Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Resecurity

Resecurity Vendor Cyber Rating & Cyber Score

resecurity.com

Resecurity is an American company with headquarters in Los Angeles, California. The company provides next-generation ISR (Intelligence, Surveillance, Reconnaissance) and ERMM (External Risk Mitigation & Management) solutions to leading Fortune 500 corporations, law enforcement, and government.


Resecurity A.I CyberSecurity Scoring

Resecurity
Company Information
Website:https://resecurity.com
Employees number:99
Number of followers:89,527
NAICS:336414
Industry Type:Defense and Space Manufacturing
Homepage:resecurity.com
Resecurity Risk Score (AI oriented)
Between 0 and 549
logo
ResecurityDefense and Space Manufacturing
Updated:
08/06/2026
380/1000
Critical
C
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Resecurity Global Score (TPRM)
xxxx
logo
ResecurityDefense and Space Manufacturing
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Resecurity
ResecurityCritical
Current Score
380C (CRITICAL)
01000
5 incidents
-99.67 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
384Before Incident
JUNE 2026
380Before Incident
MAY 2026
374Before Incident
APRIL 2026
369Before Incident
MARCH 2026
354Before Incident
FEBRUARY 2026
347Before Incident
JANUARY 2026
399Before Incident
Breach
03 Jan 2026Resecurity
Resecurity: ShinyHunters Claim Breach of US Cybersecurity Firm Resecurity

ShinyHunters Breach of Resecurity

334After Incident
CRITICAL-65
RES1767463312
ShinyHunters Claims Breach of Cybersecurity Firm Resecurity, Leaks Internal Data The hacking group ShinyHunters has publicly claimed responsibility for breaching Resecurity, a U.S.-based cybersecurity company headquartered in Los Angeles. In a Telegram post shared earlier today, the group asserted full access to Resecurity’s internal systems and released screenshots as evidence. The leaked images depict internal dashboards, user management panels, token databases, and employee communication channels, exposing sensitive data including: - API keys and access tokens - Internal Mattermost chat logs, including discussions on threat intelligence and client reports - Employee details (names, email addresses, authentication tokens) - Client lists and related information - Threat intelligence documents and moderation logs Analysis of the screenshots by Hackread.com revealed real-time access tokens, Firebase Cloud Messaging (FCM) user accounts, and active employee profiles with exposed credentials. Some names visible in the images were cross-referenced with LinkedIn, appearing to match Resecurity personnel. ShinyHunters framed the attack as retaliation, accusing Resecurity of deceptive tactics—specifically, posing as buyers on dark web markets to infiltrate threat actor groups. The group referenced a prior incident involving a Vietnamese financial database, where Resecurity allegedly requested free samples under false pretenses. The post also mentioned collaboration with the Devman ransomware group and cited past breaches, including claims against CrowdStrike, as part of a broader campaign against firms they label as hypocritical. As of now, Resecurity has not publicly confirmed the breach, and the authenticity of the claims remains unverified by third parties. If validated, this would mark ShinyHunters’ first major public breach of 2026, potentially impacting Resecurity’s clients, partners, and trust in its services—particularly if sensitive intelligence or operational data was compromised. Resecurity, known for its work in cybercrime investigation, threat attribution, and digital forensics, has previously collaborated with government and private sector entities. Further developments are expected as the situation unfolds.
INCIDENT DETAILS -
TYPE
Data Breach
MOTIVATION
Retaliation for alleged deceptive tactics by Resecurity, including posing as buyers on dark web markets
IMPACT
Data Compromised: Internal chats, client lists, threat intelligence reports, employee information (names, email addresses, authentication tokens), API keys, access tokensSystems Affected: Internal dashboards, user management panels, token databases, employee communication channels (Mattermost)Operational Impact: Potential compromise of cybersecurity operations, threat intelligence, and client trustBrand Reputation Impact: High (potential loss of trust from clients and partners)Identity Theft Risk: High (employee and client PII exposed)
DATA BREACH
Internal chatsClient listsThreat intelligence reportsEmployee informationAPI keysAccess tokensSensitivity Of Data: High (PII, authentication tokens, internal communications)Data Exfiltration: YesPersonally Identifiable Information: Employee names, email addresses, authentication tokens
JANUARY 2026
542Before Incident
Ransomware
01 Jan 2026Resecurity
Silent Ransom Group: Silent Ransom Group Uses DNS Fast Flux in Attacks

