π¨ A fake Ledger Live app in the Apple App Store led to $9.5M stolen from over 50 victims in under one week, according to recent work by crypto detective ZachXBT.
The app even has fake 5-star reviews describing it as "incredibly smooth and reliable."
ZachXBT has mapped all suspected victims in a recent post in his Telegram channel.
The app was released by developer "SAS Software Company" and published under "Leva Heal Limited".
Link to fake app: https://archive.ph/4RVLf
The app even has fake 5-star reviews describing it as "incredibly smooth and reliable."
ZachXBT has mapped all suspected victims in a recent post in his Telegram channel.
The app was released by developer "SAS Software Company" and published under "Leva Heal Limited".
Link to fake app: https://archive.ph/4RVLf
π€£6π€―2
βΌοΈ The CEO of PUBG's owner Krafton used ChatGPT to design a corporate takeover strategy to block an acquired studio from earning a $250M payout.
ChatGPT codenamed it "Project X", and suggested locking their Steam account to prevent Subnautica 2's launch. He followed it, against his legal team's advice. He then went on to delete his ChatGPT logs.
Source: https://courts.delaware.gov/Opinions/Download.aspx?id=392880
ChatGPT codenamed it "Project X", and suggested locking their Steam account to prevent Subnautica 2's launch. He followed it, against his legal team's advice. He then went on to delete his ChatGPT logs.
Source: https://courts.delaware.gov/Opinions/Download.aspx?id=392880
π€£22β€1π₯1π1
No way π A Redditor installed malware without realising it, it kept changing his browser's search engine to Yahoo. Instead of removing the malware, he vibecoded a browser extension that also acts like malware to redirect Yahoo back to Google and published it in Google Web Store.
He has absolutely no intention of removing the malware or bloatware. Instead he says this is not a solution, but it makes "the experience less annoying."
You can now download and install his extension... Although I wouldn't recommend it. LOL.
He has absolutely no intention of removing the malware or bloatware. Instead he says this is not a solution, but it makes "the experience less annoying."
You can now download and install his extension... Although I wouldn't recommend it. LOL.
π30β€4π±1
βΌοΈ It amazes me that Signal, with "state-of-the-art E2E encryption" and a promise that "no one else can" read your messages, fails to turn off notification previews by default, while it has been known for over a decade that Apple stores them cleartext in notification storage.
Remember folks.. even your disappearing messages and deleted messages are still stored in your iOS notification storage when notification previews are on... For 1-2 months.. just sitting there waiting for whoever has the means to extract them...
Remember folks.. even your disappearing messages and deleted messages are still stored in your iOS notification storage when notification previews are on... For 1-2 months.. just sitting there waiting for whoever has the means to extract them...
π₯΄9π±4π3β€1π1
βοΈX lost its 4th court battle today against a European user β a tech lecturer who filed a GDPR data request after getting shadowbanned. He just wanted to see his data.
X intimidated the plaintiff after their first loss by sending two lawyers to one of his lectures at Leiden University. X then asked the court to impose a gag order on him, claiming he was talking about the case during his lecture β which he wasn't.
Elon Musk promised more transparency on X in 2022, including on shadowbans β where an account isn't actually banned, but its posts are quietly suppressed and hidden from search results. X has been doing exactly the opposite ever since the ownership changed.
For example, X is the only tech giant exploiting a loophole against Out-of-Court Dispute Settlement Bodies in the EU β by simply not paying them. These are independent, certified entities designed to resolve disputes between users and platforms over suspensions, shadowbans, etc. Because X doesn't pay, all of these bodies refuse to take on X cases.
X users are the only major platform users in Europe who are effectively forced to sue in court just to get their rights.
Source: https://uitspraken.rechtspraak.nl/details?id=ECLI:NL:GHAMS:2026:961
X intimidated the plaintiff after their first loss by sending two lawyers to one of his lectures at Leiden University. X then asked the court to impose a gag order on him, claiming he was talking about the case during his lecture β which he wasn't.
Elon Musk promised more transparency on X in 2022, including on shadowbans β where an account isn't actually banned, but its posts are quietly suppressed and hidden from search results. X has been doing exactly the opposite ever since the ownership changed.
For example, X is the only tech giant exploiting a loophole against Out-of-Court Dispute Settlement Bodies in the EU β by simply not paying them. These are independent, certified entities designed to resolve disputes between users and platforms over suspensions, shadowbans, etc. Because X doesn't pay, all of these bodies refuse to take on X cases.
X users are the only major platform users in Europe who are effectively forced to sue in court just to get their rights.
Source: https://uitspraken.rechtspraak.nl/details?id=ECLI:NL:GHAMS:2026:961
π6β€4
π¨ Element[.]io is experiencing a worldwide outage due to "legal reasons."
Element is a free and open-source instant messaging client based on the Matrix protocol. It provides secure, end-to-end encrypted communication for individuals, teams, and organizations.
They're working on getting it fixed right now.
Element is a free and open-source instant messaging client based on the Matrix protocol. It provides secure, end-to-end encrypted communication for individuals, teams, and organizations.
They're working on getting it fixed right now.
π’11
βοΈπΊπΈπ°π΅ Two U.S. nationals have been sentenced to 108 and 92 months in prison for running North Korean IT "laptop farms" that helped North Koreans pose as Americans and get hired at over 100 U.S. companies, including Fortune 500s.
The scheme generated $5M+ in revenue for North Korea, and gave them access to confidential data, including US defense contractor files.
https://www.justice.gov/opa/pr/two-us-nationals-sentenced-facilitating-fraudulent-remote-information-technology-worker
The scheme generated $5M+ in revenue for North Korea, and gave them access to confidential data, including US defense contractor files.
https://www.justice.gov/opa/pr/two-us-nationals-sentenced-facilitating-fraudulent-remote-information-technology-worker
π9π3π€¬3π’2π€1
π₯οΈπ₯ Two inmates at an Ohio prison built a secret hacking operation from behind bars, using computers they were supposed to be recycling. They downloaded and sold porn for snacks, built a hacker toolkit with Kali Linux and password crackers, and created fake passes to move freely around the facility.
