'%3e%3cg id='Final-Copy-2_2_' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st0' d='M7.4,12.8h6.8l3.1-11.6H7.4C4.2,1.2,1.6,3.8,1.6,7S4.2,12.8,7.4,12.8z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg id='final---dec.11-2020'%3e%3cg id='_x30_208-our-toggle' transform='translate(-1275.000000, -200.000000)'%3e%3cg id='Final-Copy-2' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st1' d='M22.6,0H7.4c-3.9,0-7,3.1-7,7s3.1,7,7,7h15.2c3.9,0,7-3.1,7-7S26.4,0,22.6,0z M1.6,7c0-3.2,2.6-5.8,5.8-5.8 h9.9l-3.1,11.6H7.4C4.2,12.8,1.6,10.2,1.6,7z'/%3e%3cpath id='x' class='st2' d='M24.6,4c0.2,0.2,0.2,0.6,0,0.8l0,0L22.5,7l2.2,2.2c0.2,0.2,0.2,0.6,0,0.8c-0.2,0.2-0.6,0.2-0.8,0 l0,0l-2.2-2.2L19.5,10c-0.2,0.2-0.6,0.2-0.8,0c-0.2-0.2-0.2-0.6,0-0.8l0,0L20.8,7l-2.2-2.2c-0.2-0.2-0.2-0.6,0-0.8 c0.2-0.2,0.6-0.2,0.8,0l0,0l2.2,2.2L23.8,4C24,3.8,24.4,3.8,24.6,4z'/%3e%3cpath id='y' class='st3' d='M12.7,4.1c0.2,0.2,0.3,0.6,0.1,0.8l0,0L8.6,9.8C8.5,9.9,8.4,10,8.3,10c-0.2,0.1-0.5,0.1-0.7-0.1l0,0 L5.4,7.7c-0.2-0.2-0.2-0.6,0-0.8c0.2-0.2,0.6-0.2,0.8,0l0,0L8,8.6l3.8-4.5C12,3.9,12.4,3.9,12.7,4.1z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
Account Takeover scams are booming, which is great news for nobody except threat actors and whatever dodgy Telegram groups they hang out in.
The FBI announced last week that ATOs have skyrocketed this year, with criminals pocketing a casual $262 million since January. Victims have filed 5,100+ complaints, which is honestly impressive given that most people don’t even bother reporting crime unless it interrupts your favourite video streaming app.
Threat actors are now going full chef’s kiss with their phishing emails, sliding into online banking and payroll systems like they’re speed-running a tutorial. They’re also abusing SEO, which is deeply offensive, Google rankings used to be for small businesses, influencers, and pyramid schemes… not cybercriminals trying to steal your 2FA codes.
The FBI is once again shouting into the void about using MFA and stronger passwords. Which, let’s be honest, means half of the world will continue using Password123 until the heat death of the universe.
In the category of “world’s worst criminals,” we have the insider at CrowdStrike who sold out access to one of the biggest cybersecurity companies in the world… for $25,000.
Yes.
Twenty. Five. Thousand. Dollars.
Before tax.
The threat actor collective Scattered Lapsus$ Hunters, or ShinyHunters, or whatever their rotating name of the week is, claims they paid the insider for screenshots of internal systems. They even got SSO authentication cookies… but by that point, the insider had already been caught, booted, and presumably escorted out of the building with the world’s most awkward cardboard box.
CrowdStrike fired him immediately (obviously), notified the relevant agencies, and is now probably installing retina scanners in the bathrooms. Moral of the story: If you’re going to betray a Fortune 500 cybersecurity company, maybe charge more than the price of a used Honda.
A cyber intelligence watchdog has noticed something very interesting happening on a well-known carding site, the kind that sells stolen credit cards, bank credentials, and probably your grandmother’s debit PIN.
The DNS records appear to have been touched by… the FBI. Which means one of two things:
1. A major FBI takedown is incoming,
2. Or the carding site admins have finally messed up so badly that even their DNS got stage-fright.
If the feds have seized control, this would be a devastating blow for the carding underground, and a massive win for law enforcement. It’s basically the cybercrime equivalent of waking up to find out your favourite illegal marketplace now redirects to a big, angry FBI splash page.
We’ll keep an eye on this one. It’s either a takedown, a sting, or a spectacularly funny misconfiguration.
https://breachaware.com/research/malware-makers-arrested-fake-captchas-get-thirsty-and-teen-ransomware-falls-apart-instantly
A total of 21 breach events were found and analysed resulting in 12,901,859 exposed accounts containing a total of 28 different data types of personal datum. The breaches found publicly and freely available included ULP 0035, MyVidster, TurkNet, César Vallejo University and Wbia.
DeFi Drained, Rogue AI Unleashed, and Ransomware “Good Guys” Turned Villains.
https://breachaware.com/research/defi-drained-rogue-ai-unleashed-and-ransomware-good-guys-turned-villains
A total of 35 breach events were found and analysed resulting in 20,016,481 exposed accounts containing a total of 31 different data types of personal datum. The breaches found publicly and freely available included ULP Alien TxT File - Episode 27, MYM, 100 Million ULP, ULP 0036 and Stealer Log 0546.
