‼️ A BreachForums administrator has allegedly been identified — caught using his real IP and reusing the same passwords across his criminal persona and business accounts.
Meet Angel Tsvetkov AKA N/A: a Bulgarian cybersecurity specialist, penetration tester and bug bounty researcher known for responsibly disclosing vulnerabilities in major global platforms.
Harvard acknowledgement. HackerOne profile. Responsible disclosure credits from Ford, Bosch and the BBC.
Also allegedly: BreachForums admin, escrow fraudster, double exit scammer.
Mr. Tsvetkov made some threat actors really angry after trying to exit scam BreachForums:
→ March 15: forum goes dark: later confirmed as an exit scam by administrator N/A
→ March 25: N/A relaunches under alias "Caine" using a February backup
→ March 27: moderation team confirms Caine = N/A, entire mod team resigns
→ N/A attempts to sell the forum again
And as a reaction he has been published on the Wall of Fame of PwnForums.
Meet Angel Tsvetkov AKA N/A: a Bulgarian cybersecurity specialist, penetration tester and bug bounty researcher known for responsibly disclosing vulnerabilities in major global platforms.
Harvard acknowledgement. HackerOne profile. Responsible disclosure credits from Ford, Bosch and the BBC.
Also allegedly: BreachForums admin, escrow fraudster, double exit scammer.
Mr. Tsvetkov made some threat actors really angry after trying to exit scam BreachForums:
→ March 15: forum goes dark: later confirmed as an exit scam by administrator N/A
→ March 25: N/A relaunches under alias "Caine" using a February backup
→ March 27: moderation team confirms Caine = N/A, entire mod team resigns
→ N/A attempts to sell the forum again
And as a reaction he has been published on the Wall of Fame of PwnForums.
😱17😁2🥰1
‼️🇩🇪 German police just doxed two members of Russian ransomware gang GandCrab/REvil, suspected of at least 130 cases of extortion.
Meet Daniil Maksimovich Shchukin a.k.a. UNKN (a.k.a. UNKNOWN) and Anatoly Sergeevich Kravchuk.
https://www.schleswig-holstein.de/DE/landesregierung/ministerien-behoerden/POLIZEI/Fahndungen/fahndungen_taeter/LKA_BW_Shchukin_Kravchuk_2026/LKA_BW_Shchukin_Kravchuk_2026
Meet Daniil Maksimovich Shchukin a.k.a. UNKN (a.k.a. UNKNOWN) and Anatoly Sergeevich Kravchuk.
https://www.schleswig-holstein.de/DE/landesregierung/ministerien-behoerden/POLIZEI/Fahndungen/fahndungen_taeter/LKA_BW_Shchukin_Kravchuk_2026/LKA_BW_Shchukin_Kravchuk_2026
👏7
‼️ Update: During the recent Adobe breach, a supervisor was compromised through a live chat with her colleague.
[9:59 PM] "I clicked on the link.", she wrote.
She was presented with a fake Adobe site with fake security updates, where Mr. Raccoon performed a ClickFix attack.
[9:59 PM] "I clicked on the link.", she wrote.
She was presented with a fake Adobe site with fake security updates, where Mr. Raccoon performed a ClickFix attack.
🔥7😁7❤2
🚨 Healthcare software provider ChipSoft has been struck by a ransomware attack. The company supplies patient record systems to hospitals across the Netherlands.
Their website has been unreachable all day. Healthcare institutions are being advised to disconnect their VPN connections immediately.
Their website has been unreachable all day. Healthcare institutions are being advised to disconnect their VPN connections immediately.
😱7😁1
🚨‼️ BREAKING: Israeli company Anodot has been compromised — multiple customers are confirmed being extorted due to integrations with AWS, Google, Azure, Cisco, Oracle, Salesforce and more.
It's a major incident. The company isn't responding, they haven't disclosed anything and their status page is serving a static JPEG.
Anodot is a shady company — we've heard they haven't replied to any emails journalists have sent. Even their AI assistant looks like the Unabomber on crack...
Anodot's status page during an active breach. A static JPEG.
Assume compromise of whatever you have integrated Anodot with!