Silent Ransom Group (SRG) Exploits Fast Flux Network to Evade Detection

399After Incident
CRITICAL-143
RES1780922290
Silent Ransom Group (SRG) Exploits Fast Flux Network to Evade Detection The Silent Ransom Group (SRG), also known as Chatty Spider, Luna Moth, and UNC3753, has adopted a fast flux network to conceal its infrastructure, according to a recent Resecurity report. The group primarily targets law firms, finance, healthcare, insurance, and hospitality sectors industries handling sensitive data using voice phishing (vishing) and social engineering to breach networks. SRG’s tactics include phishing emails disguised as data migration or invoice requests, followed by phone calls from operatives posing as IT specialists. Victims are tricked into screen-sharing sessions and installing remote access tools, sometimes even via physical USB drops by in-person operatives. Unlike traditional ransomware groups, SRG prioritizes data exfiltration over encryption, issuing extortion threats within 30 minutes of stealing files. If victims resist, the group escalates pressure by contacting employees and partners. To evade detection, SRG leverages a fast flux botnet a technique that rapidly rotates DNS records across compromised routers, modems, IoT devices, and CPEs in 18 countries, including regions in Latin America, Eastern Europe, and the Middle East. The botnet, spread across 22 ISPs, has been linked to domains like ep6pheij[.]com and business-data-leaks[.]com, both tied to SRG’s operations. The group’s focus on law firms has had a measurable impact: nearly a quarter of all ransomware incidents in Q1 2026 targeted the legal sector, making it the fourth-most affected industry. SRG’s activities date back to at least 2022, with overlaps observed between its operations and UNC2686, a threat cluster known for BazarCall campaigns and malware like TrickBot, Ursnif, and BazarLoader.
INCIDENT DETAILS -
TYPE
Ransomware / Data Extortion
MOTIVATION
Financial Gain (Extortion)
DATA BREACH
Type Of Data Compromised: Sensitive DataSensitivity Of Data: High
DECEMBER 2025
632Before Incident
Breach
24 Dec 2025Resecurity
Resecurity: Hackers claim to hack Resecurity, firm says it was a honeypot

Scattered Lapsus$ Hunters Claims Breach of Resecurity, Resecurity Denies Compromise

541After Incident
HIGH-91
RES1767484920
Cybersecurity Firm Resecurity Targeted in Alleged Breach by "Scattered Lapsus$ Hunters" Threat actors identifying as Scattered Lapsus$ Hunters (SLH) claimed to have breached cybersecurity firm Resecurity, publishing screenshots on Telegram as proof of the alleged compromise. The group asserted it had stolen internal data, including employee records, client details, threat intelligence reports, and communications from a Mattermost collaboration platform. The attack was framed as retaliation for what the actors described as Resecurity’s attempts to infiltrate their operations, including posing as buyers to obtain samples of a purported Vietnam financial database. However, Resecurity disputed the claims, stating the accessed systems were part of a deliberately deployed honeypot—a decoy environment designed to monitor and analyze attacker behavior. According to the company, the threat actor first probed its systems on November 21, 2025, prompting Resecurity’s digital forensics team to deploy the honeypot in an isolated environment. The decoy contained synthetic datasets, including over 28,000 fake consumer records and 190,000 payment transactions generated via Stripe’s API, mimicking real-world data to lure the attackers. Between December 12 and 24, the threat actor made 188,000 automated exfiltration attempts using residential proxy IP addresses, exposing their infrastructure during proxy failures. Resecurity collected telemetry on the attacker’s tactics, later identifying servers linked to the operation and sharing intelligence with law enforcement. A foreign law enforcement agency, acting on Resecurity’s findings, issued a subpoena to investigate the threat actor. The group, which has previously been associated with ShinyHunters, Lapsus$, and Scattered Spider, later clarified that ShinyHunters was not involved in this incident. As of the latest update, the threat actors have not provided additional evidence beyond a Telegram post teasing further disclosures. Resecurity maintains that no legitimate production systems were compromised.
INCIDENT DETAILS -
TYPE
Data Breach
MOTIVATION
Retaliation for alleged social engineering attempts by Resecurity
IMPACT
Data Compromised: Fake data (synthetic datasets, including employee data, internal communications, threat intelligence reports, and client information)Systems Affected: Honeypot environment (isolated, non-production systems)Brand Reputation Impact: Potential reputational damage due to public claims of breach
DATA BREACH
Employee dataInternal communicationsThreat intelligence reportsClient informationNumber Of Records Exposed: 28,000+ synthetic consumer records, 190,000+ synthetic payment transaction recordsSensitivity Of Data: Low (synthetic/fake data)Data Exfiltration: Attempted (188,000+ automated requests for data exfiltration)Personally Identifiable Information: Fake PII (synthetic records)
NOVEMBER 2025
630Before Incident
OCTOBER 2025
628Before Incident
SEPTEMBER 2025
626Before Incident
AUGUST 2025
623Before Incident
JANUARY 2024
675Before Incident
Ransomware
01 Jan 2024Resecurity
Energy/Water Sector Victims: SQL Server Ransomware Attacks: How They Work and How to Harden Your Database

