🚨‼️ EXCLUSIVE: Zoom was breached by threat actor Mr. Raccoon.
A South Korean employee installed an infostealer via a fake Zoom-themed website, delivered through a spoofed security email.
Mr. Raccoon told us: "Their security was terrible, but Okta saved them."
We asked Zoom for comment. They told us: "will get back to you on a comment shortly."
It's been almost 24 hours. Still no comment.
Update:
A Zoom spokesperson just told us:
"We conducted an investigation and have not identified any evidence of access to Zoom’s system or data beyond a response to a phishing attempt, which granted limited access to a single employee’s third-party dashboard. We have not identified any evidence of further access to Zoom’s system or data."
A South Korean employee installed an infostealer via a fake Zoom-themed website, delivered through a spoofed security email.
Mr. Raccoon told us: "Their security was terrible, but Okta saved them."
We asked Zoom for comment. They told us: "will get back to you on a comment shortly."
It's been almost 24 hours. Still no comment.
Update:
A Zoom spokesperson just told us:
"We conducted an investigation and have not identified any evidence of access to Zoom’s system or data beyond a response to a phishing attempt, which granted limited access to a single employee’s third-party dashboard. We have not identified any evidence of further access to Zoom’s system or data."
🤔8❤3👍2
‼️ GangExposed RU claims to have names, connections and photos of the Iranian Handala threat actor who breached Kash Patel's Gmail.
This information is worth $10,000,000.
All they're asking in return is for the FBI to arrest members of the Conti ransomware group.
This information is worth $10,000,000.
All they're asking in return is for the FBI to arrest members of the Conti ransomware group.
😁11🤯7💩4🤣3❤2
🚨 MASSIVE CYBERATTACK: The EU Commission, ENISA, and the DG for Digital Services have been compromised by threat actor ShinyHunters.
Leaked data includes:
▪️ Emails & attachments
▪️ Full SSO user directory
▪️ DKIM signing keys
▪️ AWS config snapshots
▪️ NextCloud/Athena data
▪️ Internal admin URLs
It's a mess!
We suspect the threat actor compromised the EU's AWS environment. We reached out to the attackers for comment, but they refused to share any details about the breach.
Leaked data includes:
▪️ Emails & attachments
▪️ Full SSO user directory
▪️ DKIM signing keys
▪️ AWS config snapshots
▪️ NextCloud/Athena data
▪️ Internal admin URLs
It's a mess!
We suspect the threat actor compromised the EU's AWS environment. We reached out to the attackers for comment, but they refused to share any details about the breach.
2😱10❤3
❗️Security researchers used a low-cost consumer satellite dish to intercept satellite signals and found massive amounts of unencrypted traffic.
Revealing:
📡 Military and government comms including GPS data
📡 Credit card transactions
📡 Phone calls and texts from remote cell towers
📡 In-flight Wi-Fi activity
Presentation: https://www.youtube.com/watch?v=fM5w7bFNvWI
Don’t Look Up: There Are Sensitive Internal Links in the Clear on GEO Satellites:
https://satcom.sysnet.ucsd.edu/docs/dontlookup_ccs25_fullpaper.pdf
P.s. could anyone boost our channel so we level up? Thank you: https://t.iss.one/IntCyberDigest?boost
Revealing:
📡 Military and government comms including GPS data
📡 Credit card transactions
📡 Phone calls and texts from remote cell towers
📡 In-flight Wi-Fi activity
Presentation: https://www.youtube.com/watch?v=fM5w7bFNvWI
Don’t Look Up: There Are Sensitive Internal Links in the Clear on GEO Satellites:
https://satcom.sysnet.ucsd.edu/docs/dontlookup_ccs25_fullpaper.pdf
P.s. could anyone boost our channel so we level up? Thank you: https://t.iss.one/IntCyberDigest?boost
🤯3🔥2
‼️ S&P Global, responsible for the S&P 500, was compromised by TeamPCP during recent supply chain attacks (Trivy / LiteLLM).
We’ve known spglobal[.]com was on their list for some time now and didn’t get any reply from their press contact.
We’ve known spglobal[.]com was on their list for some time now and didn’t get any reply from their press contact.
😱10🤣2❤1
🚨‼️ BREAKING: Databricks allegedly compromised in a TeamPCP supply chain attack.
