βΌοΈ GangExposed RU claims to have names, connections and photos of the Iranian Handala threat actor who breached Kash Patel's Gmail.
This information is worth $10,000,000.
All they're asking in return is for the FBI to arrest members of the Conti ransomware group.
This information is worth $10,000,000.
All they're asking in return is for the FBI to arrest members of the Conti ransomware group.
π11π€―7π©4π€£3β€2
π¨ MASSIVE CYBERATTACK: The EU Commission, ENISA, and the DG for Digital Services have been compromised by threat actor ShinyHunters.
Leaked data includes:
βͺοΈ Emails & attachments
βͺοΈ Full SSO user directory
βͺοΈ DKIM signing keys
βͺοΈ AWS config snapshots
βͺοΈ NextCloud/Athena data
βͺοΈ Internal admin URLs
It's a mess!
We suspect the threat actor compromised the EU's AWS environment. We reached out to the attackers for comment, but they refused to share any details about the breach.
Leaked data includes:
βͺοΈ Emails & attachments
βͺοΈ Full SSO user directory
βͺοΈ DKIM signing keys
βͺοΈ AWS config snapshots
βͺοΈ NextCloud/Athena data
βͺοΈ Internal admin URLs
It's a mess!
We suspect the threat actor compromised the EU's AWS environment. We reached out to the attackers for comment, but they refused to share any details about the breach.
2π±10β€3
βοΈSecurity researchers used a low-cost consumer satellite dish to intercept satellite signals and found massive amounts of unencrypted traffic.
Revealing:
π‘ Military and government comms including GPS data
π‘ Credit card transactions
π‘ Phone calls and texts from remote cell towers
π‘ In-flight Wi-Fi activity
Presentation: https://www.youtube.com/watch?v=fM5w7bFNvWI
Donβt Look Up: There Are Sensitive Internal Links in the Clear on GEO Satellites:
https://satcom.sysnet.ucsd.edu/docs/dontlookup_ccs25_fullpaper.pdf
P.s. could anyone boost our channel so we level up? Thank you: https://t.iss.one/IntCyberDigest?boost
Revealing:
π‘ Military and government comms including GPS data
π‘ Credit card transactions
π‘ Phone calls and texts from remote cell towers
π‘ In-flight Wi-Fi activity
Presentation: https://www.youtube.com/watch?v=fM5w7bFNvWI
Donβt Look Up: There Are Sensitive Internal Links in the Clear on GEO Satellites:
https://satcom.sysnet.ucsd.edu/docs/dontlookup_ccs25_fullpaper.pdf
P.s. could anyone boost our channel so we level up? Thank you: https://t.iss.one/IntCyberDigest?boost
π€―3π₯2
βΌοΈ Telegram allegedly has a CRITICAL zero-day vulnerability.
To exploit it, a threat actor has to send a corrupted sticker to their victim.
Telegram directly addressed the claim, stating the vulnerability does not exist.
We've asked the researcher for comment β stay tuned.
To exploit it, a threat actor has to send a corrupted sticker to their victim.
Telegram directly addressed the claim, stating the vulnerability does not exist.
We've asked the researcher for comment β stay tuned.
π€£34π€4β€2π©1π1
βΌοΈ S&P Global, responsible for the S&P 500, was compromised by TeamPCP during recent supply chain attacks (Trivy / LiteLLM).
Weβve known spglobal[.]com was on their list for some time now and didnβt get any reply from their press contact.
Weβve known spglobal[.]com was on their list for some time now and didnβt get any reply from their press contact.
π±10π€£2β€1
π¨βΌοΈ BREAKING: Databricks allegedly compromised in a TeamPCP supply chain attack.
Databricks is the leading cloud-based data analytics platform: used by organizations worldwide to manage massive datasets.
We notified them last week. They scaled up to investigate. We haven't heard back since.
Databricks is the leading cloud-based data analytics platform: used by organizations worldwide to manage massive datasets.
We notified them last week. They scaled up to investigate. We haven't heard back since.
