‼️ Google, Meta, Microsoft and Snap are pushing the EU to quickly revive 'Chat Control 1.0' — a now-expired exemption allowing indiscriminate mass scanning of user data for 'abuse material'.

Digital rights experts claim tech firms are deliberately spreading fear to protect their profits and data access — and that mass surveillance won't save a single child.

The exemption lapsed last week. The companies call this "irresponsible."

→ 99% of all EU police reports came from Meta alone
→ 48% of flagged chats were irrelevant to criminal proceedings
→ 40% of German investigations targeted minors sharing consensual images
→ PhotoDNA scanning software found "unreliable" by researchers
→ 0.0000027% of scanned messages were actually illegal
→ No measurable link between mass scanning and actual convictions

Chat Control 1.0 disinformation, fact-checked:

→ "Parliament's fault" — EU member states sabotaged talks to protect Chat Control 2.0
→ "Tech is precise" — 13-20% error rates, 0.0000027% of scanned messages were actually illegal
→ "Victims want this" — Real victims are suing against it
→ The loudest lobbyist? US company Thorn — who sells the scanning software

Mass surveillance was never about protecting children, but for profits.

🚨‼️ An angry researcher just dropped a Windows Defender 0day exploit, he has a message to Microsoft:

"I'm not explaining how this works, yall geniuses can figure it out."

The exploit targets Defender's internal signature update mechanism to achieve local privilege escalation.

Researcher "Chaotic Eclipse" has dropped a full PoC for a vulnerability in Windows Defender's signature update mechanism.

The attack chain:

→ Connects to Defender's internal RPC interface (IMpService) to call the engine signature update function
→ Downloads the real Defender update package from Microsoft and extracts the embedded .cab in-memory
→ Abuses NTFS symlinks/junctions via undocumented NT APIs to redirect Defender's SYSTEM-context file operations
→ Uses Windows Cloud Files API callbacks + Volume Shadow Copy for race condition synchronization
→ Includes offline registry manipulation via Microsoft's offreg library
→ Full result: local privilege escalation / security bypass through Defender's own update process running as SYSTEM

⚠️ Author claims this is unpatched at time of disclosure.

🔗 github.com/Nightmare-Eclipse/BlueHammer

Note: Author acknowledges bugs in the PoC that may prevent consistent execution.

‼️ A BreachForums administrator has allegedly been identified — caught using his real IP and reusing the same passwords across his criminal persona and business accounts.

Meet Angel Tsvetkov AKA N/A: a Bulgarian cybersecurity specialist, penetration tester and bug bounty researcher known for responsibly disclosing vulnerabilities in major global platforms.

Harvard acknowledgement. HackerOne profile. Responsible disclosure credits from Ford, Bosch and the BBC.

Also allegedly: BreachForums admin, escrow fraudster, double exit scammer.

Mr. Tsvetkov made some threat actors really angry after trying to exit scam BreachForums:

→ March 15: forum goes dark: later confirmed as an exit scam by administrator N/A
→ March 25: N/A relaunches under alias "Caine" using a February backup
→ March 27: moderation team confirms Caine = N/A, entire mod team resigns
→ N/A attempts to sell the forum again

And as a reaction he has been published on the Wall of Fame of PwnForums.

‼️🇩🇪 German police just doxed two members of Russian ransomware gang GandCrab/REvil, suspected of at least 130 cases of extortion.

Meet Daniil Maksimovich Shchukin a.k.a. UNKN (a.k.a. UNKNOWN) and Anatoly Sergeevich Kravchuk.

https://www.schleswig-holstein.de/DE/landesregierung/ministerien-behoerden/POLIZEI/Fahndungen/fahndungen_taeter/LKA_BW_Shchukin_Kravchuk_2026/LKA_BW_Shchukin_Kravchuk_2026

‼️ Update: During the recent Adobe breach, a supervisor was compromised through a live chat with her colleague.

