Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Rival cybercrime exposure campaign destabilizes the Lumma Stealer ecosystem

Threat Actor Meta
First reported
Last updated
Happening score
H score 27
1 unique sources, 1 articles

Summary

Hide ▲

A rival doxxing campaign has put the Lumma Stealer underground ecosystem under pressure, exposing alleged operators and weakening trust in the service. The campaign matters because it is disrupting coordination, shifting users toward alternatives, and showing how criminal competitors can destabilize a malware business.

Related Happenings

Formula 1 fan device botnet abuse

Malware Activity
First: 25.05.2026 12:00 Last: 25.05.2026 12:00 Sources 1

About this happening: A **botnet of millions of devices** is being expanded through scams aimed at **Formula 1 fans**, increasing the risk of **DDoS attacks**. Victim devices are being quietly pulled i...

Open Happening

Venom Stealer subscription and affiliate malware-service ecosystem

Threat Actor Meta
First: 01.04.2026 16:30 Last: 01.04.2026 16:30 Sources 1

About this happening: **Venom Stealer** is being run as a **subscription-based** malware service with **Telegram licensing** and an **affiliate program**, signaling a more organized cybercrime ecosyste...

Open Happening

Hecker-Sakuya-LiveGamer101 alliance reshapes ransomware ecosystem operations

Threat Actor Meta
First: 28.01.2026 15:15 Last: 28.01.2026 15:15 Sources 1

About this happening: **SilverInc** is operating a commercial **access-resale ecosystem** for exposed or weakly authenticated **LLM endpoints**, turning unauthorized access into a monetized supply chai...

Open Happening

Bizarre Bazaar campaign targeting exposed LLM and MCP endpoints

Campaign
First: 28.01.2026 15:15 Last: 28.01.2026 15:15 Sources 1

About this happening: **Bizarre Bazaar** is an active **LLMjacking** campaign targeting **exposed LLM and MCP endpoints** to monetize unauthorized access to AI infrastructure. Researchers say the opera...

Latest development: 29.01.2026 20:37

Researchers said Operation Bizarre Bazaar, an LLMjacking marketplace that scans for exposed Ollama, vLLM, and OpenAI-compatible APIs without authentication and resells access through silver[.]inc, has been traced to Hecker (aka Sakuya and LiveGamer101).

Open Happening

Smishing Triad global smishing campaign with rapid domain churn

Campaign
First: 24.10.2025 21:35 Last: 24.10.2025 21:35 Sources 1

About this happening: **Smishing Triad** is a **large-scale, ongoing smishing campaign** tied to **more than 194,000 malicious domains** registered since **January 1, 2024** and used to push **fraudule...

Latest development: 12.11.2025 22:59

Google filed a lawsuit on 2025-11-12 to dismantle Lighthouse, a phishing-as-a-service platform used in smishing campaigns impersonating USPS and E-ZPass, alleging that the infrastructure affected over 1 million victims across 120 countries and seeking to shut down the website support behind the kit.

Open Happening

Timeline

  1. 21.10.2025 11:00 1 articles · 7mo ago

    Telegram accounts used by Lumma Stealer were compromised

    Victim Impact Update

    Telegram accounts used by the Lumma Stealer group were reportedly stolen on September 17, disrupting communication with customers and coordination of operations.

    Show sources
    Open in new tab
  2. 21.10.2025 11:00 2 articles · 7mo ago

    Trend Micro disclosed a rival doxxing campaign against Lumma Stealer operators

    Initial Disclosure

    Trend Micro reported that Lumma Stealer was being disrupted by a rival cybercrime doxxing campaign that targeted alleged developers and administrators and leaked passport numbers, bank account information, email addresses, and online profile links on Lumma Rats.

    Show sources
    Open in new tab