Badge
11,371 badges added since 01 January 2025
ISO 27001 Certificate
SOC 1 Type I Certificate
SOC 2 Type II Certificate
PCI DSS
HIPAA
RGPD
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions

Resecurity Company CyberSecurity Posture

resecurity.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

Resecurity is an American cybersecurity company with headquarters in Los Angeles, California. The company provides next-generation endpoint protection and intelligence-driven cybersecurity solutions to leading Fortune 500 corporations and governments worldwide.

Resecurity A.I CyberSecurity Scoring

Resecurity

Company Details

Linkedin ID:

resecurity

Website:

https://resecurity.com

Employees number:

116

Number of followers:

88,523

NAICS:

541514

Industry Type:

Computer and Network Security

Homepage:

resecurity.com

IP Addresses:

0

Company ID:

RES_8294472

Scan Status:

In-progress

AI scoreResecurity Risk Score (AI oriented)

Between 600 and 649

https://images.rankiteo.com/companyimages/resecurity.jpeg
Resecurity Computer and Network Security
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreResecurity Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/resecurity.jpeg
Resecurity Computer and Network Security
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Resecurity Company CyberSecurity News & History

Past Incidents
2
Attack Types
1
EntityTypeSeverityImpactSeenBlog DetailsSupply Chain SourceIncident DetailsView
Resecurity: ShinyHunters Claim Breach of US Cybersecurity Firm ResecurityBreach8541/2026NA
RES1767463312
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: **ShinyHunters Claims Breach of Cybersecurity Firm Resecurity, Leaks Internal Data** The hacking group **ShinyHunters** has publicly claimed responsibility for breaching **Resecurity**, a U.S.-based cybersecurity company headquartered in Los Angeles. In a **Telegram post** shared earlier today, the group asserted full access to Resecurity’s internal systems and released **screenshots** as evidence. The leaked images depict **internal dashboards, user management panels, token databases, and employee communication channels**, exposing **sensitive data** including: - **API keys and access tokens** - **Internal Mattermost chat logs**, including discussions on threat intelligence and client reports - **Employee details** (names, email addresses, authentication tokens) - **Client lists and related information** - **Threat intelligence documents and moderation logs** Analysis of the screenshots by **Hackread.com** revealed **real-time access tokens, Firebase Cloud Messaging (FCM) user accounts, and active employee profiles** with exposed credentials. Some names visible in the images were cross-referenced with **LinkedIn**, appearing to match Resecurity personnel. ShinyHunters framed the attack as **retaliation**, accusing Resecurity of **deceptive tactics**—specifically, posing as buyers on dark web markets to infiltrate threat actor groups. The group referenced a prior incident involving a **Vietnamese financial database**, where Resecurity allegedly requested free samples under false pretenses. The post also mentioned **collaboration with the Devman ransomware group** and cited past breaches, including claims against **CrowdStrike**, as part of a broader campaign against firms they label as hypocritical. As of now, **Resecurity has not publicly confirmed the breach**, and the authenticity of the claims remains **unverified by third parties**. If validated, this would mark **ShinyHunters’ first major public breach of 2026**, potentially impacting Resecurity’s **clients, partners, and trust in its services**—particularly if sensitive intelligence or operational data was compromised. Resecurity, known for its work in **cybercrime investigation, threat attribution, and digital forensics**, has previously collaborated with **government and private sector entities**. Further developments are expected as the situation unfolds.

Resecurity: Hackers claim to hack Resecurity, firm says it was a honeypotBreach60312/2025NA
RES1767484920
Rankiteo Explanation :
Attack with significant impact with internal employee data leaks

