&C infrastructure activity. The slowdown followed a May law-enforcement operation and later rebuild on new infrastructure, and it pushed cybercriminals toward Vidar, StealC, and the PPI service Amadey as alternatives.

    Show sources