π¨βΌοΈ Mercor has paid ransom to ShinyHunters following the LiteLLM supply chain breach compromise.
Mercor works with major AI companies including OpenAI and Anthropic to train AI models.
Mercor works with major AI companies including OpenAI and Anthropic to train AI models.
β€11π±1
βοΈRANSOM-ISAC published a solid piece on TeamPCP β featuring several of our posts.
https://www.ransom-isac.com/blog/supply-chain-confidence/
https://www.ransom-isac.com/blog/supply-chain-confidence/
β€2
π¨βΌοΈ BREAKING: The Crunchyroll breach data, leaked via an Indian outsourcing partner, has been sold.
1.2 million of 2 million customer records were purchased by a single buyer.
We've obtained the 1.2 million emails from Mr. Raccoon and will be sharing them with HaveIBeenPwned.
1.2 million of 2 million customer records were purchased by a single buyer.
We've obtained the 1.2 million emails from Mr. Raccoon and will be sharing them with HaveIBeenPwned.
β€19
βΌοΈ We have just updated the TeamPCP supply chain attack tracker at https://teampcp.cyberdigest.international/ after TeamPCP supplied us with a small list.
89 Total affected orgs!
Bringing the total to 68 alleged victims:
πΊπΈ MedWork (medwork[.]io)
π§π· Tuna Pagamentos (tunapagamentos[.]com[.]br) β [data sold]
π¨π Sportradar (sportradar[.]com) β [data open for sale, NASDAQ ~$4.98B]
π§π· Nuvidio (nuvidio[.]com[.]br)
π¨π¦ IDMelon / SecurityKey (idmelon[.]com)
89 Total affected orgs!
Bringing the total to 68 alleged victims:
πΊπΈ MedWork (medwork[.]io)
π§π· Tuna Pagamentos (tunapagamentos[.]com[.]br) β [data sold]
π¨π Sportradar (sportradar[.]com) β [data open for sale, NASDAQ ~$4.98B]
π§π· Nuvidio (nuvidio[.]com[.]br)
π¨π¦ IDMelon / SecurityKey (idmelon[.]com)
International Cyber Digest
TeamPCP β Breach Tracker | International Cyber Digest
Active tracking of the TeamPCP supply chain campaign β 57 alleged victims, 19 countries, 4 confirmed attack vectors. Updated in real time.
π₯6
This media is not supported in your browser
VIEW IN TELEGRAM
When you lied on your resume.
π7π’5π€£4
βΌοΈπ«π· France just mandated digital ID for every citizen by banning social media for minors.
Under 15s will be blocked from IG, TikTok, FB, Snapchat and any platform allowing interactions, public broadcasts or user communities.
The banlist is determined by French regulator Arcom.
Under 15s will be blocked from IG, TikTok, FB, Snapchat and any platform allowing interactions, public broadcasts or user communities.
The banlist is determined by French regulator Arcom.
π14π8π€ͺ6π€¬3π2π’1π©1
π¨π°π΅ North Korean state-backed hackers had a great year, they have been 'paid' $2.02 billion in 'bug bounties' in 2025.
According to ChainAnalysis North Korean hackers stole $2.02 billion in crypto in 2025, a 51% year-over-year increase, bringing their all-time total to $6.75 billion.
They're doing fewer attacks, but bigger hauls. The DPRK is embedding IT workers inside crypto firms and using sophisticated impersonation tactics targeting executives.
After major thefts, laundering follows within 45 days β predominantly through Chinese-language services, bridges and mixing protocols.
According to ChainAnalysis North Korean hackers stole $2.02 billion in crypto in 2025, a 51% year-over-year increase, bringing their all-time total to $6.75 billion.
They're doing fewer attacks, but bigger hauls. The DPRK is embedding IT workers inside crypto firms and using sophisticated impersonation tactics targeting executives.
After major thefts, laundering follows within 45 days β predominantly through Chinese-language services, bridges and mixing protocols.
π₯12π11
βΌοΈ A BIZARRE copyright claim system abuse happened on YouTube. Italian TV channel La7 used Nvidia's DLSS 5 trailer footage in a broadcast, then filed copyright claims against Nvidia and other YouTubers using the same material. Their videos are now taken down.
π€£33β€2π1
βΌοΈ Google, Meta, Microsoft and Snap are pushing the EU to quickly revive 'Chat Control 1.0' β a now-expired exemption allowing indiscriminate mass scanning of user data for 'abuse material'.
Digital rights experts claim tech firms are deliberately spreading fear to protect their profits and data access β and that mass surveillance won't save a single child.
The exemption lapsed last week. The companies call this "irresponsible."
β 99% of all EU police reports came from Meta alone
β 48% of flagged chats were irrelevant to criminal proceedings
β 40% of German investigations targeted minors sharing consensual images
β PhotoDNA scanning software found "unreliable" by researchers
β 0.0000027% of scanned messages were actually illegal
β No measurable link between mass scanning and actual convictions
Chat Control 1.0 disinformation, fact-checked:
β "Parliament's fault" β EU member states sabotaged talks to protect Chat Control 2.0
β "Tech is precise" β 13-20% error rates, 0.0000027% of scanned messages were actually illegal
β "Victims want this" β Real victims are suing against it
β The loudest lobbyist? US company Thorn β who sells the scanning software
Mass surveillance was never about protecting children, but for profits.
Digital rights experts claim tech firms are deliberately spreading fear to protect their profits and data access β and that mass surveillance won't save a single child.
