π¨ CRITICAL: Security scanner 'Trivy' has been compromised by threat actors who influenced the GitHub build process and pushed a malicious update that installs infostealer malware dubbed "TeamPCP Cloud stealer."
They created a lookalike domain (scan.aquasecurtiy[.]org) and pulled 4 malicious Golang files from it into the build process.
What it steals:
βͺοΈ SSH keys
βͺοΈ Cloud credentials (AWS, GCP, Azure)
βͺοΈ Kubernetes tokens
βͺοΈ Crypto wallets
βͺοΈ Environment variables
βͺοΈ 50+ sensitive file paths scanned
They created a lookalike domain (scan.aquasecurtiy[.]org) and pulled 4 malicious Golang files from it into the build process.
What it steals:
βͺοΈ SSH keys
βͺοΈ Cloud credentials (AWS, GCP, Azure)
βͺοΈ Kubernetes tokens
βͺοΈ Crypto wallets
βͺοΈ Environment variables
βͺοΈ 50+ sensitive file paths scanned
tg_image_43747447.png
850.6 KB
βοΈπΊπΈ A homeless man was running his burger restaurant "nasty azz cheeseburger" out of a shopping cart and selling through DoorDash.
The video went viral and people started wondering how it ever got listed.
DoorDash put the restaurant on inactive. π
I bet the burgers were nasty and full of ass. π
The video went viral and people started wondering how it ever got listed.
DoorDash put the restaurant on inactive. π
I bet the burgers were nasty and full of ass. π
βοΈPokΓ©mon Go creator Niantic used 30 billion images crowdsourced from players to build a map for AI training and visual positioning capabilities, including for defense purposes.
143 million people spent 8 years scanning streets, parks, and storefronts with their cameras. None of them knew what they were contributing to.
Niantic is now using that data for questionable purposes.
Sources:
1)https://technologyreview.com/2026/03/10/1134099/how-pokemon-go-is-helping-robots-deliver-pizza-on-time/
2)https://tectonicdefense.com/vantor-and-niantic-spatial-team-up-on-air-to-ground-visual-positioning-system/
3)https://pokemongohub.net/post/news/niantic-announces-large-geospatial-model-trained-on-pokemon-go-player-data/
143 million people spent 8 years scanning streets, parks, and storefronts with their cameras. None of them knew what they were contributing to.
Niantic is now using that data for questionable purposes.
Sources:
1)https://technologyreview.com/2026/03/10/1134099/how-pokemon-go-is-helping-robots-deliver-pizza-on-time/
2)https://tectonicdefense.com/vantor-and-niantic-spatial-team-up-on-air-to-ground-visual-positioning-system/
3)https://pokemongohub.net/post/news/niantic-announces-large-geospatial-model-trained-on-pokemon-go-player-data/
β€3π€£1
βΌοΈDELUSIONAL: Reddit's CEO wants to 'anonymously' verify human identity through identifiable and personal data...
They want to combat their bot problem while keeping users 'anonymous'. The CEO mentioned Face ID and Touch ID as possible methods.
Someone needs to tell Reddit's CEO what anonymity means. And that passkeys authenticated through Face ID and Touch ID don't prove you're human.
They want to combat their bot problem while keeping users 'anonymous'. The CEO mentioned Face ID and Touch ID as possible methods.
Someone needs to tell Reddit's CEO what anonymity means. And that passkeys authenticated through Face ID and Touch ID don't prove you're human.
π€£5
Media is too big
VIEW IN TELEGRAM
βοΈStop buying cheap Ethernet cables.
Copper-clad aluminum = 60% more resistance, degraded signals, more heat.
The insulation won't self-extinguish, you're putting a fuse inside your walls.
Copper-clad aluminum = 60% more resistance, degraded signals, more heat.
The insulation won't self-extinguish, you're putting a fuse inside your walls.
π6π₯3π1
π¨βΌοΈ BREAKING: Crunchyroll breached through outsourcing partner in India.
A threat actor exfiltrated data from Crunchyroll's ticketing system and also managed to pull 100 GB of personally identifiable customer analytics data.
We've analyzed sample data and it includes IP addresses, email addresses, credit card details, and more.
An employee of their outsourcing partner Telus had executed malware on his system, which gave a threat actor access to Crunchyroll's environment.
The threat actor told us the breach happened on March 12, 2026. Crunchyroll revoked their access after 24 hours.
They also said Crunchyroll is ignoring all messages and still hasn't publicly disclosed the breach.
A threat actor exfiltrated data from Crunchyroll's ticketing system and also managed to pull 100 GB of personally identifiable customer analytics data.
We've analyzed sample data and it includes IP addresses, email addresses, credit card details, and more.
An employee of their outsourcing partner Telus had executed malware on his system, which gave a threat actor access to Crunchyroll's environment.
The threat actor told us the breach happened on March 12, 2026. Crunchyroll revoked their access after 24 hours.
They also said Crunchyroll is ignoring all messages and still hasn't publicly disclosed the breach.
1β€9π’3π2
βΌοΈBREAKING: The Aqua Security Trivy breach leak has been posted on GitHub by the threat actor. Exposed repos contain private keys and credential scripts.
GitHub has since taken down the pages.
All repos were tagged: "TeamPCP Owns Aqua Security."
GitHub has since taken down the pages.
All repos were tagged: "TeamPCP Owns Aqua Security."
π’2π€£2
Media is too big
VIEW IN TELEGRAM
βΌοΈCambodia aims to shut down ALL online scam centers there by the end of April and they're very serious about this.
Just last night they arrested 49 scammers, confiscated 687 phones, and countless SIM cards.
What's withholding other countries from doing the same?
Just last night they arrested 49 scammers, confiscated 687 phones, and countless SIM cards.
What's withholding other countries from doing the same?
π5β€1π₯1π’1
π¨βΌοΈDiscord leaked user IDs with ban reasons to the EU DSA Transparency Database until 2025.
Discord supplied the IDs by mistake. The EU hosted it all.
The irony? The DSA is a regulation designed to protect users.
The problem: say a user gets banned for "You broke Discord's rules regarding Child Safety content." They appeal, the ban turns out to be unjust β but people can still reverse look up the user ID and see that reason.
And they'll conclude one thing.
The leaks went on from July 2024 till August 2025.
Discord provided the data to comply with Digital Services Act regulations.
The EU hosted the leaks under the Digital Services Act.
All in the name of protecting users...
This is where the database is located, you can find all sorts of platform bans and reasons there. The EU has since deleted the user IDs:
https://transparency.dsa.ec.europa.eu/explore-data/download
Discord supplied the IDs by mistake. The EU hosted it all.
The irony? The DSA is a regulation designed to protect users.
The problem: say a user gets banned for "You broke Discord's rules regarding Child Safety content." They appeal, the ban turns out to be unjust β but people can still reverse look up the user ID and see that reason.
And they'll conclude one thing.
The leaks went on from July 2024 till August 2025.
Discord provided the data to comply with Digital Services Act regulations.
The EU hosted the leaks under the Digital Services Act.
All in the name of protecting users...
This is where the database is located, you can find all sorts of platform bans and reasons there. The EU has since deleted the user IDs:
https://transparency.dsa.ec.europa.eu/explore-data/download
π€£8π€¬2β€1