Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Global Profit / MC Profit Always exposed phishing repository leak

Data Leak
First reported
Last updated
Happening score
H score 22
1 unique sources, 1 articles

Summary

Hide ▲

An exposed repository tied to Global Profit / MC Profit Always leaked an SQL database and Telegram webhook logs, exposing phishing-operator communications and infrastructure details. The exposure helps reveal how the phishing service was managed and who was involved in operating it. It also adds intelligence value for tracking the broader Diesel Vortex credential-theft ecosystem.

Related Happenings

English-learning app user audio exposure via Gemini Files API

Data Leak
First: 08.04.2026 19:00 Last: 08.04.2026 19:00 Sources 1

About this happening: A confirmed **Gemini Files API** exposure let **user-uploaded audio files** from an **English-learning app** be retrieved, showing that exposed keys can surface private user conte...

Open Happening

Konni multi-stage KakaoTalk phishing campaign

Campaign
First: 17.03.2026 11:53 Last: 17.03.2026 11:53 Sources 1

About this happening: The **Konni** operation is expanding through **spear-phishing** and abused **KakaoTalk** desktop accounts, increasing the chance that one compromise reaches multiple contacts. It...

Open Happening

Tycoon 2FA-Storm-1747 ecosystem shift changes threat-actor operations

Threat Actor Meta
First: 05.03.2026 08:51 Last: 05.03.2026 08:51 Sources 1

About this happening: **Tycoon2FA** has evolved from a **subscription-based PhaaS** into a more resilient phishing service that now supports **device-code phishing** against **Microsoft 365** accounts....

Latest development: 17.05.2026 17:43

eSentire says Tycoon2FA now uses device-code phishing to target Microsoft 365 accounts, with invoice-themed lure emails carrying Trustifi click-tracking URLs that redirect through Trustifi, Cloudflare Workers, obfuscated JavaScript layers, and a fake Microsoft CAPTCHA page before sending victims to microsoft.com/devicelogin. The kit also adds anti-analysis defenses, including detection of Selenium, Puppeteer, Playwright, and Burp Suite, plus blocks for security vendors, VPNs, sandboxes, AI crawlers, and cloud providers.

Open Happening

Diesel Vortex freight and logistics phishing campaign

Campaign
First: 25.02.2026 01:57 Last: 25.02.2026 01:57 Sources 1

How related: In a campaign that has been running since September 2025, the threat actor has stolen 1,649 unique credentials from platforms and service providers critical in the freight industry.

About this happening: The **Diesel Vortex** phishing campaign is stealing freight-sector credentials across the **U.S. and Europe**, raising the risk of account compromise, cargo fraud, and downstream...

Open Happening

ShellForce-affiliated leak site publishes stolen identity, corporate, and résumé records

Data Leak
First: 09.02.2026 23:14 Last: 09.02.2026 23:14 Sources 1

About this happening: A **ShellForce**-affiliated leak site is publicly posting **stolen identity records**, **corporate data**, and **résumé databases**, turning intrusions into immediate exposure ris...

Open Happening

Timeline

  1. 25.02.2026 01:57 2 articles · 3mo ago

    Global Profit / MC Profit Always repository exposure disclosed

    Initial Disclosure

    Researchers disclosed an exposed repository tied to the phishing project Global Profit, marketed as MC Profit Always, that contained an SQL database and Telegram webhook logs. The exposure revealed communications between phishing service operators and provided intelligence that helped map the broader credential-theft ecosystem linked to freight and logistics targets.

    Show sources
    Open in new tab