Sign up to save your podcasts
Or
Share BulletProof Hosting Lives on: Stark's Rebrand and 4 Cyber Flashpoints
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
BulletProof Hosting Lives on: Stark's Rebrand and 4 Cyber Flashpoints
**Hosts:**
- Professor CyberRisk
- Cyber Cowboy
**Live Cyber Maps & Resources**
- Bitdefender Threat Map: https://threatmap.bitdefender.com/
- Checkpoint Live Cyber Threat Map: https://threatmap.checkpoint.com/
- Kaspersky Cyber Threat Map: https://cybermap.kaspersky.com/
- Talos Intelligence – ebc_spam Map: https://talosintelligence.com/ebc_spam
---
## Episode Information
**Title:** Bulletproof Hosting Lives On: Stark’s Rebrand & 4 Cyber Flashpoints
**Episode Number:** 3x23
---
### Overview
In this episode we unpack the latest headline: European sanctions hit Stark Industries Solutions Ltd., yet the firm slipped into a new shell, keeping its “bullet‑proof” hosting services running. We dive into why that matters for defenders, and we explore four additional headlines: a supply‑chain attack on npm libraries, the fallout from Salesloft’s token breach, Microsoft’s critical Patch Tuesday, and a new Russian gambling‑scam network. Get the details on how to spot, block, and remediate each threat.
---
### Guest Information
*None for this episode (solid 5‑story deep dive).*
---
### Topics Covered
- How “bullet‑proof” hosting evades EU sanctions
- 18 npm packages hijacked to steal crypto funds
- Salesloft token breach exposes corporate data across Slack, Google Workspace & AWS
- Microsoft Patch Tuesday – 80+ fixes (incl. remote code exec, SMB flaws)
- Russian “Soulless” gambling‑scam affiliate network
---
## Top Stories
**1. Bulletproof Host Stark Industries Evades EU Sanctions**
*Summary:* The EU slapped sanctions on Stark Industries Solutions Ltd. in May 2025 for fueling Kremlin‑linked DDoS, malware, and disinformation campaigns. New research shows Stark swiftly rebranded to “thehosting”, moved assets to a Dutch shell (WorkTitans BV), and shifted IP space to a new Moldovan entity, PQ Hosting Plus SRL. The core infrastructure—IP ranges, servers and the notorious MIRhosting partner—remained operational, allowing Russian‑backed attacks to continue almost unchanged.
*Why it Matters:* This is a textbook example of how “bullet‑proof” hosting providers dodge regulation by shifting names and ownership while keeping the same malicious traffic lanes open. It shows that sanctions alone are insufficient; attackers simply reorganize and keep the same services running, continuing to supply state‑level cyberwarfare.
*What you should do:* Monitor the domain and IP space associated with Stark and its partners (thehosting.com, PQ Hosting Plus SRL, MIRhosting). Use threat‑intel feeds to detect changes in ownership or DNS records. Block traffic from these IP ranges at your perimeter firewalls, especially if you run a web‑services or cloud platform. Keep an eye on EU sanctions lists and immediately flag any new entities that appear in your infrastructure logs.
---
## Additional Cybersecurity News – Titles & URLs
| # | Title | URL |
|---|-------|-----|
| 2 | *18 Popular Code Packages Hacked, Rigged to Steal Crypto*
| 3 | *The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft*
| 4 | *Microsoft Patch Tuesday, September 2025 Edition* |
| 5 | *Affiliates Flock to ‘Soulless’ Scam Gambling Machine* |
---
### Resources & Links
*None this episode.*
---
## Call to Action
- **Subscribe** – Stay updated on the latest cybersecurity threats.
- **Leave a Review** – Let us know what you think.
- **Join the Conversation** – Follow our community and ask questions.
