π¨ Bluesky was attacked by Iranian threat actors today and experienced some downtime.
I have no idea why they would target Bluesky β this seems like a friendly fire incident. π because it's the one platform that has the same enemies as Iran.
I have no idea why they would target Bluesky β this seems like a friendly fire incident. π because it's the one platform that has the same enemies as Iran.
π€£21π5π4β€1
A cybersecurity researcher from Brazil exposed a large scale scam operation by buying a "Ledger" hardware wallet off a Chinese marketplace β suspiciously cheap and the packaging looked original from a distance.
Here's what he found after cracking the thing open:
The "hardware wallet"
Inside the shell was a completely different chip β the kind you'd find in a cheap IoT gadget, not a wallet designed to protect your crypto. The markings had been physically sanded off to hide what it actually was.
The firmware pretended to be a real Ledger version that doesn't even exist (Ledger Nano S+ V2.1). And here's the kicker: every seed phrase and PIN you'd type into it was stored in plain text and sent straight to the attacker's server (kkkhhhnnn[.]com). Instantly...
It was built to drain wallets across ~20 different blockchains.
The fake app
The seller kindly included a "Ledger Live" app to go with it. It was a modified copy β not even signed properly, the attackers didn't bother with the basics β and it silently siphoned off data the moment you used it.
Just when you thought this was it, the same crew is also pushing malware for Windows, macOS, and even iOS β using TestFlight to sneak past Apple's App Store review entirely.
The researcher has sent a full report to Ledger's security team. A deeper technical breakdown is expected once they've finished their analysis.
This was shared on Reddit by u/Past_Computer2901
Here's what he found after cracking the thing open:
The "hardware wallet"
Inside the shell was a completely different chip β the kind you'd find in a cheap IoT gadget, not a wallet designed to protect your crypto. The markings had been physically sanded off to hide what it actually was.
The firmware pretended to be a real Ledger version that doesn't even exist (Ledger Nano S+ V2.1). And here's the kicker: every seed phrase and PIN you'd type into it was stored in plain text and sent straight to the attacker's server (kkkhhhnnn[.]com). Instantly...
It was built to drain wallets across ~20 different blockchains.
The fake app
The seller kindly included a "Ledger Live" app to go with it. It was a modified copy β not even signed properly, the attackers didn't bother with the basics β and it silently siphoned off data the moment you used it.
Just when you thought this was it, the same crew is also pushing malware for Windows, macOS, and even iOS β using TestFlight to sneak past Apple's App Store review entirely.
The researcher has sent a full report to Ledger's security team. A deeper technical breakdown is expected once they've finished their analysis.
This was shared on Reddit by u/Past_Computer2901
π13β€3π₯1
π¨ Three Windows zero-days released by Nightmare-Eclipse are being used in the wild by threat actors.
BlueHammer (CVE-2026-33825): LPE, Abuses Windows Defenderβs signature-update pipeline and VSS to breach protected registry hives, dump SAM hashes/identities, and escalate privileges.
RedSun: LPE to SYSTEM abusing Defender's own cloud remediation to overwrite System32 binaries.
UnDefend: Unprivileged DoS that starves the AV of updates while spoofing healthy EDR telemetry.
BlueHammer (CVE-2026-33825): LPE, Abuses Windows Defenderβs signature-update pipeline and VSS to breach protected registry hives, dump SAM hashes/identities, and escalate privileges.
RedSun: LPE to SYSTEM abusing Defender's own cloud remediation to overwrite System32 binaries.
UnDefend: Unprivileged DoS that starves the AV of updates while spoofing healthy EDR telemetry.
π₯7β€4
βΌοΈ Microsoft Windows domain controllers servers are restarting repeatedly after getting stuck in reboot loops because of recent April patches. π
Workaround: IT administrators can reach out to Microsoft Support for business to access a mitigation...
Workaround: IT administrators can reach out to Microsoft Support for business to access a mitigation...
π4β€2
Media is too big
VIEW IN TELEGRAM
π·πΊ The FSB released footage of Sochi Deputy Mayor Evgeny Gorobets and two officials caught in a multimillion-ruble bribery sting.
