SOS Intelligence

The SOS Intelligence CVE Chatter Weekly Top Ten – 08 June 2026

by Amir Hadzipasic

June 8, 2026

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2026-31431

In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_aead – Revert to operating out-of-place

This mostly reverts commit 72548b093ee3 except for the copying of
the associated data.

There is no benefit in operating in-place in algif_aead since the
source and destination come from different mappings. Get rid of
all the complexity added for in-place operation and just copy the
AD directly.

https://nvd.nist.gov/vuln/detail/CVE-2026-45185

2. CVE-2026-45185

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

3. CVE-2025-50708

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

https://nvd.nist.gov/vuln/detail/CVE-2025-50708

4. CVE-2024-34102

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

5. CVE-2024-38063

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

6. CVE-2024-49113

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

https://nvd.nist.gov/vuln/detail/CVE-2026-32746

7. CVE-2026-32746

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

8. CVE-2025-0368

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

https://nvd.nist.gov/vuln/detail/CVE-2022-21227

9. CVE-2022-21227

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

10. CVE-2021-40539

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

https://nvd.nist.gov/vuln/detail/CVE-2021-40539

https://nvd.nist.gov/vuln/detail/CVE-2026-45185

The SOS Intelligence CVE Chatter Weekly Top Ten – 01 June 2026

by Amir Hadzipasic

June 1, 2026

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2026-45185

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.

2. CVE-2025-68613

https://nvd.nist.gov/vuln/detail/CVE-2025-68613

3. CVE-2021-40539

https://nvd.nist.gov/vuln/detail/CVE-2021-40539

4. CVE-2022-21227

https://nvd.nist.gov/vuln/detail/CVE-2022-21227

5. CVE-2024-34102

6. CVE-2024-38063

7. CVE-2024-49113

8. CVE-2025-0368

https://nvd.nist.gov/vuln/detail/CVE-2025-14847

9. CVE-2025-14847

10. CVE-2025-21204

https://nvd.nist.gov/vuln/detail/CVE-2025-21204

https://nvd.nist.gov/vuln/detail/CVE-2026-45185

The SOS Intelligence CVE Chatter Weekly Top Ten – 25 May 2026

by Amir Hadzipasic

May 25, 2026

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2026-45185

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.

2. CVE-2025-54100

The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine.

https://nvd.nist.gov/vuln/detail/CVE-2025-54100

3. CVE-2024-34102

4. CVE-2024-38063

5. CVE-2024-49113

6. CVE-2025-0368

https://nvd.nist.gov/vuln/detail/CVE-2025-14847

7. CVE-2025-14847

8. CVE-2025-21204

https://nvd.nist.gov/vuln/detail/CVE-2025-21204

9. CVE-2025-24118

https://nvd.nist.gov/vuln/detail/CVE-2025-24118

10. CVE-2025-50708

https://nvd.nist.gov/vuln/detail/CVE-2025-50708

The SOS Intelligence CVE Chatter Weekly Top Ten – 18 May 2026

by Amir Hadzipasic

May 18, 2026

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2024-34102

In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_aead – Revert to operating out-of-place

This mostly reverts commit 72548b093ee3 except for the copying of
the associated data.

2. CVE-2026-31431

In the Linux kernel, the following vulnerability has been resolved:

xfrm: esp: avoid in-place decrypt on shared skb frags

MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP
marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(),
so later paths that may modify packet data can first make a private
copy. The IPv4/IPv6 datagram append paths did not set this flag when
splicing pages into UDP skbs.

That leaves an ESP-in-UDP packet made from shared pipe pages looking
like an ordinary uncloned nonlinear skb. ESP input then takes the no-COW
fast path for uncloned skbs without a frag_list and decrypts in place
over data that is not owned privately by the skb.

Mark IPv4/IPv6 datagram splice frags with SKBFL_SHARED_FRAG, matching
TCP. Also make ESP input fall back to skb_cow_data() when the flag is
present, so ESP does not decrypt externally backed frags in place.
Private nonlinear skb frags still use the existing fast path.

This intentionally does not change ESP output. In esp_output_head(),
the path that appends the ESP trailer to existing skb tailroom without
calling skb_cow_data() is not reachable for nonlinear skbs:
skb_tailroom() returns zero when skb->data_len is nonzero, while ESP
tailen is positive. Thus ESP output will either use the separate
destination-frag path or fall back to skb_cow_data().

https://nvd.nist.gov/vuln/detail/CVE-2025-43520

3. CVE-2025-43520

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may be able to cause unexpected system termination or write kernel memory.

4. CVE-2025-43510

https://nvd.nist.gov/vuln/detail/CVE-2025-43510

5. CVE-2017-8759

In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_aead – Revert to operating out-of-place

This mostly reverts commit 72548b093ee3 except for the copying of
the associated data.

https://nvd.nist.gov/vuln/detail/CVE-2017-8759

6. CVE-2025-8088

In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_aead – Revert to operating out-of-place

This mostly reverts commit 72548b093ee3 except for the copying of
the associated data.

https://nvd.nist.gov/vuln/detail/CVE-2025-8088

7. CVE-2025-68613

In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_aead – Revert to operating out-of-place

This mostly reverts commit 72548b093ee3 except for the copying of
the associated data.

https://nvd.nist.gov/vuln/detail/CVE-2025-68613

8. CVE-2025-59528

In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_aead – Revert to operating out-of-place

This mostly reverts commit 72548b093ee3 except for the copying of
the associated data.

https://nvd.nist.gov/vuln/detail/CVE-2025-59528

9. CVE-2025-59287

In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_aead – Revert to operating out-of-place

This mostly reverts commit 72548b093ee3 except for the copying of
the associated data.

https://nvd.nist.gov/vuln/detail/CVE-2025-59287

10. CVE-2025-58434

In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_aead – Revert to operating out-of-place

This mostly reverts commit 72548b093ee3 except for the copying of
the associated data.

https://nvd.nist.gov/vuln/detail/CVE-2025-58434

The SOS Intelligence CVE Chatter Weekly Top Ten – 11 May 2026

by Amir Hadzipasic

May 11, 2026

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2026-31431

In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_aead – Revert to operating out-of-place

This mostly reverts commit 72548b093ee3 except for the copying of
the associated data.