Description: **Cybersecurity Firm Resecurity Targeted in Alleged Breach by "Scattered Lapsus$ Hunters"** Threat actors identifying as *Scattered Lapsus$ Hunters* (SLH) claimed to have breached cybersecurity firm Resecurity, publishing screenshots on Telegram as proof of the alleged compromise. The group asserted it had stolen internal data, including employee records, client details, threat intelligence reports, and communications from a Mattermost collaboration platform. The attack was framed as retaliation for what the actors described as Resecurity’s attempts to infiltrate their operations, including posing as buyers to obtain samples of a purported Vietnam financial database. However, Resecurity disputed the claims, stating the accessed systems were part of a deliberately deployed *honeypot*—a decoy environment designed to monitor and analyze attacker behavior. According to the company, the threat actor first probed its systems on **November 21, 2025**, prompting Resecurity’s digital forensics team to deploy the honeypot in an isolated environment. The decoy contained synthetic datasets, including over **28,000 fake consumer records** and **190,000 payment transactions** generated via Stripe’s API, mimicking real-world data to lure the attackers. Between **December 12 and 24**, the threat actor made **188,000 automated exfiltration attempts** using residential proxy IP addresses, exposing their infrastructure during proxy failures. Resecurity collected telemetry on the attacker’s tactics, later identifying servers linked to the operation and sharing intelligence with law enforcement. A foreign law enforcement agency, acting on Resecurity’s findings, issued a subpoena to investigate the threat actor. The group, which has previously been associated with *ShinyHunters*, *Lapsus$*, and *Scattered Spider*, later clarified that *ShinyHunters* was not involved in this incident. As of the latest update, the threat actors have not provided additional evidence beyond a Telegram post teasing further disclosures. Resecurity maintains that no legitimate production systems were compromised.

Resecurity: ShinyHunters Claim Breach of US Cybersecurity Firm Resecurity
Breach
Severity: 85
Impact: 4
Seen: 1/2026
Blog:
Supply Chain Source: NA
RES1767463312
Rankiteo Explanation
Attack with significant impact with customers data leaks

Description: **ShinyHunters Claims Breach of Cybersecurity Firm Resecurity, Leaks Internal Data** The hacking group **ShinyHunters** has publicly claimed responsibility for breaching **Resecurity**, a U.S.-based cybersecurity company headquartered in Los Angeles. In a **Telegram post** shared earlier today, the group asserted full access to Resecurity’s internal systems and released **screenshots** as evidence. The leaked images depict **internal dashboards, user management panels, token databases, and employee communication channels**, exposing **sensitive data** including: - **API keys and access tokens** - **Internal Mattermost chat logs**, including discussions on threat intelligence and client reports - **Employee details** (names, email addresses, authentication tokens) - **Client lists and related information** - **Threat intelligence documents and moderation logs** Analysis of the screenshots by **Hackread.com** revealed **real-time access tokens, Firebase Cloud Messaging (FCM) user accounts, and active employee profiles** with exposed credentials. Some names visible in the images were cross-referenced with **LinkedIn**, appearing to match Resecurity personnel. ShinyHunters framed the attack as **retaliation**, accusing Resecurity of **deceptive tactics**—specifically, posing as buyers on dark web markets to infiltrate threat actor groups. The group referenced a prior incident involving a **Vietnamese financial database**, where Resecurity allegedly requested free samples under false pretenses. The post also mentioned **collaboration with the Devman ransomware group** and cited past breaches, including claims against **CrowdStrike**, as part of a broader campaign against firms they label as hypocritical. As of now, **Resecurity has not publicly confirmed the breach**, and the authenticity of the claims remains **unverified by third parties**. If validated, this would mark **ShinyHunters’ first major public breach of 2026**, potentially impacting Resecurity’s **clients, partners, and trust in its services**—particularly if sensitive intelligence or operational data was compromised. Resecurity, known for its work in **cybercrime investigation, threat attribution, and digital forensics**, has previously collaborated with **government and private sector entities**. Further developments are expected as the situation unfolds.

Resecurity: Hackers claim to hack Resecurity, firm says it was a honeypot
Breach
Severity: 60
Impact: 3
Seen: 12/2025
Blog:
Supply Chain Source: NA
RES1767484920
Rankiteo Explanation
Attack with significant impact with internal employee data leaks

