430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

FBI seized ‘web3adspanels.org’ hosting stolen logins

The U.S. seized the ‘web3adspanels.org’ domain and database used by cybercriminals to store stolen bank login credentials. The FBI seized the domain web3adspanels[.]org and its database after cybercriminals used it to store bank login credentials stolen from U.S. victims. A criminal group ran fake ads on Google and Bing that mimicked real bank advertisements. Victims […]

web3adspanels.org

The U.S. seized the ‘web3adspanels.org’ domain and database used by cybercriminals to store stolen bank login credentials.

The FBI seized the domain web3adspanels[.]org and its database after cybercriminals used it to store bank login credentials stolen from U.S. victims.

A criminal group ran fake ads on Google and Bing that mimicked real bank advertisements. Victims who clicked were redirected to fraudulent websites controlled by the criminals. When users entered their login credentials, malware on the fake sites captured the information. The criminals then used these stolen credentials on the real bank websites to access accounts and steal funds.

“The Justice Department today announced the seizure of a web domain and database used in furtherance of a scheme to target and defraud Americans through bank account takeover fraud. The domain, web3adspanels.org, was used by those involved in the scheme as a backend web panel to store and manipulate illegally harvested bank login credentials.” reads the press release published by DoJ. “This domain seizure comes approximately one month after the FBI issued a Public Service Announcement relating to Account Takeover Fraud via Impersonation of Financial Institution Support.”

The FBI identified at least 19 U.S. victims, including two Georgia companies, who lost about $14.6M and faced attempted losses of $28M due to a bank account takeover scheme.

The authorities seized the domain ‘web3adspanels[.]org, which was hosting thousands of stolen login credentials, and continued operating as recently as November 2025.

Estonian authorities preserved and collected data from servers hosting phishing pages and stolen login credentials used in the scheme.

Since January, the FBI’s IC3 received over 5,100 complaints, totaling more than $262M in losses. The seizure prevents criminals from using the stolen data. Estonian authorities also preserved evidence from the servers. Law enforcement officials announced the operation and urged the public to stay vigilant against phishing and monitor accounts carefully.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, web3adspanels.org)