2. CVE-2024-34102

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3, MongoDB Server v6.0 versions prior to 6.0.27, MongoDB Server v5.0 versions prior to 5.0.32, MongoDB Server v4.4 versions prior to 4.4.30, MongoDB Server v4.2 versions greater than or equal to 4.2.0, MongoDB Server v4.0 versions greater than or equal to 4.0.0, and MongoDB Server v3.6 versions greater than or equal to 3.6.0.

https://nvd.nist.gov/vuln/detail/CVE-2016-10033

3. CVE-2016-10033

4. CVE-2017-8759

https://nvd.nist.gov/vuln/detail/CVE-2017-8759

5. CVE-2021-40539

https://nvd.nist.gov/vuln/detail/CVE-2021-40539

6. CVE-2022-21227

https://nvd.nist.gov/vuln/detail/CVE-2022-21227

7. CVE-2024-38063

8. CVE-2024-49113

9. CVE-2025-0368

https://nvd.nist.gov/vuln/detail/CVE-2025-14847

10. CVE-2025-14847

https://nvd.nist.gov/vuln/detail/CVE-2026-26322

The SOS Intelligence CVE Chatter Weekly Top Ten – 04 May 2026

by Amir Hadzipasic

May 4, 2026

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2026-26322

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When the cd command failed, the unescaped path was interpolated directly into an echo statement, allowing arbitrary command execution on the remote SSH host. The parseSSHTarget function did not validate that SSH target strings could not begin with a dash. An attacker-supplied target like -oProxyCommand=… would be interpreted as an SSH configuration flag rather than a hostname, allowing arbitrary command execution on the local machine. This issue has been patched in version 2026.1.29.

2. CVE-2026-24763

https://nvd.nist.gov/vuln/detail/CVE-2026-24763

3. CVE-2026-25157

https://nvd.nist.gov/vuln/detail/CVE-2026-25157

4. CVE-2026-25253

https://nvd.nist.gov/vuln/detail/CVE-2026-25253

5. CVE-2026-25475

https://nvd.nist.gov/vuln/detail/CVE-2026-25475

6. CVE-2026-26329

https://nvd.nist.gov/vuln/detail/CVE-2026-26329

7. CVE-2026-27001

https://nvd.nist.gov/vuln/detail/CVE-2026-27001

8. CVE-2026-31431

In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_aead – Revert to operating out-of-place

This mostly reverts commit 72548b093ee3 except for the copying of
the associated data.

https://nvd.nist.gov/vuln/detail/CVE-2026-27940

9. CVE-2026-27940

llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_impl() in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread() writes 528+ bytes of attacker-controlled data past the buffer boundary. This is a bypass of a similar bug in the same file – CVE-2025-53630, but the fix overlooked some areas. This vulnerability is fixed in b8146.

10. CVE-2025-53630

https://nvd.nist.gov/vuln/detail/CVE-2025-53630

https://nvd.nist.gov/vuln/detail/

The SOS Intelligence CVE Chatter Weekly Top Ten –

by Amir Hadzipasic

April 27, 2026

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

10.

https://nvd.nist.gov/vuln/detail/

Investigation, Opinion, The Dark Web

Dark Web Services: current Average Prices (2026 Update)

by Amir Hadzipasic

April 22, 2026

Dark Web Services: current Average Prices (2026 Update)

Introduction

Back in 2022, I published our first deep dive into dark web pricing. At the time, the landscape was already complex, but it was still possible to draw fairly clean lines between the categories of goods and services being traded. Four years on, those lines have blurred considerably.

The underground economy has matured. Prices have shifted, new product categories have emerged, and the operational sophistication of threat actors has increased significantly. Ransomware-as-a-Service is now an established business model. AI-generated phishing kits are being sold alongside traditional credential dumps. Crypto drainers have become a category in their own right. And stealer log subscriptions are now one of the fastest-growing products on the dark web.

13th May 3pm UK Time

Webinar: 2026 Dark Web Pricing Report

For this updated report, we conducted an exhaustive crawl using our own SOS Intelligence DARKSEARCH platform, scanning active dark web marketplaces, forums, and paste sites throughout Q1 2026. We supplemented this with direct marketplace access via Tor and cross-referenced our findings against published industry research from PrivacySharks, DeepStrike, Privacy Affairs, and Trustwave. This time around, we have also expanded our scope significantly, covering narcotics, firearms, counterfeit goods, cryptocurrency fraud tools, and forged documents alongside the traditional cyber-focused categories. The result is what I believe to be one of the most comprehensive snapshots of dark web pricing available today.

So whether you are a security researcher, an MSSP building threat briefings, or a CISO trying to quantify the risk exposure your organisation faces, this should give you a solid, data-backed foundation.

Methodology

Our approach follows the intelligence cycle: direction, collection, processing, analysis, and dissemination. The direction phase was straightforward: understand what is being sold on the dark web in 2026 and at what price points.

