RANSOMNEWS provides an in-depth analysis of the XSS Forum, a significant Russian-language cybercrime hub, detailing its history and eventual seizure in 2025 due to law enforcement actions in Ukraine and France. XSS Forum, with over 50,000 members, served as a marketplace for cybercriminal activities linked to major ransomware groups like REvil and LockBit.
The publication reports that the forum's administrator was arrested, revealing the scale of cybercrime operations facilitated through the forum, including structured auctions for initial access into corporate networks. Analysis of leaked data shows how the forum fed into the ransomware supply chain, providing insights into the pricing of access and timelines from access listings to victims appearing on ransomware leak sites.