These are their top 10 integrations:
1. Amazon: Amazon Kinesis, Amazon Timestream, Amazon Redshift, Amazon S3, Amazon S3 Parquet, Amazon SNS
2. Google: Google Ads, Google Analytics, Google BigQuery, Google Storage, Google Auction Insights
3. Microsoft: Azure Event Hubs, Microsoft SQL Server, Microsoft Teams, PowerBI
4. Meta: Facebook Ads
5. Huawei: Huawei Management System, Huawei OSS
6. Cisco: Cisco Management System, Cisco Network-SNMP
7. Oracle: Oracle Database
8. Salesforce: Salesforce
9. Nokia: Nokia Management System, Nokia OSS
10. Adobe: Adobe Analytics
Full list: https://www.anodot.com/integrations/
A BleepingComputer article only mentions Snowflake being hit — but we now know it's almost all of their integrations. This confirms Anodot was compromised.
https://www.bleepingcomputer.com/news/security/snowflake-customers-hit-in-data-theft-attacks-after-saas-integrator-breach/
Anodot's customers include:
Affirm, Atlassian, Credit Karma, Eyeview, King, LivePerson, NetSeer, Pandora, Payoneer, Penske Media Corporation (PMC), Puma, Razorpay, Rubicon Project (Magnite), SAP, T-Mobile, TripAdvisor, Uprise, UPS, Vimeo, Vodafone, Xandr.
It's a major incident. The company isn't responding, they haven't disclosed anything and their status page is serving a static JPEG.
Anodot is a shady company — we've heard they haven't replied to any emails journalists have sent. Even their AI assistant looks like the Unabomber on crack...
Anodot's status page during an active breach. A static JPEG.
Assume compromise of whatever you have integrated Anodot with!
These are their top 10 integrations:
1. Amazon: Amazon Kinesis, Amazon Timestream, Amazon Redshift, Amazon S3, Amazon S3 Parquet, Amazon SNS
2. Google: Google Ads, Google Analytics, Google BigQuery, Google Storage, Google Auction Insights
3. Microsoft: Azure Event Hubs, Microsoft SQL Server, Microsoft Teams, PowerBI
4. Meta: Facebook Ads
5. Huawei: Huawei Management System, Huawei OSS
6. Cisco: Cisco Management System, Cisco Network-SNMP
7. Oracle: Oracle Database
8. Salesforce: Salesforce
9. Nokia: Nokia Management System, Nokia OSS
10. Adobe: Adobe Analytics
Full list: https://www.anodot.com/integrations/
A BleepingComputer article only mentions Snowflake being hit — but we now know it's almost all of their integrations. This confirms Anodot was compromised.
https://www.bleepingcomputer.com/news/security/snowflake-customers-hit-in-data-theft-attacks-after-saas-integrator-breach/
Anodot's customers include:
Affirm, Atlassian, Credit Karma, Eyeview, King, LivePerson, NetSeer, Pandora, Payoneer, Penske Media Corporation (PMC), Puma, Razorpay, Rubicon Project (Magnite), SAP, T-Mobile, TripAdvisor, Uprise, UPS, Vimeo, Vodafone, Xandr.
🤣8❤2👍1🥰1🤔1
🇳🇱‼️ People in the Netherlands are going to die tomorrow because of a breach. A national public health crisis is looming.
14 million people rely on hospitals and healthcare providers using ChipSoft for patient records.
A hypothetical thread 🧵
Step 1: Cloud vs. On-Premise
→ ~65% of ChipSoft hospitals run on-premise or privately hosted
→ ~35% rely on ChipSoft's cloud/SaaS model
Step 2: On-Premise hospitals aren't safe either
They can still view historical patient data — but cannot log new data. Morphine doses, lab results, new admissions — all reverting to pen and paper. Elective surgeries cancelled, emergency capacity severely limited.
Step 3: Cloud hospitals are completely blind
No medical histories. No allergy warnings. No medication lists. Ambulances diverted. Total operational paralysis.
Step 4: The human cost
Based on ~21,000 weekly admissions across the Dutch ChipSoft network:
→ Cloud hospitals: ~38 excess deaths in week one
→ On-premise hospitals: ~20-30 excess deaths in week one
→ Total: 58-68 excess deaths per week if the outage is sustained
Step 5: The domino effect
Within 48-72 hours, diverted ambulances overwhelm non-impacted hospitals. ICU capacity collapses nationwide. A localised IT failure becomes a national public health crisis.