For collection, we used the SOS Intelligence API v2 to run targeted keyword searches across our indexed dark web corpus. This includes content from over 50 active marketplaces, forums, paste sites, and Telegram channels. We queried across 20+ distinct product categories, including stolen financial instruments, identity documents, hacking services, malware, access brokers, narcotics (cocaine, heroin, methamphetamine, cannabis, MDMA, and prescription drugs), firearms, counterfeit goods, cryptocurrency fraud tools, and forged documents. We also accessed active Tor marketplaces directly to verify listed prices against real product pages. Key marketplaces analysed include Tor Market, Tor Amazon, Abacus Market, TheBreakingBad, Gun and Shell Factory, and several standalone vendor storefronts.

During processing and analysis, we normalised prices to USD (where vendors listed in EUR, GBP, or cryptocurrency) and calculated averages across multiple vendors where possible. Where a product category had significant variance (for example, initial access pricing can range from $500 to $50,000+), we present the typical range rather than a misleading average.

One thing worth noting: prices on the dark web are not static. They fluctuate based on supply, demand, law enforcement activity, and even seasonal patterns. What we present here is a snapshot, accurate to Q1 2026, and should be treated as indicative rather than definitive.

Stolen Financial Instruments

Financial data remains the bread and butter of dark web commerce. Credit card data, bank account credentials, and payment platform logins continue to dominate marketplace listings. The availability is enormous, driven in large part by the explosion in stealer log infections and large-scale data breaches.

Credit card data with CVV (card-not-present fraud) remains cheap and abundant. A single card with CVV typically sells for $10 to $40, depending on the issuing bank, card type, and associated balance. Cards with higher balances or from premium issuers command a premium. Cloned physical cards with PIN are a different proposition entirely, typically ranging from $100 for a single card with a $2,500 to $3,500 balance, up to $600 for a batch of 10 cards with a combined balance of $33,000 to $35,000.

Product	Price Range (USD)	Source/Notes
Credit card with CVV	$10 – $40	Per card, card-not-present
Cloned card with PIN (single)	$100 – $250	$2,500 – $3,500 balance
Cloned cards (batch of 10)	$450 – $600	$30,000 – $35,000 combined
AMEX Prepaid (EUR 2,500)	$105 – $510	Price varies by vendor
Bank login (US)	$35 – $500	Depends on bank and balance
Bank login (UK/EU)	$50 – $1,000+	Premium for verified accounts
Bank transfer service ($10K)	$500	Vendor guarantees delivery
PayPal account (verified)	$15 – $55	Balance $2,500 – $25,000
Crypto exchange account (Kraken)	$249	Fully verified
Crypto exchange account (general)	$90 – $250	Coinbase, Binance, etc.

Compared to our 2022 findings, the average price of stolen credit card data has dropped slightly, reflecting oversupply. Bank account credentials, on the other hand, have held steady or increased, particularly for UK and EU accounts where strong customer authentication (SCA) requirements make compromised credentials more valuable to attackers who can bypass these controls.

Identity Documents and Fullz

Fullz, complete identity packages containing name, date of birth, SSN, address, and often more, remain a staple of dark web commerce. The pricing here has been remarkably consistent over the years, which suggests stable supply chains, likely fed by the steady stream of data breaches affecting organisations globally.

Bulk purchasing drives the per-unit cost down significantly. A batch of 1,000 Social Security Numbers was listed on Tor Market at $65. Business fullz (company identity packages with EIN numbers) go for around $95 for a set of 10, which is particularly concerning for organisations worried about business identity theft and fraudulent corporate filings.

Product	Price Range (USD)	Notes
Individual fullz (US)	$20 – $100	Per identity, includes SSN
SSN batch (1,000 records)	$65	Bulk purchase, specific regions
Business fullz with EIN (10 pack)	$95	Corporate identity packages
US passport scan	$100	Digital copy only
US physical passport (forged)	$3,000 – $3,800	High-quality forgery
UK driver’s licence (forged)	$500	Physical document
EU national ID (forged)	$300 – $700	Varies by country
Medical records	$50 – $500+	Depends on completeness
Selfie with ID (for KYC bypass)	$50 – $100	Growing demand

A notable trend in 2026 is the growing market for KYC bypass packages. These typically include a stolen identity paired with a matching selfie (often obtained from stealer logs that capture webcam images), sold specifically to bypass Know Your Customer verification on financial platforms. This is a direct response to tightened identity verification requirements, and it represents an uncomfortable escalation in the identity fraud ecosystem.

DDoS and Hacking Services

DDoS-for-hire remains one of the most accessible attack services on the dark web. Entry-level DDoS attacks can be purchased for as little as $10 per hour, making it trivially cheap for anyone with a grudge and a cryptocurrency wallet. Monthly subscription packages for sustained DDoS capability go up to $850, though most listings cluster around $200 to $500 per month.

Hacking services for hire are more variable in pricing, reflecting the range of complexity involved. Simple social media account compromises sit at the lower end, while corporate network penetration and database extraction commands significantly higher fees.

Service	Price Range (USD)	Notes
DDoS attack (per hour)	$10 – $50	Basic layer 4/7 attack
DDoS subscription (monthly)	$200 – $850	Sustained capability
Social media account hack	$25 – $100	Facebook, Instagram, etc.
Email account compromise	$100 – $500	Corporate email higher
Website hacking	$200 – $3,000	Depends on target complexity
Corporate network access	$500 – $10,000+	Overlaps with IAB market
Phone hacking/spyware install	$300 – $1,500	Remote installation
Doxing service	$25 – $200	Varies by depth of research

The DDoS market has become increasingly commoditised. In 2022 we reported an average DDoS service price of around $382. That number has come down, driven by competition between providers and the proliferation of botnet infrastructure. The real concern is not the price itself but how easy it has become to launch these attacks with minimal technical knowledge.