Description: **Cybersecurity Firm Resecurity Targeted in Alleged Breach by "Scattered Lapsus$ Hunters"** Threat actors identifying as *Scattered Lapsus$ Hunters* (SLH) claimed to have breached cybersecurity firm Resecurity, publishing screenshots on Telegram as proof of the alleged compromise. The group asserted it had stolen internal data, including employee records, client details, threat intelligence reports, and communications from a Mattermost collaboration platform. The attack was framed as retaliation for what the actors described as Resecurity’s attempts to infiltrate their operations, including posing as buyers to obtain samples of a purported Vietnam financial database. However, Resecurity disputed the claims, stating the accessed systems were part of a deliberately deployed *honeypot*—a decoy environment designed to monitor and analyze attacker behavior. According to the company, the threat actor first probed its systems on **November 21, 2025**, prompting Resecurity’s digital forensics team to deploy the honeypot in an isolated environment. The decoy contained synthetic datasets, including over **28,000 fake consumer records** and **190,000 payment transactions** generated via Stripe’s API, mimicking real-world data to lure the attackers. Between **December 12 and 24**, the threat actor made **188,000 automated exfiltration attempts** using residential proxy IP addresses, exposing their infrastructure during proxy failures. Resecurity collected telemetry on the attacker’s tactics, later identifying servers linked to the operation and sharing intelligence with law enforcement. A foreign law enforcement agency, acting on Resecurity’s findings, issued a subpoena to investigate the threat actor. The group, which has previously been associated with *ShinyHunters*, *Lapsus$*, and *Scattered Spider*, later clarified that *ShinyHunters* was not involved in this incident. As of the latest update, the threat actors have not provided additional evidence beyond a Telegram post teasing further disclosures. Resecurity maintains that no legitimate production systems were compromised.

Ailogo

Resecurity Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

🔒
Incident Predictions locked
Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

🔒
A.I. Risk Score Predictions locked
Access Monitoring Plan
statics

Underwriter Stats for Resecurity

Incidents vs Computer and Network Security Industry Average (This Year)

Resecurity has 24.81% fewer incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs All-Companies Average (This Year)

Resecurity has 25.93% fewer incidents than the average of all companies with at least one recorded incident.

Incident Types Resecurity vs Computer and Network Security Industry Avg (This Year)

Resecurity reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.

Incident History — Resecurity (X = Date, Y = Severity)

Resecurity cyber incidents detection timeline including parent company and subsidiaries

Resecurity Company Subsidiaries

SubsidiaryImage

Resecurity is an American cybersecurity company with headquarters in Los Angeles, California. The company provides next-generation endpoint protection and intelligence-driven cybersecurity solutions to leading Fortune 500 corporations and governments worldwide.

similarCompanies

Resecurity Similar Companies

CrowdStrike
crowdstrike.com

CrowdStrike (Nasdaq: CRWD), a global cybersecurity leader, has redefined modern security with the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk — endpoints and cloud workloads, identity and data. Powered by the CrowdStrike Security Cloud and world-clas

Security Report Compare
Palo Alto Networks
paloaltonetworks.com

Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world's greatest s

Security Report Compare
NETWORK-SECURITY-SOLUTIONS
n-security.com

## Our core business We manage linux / unix server infrastructures and build the efficient and secure networking environments using hardware cutting edge technologies suited to the needs of the project and the client. We believe in quality, opposed to quantity. Our company consists of highly

Security Report Compare
newsone

Resecurity CyberSecurity News

January 03, 2026 04:48 PM
ShinyHunters Claim Breach of US Cybersecurity Firm Resecurity

The hacking group ShinyHunters has claimed responsibility for breaching Resecurity, a US-based cybersecurity company headquartered in Los...

Read Article
December 18, 2025 08:00 AM
Global Cybersecurity firm resecurity signs MoU with Metrix Pakistan

ISLAMABAD, Dec 18 (APP):Global cybersecurity firm Resecurity on Thursday signed a memorandum of understanding (MoU) with youth-led...

Read Article
December 08, 2025 08:00 AM
Resecurity Joined the U.S.-Saudi Business Council as a Chairman's Circle Member

Resecurity, a global cybersecurity and threat intelligence company trusted by Fortune 100 enterprises and government agencies, has joined...

Read Article
December 04, 2025 08:00 AM
Resecurity Drives Cybersecurity Innovation at Black Hat MEA 2025 in Riyadh as a Gold Sponsor

Resecurity Drives Cybersecurity Innovation at Black Hat MEA 2025 in Riyadh as a Gold Sponsor ... Black Hat MEA 2025 is recognized as “...

Read Article
December 01, 2025 08:00 AM
Resecurity Showcased AI-powered Cyber Threat Intelligence (CTI) Solutions at Milipol Paris 2025

Resecurity, a global cybersecurity and threat-intelligence company trusted by Fortune 100 enterprises and government agencies, exhibited at...

