โผ๏ธ๐ฉ๐ช German police just doxed two members of Russian ransomware gang GandCrab/REvil, suspected of at least 130 cases of extortion.
Meet Daniil Maksimovich Shchukin a.k.a. UNKN (a.k.a. UNKNOWN) and Anatoly Sergeevich Kravchuk.
https://www.schleswig-holstein.de/DE/landesregierung/ministerien-behoerden/POLIZEI/Fahndungen/fahndungen_taeter/LKA_BW_Shchukin_Kravchuk_2026/LKA_BW_Shchukin_Kravchuk_2026
Meet Daniil Maksimovich Shchukin a.k.a. UNKN (a.k.a. UNKNOWN) and Anatoly Sergeevich Kravchuk.
https://www.schleswig-holstein.de/DE/landesregierung/ministerien-behoerden/POLIZEI/Fahndungen/fahndungen_taeter/LKA_BW_Shchukin_Kravchuk_2026/LKA_BW_Shchukin_Kravchuk_2026
๐7
โผ๏ธ Update: During the recent Adobe breach, a supervisor was compromised through a live chat with her colleague.
[9:59 PM] "I clicked on the link.", she wrote.
She was presented with a fake Adobe site with fake security updates, where Mr. Raccoon performed a ClickFix attack.
[9:59 PM] "I clicked on the link.", she wrote.
She was presented with a fake Adobe site with fake security updates, where Mr. Raccoon performed a ClickFix attack.
๐ฅ7๐7โค2
๐จ Healthcare software provider ChipSoft has been struck by a ransomware attack. The company supplies patient record systems to hospitals across the Netherlands.
Their website has been unreachable all day. Healthcare institutions are being advised to disconnect their VPN connections immediately.
Their website has been unreachable all day. Healthcare institutions are being advised to disconnect their VPN connections immediately.
๐ฑ7๐1
๐จโผ๏ธ BREAKING: Israeli company Anodot has been compromised โ multiple customers are confirmed being extorted due to integrations with AWS, Google, Azure, Cisco, Oracle, Salesforce and more.
It's a major incident. The company isn't responding, they haven't disclosed anything and their status page is serving a static JPEG.
Anodot is a shady company โ we've heard they haven't replied to any emails journalists have sent. Even their AI assistant looks like the Unabomber on crack...
Anodot's status page during an active breach. A static JPEG.
Assume compromise of whatever you have integrated Anodot with!
These are their top 10 integrations:
1. Amazon: Amazon Kinesis, Amazon Timestream, Amazon Redshift, Amazon S3, Amazon S3 Parquet, Amazon SNS
2. Google: Google Ads, Google Analytics, Google BigQuery, Google Storage, Google Auction Insights
3. Microsoft: Azure Event Hubs, Microsoft SQL Server, Microsoft Teams, PowerBI
4. Meta: Facebook Ads
5. Huawei: Huawei Management System, Huawei OSS
6. Cisco: Cisco Management System, Cisco Network-SNMP
7. Oracle: Oracle Database
8. Salesforce: Salesforce
9. Nokia: Nokia Management System, Nokia OSS
10. Adobe: Adobe Analytics
Full list: https://www.anodot.com/integrations/
A BleepingComputer article only mentions Snowflake being hit โ but we now know it's almost all of their integrations. This confirms Anodot was compromised.
https://www.bleepingcomputer.com/news/security/snowflake-customers-hit-in-data-theft-attacks-after-saas-integrator-breach/
Anodot's customers include:
Affirm, Atlassian, Credit Karma, Eyeview, King, LivePerson, NetSeer, Pandora, Payoneer, Penske Media Corporation (PMC), Puma, Razorpay, Rubicon Project (Magnite), SAP, T-Mobile, TripAdvisor, Uprise, UPS, Vimeo, Vodafone, Xandr.
It's a major incident. The company isn't responding, they haven't disclosed anything and their status page is serving a static JPEG.
Anodot is a shady company โ we've heard they haven't replied to any emails journalists have sent. Even their AI assistant looks like the Unabomber on crack...