Malware, Exploit Kits, and Phishing

This is where the dark web economy has seen some of its most significant evolution since our last report. The malware-as-a-service model is now firmly established, with vendors offering everything from basic RATs (Remote Access Trojans) through to sophisticated banking trojans and zero-day exploits.

Phishing kits have become particularly interesting. AI-generated phishing templates are now being sold at a premium, with vendors marketing their kits as capable of bypassing modern email security filters. The quality of these templates has improved dramatically, making traditional security awareness training less effective than it was even two years ago.

Product	Price Range (USD)	Notes
RAT (Remote Access Trojan)	$45 – $500	Off-the-shelf, basic features
Banking trojan	$500 – $1,800	Targeted at specific banks
Ransomware-as-a-Service kit	$500 – $5,000	Includes builder and panel
Stealer log subscription	$100 – $1,024/mo	Redline, Raccoon, Vidar
Phishing kit (standard)	$50 – $300	Includes templates and hosting
Phishing kit (AI-generated)	$200 – $800	Bypass modern filters
Zero-day exploit (general)	$5,000 – $200,000+	Price varies enormously
Exploit kit (browser)	$100 – $2,000	Pre-packaged exploitation
Botnet rental (1,000 bots)	$50 – $200/day	For spam or DDoS
Keylogger	$25 – $150	Basic to advanced features

The Ransomware-as-a-Service (RaaS) market deserves special attention. Our platform currently tracks over 100 active ransomware groups, many of which operate affiliate programmes where the actual ransomware deployment is carried out by affiliates who pay a percentage (typically 20-30%) of the ransom to the RaaS operator. The barrier to entry for launching a ransomware campaign has never been lower, and this is reflected in the sustained growth of ransomware incidents globally.

Crypto Drainers and Mixers

This is a category that barely existed in 2022 and is now a significant segment of the dark web economy. Crypto drainers are tools designed to empty cryptocurrency wallets, typically deployed via phishing sites that mimic legitimate Web3 platforms and trick users into connecting their wallets and signing malicious transactions.

Our DARKSEARCH data turned up active listings on DNA Forums and other threat actor communities, with prices ranging from $50 for basic tutorials through to $1,000 for fully operational Solana drainer toolkits. The Tron Trap drainer tool was listed at $300, while general-purpose drainer kits sat around $200 to $500.

Product	Price Range (USD)	Notes
Crypto drainer kit (general)	$200 – $500	Multi-chain support
Solana drainer	$1,000	Chain-specific tooling
Tron Trap drainer	$300	Listed on DNA Forums
Crypto drainer tutorial	$50 – $100	DIY approach
Crypto mixing/tumbling service	1-3% of amount	Per transaction fee
Crypto cashout service	15-25% of amount	Conversion to fiat

The emergence of drainer-as-a-service mirrors the RaaS model. Operators provide the tooling and infrastructure, affiliates drive traffic to phishing sites, and profits are split. Some drainer operators take a 20-30% cut of every wallet drained. For context, wallet drainer attacks stole hundreds of millions of dollars in cryptocurrency during 2025 alone, making this one of the highest-growth criminal sectors.

Initial Access Brokers

Initial Access Brokers (IABs) continue to be a critical part of the threat landscape. These are threat actors who specialise in gaining access to corporate networks and then selling that access to other criminals, typically ransomware operators. The IAB market is essentially the supply chain for ransomware.

Pricing varies enormously based on the target organisation’s size, industry, and the type of access being sold. VPN credentials for a small company might go for $500, while domain admin access to a large enterprise can command $10,000 or more. Our 2022 report found an average of around $7,700 for initial network access. In 2026, the range has widened as the market has matured, but the median sits around $2,000 to $5,000 for mid-market targets.

Access Type	Price Range (USD)	Notes
VPN credentials (SME)	$200 – $1,000	Single organisation
RDP access (dedicated server)	$10 – $100	Commodity pricing
Domain admin (enterprise)	$5,000 – $50,000+	High-value targets
Web shell access	$50 – $500	Depends on target
cPanel/hosting access	$10 – $50	Bulk available
Database access (customer data)	$500 – $10,000	Depends on record count
Cloud infrastructure access	$1,000 – $20,000	AWS, Azure, GCP

Cloud infrastructure access is the emerging high-value category here. As organisations continue their migration to cloud platforms, compromised cloud credentials have become increasingly sought after. A set of AWS root account credentials for an enterprise can be worth significantly more than traditional on-premise network access, reflecting the potential blast radius of a cloud compromise.

Stolen Accounts and Subscriptions

The market for compromised online accounts remains massive, covering everything from streaming services to social media to gaming platforms. These are largely driven by credential stuffing attacks leveraging the billions of username/password pairs available from historical breaches, combined with the output of stealer log infections.

Account Type	Price Range (USD)	Notes
Netflix/Disney+/streaming	$4 – $25	Per account, often shared
Spotify Premium	$3 – $10	Bulk available
Facebook account	$25 – $45	Higher for aged accounts
Instagram account	$25 – $45	Followers affect price
LinkedIn Premium	$30 – $50	Professional accounts
Gaming accounts (Steam, Epic)	$10 – $100	Game library affects price
Food delivery (Uber Eats, etc.)	$5 – $20	With stored payment
Email accounts (bulk)	$2 – $10	Per account
VPN service accounts	$5 – $15	NordVPN, ExpressVPN, etc.