Read Article
November 24, 2025 08:00 AM
Resecurity signs MoU with NED University to advance cybersecurity education and research

Resecurity signs MoU with NED University to advance cybersecurity education and research. The collaboration focuses on building talent and...

Read Article
November 24, 2025 08:00 AM
Resecurity appoints Ammar Jaffri as senior advisor for their company in Pakistan

Resecurity strengthens its South Asia presence with the appointment of veteran cybersecurity leader.

Read Article
November 12, 2025 08:00 AM
Resecurity Appoints Ammar Jaffri as Senior Advisor for Pakistan

Resecurity (USA), a California-based cybersecurity company renowned for its intelligence-driven solutions protecting critical infrastructure...

Read Article
November 11, 2025 08:00 AM
Resecurity Signs Memorandum of Understanding (MoU) with NED University of Engineering & Technology to Advance Cybersecurity Education and Research

LOS ANGELES & KARACHI, Pakistan--(BUSINESS WIRE)--Resecurity, a U.S.-based cybersecurity company protecting Fortune 100 companies and...

Read Article
faq

Frequently Asked Questions

Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.

Resecurity CyberSecurity History Information

Official Website of Resecurity

The official website of Resecurity is https://resecurity.com.

Resecurity’s AI-Generated Cybersecurity Score

According to Rankiteo, Resecurity’s AI-generated cybersecurity score is 600, reflecting their Poor security posture.

How many security badges does Resecurity’ have ?

According to Rankiteo, Resecurity currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has Resecurity been affected by any supply chain cyber incidents ?

According to Rankiteo, Resecurity has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does Resecurity have SOC 2 Type 1 certification ?

According to Rankiteo, Resecurity is not certified under SOC 2 Type 1.

Does Resecurity have SOC 2 Type 2 certification ?

According to Rankiteo, Resecurity does not hold a SOC 2 Type 2 certification.

Does Resecurity comply with GDPR ?

According to Rankiteo, Resecurity is not listed as GDPR compliant.

Does Resecurity have PCI DSS certification ?

According to Rankiteo, Resecurity does not currently maintain PCI DSS compliance.

Does Resecurity comply with HIPAA ?

According to Rankiteo, Resecurity is not compliant with HIPAA regulations.

Does Resecurity have ISO 27001 certification ?

According to Rankiteo,Resecurity is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Industry Classification of Resecurity

Resecurity operates primarily in the Computer and Network Security industry.

Number of Employees at Resecurity

Resecurity employs approximately 116 people worldwide.

Subsidiaries Owned by Resecurity

Resecurity presently has no subsidiaries across any sectors.

Resecurity’s LinkedIn Followers

Resecurity’s official LinkedIn profile has approximately 88,523 followers.

NAICS Classification of Resecurity

Resecurity is classified under the NAICS code 541514, which corresponds to Others.

Resecurity’s Presence on Crunchbase

No, Resecurity does not have a profile on Crunchbase.

Resecurity’s Presence on LinkedIn

Yes, Resecurity maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/resecurity.

Cybersecurity Incidents Involving Resecurity

As of January 06, 2026, Rankiteo reports that Resecurity has experienced 2 cybersecurity incidents.

Number of Peer and Competitor Companies

Resecurity has an estimated 3,227 peer or competitor companies worldwide.

What types of cybersecurity incidents have occurred at Resecurity ?

Incident Types: The types of cybersecurity incidents that have occurred include Breach.

How does Resecurity detect and respond to cybersecurity incidents ?

Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with yes (honeypot deployment and monitoring), and law enforcement notified with yes (intelligence shared with law enforcement), and containment measures with isolated honeypot environment, monitoring of threat actor activity, and communication strategy with public statement denying breach of real systems, disclosure of honeypot operation, and network segmentation with isolated honeypot environment, and enhanced monitoring with yes (telemetry collection on attacker tactics and infrastructure)..

Incident Details

Can you provide details on each incident ?

Incident : Data Breach

measurementExposure impactImpact

Title: ShinyHunters Breach of Resecurity

Description: The hacking group ShinyHunters claimed responsibility for breaching Resecurity, a US-based cybersecurity company. The group announced full access to internal systems and released screenshots depicting internal dashboards, user management panels, token databases, and employee communication channels. Exfiltrated data includes internal chats, client lists, threat intelligence reports, and employee information.