Disclaimer: the above is hypothetical, as some data isn't public (such as cloud vs. on-premise ratios) and we don't have access to internal documentation or high-level architecture. We still felt it was important to post it to sound the alarm.
That said, does anyone know who breached ChipSoft? Or does anyone have tips / work at or with ChipSoft?
14 million people rely on hospitals and healthcare providers using ChipSoft for patient records.
A hypothetical thread 🧵
Step 1: Cloud vs. On-Premise
→ ~65% of ChipSoft hospitals run on-premise or privately hosted
→ ~35% rely on ChipSoft's cloud/SaaS model
Step 2: On-Premise hospitals aren't safe either
They can still view historical patient data — but cannot log new data. Morphine doses, lab results, new admissions — all reverting to pen and paper. Elective surgeries cancelled, emergency capacity severely limited.
Step 3: Cloud hospitals are completely blind
No medical histories. No allergy warnings. No medication lists. Ambulances diverted. Total operational paralysis.
Step 4: The human cost
Based on ~21,000 weekly admissions across the Dutch ChipSoft network:
→ Cloud hospitals: ~38 excess deaths in week one
→ On-premise hospitals: ~20-30 excess deaths in week one
→ Total: 58-68 excess deaths per week if the outage is sustained
Step 5: The domino effect
Within 48-72 hours, diverted ambulances overwhelm non-impacted hospitals. ICU capacity collapses nationwide. A localised IT failure becomes a national public health crisis.
Disclaimer: the above is hypothetical, as some data isn't public (such as cloud vs. on-premise ratios) and we don't have access to internal documentation or high-level architecture. We still felt it was important to post it to sound the alarm.
That said, does anyone know who breached ChipSoft? Or does anyone have tips / work at or with ChipSoft?
😢11❤3😁2🤣2🤯1🎉1
🚨‼️ Microsoft has suspended the developer accounts of WireGuard and VeraCrypt, making it impossible for them to push updates in case of critical vulnerabilities.
WireGuard is used by hundreds of millions of users — directly and indirectly via VPN apps like NordVPN and others.
WireGuard dev: "What if there were some critical RCE in WireGuard (...) exploited in the wild, and I needed to update users immediately? (...) In that case, Microsoft would have my hands entirely tied."
WireGuard is used by hundreds of millions of users — directly and indirectly via VPN apps like NordVPN and others.
WireGuard dev: "What if there were some critical RCE in WireGuard (...) exploited in the wild, and I needed to update users immediately? (...) In that case, Microsoft would have my hands entirely tied."
🤬27🔥1😁1
‼️ A New York Times reporter claims to have uncovered the true identity of Satoshi Nakamoto, the pseudonymous founder of Bitcoin.
https://nytimes.com/2026/04/08/business/bitcoin-satoshi-nakamoto-identity-adam-back.html?unlocked_article_code=1.ZVA.5_s8.hTKeCkV97kow&smid=tw-share
https://nytimes.com/2026/04/08/business/bitcoin-satoshi-nakamoto-identity-adam-back.html?unlocked_article_code=1.ZVA.5_s8.hTKeCkV97kow&smid=tw-share
🤣19🤯1
‼️ Tesla is remotely disabling cars and emailing owners who have been using FSD activation hacks in countries where FSD is not yet permitted.
Users report they had no say in it, Tesla simply altered the software remotely and is forcing them to update. Disabling connectivity isn't possible on most cars due to built-in eSIM.
This comes at a very sensitive time, Tesla is awaiting FSD approval by Dutch regulatory authority RDW in Europe. Can't have illegal vehicles driving around.
Sources told us that RDW will not approve FSD for a 2nd time tomorrow, meaning EU users will have to wait even longer...
Users report they had no say in it, Tesla simply altered the software remotely and is forcing them to update. Disabling connectivity isn't possible on most cars due to built-in eSIM.
This comes at a very sensitive time, Tesla is awaiting FSD approval by Dutch regulatory authority RDW in Europe. Can't have illegal vehicles driving around.
Sources told us that RDW will not approve FSD for a 2nd time tomorrow, meaning EU users will have to wait even longer...
💩11😁2❤1🤬1