What strikes me about this category is how cheap everything is. A Netflix account for $4, a Facebook account for $25. The low prices reflect the sheer volume of compromised credentials available. For most consumers, the inconvenience of having an account compromised is minor. But for organisations, compromised employee accounts, particularly email and LinkedIn, can be the starting point for targeted social engineering campaigns.

Counterfeit Currency and Documents

Counterfeit physical currency continues to be traded, though the market has evolved. Our crawl of Robinhood Market found fake Euro banknotes listed from $300 for a small batch up to $1,200 for larger quantities. Western Union transfer services were listed at $200 for a $2,000 transfer, representing a 10% fee.

Bank cheque templates have also become a notable category, with templates available from as little as $5 for basic designs up to $600 for comprehensive kits that include matching security features and printing instructions.

Product	Price Range (USD)	Notes
Counterfeit EUR banknotes	$300 – $1,200	Various denominations
Counterfeit USD banknotes	$350 – $1,500	Quality varies significantly
Western Union transfer ($2,000)	$200	10% fee structure
MoneyGram transfer	$150 – $300	Similar fee structure
Bank cheque templates	$5 – $600	Including security features
Counterfeit branded goods (guides)	$20 – $200	Manufacturing instructions

In our 2022 report, counterfeit currency averaged around $396 per $1,000 face value. The current rates are broadly similar, suggesting this market has reached a stable equilibrium. The real shift is towards digital fraud, with physical counterfeiting becoming a smaller proportion of overall dark web commerce.

Proxy and Hosting Infrastructure

Bulletproof hosting and residential proxy services continue to be essential infrastructure for cybercriminal operations. These services provide the anonymous, abuse-tolerant hosting that enables everything from phishing campaigns to command and control servers.

Service	Price Range (USD)	Notes
Bulletproof hosting (monthly)	$50 – $500	Abuse-tolerant, offshore
Residential proxy (monthly)	$200 – $645	Pool of residential IPs
SOCKS5 proxy (per IP)	$1 – $10	Single use or short-lived
VPN service (criminal-oriented)	$5 – $30/mo	No-log guarantees
Dedicated server (offshore)	$100 – $400/mo	Full admin access
Domain + hosting bundle	$20 – $100	For phishing campaigns

Residential proxy pricing has actually increased since 2022, when we reported an average of $645 per month. The current range starts lower but premium services now charge more, reflecting growing demand from threat actors who need residential IP addresses to bypass fraud detection systems and CAPTCHAs.

AI-Enabled Criminal Services

This is entirely new territory since our 2022 report. The commoditisation of large language models has created a new category of criminal tooling that simply did not exist four years ago. Dark web forums now host discussions and sales of jailbroken AI models, custom-trained chatbots for social engineering, and AI-powered tools for generating convincing phishing content at scale.

While we did not find as many standardised price points for AI services as for other categories (the market is still maturing), the trend is clear. AI is being integrated into existing criminal workflows, particularly around social engineering, phishing content generation, and code development for malware. Some vendors are marketing “FraudGPT” and “WormGPT” style tools, essentially LLM wrappers with the safety guardrails removed, at subscription prices of $200 to $1,700 per month.

The implications here are significant. AI lowers the barrier to entry for technically unsophisticated threat actors, increases the quality and scale of social engineering attacks, and makes it harder for defenders to distinguish malicious content from legitimate communications.

Narcotics and Controlled Substances

Dark web drug marketplaces remain one of the most active sectors of the underground economy. Our DARKSEARCH crawls in Q1 2026 revealed multiple operational marketplaces with extensive product catalogues, professional vendor storefronts, and established escrow systems. The sophistication of these operations is notable: vendor pages include lab-testing claims, customer reviews, volume discount tiers, and next-day delivery (NDD) options for domestic shipments.

Three marketplaces stood out during our research. TheBreakingBad, a dedicated vendor storefront operating with a full e-commerce style interface, offered a comprehensive catalogue of stimulants, opiates, and dissociatives with granular volume pricing. Abacus Market, a multi-vendor marketplace, carried similar inventory with slightly different pricing. Tor Market, which operates as a broader multi-category darknet marketplace (also listing firearms, documents, and hacking tools), hosted 47 drug products across multiple vendors at the time of our crawl.

Stimulants

Cocaine remains the most commonly listed stimulant. Colombian cocaine claiming 94%+ purity was available across multiple markets. Crystal methamphetamine was the second most prevalent stimulant listing, with a notably well-developed volume pricing structure from European vendors. Amphetamine paste, particularly popular on European markets, was available in both standard (74%) and premium (94%) purity grades.

Product	Price Range	Volume Pricing	Source Market
Colombian Cocaine 94%+	$50 – $80/g	Bulk from $35/g at 100g+	Tor Market, Abacus
Crystal Meth 94% (Mexican)	€10/g	€80/10g, €700/100g, €5,500/kg	TheBreakingBad
Crystal Meth (ICE)	$99/10g	$249/25g, $1,000/100g	Abacus Market
Speed Amphetamine 94%	€22/10g	€90/100g, €700/kg	TheBreakingBad
Speed Amphetamine 74%	€10/10g	€77/100g, €555/kg	TheBreakingBad
3-MMC (Metaphedrone)	€10/g	€350/100g, €3,000/kg	TheBreakingBad
MDMA Champagne 84%+	$6.50 – $18/g	$8/g at 250g bulk	Abacus Market
XTC Pills 250mg MDMA	€12.50/10 pills	€80/100, €750/1,000 pills	TheBreakingBad
XTC Pills (240mg, various)	$135 – $200/10 pills	Multiple brands available	Tor Market

Opiates and Opioids

Heroin remained available from specialist vendors, with Iranian-sourced uncut product marketed as the premium option. The pricing structure on TheBreakingBad was particularly detailed, offering nine quantity tiers from a single gram to a full kilogram. This level of volume pricing suggests these vendors are servicing both individual users and mid-level distributors.