Databricks is the leading cloud-based data analytics platform: used by organizations worldwide to manage massive datasets.
We notified them last week. They scaled up to investigate. We haven't heard back since.
Databricks is the leading cloud-based data analytics platform: used by organizations worldwide to manage massive datasets.
We notified them last week. They scaled up to investigate. We haven't heard back since.
❤7
🚨‼️ UPDATE: Here is a selection of companies compromised in the recent TeamPCP supply chain attacks.
This is just a fraction, the full list likely runs into the thousands. 👀
MTN: mtn[.]com
Gravatar: gravatar[.]com
Zoopla: zoopla[.]co[.]uk
Ansys: ansys[.]com
Ansys GitHub: github[.]com/ansys
ACUITY: acuity[.]com
StarTech: startech[.]com
Lightning: lightning[.]ai
Grid: grid[.]ai
Proton: proton[.]ai
Finkargo: finkargo[.]com
Hillspire: hillspire[.]com
Agronod: agronod[.]com
Spaceship: spaceship[.]com[.]ai
Hicap: hicap[.]ai
Pytorchbearer: github[.]com/pytorchbearer
KCI AI Team: github[.]com/kci-ai-team
This is just a fraction, the full list likely runs into the thousands. 👀
MTN: mtn[.]com
Gravatar: gravatar[.]com
Zoopla: zoopla[.]co[.]uk
Ansys: ansys[.]com
Ansys GitHub: github[.]com/ansys
ACUITY: acuity[.]com
StarTech: startech[.]com
Lightning: lightning[.]ai
Grid: grid[.]ai
Proton: proton[.]ai
Finkargo: finkargo[.]com
Hillspire: hillspire[.]com
Agronod: agronod[.]com
Spaceship: spaceship[.]com[.]ai
Hicap: hicap[.]ai
Pytorchbearer: github[.]com/pytorchbearer
KCI AI Team: github[.]com/kci-ai-team
🤯11🔥2👍1💩1
The threat actors who are part of TeamPCP are going crazy.
TeamPCP is imploding. Nearly every member has been kicked from the group and their operations are severely disrupted. 👀
They're having some rodent infestation problem. I wonder how, I wonder why...
Yesterday you told me 'bout the blue blue sky
And all that I can see is just a yellow lemon tree🍋
https://www.youtube.com/watch?v=wCQfkEkePx8
TeamPCP is imploding. Nearly every member has been kicked from the group and their operations are severely disrupted. 👀
They're having some rodent infestation problem. I wonder how, I wonder why...
Yesterday you told me 'bout the blue blue sky
And all that I can see is just a yellow lemon tree
https://www.youtube.com/watch?v=wCQfkEkePx8
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
🥴12😁2❤1🤣1
Media is too big
VIEW IN TELEGRAM
❗️ A scammer was caught using an AI face mask to hide his true identity.
He works for a fake company called "Global Metrix", which offers recovery services for stolen crypto.
He works for a fake company called "Global Metrix", which offers recovery services for stolen crypto.
🤣19❤1😁1😭1
Me meeting up with my insiders for status updates on recent supply chain attacks.
🤣11😁8❤4🔥1
🚨‼️ MAJOR SUPPLY CHAIN ATTACK: npm package axios is compromised after the maintainer's npm account was hijacked.
Malicious versions contain a Remote Access Trojan. axios has 100M+ weekly downloads — it's in practically everything.
If you have installed [email protected] or [email protected], assume compromise.
Axios' lead maintainer jasonsaayman's npm account was compromised — email was swapped to an anonymous Proton Mail address.
Both malicious versions were pushed manually via npm CLI, bypassing GitHub Actions OIDC entirely, without commits.
🔴 Stepsecurity report: https://stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan
🔴 Socket report:
https://socket.dev/blog/axios-npm-package-compromised
Malicious versions contain a Remote Access Trojan. axios has 100M+ weekly downloads — it's in practically everything.
If you have installed [email protected] or [email protected], assume compromise.
Axios' lead maintainer jasonsaayman's npm account was compromised — email was swapped to an anonymous Proton Mail address.
Both malicious versions were pushed manually via npm CLI, bypassing GitHub Actions OIDC entirely, without commits.
🔴 Stepsecurity report: https://stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan
🔴 Socket report:
https://socket.dev/blog/axios-npm-package-compromised
❤8🥴2