Redazione RHC : 4 July 2025 07:14
The underground landscape of cybercriminal forums continues to evolve and is changing. With an official announcement published on June 25, 2025 both on Telegram and within the DarkForums forum, the user Knox – current administrator and top figure of the platform – has communicated the transfer of control of the Telegram channel “The Jacuzzi”, also known as baphchat, under the aegis of DarkForums.
This move represents yet another piece in the slow but inexorable disintegration of the ecosystem left vacant by BreachForums, following the legal events that marked its closure in 2023 and subsequent instability in 2024. The “Jacuzzi” channel was originally conceived as an unofficial space for the BreachForums community, where operators, vendors and cybercriminals could interact informally outside the rigidity of the main platform.
BreachForums spiritual successor to the famous RaidForums– had consolidated over time a centralized structure focused on the exchange of breached databases, personal data (PII) and credentials, until the arrest of its administrator “pompompurin” in March 2023 marked a point of no return. Despite several attempts to relaunch it by actors such as Baphomet and other forks of the community, the project never returned to its initial stability.
Sponsorizza la prossima Red Hot Cyber Conference!Il giorno Lunedì 18 maggio e martedì 19 maggio 2026 9 maggio 2026, presso il teatro Italia di Roma (a due passi dalla stazione termini e dalla metro B di Piazza Bologna), si terrà la V edizione della la RHC Conference. Si tratta dell’appuntamento annuale gratuito, creato dalla community di RHC, per far accrescere l’interesse verso le tecnologie digitali, l’innovazione digitale e la consapevolezza del rischio informatico. Se sei interessato a sponsorizzare l'evento e a rendere la tua azienda protagonista del più grande evento della Cybersecurity Italiana, non perdere questa opportunità. E ricorda che assieme alla sponsorizzazione della conferenza, incluso nel prezzo, avrai un pacchetto di Branding sul sito di Red Hot Cyber composto da Banner più un numero di articoli che saranno ospitati all'interno del nostro portale. Quindi cosa stai aspettando? Scrivici subito a [email protected] per maggiori informazioni e per accedere al programma sponsor e al media Kit di Red Hot Cyber. 
Se ti piacciono le novità e gli articoli riportati su di Red Hot Cyber, iscriviti immediatamente alla newsletter settimanale per non perdere nessun articolo. La newsletter generalmente viene inviata ai nostri lettori ad inizio settimana, indicativamente di lunedì. |
In this void, DarkForums has been able to play a strategic role, acquiring credibility and users through a similar offer in terms of content (RDP access, combolist, leaks, malware development tools) but with less exposed governance. With the takeover of “The Jacuzzi”, DarkForums is not just incorporating a channel: it is consolidating a communications and reputation infrastructure previously associated with the BreachForums brand.
In the forum post, administrator Knox writes:
“The ‘Jacuzzi’ Telegram chat which was previously the Breachforums official chatroom is now owned by us, and from now on this will be the official DarkForums chat.”
At the same time, the following references were made available:
The initiative also strengthens the out-of-band communication ecosystem typical of modern criminal forums, where Telegram channels act as a fallback in case of downtime, seizure or reputation issues of the main domains. The choice to consolidate “The Jacuzzi” as an official affiliate environment allows DarkForums to actively monitor community engagement, attract former BreachForums users and legitimize itself as an alternative hub.
From a Cyber Threat Intelligence perspective, this change represents a further recombination of leadership dynamics in illicit data marketplaces. The maintenance of active Telegram references, now under new management, is an important indicator of the persistence of cybercrime-related activities, even in contexts of structural discontinuity.
Organizations that monitor activities on OSINT/CLOSINT channels should update their tracking models, including this new DarkForums asset as an active source for potential early warnings, internal communications to the threat actor economy and promotion of new dumps or illicit services.
Redazione