Anodot's status page during an active breach. A static JPEG.
Assume compromise of whatever you have integrated Anodot with!
These are their top 10 integrations:
1. Amazon: Amazon Kinesis, Amazon Timestream, Amazon Redshift, Amazon S3, Amazon S3 Parquet, Amazon SNS
2. Google: Google Ads, Google Analytics, Google BigQuery, Google Storage, Google Auction Insights
3. Microsoft: Azure Event Hubs, Microsoft SQL Server, Microsoft Teams, PowerBI
4. Meta: Facebook Ads
5. Huawei: Huawei Management System, Huawei OSS
6. Cisco: Cisco Management System, Cisco Network-SNMP
7. Oracle: Oracle Database
8. Salesforce: Salesforce
9. Nokia: Nokia Management System, Nokia OSS
10. Adobe: Adobe Analytics
Full list: https://www.anodot.com/integrations/
A BleepingComputer article only mentions Snowflake being hit โ but we now know it's almost all of their integrations. This confirms Anodot was compromised.
https://www.bleepingcomputer.com/news/security/snowflake-customers-hit-in-data-theft-attacks-after-saas-integrator-breach/
Anodot's customers include:
Affirm, Atlassian, Credit Karma, Eyeview, King, LivePerson, NetSeer, Pandora, Payoneer, Penske Media Corporation (PMC), Puma, Razorpay, Rubicon Project (Magnite), SAP, T-Mobile, TripAdvisor, Uprise, UPS, Vimeo, Vodafone, Xandr.
๐คฃ8โค2๐1๐ฅฐ1๐ค1
๐ณ๐ฑโผ๏ธ People in the Netherlands are going to die tomorrow because of a breach. A national public health crisis is looming.
14 million people rely on hospitals and healthcare providers using ChipSoft for patient records.
A hypothetical thread ๐งต
Step 1: Cloud vs. On-Premise
โ ~65% of ChipSoft hospitals run on-premise or privately hosted
โ ~35% rely on ChipSoft's cloud/SaaS model
Step 2: On-Premise hospitals aren't safe either
They can still view historical patient data โ but cannot log new data. Morphine doses, lab results, new admissions โ all reverting to pen and paper. Elective surgeries cancelled, emergency capacity severely limited.
Step 3: Cloud hospitals are completely blind
No medical histories. No allergy warnings. No medication lists. Ambulances diverted. Total operational paralysis.
Step 4: The human cost
Based on ~21,000 weekly admissions across the Dutch ChipSoft network:
โ Cloud hospitals: ~38 excess deaths in week one
โ On-premise hospitals: ~20-30 excess deaths in week one
โ Total: 58-68 excess deaths per week if the outage is sustained
Step 5: The domino effect
Within 48-72 hours, diverted ambulances overwhelm non-impacted hospitals. ICU capacity collapses nationwide. A localised IT failure becomes a national public health crisis.
Disclaimer: the above is hypothetical, as some data isn't public (such as cloud vs. on-premise ratios) and we don't have access to internal documentation or high-level architecture. We still felt it was important to post it to sound the alarm.
That said, does anyone know who breached ChipSoft? Or does anyone have tips / work at or with ChipSoft?
14 million people rely on hospitals and healthcare providers using ChipSoft for patient records.
A hypothetical thread ๐งต
Step 1: Cloud vs. On-Premise
โ ~65% of ChipSoft hospitals run on-premise or privately hosted
โ ~35% rely on ChipSoft's cloud/SaaS model
Step 2: On-Premise hospitals aren't safe either
They can still view historical patient data โ but cannot log new data. Morphine doses, lab results, new admissions โ all reverting to pen and paper. Elective surgeries cancelled, emergency capacity severely limited.
Step 3: Cloud hospitals are completely blind
No medical histories. No allergy warnings. No medication lists. Ambulances diverted. Total operational paralysis.