---
### Sponsor
*No sponsors this episode.*
---
## Podcast Socials & Website
- **Website:** https://www.youvealreadybeenhacked.com
- **X (Twitter):** @professorcyberrisk
- **YouTube:** https://www.youtube.com/@YABHPodcast
- **Discord/Community Forum:** https://discord.gg/cz3xdsrqAE
View all episodes
By Professor CyberRisk
5
44 ratings
**Hosts:**
- Professor CyberRisk
- Cyber Cowboy
**Live Cyber Maps & Resources**
- Bitdefender Threat Map: https://threatmap.bitdefender.com/
- Checkpoint Live Cyber Threat Map: https://threatmap.checkpoint.com/
- Kaspersky Cyber Threat Map: https://cybermap.kaspersky.com/
- Talos Intelligence – ebc_spam Map: https://talosintelligence.com/ebc_spam
---
## Episode Information
**Title:** Bulletproof Hosting Lives On: Stark’s Rebrand & 4 Cyber Flashpoints
**Episode Number:** 3x23
---
### Overview
In this episode we unpack the latest headline: European sanctions hit Stark Industries Solutions Ltd., yet the firm slipped into a new shell, keeping its “bullet‑proof” hosting services running. We dive into why that matters for defenders, and we explore four additional headlines: a supply‑chain attack on npm libraries, the fallout from Salesloft’s token breach, Microsoft’s critical Patch Tuesday, and a new Russian gambling‑scam network. Get the details on how to spot, block, and remediate each threat.
---
### Guest Information
*None for this episode (solid 5‑story deep dive).*
---
### Topics Covered
- How “bullet‑proof” hosting evades EU sanctions
- 18 npm packages hijacked to steal crypto funds
- Salesloft token breach exposes corporate data across Slack, Google Workspace & AWS
- Microsoft Patch Tuesday – 80+ fixes (incl. remote code exec, SMB flaws)
- Russian “Soulless” gambling‑scam affiliate network
---
## Top Stories
**1. Bulletproof Host Stark Industries Evades EU Sanctions**
*Summary:* The EU slapped sanctions on Stark Industries Solutions Ltd. in May 2025 for fueling Kremlin‑linked DDoS, malware, and disinformation campaigns. New research shows Stark swiftly rebranded to “thehosting”, moved assets to a Dutch shell (WorkTitans BV), and shifted IP space to a new Moldovan entity, PQ Hosting Plus SRL. The core infrastructure—IP ranges, servers and the notorious MIRhosting partner—remained operational, allowing Russian‑backed attacks to continue almost unchanged.
*Why it Matters:* This is a textbook example of how “bullet‑proof” hosting providers dodge regulation by shifting names and ownership while keeping the same malicious traffic lanes open. It shows that sanctions alone are insufficient; attackers simply reorganize and keep the same services running, continuing to supply state‑level cyberwarfare.
*What you should do:* Monitor the domain and IP space associated with Stark and its partners (thehosting.com, PQ Hosting Plus SRL, MIRhosting). Use threat‑intel feeds to detect changes in ownership or DNS records. Block traffic from these IP ranges at your perimeter firewalls, especially if you run a web‑services or cloud platform. Keep an eye on EU sanctions lists and immediately flag any new entities that appear in your infrastructure logs.
---
## Additional Cybersecurity News – Titles & URLs
| # | Title | URL |
|---|-------|-----|
| 2 | *18 Popular Code Packages Hacked, Rigged to Steal Crypto*
| 3 | *The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft*
| 4 | *Microsoft Patch Tuesday, September 2025 Edition* |
| 5 | *Affiliates Flock to ‘Soulless’ Scam Gambling Machine* |
---
### Resources & Links
*None this episode.*
---
## Call to Action
- **Subscribe** – Stay updated on the latest cybersecurity threats.
- **Leave a Review** – Let us know what you think.
- **Join the Conversation** – Follow our community and ask questions.
---
### Sponsor
*No sponsors this episode.*
---
## Podcast Socials & Website
- **Website:** https://www.youvealreadybeenhacked.com
- **X (Twitter):** @professorcyberrisk
- **YouTube:** https://www.youtube.com/@YABHPodcast
- **Discord/Community Forum:** https://discord.gg/cz3xdsrqAE