Skip to content
July 13, 2026
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Zero-hour alerts. Unmatched analysis.

Primary Menu
  • Home
  • CVE Data
    • CVE Watchtower
    • Top Exploited CVEs
    • CVE Stats by Vendor
    • Q2 2026 Report
  • Cyber Criminals
  • Data Leak
  • Linux
  • Malware
  • Vulnerability
  • Submit Press Release
  • Vulnerability Report
Light/Dark Button
  • Home
  • News
  • Cyber Security
  • Dark web marketplace RaidForums shuts down
  • Cyber Security

Dark web marketplace RaidForums shuts down

Do Son April 12, 2022 2 minutes read
RaidForums shuts down
Add Daily CyberSecurity as a preferred source on Google

According to the news released by the U.S. Department of Justice on April 12, the international law enforcement operation TOURNIQUET, led by the United States, coordinated by the Europol-European Cybercrime Center, and jointly participated by law enforcement agencies of the United Kingdom, Sweden, Portugal, and Romania, recently, the illegal Dark web marketplace RaidForums shuts down, and related infrastructure assets were confiscated.

During the operation, law enforcement arrested three suspects, including the founder and CEO of RaidForums, Diogo Santos Coelho, a 21-year-old Portuguese national. Police arrested Coelho in the U.K. on January 31 on criminal charges brought by the U.S.

RaidForums was founded in 2015 and has more than 500,000 community users. It has long targeted companies in various industries in the United States and sold the stolen data, including information on millions of credit cards, bank accounts, and routing information, as well as usernames and related passwords for a large number of online accounts.

“This marketplace had made a name for itself by selling access to high-profile database leaks belonging to a number of US corporations across different industries. These contained information for millions of credit cards, bank account numbers and routing information, and the usernames and associated passwords needed to access online accounts.” reads the announcement published by Europol. “These datasets were obtained from data breaches and other exploits carried out in recent years.”

In order to profit from the platform, under the operation strategy of Coelho, RaidForums also conducts membership business internally and obtains the corresponding membership level by paying different fees to obtain the corresponding access rights and functions, if you want to “unlock” some high-value stolen information, the user must become a higher-level member by recharging. Members can also earn points in other ways, such as posting action tutorials related to illegal behavior.

According to Europol, joint efforts and close information sharing were keys to the success of Operation TOURNIQUET, allowing investigators to determine the structure of RaidForums and the roles and responsibilities of the members behind them. In the future, Europol will continue to work with other countries to combat cybercrime.

Get Zero-Hour Vulnerability Alerts

Critical CVEs, CVSS scores, and PoC updates — straight to your inbox every week.


We respect your inbox. Unsubscribe anytime.

Related coverage

  • Teal Kurma’s Evolving Cyber Activities: A Resurgent Threat to Europe and the Middle East
  • CatDDoS-Related Gangs Ramp Up Attacks Exploiting Over 80 Vulnerabilities
  • Cybercrime Crackdown: U.S. Captures Russian Trickbot Malware Developer
  • DAMASCENED PEACOCK: NCSC Uncovers Sophisticated Malware Targeting UK MOD
  • From Cloud to Cash: “CP3O” Indicted in Multi-Million Dollar Cryptojacking Operation
Track all actively exploited CVEs →

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee Logo Buy Me a Coffee PayPal
Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Share this article:

Facebook Post LinkedIn Telegram
Written by
@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

Tags: RaidForums RaidForums shuts down

Search

Translation

CVE WATCHTOWER
🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

Upgrade Package

🚨 Active Exploits in the Wild

  • CVE-2026-1207CVSS 5.4
    An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on...
    Admin intel📅 Updated: Jul 10, 2026
  • CVE-2026-48939CVSS 10.0
    A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment...
    CISA KEV📅 Added to KEV: Jul 10, 2026
  • CVE-2026-56291CVSS 10.0
    The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files...
    CISA KEV📅 Added to KEV: Jul 10, 2026
  • CVE-2026-55255CVSS 8.4
    Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-48908
    A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-56290
    The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-20896CVSS 9.8
    Gitea Docker image: `REVERSE_PROXY_TRUSTED_PROXIES = *` default lets any source IP impersonate any user via `X-WEBAUTH-USER`
    Admin intel📅 Updated: Jul 6, 2026
  • CVE-2026-48282CVSS 10.0
    ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted...
    Admin intelCISA KEV📅 Added to KEV: Jul 7, 2026📅 Updated: Jul 3, 2026
Powered by CVE Watchtower

🔴 Live Critical Threats

  • CVE-2026-61498CVSS 9.8
    Vitec Flamingo 4.12.2 contains an unauthenticated OS command injection vulnerability in the...
  • CVE-2026-60121CVSS 9.8
    Vitec Flamingo 4.12.2 contains an unauthenticated OS command injection vulnerability in the...
  • CVE-2026-59518CVSS 9.8
    Deserialization of Untrusted Data vulnerability in wpWax Directorist directorist allows Object Injection.This...
  • CVE-2026-59515CVSS 9.3
    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
  • CVE-2026-57813CVSS 9.8
    Incorrect Privilege Assignment vulnerability in properfraction MailOptin mailoptin allows Privilege Escalation.This issue...
  • CVE-2026-57811CVSS 10.0
    Improper Control of Generation of Code ('Code Injection') vulnerability in Realtyna Realtyna...
  • CVE-2026-57770CVSS 9.8
    Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Photography grandphotography allows Object...
  • CVE-2026-57744CVSS 9.8
    Deserialization of Untrusted Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions...
  • CVE-2026-57739CVSS 9.3
    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
  • CVE-2026-57738CVSS 9.8
    Deserialization of Untrusted Data vulnerability in axiomthemes 777 triple-seven allows Object Injection.This...
Powered by CVE WATCHTOWER

Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
  • Top Exploited CVEs
  • Daily CyberSecurity

    • About SecurityOnline.info
    • Advertise with us
    • Announcement
    • Contact
    • Contributor Register
    • Login
    • Disclaimer
    • DCMA
    • Privacy Policy
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact Us

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • CVE Watchtower
    • CVE Statistics by Vendor 2026
    • Q2 2026 Report
    • Top Exploited CVEs
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    © 2017 - 2026 Daily CyberSecurity. All Rights Reserved.