Prescription opioids also featured prominently. Oxycontin (40mg tablets) and Percocet (5/325mg) were listed on Tor Market, though exact per-unit pricing was often obscured behind “add to cart” interfaces that required account creation to view.

Product	Price Range	Volume Pricing	Source Market
Heroin Uncut (Iranian)	€22.50/g	€175/10g, €1,600/100g, €13,500/kg	TheBreakingBad
Heroin #3 (60-70%)	$50 – $55/3g	Mid-grade, EU sourced	Tor Market
Oxycontin 40mg (20ct)	$120 – $200	Prescription tabs	Tor Market
Percocet 5/325mg (70ct)	$150 – $250	Price per bottle est.	Tor Market
Fentanyl patches/pills	$50 – $150	Limited listings (high risk)	Various

Cannabis

Cannabis products dominated by volume of listings. UK-based vendors advertised next-day delivery (NDD) on multiple strains, essentially running a delivery service comparable to legitimate e-commerce. Listings included premium strains such as OG Cookies, Super Silver Haze, Gorilla Glue, and Amnesia Haze, with clear quantity tiers.

Product	Price Range	Volume/Notes	Source Market
Gorilla Glue (7g)	£42 (~$53)	UK NDD available	Abacus Market
OG Cookies (various)	$50 – $120/quarter	Multiple vendors	Tor Market
Amnesia Haze (100g)	$400 – $600	Bulk listing	Abacus Market
Super Silver Haze	$35 – $80/quarter	Dutch sourced	Tor Market
Cannabis (French market)	Varies	192 products listed	FR marketplace

Psychedelics and Dissociatives

The psychedelics market showed strong activity, with psilocybin products packaged in consumer-friendly formats (chocolate edibles, microdose capsules) and ketamine available from multiple vendors. LSD pricing was harder to pin down through DARKSEARCH alone, but cross-referencing with forum discussions suggests typical street-equivalent pricing in the $5 to $15 per tab range.

Product	Price Range	Notes	Source Market
Psilocybin Chocolate (4g)	$40	Consumer-packaged edible	Tor Market
Psilocybin Capsules 150mg (x100)	$80 – $150	Microdose format	Tor Market
Ketamine S-Isomer	€10/g	€175/50g, €1,850/kg	TheBreakingBad
LSD Tabs	$5 – $15/tab	Forum pricing cross-ref	Multiple
XTC/MDMA (ecstasy, various)	€12.50 – $200/10 pills	Brand-dependent pricing	Multiple markets

Prescription Pharmaceuticals

Beyond controlled opioids, a range of prescription medications was available. Benzodiazepines (particularly Xanax and Rivotril) were listed at a fraction of pharmacy prices. Erectile dysfunction medications (Cialis) appeared as bulk listings, likely diverted or counterfeit product.

Product	Price Range	Notes	Source Market
Xanax 2mg (50 pills)	€5 – €25	Alprazolam, likely pressed	Abacus Market
Rivotril 2mg (20 pills)	$15 – $40	Clonazepam	Tor Market
Cialis (50 tabs)	$120 – $200	Bulk pack, likely generic/counterfeit	Tor Market

The drug marketplace in 2026 functions like a professional retail operation. Escrow, customer reviews, volume discounts, refund policies, and domestic stealth shipping are standard. The operational maturity here mirrors what we have seen in the cyber services space, with vendor reputation systems driving quality competition.

Firearms and Ammunition

Firearms remain one of the most sensitive categories on the dark web. Our DARKSEARCH queries returned listings from multiple sources, including a dedicated storefront called “Gun and Shell Factory” and the firearms category on Tor Market (which carried 10 products at the time of our crawl). A vendor called “GlockZ” was also active with 7 listed products.

It is worth noting that firearms sales on the dark web carry the highest scam risk of any category. Law enforcement honeypot operations are well-documented in this space, and many “vendors” simply take payment and never deliver. That said, the listings themselves are informative for understanding what threat actors believe constitutes a reasonable market price, and the availability of these listings is itself a data point worth tracking.

Handguns

Firearm	Listed Price (USD)	Calibre	Source
Glock 17 Gen 4	$499	9mm	Tor Market
Glock 19	$450	9mm	Gun and Shell Factory
Glock 26	$350	9mm	Gun and Shell Factory
SIG Sauer P320	$600	9mm	Gun and Shell Factory
SIG Sauer P220	$680 (sale from $800)	.45 ACP	Tor Market
Desert Eagle	$899 (sale from $1,000)	.44 Magnum	Tor Market
Beretta M9	$249	9mm	Tor Market
Ed Brown Kobra	$499	.45 ACP	Gun and Shell Factory
CZ TS 2	$899	9mm	Gun and Shell Factory

Long Guns and Submachine Guns

Firearm	Listed Price (USD)	Type	Source
AK-47	$800 – $1,200	Assault Rifle	Gun and Shell Factory
AR-15	$700 – $1,000	Semi-Auto Rifle	Gun and Shell Factory
UZI Pro	$740	Submachine Gun	Gun and Shell Factory

Ammunition was also listed separately, though pricing data was less granular in our crawl results. The presence of both firearms and ammunition on the same marketplaces that sell drugs, stolen data, and hacking tools underscores the breadth of these platforms. Tor Market, for instance, carries categories for Counterfeits, Credit Card/CVV/Dumps, Documents, Drugs (47 products), Firearms and Ammo (10 products), Gadgets, and Hacking (13 products), all under one marketplace roof.