Type: Data Breach

Attack Vector: Unknown (likely phishing, credential theft, or exploitation of vulnerabilities)

Threat Actor: ShinyHunters

Motivation: Retaliation for alleged deceptive tactics by Resecurity, including posing as buyers on dark web markets

Incident : Data Breach

measurementExposure impactImpact

Title: Scattered Lapsus$ Hunters Claims Breach of Resecurity, Resecurity Denies Compromise

Description: Threat actors associated with the 'Scattered Lapsus$ Hunters' (SLH) claim to have breached the systems of cybersecurity firm Resecurity and stolen internal data. Resecurity disputes the claims, stating the attackers only accessed a deliberately deployed honeypot containing fake information used to monitor their activity. The threat actors published screenshots on Telegram as proof of the alleged breach, including employee data, internal communications, threat intelligence reports, and client information. Resecurity maintains the systems accessed were part of a honeypot operation.

Date Detected: 2025-11-21

Type: Data Breach

Attack Vector: Probing publicly exposed systems, honeypot interaction

Threat Actor: Scattered Lapsus$ Hunters (SLH)

Motivation: Retaliation for alleged social engineering attempts by Resecurity

What are the most common types of attacks the company has faced ?

Common Attack Types: The most common types of attacks the company has faced is Breach.

How does the company identify the attack vectors used in incidents ?

Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Publicly exposed systems.

Impact of the Incidents

What was the impact of each incident ?

Incident : Data Breach RES1767463312

Data Compromised: Internal chats, client lists, threat intelligence reports, employee information (names, email addresses, authentication tokens), API keys, access tokens

Systems Affected: Internal dashboards, user management panels, token databases, employee communication channels (Mattermost)

Operational Impact: Potential compromise of cybersecurity operations, threat intelligence, and client trust

Brand Reputation Impact: High (potential loss of trust from clients and partners)

Identity Theft Risk: High (employee and client PII exposed)

Incident : Data Breach RES1767484920

Data Compromised: Fake data (synthetic datasets, including employee data, internal communications, threat intelligence reports, and client information)

Systems Affected: Honeypot environment (isolated, non-production systems)

Brand Reputation Impact: Potential reputational damage due to public claims of breach

What types of data are most commonly compromised in incidents ?

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Internal Chats, Client Lists, Threat Intelligence Reports, Employee Information, Api Keys, Access Tokens, , Employee Data, Internal Communications, Threat Intelligence Reports, Client Information and .

Which entities were affected by each incident ?

Incident : Data Breach RES1767463312

Entity Name: Resecurity

Entity Type: Cybersecurity Company

Industry: Cybersecurity

Location: Los Angeles, USA

Customers Affected: Clients and partners of Resecurity (scope unknown)

Incident : Data Breach RES1767484920

Entity Name: Resecurity

Entity Type: Cybersecurity Firm

Industry: Cybersecurity

Customers Affected: Fake client data (synthetic records)

Response to the Incidents

What measures were taken in response to each incident ?

Incident : Data Breach RES1767484920

Incident Response Plan Activated: Yes (honeypot deployment and monitoring)

Law Enforcement Notified: Yes (intelligence shared with law enforcement)

Containment Measures: Isolated honeypot environment, monitoring of threat actor activity

Communication Strategy: Public statement denying breach of real systems, disclosure of honeypot operation

Network Segmentation: Isolated honeypot environment

Enhanced Monitoring: Yes (telemetry collection on attacker tactics and infrastructure)

What is the company's incident response plan?

Incident Response Plan: The company's incident response plan is described as Yes (honeypot deployment and monitoring).

Data Breach Information

What type of data was compromised in each breach ?

Incident : Data Breach RES1767463312

Type of Data Compromised: Internal chats, Client lists, Threat intelligence reports, Employee information, Api keys, Access tokens

Sensitivity of Data: High (PII, authentication tokens, internal communications)

Data Exfiltration: Yes

Personally Identifiable Information: Employee names, email addresses, authentication tokens

Incident : Data Breach RES1767484920

Type of Data Compromised: Employee data, Internal communications, Threat intelligence reports, Client information

Number of Records Exposed: 28,000+ synthetic consumer records, 190,000+ synthetic payment transaction records

Sensitivity of Data: Low (synthetic/fake data)

Data Exfiltration: Attempted (188,000+ automated requests for data exfiltration)

Personally Identifiable Information: Fake PII (synthetic records)

How does the company handle incidents involving personally identifiable information (PII) ?

Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by isolated honeypot environment and monitoring of threat actor activity.

Ransomware Information

Was ransomware involved in any of the incidents ?

Incident : Data Breach RES1767463312

Data Exfiltration: Yes

Lessons Learned and Recommendations

What lessons were learned from each incident ?

Incident : Data Breach RES1767484920

Lessons Learned: Effectiveness of honeypots in monitoring and gathering intelligence on threat actors; importance of OPSEC in threat actor operations; challenges in attributing attacks due to overlapping threat actor groups.

What recommendations were made to prevent future incidents ?

Incident : Data Breach RES1767484920

Recommendations: Organizations should consider deploying honeypots for threat intelligence gathering; enhance monitoring of publicly exposed systems; collaborate with law enforcement for threat actor attribution and disruption.

What are the key lessons learned from past incidents ?

Key Lessons Learned: The key lessons learned from past incidents are Effectiveness of honeypots in monitoring and gathering intelligence on threat actors; importance of OPSEC in threat actor operations; challenges in attributing attacks due to overlapping threat actor groups.

What recommendations has the company implemented to improve cybersecurity ?

Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Organizations should consider deploying honeypots for threat intelligence gathering; enhance monitoring of publicly exposed systems; collaborate with law enforcement for threat actor attribution and disruption..

References

Where can I find more information about each incident ?

Incident : Data Breach RES1767463312

Source: Hackread.com

Incident : Data Breach RES1767463312

Source: ShinyHunters Telegram post

Incident : Data Breach RES1767484920

Source: BleepingComputer

Incident : Data Breach RES1767484920

Source: Resecurity Report

Incident : Data Breach RES1767484920

Source: Telegram (Scattered Lapsus$ Hunters)

Where can stakeholders find additional resources on cybersecurity best practices ?

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Hackread.com, and Source: ShinyHunters Telegram post, and Source: BleepingComputer, and Source: Resecurity Report, and Source: Telegram (Scattered Lapsus$ Hunters).

Investigation Status

What is the current status of the investigation for each incident ?

Incident : Data Breach RES1767463312

Investigation Status: Unverified

Incident : Data Breach RES1767484920

Investigation Status: Ongoing (threat actor activity still being monitored)

How does the company communicate the status of incident investigations to stakeholders ?

Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public statement denying breach of real systems and disclosure of honeypot operation.

Stakeholder and Customer Advisories

Were there any advisories issued to stakeholders or customers for each incident ?

Incident : Data Breach RES1767484920

Stakeholder Advisories: Resecurity has publicly denied the breach of real systems and clarified the honeypot operation.

What advisories does the company provide to stakeholders and customers following an incident ?

Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Resecurity has publicly denied the breach of real systems and clarified the honeypot operation..

Initial Access Broker

How did the initial access broker gain entry for each incident ?

Incident : Data Breach RES1767484920

Entry Point: Publicly exposed systems

Reconnaissance Period: November 21, 2025 - December 2025

Post-Incident Analysis

What were the root causes and corrective actions taken for each incident ?

Incident : Data Breach RES1767484920

Root Causes: Threat actor probing of publicly exposed systems; social engineering retaliation motive; OPSEC failures by threat actor (exposed IPs, proxy connection failures).

Corrective Actions: Continued monitoring of threat actor infrastructure; sharing intelligence with law enforcement; potential legal action via subpoena.

What is the company's process for conducting post-incident analysis ?

Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Yes (telemetry collection on attacker tactics and infrastructure).

What corrective actions has the company taken based on post-incident analysis ?

Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Continued monitoring of threat actor infrastructure; sharing intelligence with law enforcement; potential legal action via subpoena..

Additional Questions

General Information

Who was the attacking group in the last incident ?

Last Attacking Group: The attacking group in the last incident were an ShinyHunters and Scattered Lapsus$ Hunters (SLH).

Incident Details

What was the most recent incident detected ?

Most Recent Incident Detected: The most recent incident detected was on 2025-11-21.

Impact of the Incidents

What was the most significant data compromised in an incident ?

Most Significant Data Compromised: The most significant data compromised in an incident were Internal chats, client lists, threat intelligence reports, employee information (names, email addresses, authentication tokens), API keys, access tokens, Fake data (synthetic datasets, including employee data, internal communications, threat intelligence reports and and client information).

