LockBit got Cronos’d. BlackCat caught a DOJ wrench to the teeth. Cl0p is still hanging around the enterprise software aisle like it owns the place. So… is it really next, or are we just recycling takedown fan fiction?

Cl0p forecast: 20% chance their leak sites go dark by Apr 22, 2026—only if there’s a seizure banner or ≥14 days down w/ LE attribution. Cronos shows it’s doable; Hydra-style mirrors are the boss fight

Oracle EBS got in-memory Java loaders, not lockerware. Patch CVE-2025-61882, lock egress, hunt TemplatePreviewPG with TMP|DEF + XSL-TEXT|XML. Extortion rides in via “pubstorm.”