Fluorescent marking spray on the cash glowed under UV light, leaving forensic evidence on the money and their hands.
Fluorescent marking spray on the cash glowed under UV light, leaving forensic evidence on the money and their hands.
π₯1
Versions 3.24.0 through 6.19.0 are vulnerable. This issue has been fixed in version 6.19.1.
Ghost is also used by many cybersecurity platforms and media outlets like 404media.
The vulnerability is being tracked here: https://nvd.nist.gov/vuln/detail/CVE-2026-26980
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯2
π¨π¦πͺ Dubai Police are confirmed to be "conducting electronic surveillance operations capable of detecting private WhatsApp messages."
It started with a message in a private group chat of airline workers.
Just colleagues talking, the kind of exchange that happens in thousands of workplace WhatsApp threads every single day.
An airline worker in Dubai shared images of a building damaged during the Iranian attacks...
He sent them to people he knew, in a closed conversation he believed was private.
He was wrong.
Dubai Police were watching.
They downloaded the evidence.
They built their case.
Then they lured the man to a meeting.
He showed up.
They arrested him on the spot.
He now sits in custody, facing charges that include publishing information deemed harmful to state interests, which could mean up to two years behind bars.
And then came the detail that should stop everyone reading this cold.
In their own police report, authorities stated plainly that the clip had been detected "through electronic monitoring operations."
Electronic monitoring of a private WhatsApp conversation between coworkers...
Radha Stirling (a human rights activist) put it bluntly: individuals are being tracked, identified, and arrested not for public statements, but for private exchanges between colleagues.
And the questions this raises don't stop at Dubai's borders.
They land squarely at the feet of WhatsApp and every company that promises its users end-to-end encryption capabilities.
Because if a closed chat between colleagues can be intercepted, decoded, and used as the basis for an arrest by an overreaching state, then billions of users worldwide are owed an answer to one very simple question.
How private are private Whatsapp groups and messages really?
It started with a message in a private group chat of airline workers.
Just colleagues talking, the kind of exchange that happens in thousands of workplace WhatsApp threads every single day.
An airline worker in Dubai shared images of a building damaged during the Iranian attacks...
He sent them to people he knew, in a closed conversation he believed was private.
He was wrong.
Dubai Police were watching.
They downloaded the evidence.
They built their case.
Then they lured the man to a meeting.
He showed up.
They arrested him on the spot.
He now sits in custody, facing charges that include publishing information deemed harmful to state interests, which could mean up to two years behind bars.
And then came the detail that should stop everyone reading this cold.
In their own police report, authorities stated plainly that the clip had been detected "through electronic monitoring operations."
Electronic monitoring of a private WhatsApp conversation between coworkers...
Radha Stirling (a human rights activist) put it bluntly: individuals are being tracked, identified, and arrested not for public statements, but for private exchanges between colleagues.
And the questions this raises don't stop at Dubai's borders.
They land squarely at the feet of WhatsApp and every company that promises its users end-to-end encryption capabilities.
Because if a closed chat between colleagues can be intercepted, decoded, and used as the basis for an arrest by an overreaching state, then billions of users worldwide are owed an answer to one very simple question.
How private are private Whatsapp groups and messages really?
β€12π€¬3π€£3π2π₯2
Tesla has remotely altered tens of thousands of customer cars without consent, confirming you don't actually OWN your Tesla when you buy one.
They've demonstrated there's one single point of failure: the mothership. Whoever owns that, owns every Tesla on the road.
This past week they pushed config changes that got customers banned from using FSD. Experts confirm the mechanism is simple: an SMS wakes the car up, then software is pushed and installed from the mothership straight to the car's media control unit without user interaction.
This raises the question of how many privacy and data protection laws they broke, and how much data they collect on users, since they had enough to single out owners of third-party devices.
They've demonstrated there's one single point of failure: the mothership. Whoever owns that, owns every Tesla on the road.
This past week they pushed config changes that got customers banned from using FSD. Experts confirm the mechanism is simple: an SMS wakes the car up, then software is pushed and installed from the mothership straight to the car's media control unit without user interaction.