Response to the Incidents

What containment measures were taken in the most recent incident ?

Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Isolated honeypot environment and monitoring of threat actor activity.

Data Breach Information

What was the most sensitive data compromised in a breach ?

Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Fake data (synthetic datasets, including employee data, internal communications, threat intelligence reports, and client information), Internal chats, client lists, threat intelligence reports, employee information (names, email addresses, authentication tokens), API keys and access tokens.

What was the number of records exposed in the most significant breach ?

Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 218.0K.

Lessons Learned and Recommendations

What was the most significant lesson learned from past incidents ?

Most Significant Lesson Learned: The most significant lesson learned from past incidents was Effectiveness of honeypots in monitoring and gathering intelligence on threat actors; importance of OPSEC in threat actor operations; challenges in attributing attacks due to overlapping threat actor groups.

What was the most significant recommendation implemented to improve cybersecurity ?

Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Organizations should consider deploying honeypots for threat intelligence gathering; enhance monitoring of publicly exposed systems; collaborate with law enforcement for threat actor attribution and disruption..

References

What is the most recent source of information about an incident ?

Most Recent Source: The most recent source of information about an incident are BleepingComputer, ShinyHunters Telegram post, Hackread.com, Telegram (Scattered Lapsus$ Hunters) and Resecurity Report.

Investigation Status

What is the current status of the most recent investigation ?

Current Status of Most Recent Investigation: The current status of the most recent investigation is Unverified.

Stakeholder and Customer Advisories

What was the most recent stakeholder advisory issued ?

Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Resecurity has publicly denied the breach of real systems and clarified the honeypot operation., .

Initial Access Broker

What was the most recent entry point used by an initial access broker ?

Most Recent Entry Point: The most recent entry point used by an initial access broker was an Publicly exposed systems.

What was the most recent reconnaissance period for an incident ?

Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was November 21, 2025 - December 2025.

cve

Latest Global CVEs (Not Company-Specific)

Description

A flaw has been found in Seeyon Zhiyuan OA Web Application System up to 20251223. The impacted element is an unknown function of the file /assetsGroupReport/fixedAssetsList.j%73p. Executing a manipulation of the argument unitCode can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published
Date
2026-01-04
Updated
Date
2026-01-04
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

A vulnerability was found in code-projects Online Product Reservation System 1.0. This affects an unknown part of the file /handgunner-administrator/edit.php of the component POST Parameter Handler. The manipulation of the argument prod_id/name/price/model/serial results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.

Published
Date
2026-01-04
Updated
Date
2026-01-04
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

A vulnerability has been found in code-projects Online Product Reservation System 1.0. Affected by this issue is some unknown functionality of the file /handgunner-administrator/delete.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Published
Date
2026-01-04
Updated
Date
2026-01-04
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

A vulnerability was identified in CRMEB up to 5.6.1. This issue affects some unknown processing of the file /adminapi/product/product_export. Such manipulation of the argument cate_id leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published
Date
2026-01-04
Updated
Date
2026-01-04
Risk Information
cvss2
Base: 5.8
Severity: LOW
AV:N/AC:L/Au:M/C:P/I:P/A:P
cvss3
Base: 4.7
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.1
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

A vulnerability was determined in CRMEB up to 5.6.1. This vulnerability affects unknown code of the file /adminapi/export/product_list. This manipulation of the argument cate_id causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Published
Date
2026-01-04
Updated
Date
2026-01-04
Risk Information
cvss2
Base: 5.8
Severity: LOW
AV:N/AC:L/Au:M/C:P/I:P/A:P
cvss3
Base: 4.7
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.1
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References

Access Data Using Our API

SubsidiaryImage

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=resecurity' -H 'apikey: YOUR_API_KEY_HERE'
Try It API Documentation rapidRapid

What Do We Measure ?

revertimgrevertimgrevertimgrevertimg
Incident
revertimgrevertimgrevertimgrevertimg
Finding
revertimgrevertimgrevertimgrevertimg
Grade
revertimgrevertimgrevertimgrevertimg
Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network Security

Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)

Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)

Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat Intelligence

Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Top LeftTop RightBottom LeftBottom Right
Rankiteo
By Rankiteo
View on G2.com
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
View latest reports → View all security reports →
Users Love Us Badge