Compared to legitimate retail prices, dark web firearms are generally listed at a discount of 30% to 60% from retail, which reflects the risk premium inverted: buyers on the dark web are willing to pay less because of the high risk of scam, non-delivery, or law enforcement interception. From a threat intelligence perspective, the persistence of these listings indicates ongoing demand from individuals who cannot or will not purchase through legitimate channels.

Expanded Counterfeit and Fraud Services

Beyond the identity documents and financial instruments covered earlier, the dark web hosts a broader ecosystem of counterfeit goods and fraud services. Our expanded DARKSEARCH crawl revealed categories including counterfeit luxury goods, forged academic credentials, cryptocurrency fraud tools, and casino bonus exploitation kits.

Counterfeit Luxury Goods
Tor Market listed counterfeit luxury watches, with a Rolex Submariner Non-Date 41mm (model 124060) featured as a promoted product. Counterfeit luxury goods have historically been a smaller dark web category compared to clearnet operations, but their presence on multi-category darknet marketplaces suggests vendors are expanding their offerings to capture cross-selling opportunities from buyers already on the platform for other products.

Cryptocurrency Fraud Tools

Cryptocurrency fraud tools were among the most expensive single-item listings we encountered. The “Tor Amazon” marketplace (operating since 2019) offered an extensive catalogue including stolen Bitcoin wallets, fake USDT senders, wallet cracking tools, and compromised exchange accounts. The pricing here is particularly instructive.

Product	Price (USD)	Details	Source
Stolen BTC Wallet (599 BTC)	$42,000 – $59,900	Priced at ~0.1% of wallet balance	Tor Amazon
Atomic Wallet 1BTC+	$4,000	Pre-loaded compromised wallet	Tor Amazon
Bitcoin Wallet w/ Seeds	$1,500 – $6,500	Wallet.dat with passphrase	Tor Amazon
Wallet.dat Passphrase Cracker	$400	Brute-force tool	Tor Amazon
Flash/Fake USDT Sender	$300 – $500	Spoofed transactions	Tor Amazon
BTC Mnemonic Brute Tool	£550 (~$690)	12-phrase wallet cracker	Standalone store
BTC Reverse Transaction Tool	$400 – $600	Transaction reversal exploit	Standalone store
Leaked Data (16B accounts)	$121,484	Apple, Google, Binance etc.	Tor Amazon

Financial Fraud and Money Movement

The money movement ecosystem on the dark web continues to grow. Services for laundering funds through compromised payment platforms, cloned cards, and bank transfer services were widely available. The Tor Amazon marketplace offered ATM-cloned cards with guaranteed balances, stolen Visa CC/CVV data, Binance account transfers, PayPal-to-Bitcoin conversion services, and casino bonus exploitation kits.

Product	Price (USD)	Details	Source
ATM Cloned Card ($15K balance)	$900	Physical card, PIN included	Tor Amazon
VISA CC/CVV ($8K balance)	$400	Virtual card with full details	Tor Amazon
PayPal $7K Verified Transfer	$600 (sale from $700)	Within 20 minutes worldwide	Tor Market
Visa Prepaid Clone ($7.5K)	$630 (sale from $750)	Physical + online usable	Tor Market
Binance Account Transfer	$300 – $500	BTC/ETH/USDT transfers	Tor Amazon
Paxful Accounts ($5.5K)	$250 – $400	Guaranteed balance	Tor Amazon
Casino Bonus Exploit	$150 – $350	$3K-$10K bonus exploitation	Tor Amazon
Bank Flash SQR Tool	$800 (sale from $1,500)	Bank manipulation software	Tor Amazon
Aviator Predictor Hack AI	$400	Casino/gambling exploit tool	Tor Amazon
Gold Bars 100g (Pre-Owned)	$8,500	Physical delivery, escrow	Tor Amazon

Forged Documents and Credentials

Forged documents ranged from academic credentials (diplomas, degrees, professional certificates) to government-issued identity documents. Tor Market listed a dedicated Documents category with 4 products, while Tor Amazon carried a broader selection under their Documents department. The “USA Documents” product on Tor Amazon was rated 4.85 out of 5 and priced between $600 and $3,500, covering various forms of US identification.

Product	Price Range (USD)	Notes	Source
USA Identity Documents (ID Card)	$600 – $3,500	Multiple ID types available	Tor Amazon
Forged Diploma/Degree	$200 – $800	Various institutions	Multiple markets
Professional Certificates	$150 – $500	IT, medical, trade certs	Multiple markets
Counterfeit COVID Certificates	$50 – $150	Declining demand	Forum listings
Deepfake Service	$100 – $500	Video/image manipulation	Tor directories

The breadth of these offerings paints a picture of a mature underground economy that mirrors, and in some ways parodies, legitimate commerce. Marketplaces offer escrow protection, customer reviews, vendor ratings, return policies, and even promotional sales events. Tor Amazon, for example, displays a running shopping cart total (one snapshot showed a cart worth $154,514), tracks “verified sellers” with sales counts, and runs sale pricing on multiple products. This operational maturity makes these platforms resilient and, from a threat intelligence perspective, worth continuous monitoring.

Pricing Comparison: 2022 vs 2026

The table below compares our 2022 findings with the current 2026 data across key categories. Prices are typical midpoint values.

