Quotidien Shaarli

• World Leaks emerged in early 2025 as a new project by the operators of the Hunters International ransomware group, shifting from double extortion with ransomware to extortion-only attacks due to increased risks and reduced profitability.
• The World Leaks and Hunters International platforms share numerous similarities in design, layout, and functionality.
• World Leaks operates four distinct platforms: a main data leak site, a negotiation site for ransom payments, an Insider platform for journalists, and an affiliate panel.
• World Leaks faced initial bugs, downtime, and fluctuations in claimed data leak sizes, raising questions about data accuracy.
• Despite claiming to be extortion-only, some victims suffered ransomware deployment.
• We learned that the Secp0 ransomware group is collaborating with World Leaks, indicating potential future attractiveness for other threat actors.

More than 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability that allows executing a malicious plugin and account takeover.

The flaw is tracked as CVE-2025-4123 and impacts multiple versions of the open-source platform used for monitoring and visualizing infrastructure and application metrics.

The vulnerability was discovered by bug bounty hunter Alvaro Balada and was addressed in security updates that Grafana Labs released on May 21.