Rapid SQL Server Ransomware Attacks Highlight Critical Security Gaps

561After Incident
CRITICAL-114
RES1774376779
Rapid SQL Server Ransomware Attacks Highlight Critical Security Gaps Recent investigations reveal that attackers can move from initial SQL Server access to full ransomware deployment in as little as 32 minutes a timeline that underscores the speed and efficiency of modern cyber threats. The DFIR Report’s analysis of a BlueSky ransomware incident and SEKOIA’s Mallox honeypot research demonstrate how exposed or poorly secured SQL Server instances become prime targets for rapid encryption and operational disruption. ### How Attacks Unfold 1. Initial Access - Attackers exploit publicly exposed TCP port 1433 (SQL Server’s default port), often via brute-force attacks targeting the built-in *sa* account or weak credentials. - SQL injection remains a distinct but equally dangerous vector, though its impact depends on application permissions and available SQL features. 2. Privilege Escalation to OS Control - Once inside, attackers test for command execution outside the database engine. Common methods include: - xp_cmdshell (disabled by default but easily enabled with sysadmin privileges). - CLR (Common Language Runtime) and OLE Automation, which allow payload staging. - SQL Agent jobs and linked servers for lateral movement. - Sophos MDR observed attackers using xp_cmdshell to run discovery commands (whoami, systeminfo) before deploying ransomware. 3. Ransomware Deployment & Backup Sabotage - Attackers disable services, encrypt MDF/LDF files (SQL database files), and delete backups or Volume Shadow Copies (VSS) to prevent recovery. - In one ALPHV ransomware case, threat actors destroyed all backups during encryption, turning a breach into a full-scale restore crisis. - Backup co-location storing backups on the same server or network remains a critical vulnerability, with 51% of state/local government victims reporting successful backup compromise (Sophos, 2024). ### Why SQL Server is a High-Value Target - Centralized Data: A single SQL instance often supports finance, operations, and line-of-business applications, making encryption a multi-department disruption. - Configuration Drift: Overprivileged service accounts, enabled dangerous features (xp_cmdshell, CLR), and unpatched linked servers create easy escalation paths. - Backup Failures: Even with backups in place, 79% of energy/water sector victims reported backup compromise, with 55% taking over a month to recover (Sophos). ### Key Hardening Measures Security teams can mitigate risks by prioritizing: 1. Blocking public exposure of port 1433 (restrict access to VPNs, bastion hosts, or trusted networks). 2. Disabling the *sa* account (renaming offers minimal protection; disable it entirely). 3. Enforcing Windows Authentication (reduces brute-force risks but requires clean Active Directory hygiene). 4. Disabling *xp_cmdshell*, CLR, and OLE Automation unless explicitly required. 5. Reviewing SQL service accounts (avoid local admin/domain privileges; use Group Managed Service Accounts (gMSA)). 6. Isolating backups (off-host, immutable storage, and 3-2-1 backup model with tested restores). 7. Enabling auditing (monitor for sp_configure changes, xp_cmdshell usage, and failed sa logins). ### Detection Opportunities Early signs of compromise include: - SQL audit logs (unexpected xp_cmdshell or sp_configure commands). - Windows Event Logs (processes spawned by sqlservr.exe). - EDR alerts (unusual service account activity or backup repository access). - Network telemetry (anomalous outbound connections post-compromise). ### The Bigger Picture While checklists reduce obvious risks, legacy environments often accumulate hidden vulnerabilities stale permissions, forgotten linked servers, or overprivileged service accounts that attackers exploit. The fastest attacks (e.g., 32-minute ransomware deployment) highlight the need for continuous monitoring and rapid response to detect and disrupt intrusions before encryption begins. SQL Server ransomware remains a high-impact, low-friction attack vector, with threat actors leveraging both speed and leverage to maximize disruption. Organizations must address both technical controls and operational drift to close gaps before attackers exploit them.
INCIDENT DETAILS -
TYPE
Ransomware
MOTIVATION
Financial gainOperational disruption
IMPACT
SQL Server instancesBackup systemsDowntime: Over a month (for 55% of energy/water sector victims)Operational Impact: Multi-department disruption due to centralized data encryption
DATA BREACH
Database files (MDF/LDF)Backup dataPersonally identifiable information (PII)Sensitivity Of Data: High (finance, operations, line-of-business applications)MDFLDF
JUNE 2023
752Before Incident
Breach
16 Jun 2023Resecurity
BreachForums and ShinyHunters: BreachForums Breached, Exposing 324K Cybercriminals

