The King Is Dead, Long Live the King: A New Cybercrime Forum Rises from the Ashes of XSS
A former moderator of the dark web forum XSS, known by the alias Rehub, has launched his own platform under the name Rehubcom. This move coincides with the arrest of the XSS administrator in Kyiv and the seizure of the forum’s domain, as well as the withdrawal of DamageLib from commercial operations—circumstances that have paved the way for new competitors to emerge within the dark web. Rehubcom may well become one such replacement, swiftly filling the void left by the downfall of previous market leaders.
XSS, originally known as DaMaGeLaB, first appeared on the dark web in 2004 and went on to become one of the oldest and most influential forums in the cybercriminal underworld. It served as a marketplace for exploits, malware, access to corporate networks, and databases of leaked information. The forum was notable for its strict rules and structured hierarchy, making it a reliable venue for organized criminal groups. At various points, it was used to advertise major ransomware operations such as REvil and LockBit, until restrictions on ransomware discussions were introduced by the administration in 2021.
On July 22, 2025, Ukrainian law enforcement detained the XSS administrator, known as Toha. In his possession were not only the forum itself but also the Jabber server thesecure.biz, which provided private communications for members. Authorities estimate that millions of euros passed through his operations. Following his arrest, the xss.is domain was seized, though new mirrors and onion addresses soon appeared—raising concerns that intelligence services might now be exercising covert control over the platform.
Against this backdrop, the launch of Rehubcom appears almost inevitable: such forums invariably rise where others fall. The dark web community adapts with remarkable speed to the loss of infrastructure, and new platforms quickly capture the attention of cybercriminals. The danger lies in their role as hubs for distributing malicious tools, coordinating attacks, and extorting victims—making them critical nodes in today’s cybercrime ecosystem.
The story of Rehubcom underscores a stark reality: the cybercriminal world knows no pause. Even high-profile arrests and takedowns serve only to momentarily slow its pace, never to halt it—transforming the fight against such platforms into an endless race against the shadows.
