Ethical Hacking News
The dark web's latest development takes a significant hit as XSS.is, the infamous forum for ransomware affiliates, falls silent. Cybersecurity expert Pierluigi Paganini sheds light on the demise of this notorious platform and its implications for cybersecurity authorities.
Pierluigi Paganini, a renowned cybersecurity expert, tracked the dark web's latest developments and found XSS.is forum was shut down by law enforcement.XSS.is rose to prominence after its predecessor DaMaGeLaB was shut down in 2017.The forum offered escrow and arbitration services, facilitating transactions between buyers and sellers.Law enforcement banned ransomware activity on the forum in 2021 but users continued to engage in illicit activities.The downfall of XSS.is serves as a reminder that even secure platforms can be vulnerable to exploitation by law enforcement.
Pierluigi Paganini, a renowned cybersecurity expert, has been tracking the dark web's latest developments, and his latest findings shed light on the demise of XSS.is, a notorious forum that facilitated the underground economy of ransomware affiliates. The forum, which was shut down by law enforcement in July 2025, had become an indispensable platform for malware authors, exploit sellers, spammers, and ransomware affiliates to trade and conduct their illicit activities.
XSS.is's rise to prominence began with its predecessor, DaMaGeLaB, which operated from 2004 to 2017. Following the forum's shutdown in 2017, a partial backup was launched under the handle "Toha" by an operator who had been active in the Russian underground since at least 2005. Over time, XSS.is evolved into a comprehensive platform that catered to the needs of its users, offering a range of services, including escrow and arbitration services.
The forum's infrastructure allowed for seamless communication between buyers and sellers, with the trusted middleman playing a crucial role in facilitating transactions. This model was particularly effective in exploiting the vulnerabilities of corporate networks, as initial access brokers listed footholds into these networks as structured auctions. The most expensive listings, priced at $25,000, were for access to high-profile targets, such as US manufacturers with significant revenue.
However, despite its reputation and influence, XSS.is was not immune to threats from law enforcement agencies. In July 2021, the forum's administrator banned all ransomware activity and deleted existing threads. This move was seen as a gesture of goodwill by the forum's users, who were attempting to distance themselves from malicious activities.
But, according to researchers, this attempt at reputation management was ultimately futile. The data revealed that the forum's users continued to engage in illicit activities, with many shifting their operations to other platforms, such as RAMP and DarkForums. The loss of trust among XSS.is's users was palpable, with some members expressing concerns about the forum's ability to maintain its integrity.
The downfall of XSS.is serves as a reminder that even the most seemingly secure platforms can be vulnerable to exploitation by law enforcement agencies. The seizure of the forum's infrastructure and the arrest of its administrator mark a significant victory for cybersecurity authorities, who have been working tirelessly to dismantle the networks of cybercriminals.
In conclusion, the demise of XSS.is highlights the ongoing cat-and-mouse game between law enforcement agencies and cybercriminals. As these platforms evolve and adapt, it is essential that cybersecurity experts remain vigilant and proactive in their efforts to track down and disrupt illicit activities.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Downfall-of-XSSis-A-Hub-for-Ransomware-Affiliates-ehn.shtml
https://securityaffairs.com/194524/security/xss-is-the-forum-that-ran-the-ransomware-supply-chain-is-down-the-market-isnt.html
Published: Wed Jul 1 15:16:44 2026 by llama3.2 3B Q4_K_M