β€7
π¨βΌοΈ UPDATE: Here is a selection of companies compromised in the recent TeamPCP supply chain attacks.
This is just a fraction, the full list likely runs into the thousands. π
MTN: mtn[.]com
Gravatar: gravatar[.]com
Zoopla: zoopla[.]co[.]uk
Ansys: ansys[.]com
Ansys GitHub: github[.]com/ansys
ACUITY: acuity[.]com
StarTech: startech[.]com
Lightning: lightning[.]ai
Grid: grid[.]ai
Proton: proton[.]ai
Finkargo: finkargo[.]com
Hillspire: hillspire[.]com
Agronod: agronod[.]com
Spaceship: spaceship[.]com[.]ai
Hicap: hicap[.]ai
Pytorchbearer: github[.]com/pytorchbearer
KCI AI Team: github[.]com/kci-ai-team
This is just a fraction, the full list likely runs into the thousands. π
MTN: mtn[.]com
Gravatar: gravatar[.]com
Zoopla: zoopla[.]co[.]uk
Ansys: ansys[.]com
Ansys GitHub: github[.]com/ansys
ACUITY: acuity[.]com
StarTech: startech[.]com
Lightning: lightning[.]ai
Grid: grid[.]ai
Proton: proton[.]ai
Finkargo: finkargo[.]com
Hillspire: hillspire[.]com
Agronod: agronod[.]com
Spaceship: spaceship[.]com[.]ai
Hicap: hicap[.]ai
Pytorchbearer: github[.]com/pytorchbearer
KCI AI Team: github[.]com/kci-ai-team
π€―11π₯2π1π©1
The threat actors who are part of TeamPCP are going crazy.
TeamPCP is imploding. Nearly every member has been kicked from the group and their operations are severely disrupted. π
They're having some rodent infestation problem. I wonder how, I wonder why...
Yesterday you told me 'bout the blue blue sky
And all that I can see is just a yellow lemon treeπ
https://www.youtube.com/watch?v=wCQfkEkePx8
TeamPCP is imploding. Nearly every member has been kicked from the group and their operations are severely disrupted. π
They're having some rodent infestation problem. I wonder how, I wonder why...
Yesterday you told me 'bout the blue blue sky
And all that I can see is just a yellow lemon tree
https://www.youtube.com/watch?v=wCQfkEkePx8
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯΄12π2β€1π€£1
Media is too big
VIEW IN TELEGRAM
βοΈ A scammer was caught using an AI face mask to hide his true identity.
He works for a fake company called "Global Metrix", which offers recovery services for stolen crypto.
He works for a fake company called "Global Metrix", which offers recovery services for stolen crypto.
π€£19β€1π1π1
Me meeting up with my insiders for status updates on recent supply chain attacks.
π€£10π8β€4π₯1
π¨βΌοΈ MAJOR SUPPLY CHAIN ATTACK: npm package axios is compromised after the maintainer's npm account was hijacked.
Malicious versions contain a Remote Access Trojan. axios has 100M+ weekly downloads β it's in practically everything.
If you have installed [email protected] or [email protected], assume compromise.
Axios' lead maintainer jasonsaayman's npm account was compromised β email was swapped to an anonymous Proton Mail address.
Both malicious versions were pushed manually via npm CLI, bypassing GitHub Actions OIDC entirely, without commits.
π΄ Stepsecurity report: https://stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan
π΄ Socket report:
https://socket.dev/blog/axios-npm-package-compromised
Malicious versions contain a Remote Access Trojan. axios has 100M+ weekly downloads β it's in practically everything.
If you have installed [email protected] or [email protected], assume compromise.
Axios' lead maintainer jasonsaayman's npm account was compromised β email was swapped to an anonymous Proton Mail address.
Both malicious versions were pushed manually via npm CLI, bypassing GitHub Actions OIDC entirely, without commits.
π΄ Stepsecurity report: https://stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan
π΄ Socket report:
https://socket.dev/blog/axios-npm-package-compromised
β€8π₯΄2