Flashpoint just announced that it has hit 400,000 vulnerability disclosures making it the world’s most comprehensive, timely, and actionable source of independently curated vulnerability intelligence.
The blog is here: https://flashpoint.io/blog/flashpoints-vulndb-milestone-intelligence-innovations/.
The milestone is a testament to Flashpoint’s long-term commitment for providing independently curated vulnerability intelligence without the limitations, delays, and coverage gaps of public programs such as the Common Vulnerabilities and Exposures (CVE) and the National Vulnerability Database (NVD) programs.
Threat data and intelligence firm Flashpoint just released a report and blog on the Top Ransomware Groups Targeting the Healthcare Sector.
By industry in 2024, healthcare (11.5%) sustained the fourth most ransomware attacks behind Technology (24.6%), Manufacturing (18.3%), and Retail (12.3%). Almost every organization in the healthcare industry contains highly sensitive information such as patient data, treatment documentation, and financial records linked to patient insurance.
The blog hits on Ransomware-as-a-service and top ransomware groups from Jan-April 2025. If you’re in healthcare, you need to read this ASAP.
This morning Flashpoint announced the release of new robust capabilities to its flagship platform, Flashpoint Ignite, at the RSA Conference 2025. These newest AI-powered Ignite innovations will address a growing need: making threat intelligence more usable, intuitive, and aligned to how teams actually work enabling them to reduce friction and extract more value from their threat intelligence.
Specifically, the new Ignite features include artificial intelligence (AI)-powered risk discovery, curated threat feeds, asset-centric intelligence, and on-demand expansion of highly relevant data sources. These innovations are uniquely designed to deliver the most actionable insights that are precisely aligned with customers’ threat and intelligence needs, enabling organizations to make informed decisions and protect their most critical assets.
You can get more details here.
Flashpoint just published a blog about AgeoStealer. Which is an Infostealer.
Infostealers have proven to be a gold mine for threat actors, responsible for stealing 75%—or 2.1 billion—of 2024’s 3.2 billion total credentials, fueling a constant cycle of account takeover attacks, ransomware, and high-profile data breaches. In our 2025 Global Threat Intelligence Report, we detailed their meteoric rise as a primary threat vector, with our analysts tracking over 24 unique stealer strains—such as RedLine, RisePro, and Lumma Stealer—being listed for sale on illicit marketplaces. Now, organizations will need to add AgeoStealer to their watch list as cybercriminals exploit the immense popularity of gaming.
You can read about this infostealer here: : https://flashpoint.io/blog/ageostealer-how-social-engineering-targets-gamers/.
Flashpoint just made available a Tax Fraud Threat Landscape report that covers the sharp increase in cybercriminal tax refund fraud schemes just as millions of Americans navigate tax season.
Flashpoint analysts have observed widespread discussions among fraud communities—especially on Telegram and Dark Web forums—about tactics to steal personally identifiable information (PII), file fraudulent returns, and cash out IRS refunds before the real taxpayer ever files.
Some of the most concerning trends include:
Telegram remains a major hub for fraud coordination, with thousands of posts sharing step-by-step “sauce” and tutorials. Screenshots of six-figure IRS refunds are common, many accompanied by sales pitches for methods to bypass verification letters and fraud detection systems.
Flashpoint analysts also highlight in the report emerging schemes involving romance scams, job ads, and phishing campaigns—many designed to coax ID.me credentials and IP PINs directly from victims.
You can read the report here: https://flashpoint.io/blog/four-steps-of-tax-refund-fraud/
Protecting today’s corporate executive has become more complex and unpredictable than ever. In today’s evolving security landscape, executives are facing an unprecedented convergence of digital and physical threats. Doxxing, swatting, misinformation, and geopolitical targeting are no longer isolated risks.