BreachForums Data Leak Exposes 324K Cybercriminals in Dramatic Retaliation

664After Incident
CRITICAL-88
UNDRES1768882773
BreachForums Data Leak Exposes 324K Cybercriminals in Dramatic Retaliation On January 9, an individual using the alias "James" published a massive database containing the real identities and details of 323,986 BreachForums users, including administrators, moderators, and members of the notorious hacking community. The leak, framed as an act of retribution, targeted key figures behind BreachForums and ShinyHunters, with James claiming disillusionment with the groups’ shift toward attacking French targets. The manifesto, written in a theatrical 23-part style, portrayed James as a long-standing hacker who mentored these groups before turning against them. Among those named were French nationals Dorian Dali, Nahyl Ojeda, and Ali Aboussi, many of whom were reportedly teenagers or young adults. James declared the leak a move to "settle their destiny" by exposing them to authorities. Resecurity, a cybersecurity firm, confirmed the authenticity of the leaked data, which included usernames, email addresses, IP addresses, and registration details. While some members used anonymous email services, others relied on mainstream providers like Gmail, making identification easier for law enforcement. The data also revealed a global distribution of members, with concentrations in the U.S., Germany, Netherlands, France, Turkey, and the U.K., as well as significant activity in the Middle East and North Africa. The leak is expected to disrupt cybercriminal operations by stripping away anonymity, a cornerstone of groups like ShinyHunters. Shane Barney, CISO at Keeper Security, noted that the exposure of real identities and IP histories could accelerate investigations, making it harder for members to operate without fear of attribution. BreachForums, a successor to the shuttered RaidForums, has been a hub for trading stolen data, hacking tools, and personal information. Previous law enforcement actions, including the 2023 arrest of Conor Brian Fitzpatrick (pompompurin) and the 2024 sentencing of ShinyHunters member Sebastien Raoult, have failed to permanently dismantle the forum. This latest breach, however, may prove more damaging by exposing the infrastructure and identities of its members. While BreachForums users have dismissed the leak as outdated, Resecurity warned that many reuse registration details across underground platforms, meaning the data remains a valuable resource for law enforcement. The incident underscores the ongoing cat-and-mouse game between cybercriminals and authorities, with this leak marking a significant blow to one of the dark web’s most active marketplaces.
INCIDENT DETAILS -
TYPE
Data Leak
MOTIVATION
Retribution, disillusionment with cybercriminal groups' targeting of French entities
IMPACT
Data Compromised: Usernames, email addresses, IP addresses, registration detailsSystems Affected: BreachForums user databaseOperational Impact: Disruption of cybercriminal operations, loss of anonymity for membersBrand Reputation Impact: Significant reputational damage to BreachForums and ShinyHuntersLegal Liabilities: Increased risk of law enforcement actions against exposed membersIdentity Theft Risk: High risk for exposed individuals due to real identity disclosure
DATA BREACH
UsernamesEmail addressesIP addressesRegistration detailsNumber Of Records Exposed: 323,986Sensitivity Of Data: High (real identities of cybercriminals)Data Exfiltration: Yes (published publicly)Personally Identifiable Information: Yes (real names, locations, and other identifying details)

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Resecurity ?
?
What was Resecurity's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Resecurity's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Resecurity's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Resecurity's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Resecurity's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Resecurity's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Resecurity's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Resecurity's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Resecurity's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Resecurity's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Resecurity's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Resecurity's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Resecurity ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Resecurity's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?
Resecurity Cyber Scoring History | Rankiteo