Category	2022 Average	2026 Average	Trend
Credit card with CVV	$243	$15 – $40	Decreased (oversupply)
Counterfeit currency (per $1K)	$396	$350 – $450	Stable
DDoS service (monthly)	$382	$200 – $500	Decreased (commoditised)
Residential proxy (monthly)	$645	$200 – $645	Wider range, lower entry
Initial network access	$7,700	$2,000 – $5,000	Decreased (median)
Ransomware kit	N/A	$500 – $5,000	New category tracked
Crypto drainer kit	N/A	$200 – $1,000	New category
Stealer log subscription	N/A	$100 – $1,024/mo	New category
AI criminal tools	N/A	$200 – $1,700/mo	New category
Cocaine (per gram)	$150 – $300	$50 – $80	Decreased (dark web discount)
Crystal Meth (per gram)	$50 – $100	$10 – $15	Decreased significantly
Heroin (per gram)	$100 – $200	$22 – $55	Decreased (direct sourcing)
Handgun (Glock 17)	$1,500 – $2,500	$450 – $500	Decreased (high scam risk)
Stolen BTC Wallet	N/A	$4,000 – $59,900	New category
Forged ID Documents (US)	$250 – $1,000	$600 – $3,500	Increased (quality premium)

The overarching trend is clear: established product categories have become cheaper as supply has increased, while new, more sophisticated offerings (RaaS, drainers, AI tools) have emerged at premium price points. The dark web economy is following the same pattern as legitimate tech markets, with commodity products racing to the bottom while innovation commands a premium.

Key Takeaways

The barrier to entry keeps falling. DDoS attacks for $10, phishing kits for $50, stolen accounts for a few dollars. The tools for cybercrime are cheaper and more accessible than ever. This has direct implications for the volume of attacks organisations should expect to face.

Stealer logs are the new oil. The stealer log economy has grown enormously. These logs, harvested from malware infections on individual machines, contain browser-saved passwords, session cookies, crypto wallet data, and more. They feed almost every other category: account takeover, initial access brokering, financial fraud, and identity theft.

Ransomware is a mature industry. With over 100 active groups tracked on our platform and well-established affiliate models, ransomware has moved from being an emerging threat to a structural feature of the threat landscape. The supply chain (IABs to RaaS operators to affiliates to money launderers) is well-oiled and efficient.

AI is an accelerant. While AI has not yet created fundamentally new attack types, it is making existing attacks more effective, more scalable, and more convincing. The appearance of AI-enabled tools as a distinct product category on the dark web is a development every security team should be tracking.

Crypto is the preferred battlefield. The emergence of crypto drainers as a major product category, combined with the growth in compromised exchange accounts, tells us that cryptocurrency users and platforms are now firmly in the crosshairs. The pseudonymous nature of crypto transactions makes this an attractive and growing target.

Drug marketplaces operate like professional retailers. The dark web drug economy has reached a level of operational maturity that mirrors legitimate e-commerce. Escrow, customer reviews, next-day delivery, volume discounts, lab-testing claims, and refund policies are now standard. Prices have dropped significantly compared to street equivalents, reflecting the efficiency of direct vendor-to-buyer models that bypass traditional distribution chains.

Firearms listings persist despite high scam risk. While firearms are consistently available on dark web marketplaces, this category carries the highest scam risk and is a known target for law enforcement honeypot operations. The listed prices (30% to 60% below retail) reflect this risk. The intelligence value here is less about the prices themselves and more about the persistent demand signal from individuals seeking to acquire weapons outside regulated channels.

The dark web is a one-stop shop. Multi-category marketplaces like Tor Market (drugs, firearms, counterfeits, hacking tools, documents, and financial fraud under one roof) and Tor Amazon (hacking, financial, electronics, documents, drugs, and guns) demonstrate that the underground economy has consolidated. A single marketplace visit can service everything from identity theft to substance procurement to weapon acquisition. This consolidation has implications for law enforcement, intelligence analysts, and risk modelling.

Don’t miss out!

Webinar: 2026 Dark Web Pricing Report

Conclusion

The dark web economy in 2026 is bigger, more diverse, and more sophisticated than it was in 2022. Prices for commodity products have dropped while new, higher-value categories have emerged. The professionalism of threat actors continues to increase, with customer support, affiliate programmes, and quality guarantees now standard across many marketplaces.

What has changed most since our 2022 report is the breadth. The dark web is no longer just a marketplace for stolen data and hacking tools. It is a fully integrated underground economy spanning narcotics, firearms, counterfeit goods, identity documents, cryptocurrency fraud, and digital services. Multi-category marketplaces have consolidated these offerings under single platforms, complete with escrow systems, vendor ratings, and promotional campaigns that would not look out of place on a legitimate e-commerce site.

For defenders and intelligence professionals, the key takeaway is that the cost of attacking your organisation, or acquiring the tools to do so, is low and getting lower. The investment needed to mount a credible phishing campaign, launch a DDoS attack, purchase a weapon, or obtain fraudulent identity documents is trivial compared to the potential payoff. This asymmetry is the fundamental challenge, and understanding the economics of the dark web is essential to building effective defences and informing policy.

At SOS Intelligence, we monitor these marketplaces continuously so our customers do not have to. Our DARKSEARCH platform indexes content across 50+ active dark web sources, and our analysts track emerging threats, new marketplace activity, and pricing trends in real time. If you want to understand what is being said about your organisation on the dark web, or if you need intelligence on any of the categories covered in this report, our platform gives you that visibility.

Passport photo by Kit (formerly ConvertKit) on Unsplash

Crypto Photo by Pierre Borthiry – Peiobty on Unsplash

Drugs photo by Colin Davis on Unsplash

Money hoto by Dmytro Glazunov on Unsplash

Gun photo by Tom Def on Unsplash