Step 4: The human cost
Based on ~21,000 weekly admissions across the Dutch ChipSoft network:
โ Cloud hospitals: ~38 excess deaths in week one
โ On-premise hospitals: ~20-30 excess deaths in week one
โ Total: 58-68 excess deaths per week if the outage is sustained
Step 5: The domino effect
Within 48-72 hours, diverted ambulances overwhelm non-impacted hospitals. ICU capacity collapses nationwide. A localised IT failure becomes a national public health crisis.
Disclaimer: the above is hypothetical, as some data isn't public (such as cloud vs. on-premise ratios) and we don't have access to internal documentation or high-level architecture. We still felt it was important to post it to sound the alarm.
That said, does anyone know who breached ChipSoft? Or does anyone have tips / work at or with ChipSoft?
๐ข11โค3๐2๐คฃ2๐คฏ1๐1
๐จโผ๏ธ Microsoft has suspended the developer accounts of WireGuard and VeraCrypt, making it impossible for them to push updates in case of critical vulnerabilities.
WireGuard is used by hundreds of millions of users โ directly and indirectly via VPN apps like NordVPN and others.
WireGuard dev: "What if there were some critical RCE in WireGuard (...) exploited in the wild, and I needed to update users immediately? (...) In that case, Microsoft would have my hands entirely tied."
WireGuard is used by hundreds of millions of users โ directly and indirectly via VPN apps like NordVPN and others.
WireGuard dev: "What if there were some critical RCE in WireGuard (...) exploited in the wild, and I needed to update users immediately? (...) In that case, Microsoft would have my hands entirely tied."
๐คฌ27๐ฅ1๐1
โผ๏ธ A New York Times reporter claims to have uncovered the true identity of Satoshi Nakamoto, the pseudonymous founder of Bitcoin.
https://nytimes.com/2026/04/08/business/bitcoin-satoshi-nakamoto-identity-adam-back.html?unlocked_article_code=1.ZVA.5_s8.hTKeCkV97kow&smid=tw-share
https://nytimes.com/2026/04/08/business/bitcoin-satoshi-nakamoto-identity-adam-back.html?unlocked_article_code=1.ZVA.5_s8.hTKeCkV97kow&smid=tw-share
๐คฃ19๐คฏ1
โผ๏ธ Tesla is remotely disabling cars and emailing owners who have been using FSD activation hacks in countries where FSD is not yet permitted.
Users report they had no say in it, Tesla simply altered the software remotely and is forcing them to update. Disabling connectivity isn't possible on most cars due to built-in eSIM.
This comes at a very sensitive time, Tesla is awaiting FSD approval by Dutch regulatory authority RDW in Europe. Can't have illegal vehicles driving around.
Sources told us that RDW will not approve FSD for a 2nd time tomorrow, meaning EU users will have to wait even longer...
Users report they had no say in it, Tesla simply altered the software remotely and is forcing them to update. Disabling connectivity isn't possible on most cars due to built-in eSIM.
This comes at a very sensitive time, Tesla is awaiting FSD approval by Dutch regulatory authority RDW in Europe. Can't have illegal vehicles driving around.
Sources told us that RDW will not approve FSD for a 2nd time tomorrow, meaning EU users will have to wait even longer...
๐ฉ11๐2โค1๐คฌ1
๐จ BREAKING: The FBI has successfully extracted deleted Signal messages from a suspect's iPhone via notification storage, the place where all your notifications are stored for up to one month.
Notification storage stores data from all messaging apps, it's a big flaw in iOS. But there's a way to turn it off...
Go to iOS Settings โ Notifications โ [App Name] โ Show Previews and set it to Never.
You can also do this globally under Settings โ Notifications โ Show Previews โ Never
Also don't forget to turn on Advanced Data Protection in your iCloud settings if you really want to OWN your data.
Notification storage stores data from all messaging apps, it's a big flaw in iOS. But there's a way to turn it off...
Go to iOS Settings โ Notifications โ [App Name] โ Show Previews and set it to Never.
You can also do this globally under Settings โ Notifications โ Show Previews โ Never
Also don't forget to turn on Advanced Data Protection in your iCloud settings if you really want to OWN your data.
๐ฑ20๐ฅ7โค1๐1