This raises the question of how many privacy and data protection laws they broke, and how much data they collect on users, since they had enough to single out owners of third-party devices.
β€8π₯4π±3π1π€1
π¨πΊπΈ A week ago, the FBI Director couldn't log into his FBI account, so he panicked and called White House aides convinced he'd been fired. It was a technical glitch.
That's just one scene from The Atlantic's new report on Kash Patel, drawn from 24+ sources, describing heavy drinking, unexplained absences, and colleagues who now view him as a national-security vulnerability.
Trump personally called Patel to express his unhappiness after a video surfaced of him chugging beer with the U.S. Olympic hockey team in Italy.
Officials question whether alcohol played a role in Patel publicly pushing bad info on active cases, including the Charlie Kirk murder investigation.
He still has the job. But senior Trump officials are already discussing replacements, and a former official calls him "rightly paranoid."
https://www.theatlantic.com/politics/2026/04/kash-patel-fbi-director-drinking-absences/686839/
That's just one scene from The Atlantic's new report on Kash Patel, drawn from 24+ sources, describing heavy drinking, unexplained absences, and colleagues who now view him as a national-security vulnerability.
Trump personally called Patel to express his unhappiness after a video surfaced of him chugging beer with the U.S. Olympic hockey team in Italy.
Officials question whether alcohol played a role in Patel publicly pushing bad info on active cases, including the Charlie Kirk murder investigation.
He still has the job. But senior Trump officials are already discussing replacements, and a former official calls him "rightly paranoid."
https://www.theatlantic.com/politics/2026/04/kash-patel-fbi-director-drinking-absences/686839/
π€£23β€2π₯1
βΌοΈ Meet Devesh aka IDISSEVERYTHING, he used an exploit to gain unauthorized access to a screener company, then downloaded the latest Avatar movie and leaked it.
He was also sentenced in 2016 for breaching NFL's Twitter account. And tweeting with it. From his home IP address π€‘
This research was done by X: foilmanhacks (give him a follow).
Here's a smoking gun: the user IDISSEVERYTHING posted a screenshot of what appears to be his terminal, and the username is... DEVESH.
Not very smart.
An exploit targeting a screener company was flagged to Jason on April 10. The tool was built by IDISSEVERYTHING.
- Screener companies distribute advance film copies to critics and industry professionals, a prime target for pre-release leaks
- The exploit enabled unauthorized access to that pipeline
Every known instance of the handle "IDISSEVERYTHING" traces back to one person: Devesh. He has been distributing the exploit on Discord under "idisseverything," with the account directly tied to "Logendran Devesh."
This is also not the first time Devesh has been a naughty naughty boy.. In 2016 he broke into the NFL's official Twitter account.....
This is what he tweeted back then.... from his home IP address... Devesh is not very smarty smarty, but very naughty naughty.. He got 24 months of probation..
Moral of the story: don't be like Devesh. And hacking is illegal and for nerds as vxunderground would say.
He was also sentenced in 2016 for breaching NFL's Twitter account. And tweeting with it. From his home IP address π€‘
This research was done by X: foilmanhacks (give him a follow).
Here's a smoking gun: the user IDISSEVERYTHING posted a screenshot of what appears to be his terminal, and the username is... DEVESH.
Not very smart.
An exploit targeting a screener company was flagged to Jason on April 10. The tool was built by IDISSEVERYTHING.
- Screener companies distribute advance film copies to critics and industry professionals, a prime target for pre-release leaks
- The exploit enabled unauthorized access to that pipeline
Every known instance of the handle "IDISSEVERYTHING" traces back to one person: Devesh. He has been distributing the exploit on Discord under "idisseverything," with the account directly tied to "Logendran Devesh."
This is also not the first time Devesh has been a naughty naughty boy.. In 2016 he broke into the NFL's official Twitter account.....
This is what he tweeted back then.... from his home IP address... Devesh is not very smarty smarty, but very naughty naughty.. He got 24 months of probation..
Moral of the story: don't be like Devesh. And hacking is illegal and for nerds as vxunderground would say.
π€£20π©4β€1π₯°1π1