[9:59 PM] "I clicked on the link.", she wrote.

She was presented with a fake Adobe site with fake security updates, where Mr. Raccoon performed a ClickFix attack.

🚨 Healthcare software provider ChipSoft has been struck by a ransomware attack. The company supplies patient record systems to hospitals across the Netherlands.

Their website has been unreachable all day. Healthcare institutions are being advised to disconnect their VPN connections immediately.

🚨‼️ BREAKING: Israeli company Anodot has been compromised — multiple customers are confirmed being extorted due to integrations with AWS, Google, Azure, Cisco, Oracle, Salesforce and more.

It's a major incident. The company isn't responding, they haven't disclosed anything and their status page is serving a static JPEG.

Anodot is a shady company — we've heard they haven't replied to any emails journalists have sent. Even their AI assistant looks like the Unabomber on crack...

Anodot's status page during an active breach. A static JPEG.

Assume compromise of whatever you have integrated Anodot with!

These are their top 10 integrations:

1. Amazon: Amazon Kinesis, Amazon Timestream, Amazon Redshift, Amazon S3, Amazon S3 Parquet, Amazon SNS
2. Google: Google Ads, Google Analytics, Google BigQuery, Google Storage, Google Auction Insights
3. Microsoft: Azure Event Hubs, Microsoft SQL Server, Microsoft Teams, PowerBI
4. Meta: Facebook Ads
5. Huawei: Huawei Management System, Huawei OSS
6. Cisco: Cisco Management System, Cisco Network-SNMP
7. Oracle: Oracle Database
8. Salesforce: Salesforce
9. Nokia: Nokia Management System, Nokia OSS
10. Adobe: Adobe Analytics

Full list: https://www.anodot.com/integrations/

A BleepingComputer article only mentions Snowflake being hit — but we now know it's almost all of their integrations. This confirms Anodot was compromised.

https://www.bleepingcomputer.com/news/security/snowflake-customers-hit-in-data-theft-attacks-after-saas-integrator-breach/

Anodot's customers include:

Affirm, Atlassian, Credit Karma, Eyeview, King, LivePerson, NetSeer, Pandora, Payoneer, Penske Media Corporation (PMC), Puma, Razorpay, Rubicon Project (Magnite), SAP, T-Mobile, TripAdvisor, Uprise, UPS, Vimeo, Vodafone, Xandr.

🇳🇱‼️ People in the Netherlands are going to die tomorrow because of a breach. A national public health crisis is looming.

14 million people rely on hospitals and healthcare providers using ChipSoft for patient records.

A hypothetical thread 🧵

Step 1: Cloud vs. On-Premise
→ ~65% of ChipSoft hospitals run on-premise or privately hosted
→ ~35% rely on ChipSoft's cloud/SaaS model

Step 2: On-Premise hospitals aren't safe either
They can still view historical patient data — but cannot log new data. Morphine doses, lab results, new admissions — all reverting to pen and paper. Elective surgeries cancelled, emergency capacity severely limited.

Step 3: Cloud hospitals are completely blind
No medical histories. No allergy warnings. No medication lists. Ambulances diverted. Total operational paralysis.

Step 4: The human cost
Based on ~21,000 weekly admissions across the Dutch ChipSoft network:
→ Cloud hospitals: ~38 excess deaths in week one
→ On-premise hospitals: ~20-30 excess deaths in week one
→ Total: 58-68 excess deaths per week if the outage is sustained

Step 5: The domino effect
Within 48-72 hours, diverted ambulances overwhelm non-impacted hospitals. ICU capacity collapses nationwide. A localised IT failure becomes a national public health crisis.

Disclaimer: the above is hypothetical, as some data isn't public (such as cloud vs. on-premise ratios) and we don't have access to internal documentation or high-level architecture. We still felt it was important to post it to sound the alarm.

That said, does anyone know who breached ChipSoft? Or does anyone have tips / work at or with ChipSoft?