To help security teams stay ahead, Flashpoint just released The Complete Guide to OSINT for Executive Protection—a 20-page comprehensive resource for security professionals, executive protection teams, and corporate risk leaders. This guide was purpose-built to help these teams and leaders harness OSINT to strengthen protection strategies. It offers practical strategies and real-world insights on leveraging Open-Source Intelligence (OSINT) to:
A blog post on this is here.
TRM Labs, the global leader in blockchain intelligence, and Flashpoint, the leader and largest private provider of threat intelligence, have joined forces to integrate their capabilities and give customers unprecedented visibility into cybercriminal activity on blockchain networks.
Disrupting criminal networks is increasingly vital to keep the crypto ecosystem safe from illicit actors and allow it to grow for lawful users. TRM Labs’ Illicit Crypto Economy Report reveals that criminals are handling over $34 billion in cryptocurrency. However, with governments and law enforcement agencies leveraging advanced threat and blockchain intelligence, these figures are beginning to decline as they disrupt and prosecute bad actors using crypto for criminal transactions.
TRM Labs makes it easier for investigators to uncover connections between disparate data sources by reducing the need for manual intelligence checks across multiple platforms. With this partnership, TRM Labs has integrated Flashpoint’s data directly into its blockchain intelligence platform. Investigators that use TRM Labs will now benefit from an enriched repository of threat intelligence data within TRM Forensics, including comprehensive details on threat actors, malicious content, illicit forum conversations, and current and historical information from the dark web and social media sources, with the ability to explore deeper insights through a Flashpoint license.
This partnership bolsters TRM Labs’ existing portfolio of proprietary threat intelligence that includes Chainabuse, the largest scam and fraud victim reporting platform in the blockchain intelligence industry. Chainabuse empowers anyone in the crypto economy to report scams, hacks, or other fraudulent activity as they encounter it. The free tool enables crypto users, victims of financial crimes, and crypto businesses to take an active role in making the crypto ecosystem a safer place to operate.
For more information about this partnership and how it can help enhance investigative outcomes, please visit TRM Labs at https://trmlabs.com.
This morning, Flashpoint released its midyear Cyber Threat Intelligence Index, with new data and trends surrounding both persistent and emerging cyber threats observed from January 1 to June 30, 2024. The report includes research and data tied to vulnerabilities, information-stealing malware, ransomware and insider threats.
Some of the most significant/interesting findings include:
Additionally, the report outlines the primary geographies and industries targeted by ransomware groups this first half of the year.
I have two quotes from Flashpoint executives on this report:
The Cyber Threat Intelligence Index report is live here. There’s also a related blog post that can be found here.
Flashpoint Discovers Websites That Provide The Personal Information Of About 1000 CEOs
Posted in Commentary with tags Flashpoint on May 30, 2025 by itnerdI’ve just read a report from Flashpoint that sent a chill down my spine. It’s not available to the public, but let me detail what I read.
The brief that I read provides details on the websites “Luigi was right” and “The CEO Database” sharing the business and personally identifiable information of CEOs and executives from more than 1,000 companies. With this information, threat actors could conduct further searches on open-source platforms or paid data aggregator sites and potentially gain access to additional personally identifiable information (PII). One thing to note is that both websites were created by the same person or persons who have gone as as far as to ask for donations.
The websites are almost certainly referring to Luigi Mangione, the individual accused of fatally shooting UnitedHealthcare CEO Brian Thompson in December 2024. As of May 29, the “Luigi was right” site appeared to be taken down; however, portions of the data were still available via the Wayback Machine archive. “The CEO Database” was still live however.
Analysts assess that this list does not likely pose a significant physical threat to the named executives; however, potential threat actors could use the provided LinkedIn accounts to gather more information or the listed phone numbers to harass executives. Reverse phone number searches on paid data aggregator websites could potentially allow threat actors to gain additional personally identifiable information, such as residential addresses and family members.
Flashpoint obtained the full list of companies and named executives and is sharing that information with those impacted. Which is good. But the fact that these websites were even created is scary. And it highlights the need for better control of personally identifiable information.
2 Comments »