Crypto Scammer Dismembered, FBI Director Doxxed & Cybercrime Forums Crushed.
https://breachaware.com/research/crypto-scammer-dismembered-fbi-director-doxxed-and-cybercrime-forums-crushed
A total of 18 breach events were found and analysed resulting in 4,940,527 exposed accounts containing a total of 30 different data types of personal datum. The breaches found publicly and freely available included ULP Alien Txt File - Episode 28, Stealer Log 0547, joom-dmps, Crypto Email Database 2025 and TISZA Világ.
Shiny Hunters Level Up, Crypto Thugs Jailed & Cloudflare Shakes the Internet.
https://breachaware.com/research/shiny-hunters-level-up-crypto-thugs-jailed-and-cloudflare-shakes-the-internet
A total of 10 breach events were found and analysed resulting in 380,308 exposed accounts containing a total of 23 different data types of personal datum. The breaches found publicly and freely available included Millicom.com, L’ Assurance Retraite, Conasems (Conselho Nacional de Secretarias Municipais de Saúde), Secretariat of Public Education (SEP) - Mexico and Nemopro.
The FBI announced last week that ATOs have skyrocketed this year, with criminals pocketing a casual $262 million since January. Victims have filed 5,100+ complaints, which is honestly impressive given that most people don’t even bother reporting crime unless it interrupts your favourite video streaming app.
Threat actors are now going full chef’s kiss with their phishing emails, sliding into online banking and payroll systems like they’re speed-running a tutorial. They’re also abusing SEO, which is deeply offensive, Google rankings used to be for small businesses, influencers, and pyramid schemes… not cybercriminals trying to steal your 2FA codes.
The FBI is once again shouting into the void about using MFA and stronger passwords. Which, let’s be honest, means half of the world will continue using Password123 until the heat death of the universe.
In the category of “world’s worst criminals,” we have the insider at CrowdStrike who sold out access to one of the biggest cybersecurity companies in the world… for $25,000.
Yes.
Twenty. Five. Thousand. Dollars.
Before tax.
The threat actor collective Scattered Lapsus$ Hunters, or ShinyHunters, or whatever their rotating name of the week is, claims they paid the insider for screenshots of internal systems. They even got SSO authentication cookies… but by that point, the insider had already been caught, booted, and presumably escorted out of the building with the world’s most awkward cardboard box.
CrowdStrike fired him immediately (obviously), notified the relevant agencies, and is now probably installing retina scanners in the bathrooms. Moral of the story: If you’re going to betray a Fortune 500 cybersecurity company, maybe charge more than the price of a used Honda.
A cyber intelligence watchdog has noticed something very interesting happening on a well-known carding site, the kind that sells stolen credit cards, bank credentials, and probably your grandmother’s debit PIN.
The DNS records appear to have been touched by… the FBI. Which means one of two things:
1. A major FBI takedown is incoming,
2. Or the carding site admins have finally messed up so badly that even their DNS got stage-fright.
If the feds have seized control, this would be a devastating blow for the carding underground, and a massive win for law enforcement. It’s basically the cybercrime equivalent of waking up to find out your favourite illegal marketplace now redirects to a big, angry FBI splash page.
We’ll keep an eye on this one. It’s either a takedown, a sting, or a spectacularly funny misconfiguration.
Smarter Protection Starts with Awareness
Data Breach Scan, Check Any Domain for Free https://breachaware.com/scanThis months cyber spotlight, vulnerability chat & privacy headlines.
Malware Makers Arrested, Fake CAPTCHAs Get Thirsty, and Teen Ransomware Falls Apart Instantly.https://breachaware.com/research/malware-makers-arrested-fake-captchas-get-thirsty-and-teen-ransomware-falls-apart-instantly
A total of 21 breach events were found and analysed resulting in 12,901,859 exposed accounts containing a total of 28 different data types of personal datum. The breaches found publicly and freely available included ULP 0035, MyVidster, TurkNet, César Vallejo University and Wbia.
DeFi Drained, Rogue AI Unleashed, and Ransomware “Good Guys” Turned Villains.
https://breachaware.com/research/defi-drained-rogue-ai-unleashed-and-ransomware-good-guys-turned-villains
A total of 35 breach events were found and analysed resulting in 20,016,481 exposed accounts containing a total of 31 different data types of personal datum. The breaches found publicly and freely available included ULP Alien TxT File - Episode 27, MYM, 100 Million ULP, ULP 0036 and Stealer Log 0546.
Crypto Scammer Dismembered, FBI Director Doxxed & Cybercrime Forums Crushed.
https://breachaware.com/research/crypto-scammer-dismembered-fbi-director-doxxed-and-cybercrime-forums-crushed
A total of 18 breach events were found and analysed resulting in 4,940,527 exposed accounts containing a total of 30 different data types of personal datum. The breaches found publicly and freely available included ULP Alien Txt File - Episode 28, Stealer Log 0547, joom-dmps, Crypto Email Database 2025 and TISZA Világ.
Shiny Hunters Level Up, Crypto Thugs Jailed & Cloudflare Shakes the Internet.
https://breachaware.com/research/shiny-hunters-level-up-crypto-thugs-jailed-and-cloudflare-shakes-the-internet
A total of 10 breach events were found and analysed resulting in 380,308 exposed accounts containing a total of 23 different data types of personal datum. The breaches found publicly and freely available included Millicom.com, L’ Assurance Retraite, Conasems (Conselho Nacional de Secretarias Municipais de Saúde), Secretariat of Public Education (SEP) - Mexico and Nemopro.