The exemption lapsed last week. The companies call this "irresponsible."
β 99% of all EU police reports came from Meta alone
β 48% of flagged chats were irrelevant to criminal proceedings
β 40% of German investigations targeted minors sharing consensual images
β PhotoDNA scanning software found "unreliable" by researchers
β 0.0000027% of scanned messages were actually illegal
β No measurable link between mass scanning and actual convictions
Chat Control 1.0 disinformation, fact-checked:
β "Parliament's fault" β EU member states sabotaged talks to protect Chat Control 2.0
β "Tech is precise" β 13-20% error rates, 0.0000027% of scanned messages were actually illegal
β "Victims want this" β Real victims are suing against it
β The loudest lobbyist? US company Thorn β who sells the scanning software
Mass surveillance was never about protecting children, but for profits.
π€¬12β€9π4
This media is not supported in your browser
VIEW IN TELEGRAM
βΌοΈπ°π΅ A North Korean state-sponsored hacker is asked during a job interview to say "Kim Jong-un is a fat ugly pig."
He unmasked himself by refusing β as saying it would most certainly lead to his execution.
He unmasked himself by refusing β as saying it would most certainly lead to his execution.
π€£45π11π’1
π¨βΌοΈ An angry researcher just dropped a Windows Defender 0day exploit, he has a message to Microsoft:
"I'm not explaining how this works, yall geniuses can figure it out."
The exploit targets Defender's internal signature update mechanism to achieve local privilege escalation.
Researcher "Chaotic Eclipse" has dropped a full PoC for a vulnerability in Windows Defender's signature update mechanism.
The attack chain:
β Connects to Defender's internal RPC interface (IMpService) to call the engine signature update function
β Downloads the real Defender update package from Microsoft and extracts the embedded .cab in-memory
β Abuses NTFS symlinks/junctions via undocumented NT APIs to redirect Defender's SYSTEM-context file operations
β Uses Windows Cloud Files API callbacks + Volume Shadow Copy for race condition synchronization
β Includes offline registry manipulation via Microsoft's offreg library
β Full result: local privilege escalation / security bypass through Defender's own update process running as SYSTEM
β οΈ Author claims this is unpatched at time of disclosure.
π github.com/Nightmare-Eclipse/BlueHammer
Note: Author acknowledges bugs in the PoC that may prevent consistent execution.
"I'm not explaining how this works, yall geniuses can figure it out."
The exploit targets Defender's internal signature update mechanism to achieve local privilege escalation.
Researcher "Chaotic Eclipse" has dropped a full PoC for a vulnerability in Windows Defender's signature update mechanism.
The attack chain:
β Connects to Defender's internal RPC interface (IMpService) to call the engine signature update function
β Downloads the real Defender update package from Microsoft and extracts the embedded .cab in-memory
β Abuses NTFS symlinks/junctions via undocumented NT APIs to redirect Defender's SYSTEM-context file operations
β Uses Windows Cloud Files API callbacks + Volume Shadow Copy for race condition synchronization
β Includes offline registry manipulation via Microsoft's offreg library
β Full result: local privilege escalation / security bypass through Defender's own update process running as SYSTEM
β οΈ Author claims this is unpatched at time of disclosure.
π github.com/Nightmare-Eclipse/BlueHammer
Note: Author acknowledges bugs in the PoC that may prevent consistent execution.
π14β€8π₯4
This media is not supported in your browser
VIEW IN TELEGRAM
You can now whip Claude for it to work fasterβ¦
https://github.com/GitFrog1111/badclaude
npm install -g badclaude
badclaude
https://github.com/GitFrog1111/badclaude
npm install -g badclaude
badclaude
π€£29π±1π₯΄1
βΌοΈ A BreachForums administrator has allegedly been identified β caught using his real IP and reusing the same passwords across his criminal persona and business accounts.
Meet Angel Tsvetkov AKA N/A: a Bulgarian cybersecurity specialist, penetration tester and bug bounty researcher known for responsibly disclosing vulnerabilities in major global platforms.
Harvard acknowledgement. HackerOne profile. Responsible disclosure credits from Ford, Bosch and the BBC.
Also allegedly: BreachForums admin, escrow fraudster, double exit scammer.
Mr. Tsvetkov made some threat actors really angry after trying to exit scam BreachForums:
β March 15: forum goes dark: later confirmed as an exit scam by administrator N/A
β March 25: N/A relaunches under alias "Caine" using a February backup
β March 27: moderation team confirms Caine = N/A, entire mod team resigns
β N/A attempts to sell the forum again
And as a reaction he has been published on the Wall of Fame of PwnForums.
Meet Angel Tsvetkov AKA N/A: a Bulgarian cybersecurity specialist, penetration tester and bug bounty researcher known for responsibly disclosing vulnerabilities in major global platforms.
Harvard acknowledgement. HackerOne profile. Responsible disclosure credits from Ford, Bosch and the BBC.
Also allegedly: BreachForums admin, escrow fraudster, double exit scammer.
Mr. Tsvetkov made some threat actors really angry after trying to exit scam BreachForums:
β March 15: forum goes dark: later confirmed as an exit scam by administrator N/A
β March 25: N/A relaunches under alias "Caine" using a February backup
β March 27: moderation team confirms Caine = N/A, entire mod team resigns
β N/A attempts to sell the forum again
And as a reaction he has been published on the Wall of Fame of PwnForums.
π±17π2π₯°1