All from two secret computers they built from recycling scraps and hid in a ceiling.
In 2014, Marion Correctional Institution signed a deal with a nonprofit called RET3 to have inmates disassemble old computers for parts. Inmates Adam Johnston and Scott Spriggs rebuilt two fully functioning PCs from the scraps instead.
Johnston hid them on plywood boards in the ceiling above a closet in a third-floor training room and ran cables directly into the prison's network switch.
To get them there, he loaded the computers onto a hygiene cart alongside soap and shampoo, wheeled it 1,100 feet across the prison, past a guard, through a metal detector, into an elevator, and up three floors.
Once connected, he could remote into the hidden machines from any inmate terminal. He stole a staff member's login by shoulder surfing. That password hadn't been changed in years.
Using those credentials, Johnston accessed DOTS, the state's offender tracking database. He searched for a young inmate serving a long sentence, found Kyle Patrick, and pulled his SSN and date of birth by bypassing a security filter through the browser's view settings.
He applied for five credit cards in Patrick's name, had his mother provide a neighbor's address as the mailing address, and she intercepted the mail. One Visa debit card was approved. She called the prison and read him the card number and activation code. He activated it from inside the prison. Both the application and activation traced back to a state government IP.
He also researched tax refund fraud via a Bloomberg article, planning to file false returns and have refunds loaded onto prepaid cards.
The computers contained Kali Linux, Wireshark, Nmap, Cain, THC Hydra, VPN tools, Tor, proxy software, and articles on making drugs, explosives, and fake credit cards.
The scheme unraveled when new web filtering software flagged the stolen credentials being used for three hours on a Friday, a day the employee didn't work. IT alerted the warden. Everyone suspected an inmate. Nobody called law enforcement.
The prison's IT specialist was emailed the exact network switch port the rogue computer was plugged into. He misread the email and physically checked the wrong port. Three days later he re-read it, followed the correct cable into the ceiling, and found two hidden computers on plywood boards. He then had inmates pull them down, contaminating the crime scene.
The warden admitted he knew illegal activity was occurring but couldn't explain why he never reported it. The state trooper assigned to the prison literally shared an office with the prison's investigator. Neither was informed. It took over a month before anyone reported it, and only because an outside security officer told them they were legally required to.
After the discovery, inmates wiped other prison computers with CCleaner at least 10 times in two days to destroy evidence. Johnston, transferred to another prison and placed in segregation with his phone access blocked, simply used another inmate's PIN to call his mother five more times.
Of 308 computers seized across the prison, 291 had no inventory tags. The investigation found no password enforcement, no IT inventory, no crime scene protection, and years of unsupervised inmate access to computers and network infrastructure.
The warden resigned.
All from two secret computers they built from recycling scraps and hid in a ceiling.
In 2014, Marion Correctional Institution signed a deal with a nonprofit called RET3 to have inmates disassemble old computers for parts. Inmates Adam Johnston and Scott Spriggs rebuilt two fully functioning PCs from the scraps instead.
Johnston hid them on plywood boards in the ceiling above a closet in a third-floor training room and ran cables directly into the prison's network switch.
To get them there, he loaded the computers onto a hygiene cart alongside soap and shampoo, wheeled it 1,100 feet across the prison, past a guard, through a metal detector, into an elevator, and up three floors.
Once connected, he could remote into the hidden machines from any inmate terminal. He stole a staff member's login by shoulder surfing. That password hadn't been changed in years.
Using those credentials, Johnston accessed DOTS, the state's offender tracking database. He searched for a young inmate serving a long sentence, found Kyle Patrick, and pulled his SSN and date of birth by bypassing a security filter through the browser's view settings.
He applied for five credit cards in Patrick's name, had his mother provide a neighbor's address as the mailing address, and she intercepted the mail. One Visa debit card was approved. She called the prison and read him the card number and activation code. He activated it from inside the prison. Both the application and activation traced back to a state government IP.
He also researched tax refund fraud via a Bloomberg article, planning to file false returns and have refunds loaded onto prepaid cards.
The computers contained Kali Linux, Wireshark, Nmap, Cain, THC Hydra, VPN tools, Tor, proxy software, and articles on making drugs, explosives, and fake credit cards.
The scheme unraveled when new web filtering software flagged the stolen credentials being used for three hours on a Friday, a day the employee didn't work. IT alerted the warden. Everyone suspected an inmate. Nobody called law enforcement.
The prison's IT specialist was emailed the exact network switch port the rogue computer was plugged into. He misread the email and physically checked the wrong port. Three days later he re-read it, followed the correct cable into the ceiling, and found two hidden computers on plywood boards. He then had inmates pull them down, contaminating the crime scene.
The warden admitted he knew illegal activity was occurring but couldn't explain why he never reported it. The state trooper assigned to the prison literally shared an office with the prison's investigator. Neither was informed. It took over a month before anyone reported it, and only because an outside security officer told them they were legally required to.
After the discovery, inmates wiped other prison computers with CCleaner at least 10 times in two days to destroy evidence. Johnston, transferred to another prison and placed in segregation with his phone access blocked, simply used another inmate's PIN to call his mother five more times.
Of 308 computers seized across the prison, 291 had no inventory tags. The investigation found no password enforcement, no IT inventory, no crime scene protection, and years of unsupervised inmate access to computers and network infrastructure.
The warden resigned.
β€19π±10π€£7π€―4π₯2π1