Wednesday , June 25 2025
dark web

‘Hell Paradise’ Claims
Government Websites in 49 Countries at Risk

According to FalconFeeds x post, a threat actor has listed 49 countries as part of an experiment. They also claim that over 1000 government sites are vulnerable. According to Cyber Express, the threat actor is promoting an onion website called ‘Hell Paradise’ which aims to obtain vulnerable government sites and data for free. The actor lists various critical and high-severity vulnerabilities like RCE, LFI, SQLi, etc.

FalconFeeds tweeter post

A cybercriminal has appeared on the dark web, announcing the creation of “Hell Paradise,” an undercover online platform supposedly made for taking advantage of weaknesses in government websites and getting access to important information. The cybercriminal mentions countries like the United Arab Emirates, Albania, Armenia, and Angola as some of their targets.

WhatsApp banned on all US House of Representatives devices

The U.S. House of Representatives has banned congressional staff from using WhatsApp on government devices due to security concerns, as...
Read More
WhatsApp banned on all US House of Representatives devices

Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store

Kaspersky found a new mobile malware dubbed SparkKitty in Google Play and Apple App Store apps, targeting Android and iOS....
Read More
Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store

OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems

OWASP has released its AI Testing Guide, a framework to help organizations find and fix vulnerabilities specific to AI systems....
Read More
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems

Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform

In a major milestone for the country’s digital infrastructure, Axentec PLC has officially launched Axentec Cloud, Bangladesh’s first Tier-4 cloud...
Read More
Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform

Hackers Bypass Gmail MFA With App-Specific Password Reuse

A hacking group reportedly linked to Russian government has been discovered using a new phishing method that bypasses two-factor authentication...
Read More
Hackers Bypass Gmail MFA With App-Specific Password Reuse

Russia detects first SuperCard malware attacks via NFC

Russian cybersecurity experts discovered the first local data theft attacks using a modified version of legitimate near field communication (NFC)...
Read More
Russia detects first SuperCard malware attacks via NFC

Income Property Investments exposes 170,000+ Individuals record

Cybersecurity researcher Jeremiah Fowler discovered an unsecured database with 170,360 records belonging to a real estate company. It contained personal...
Read More
Income Property Investments exposes 170,000+ Individuals record

ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs

GreyNoise found attempts to exploit CVE-2023-28771, a vulnerability in Zyxel's IKE affecting UDP port 500. The attack centers around CVE-2023-28771,...
Read More
ALERT (CVE: 2023-28771)  Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs

CISA Flags Active Exploits in Apple iOS and TP-Link Routers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included two high-risk vulnerabilities in its Known Exploited Vulnerabilities (KEV)...
Read More
CISA Flags Active Exploits in Apple iOS and TP-Link Routers

10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online

SafetyDetectives’ Cybersecurity Team discovered a public post on a clear web forum in which a threat actor claimed to have...
Read More
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online

The hacker’s message to the Breachforums Community is a clear explanation of the “Hell Paradise” platform, which contains vulnerable government websites and related data categorized by country and vulnerability type.

The hacker claims to have found over 1000 vulnerable government websites from 49 countries. They are promoting “Hell Paradise” as a place to find and take advantage of these vulnerabilities.

Hackers classify vulnerabilities into three main categories: Vulnerabilities, Exposed Gits, and Exposed Env files. Of particular concern are critical and high-severity vulnerabilities such as Remote Code Execution (RCE), Local File Inclusion (LFI), and SQL injection (SQLi), which pose significant security risks if not fixed.

Access to “Hell Paradise” is not free. The hacker charges a $50 registration fee to prevent spam and abuse. This financial barrier helps the operator control access and reduce the risk of exploitation.

The hacker says that no data will be saved by the platform, only email addresses are needed for registration. However, the suggestion to use disposable email services like cock.li suggests that the operation is secretive and raises concerns about the real intentions of “Hell Paradise.”

“Hell Paradise” highlights the growing cyber threats to government infrastructures worldwide. Malicious actors are now more focused on attacking critical systems and stealing sensitive data. This poses a significant risk of widespread disruption and data compromise.

The cybersecurity community needs to collaborate and stay vigilant to face the increasing threat from cybercriminals and state-sponsored actors. We must take proactive measures and respond together to protect digital infrastructure and prevent the harmful effects of cyber exploitation.

Source: FalconFeeds, Cyberexpress

(Media disclaimer: This report is based on research from various sources and is for reference only. Users are responsible for how they use this information. InfoSecbulletin is not liable for the accuracy or consequences of using this information)

Check Also

GreyNoise

ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs

GreyNoise found attempts to exploit CVE-2023-28771, a vulnerability in Zyxel’s IKE affecting UDP port 500. …

Leave a Reply

Your email address will not be published. Required fields are marked *