My scoop: PornHub extorted by ShinyHunters for the theft of over 200 million activity data records for Premium members. The data is detailed linking member's emails to what videos they watched, downloaded, and searched for. https://t.co/EwiVHyCvO1

The rise and fall of LockBit Gang. It’s clear that FBI Newark and their partners have a solution even to the most prolific ransomware operation.

The security incident at University of Pennsylvania appears to be a more extensive breach than originally stated. My scoop:

The Clop ransomware gang confirmed to BleepingComputer they are behind the emails, claiming they exploited an Oracle bug to steal the data. “We not prepared to discuss details at this time. Soon all will become obvious that Oracle bugged up their core product and once again,

My scoop from earlier today. A sample shared with me had a full PDF customer engagement report.

The XSS forum community is actively discussing the situation. However, it appears that moderators are removing all content where the admin (LARVA-27) is being discussed. This was confirmed in a Telegram chat by moderator LARVA-466 (Rehub). The goal is to suppress any narrative

Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks - @LawrenceAbrams https://t.co/R4kPiB7HVb https://t.co/R4kPiB7HVb

🚨 Don’t miss our upcoming BleepingComputer webinar with @specopssoftware and @SCMagazine! We'll discuss how stolen credentials and identity-based attacks have become a favorite way to break into networks. 🗓️July 9th at 2 PM ET ➡️Register here: https://t.co/AIuQIqoZLc

Original leak of stolen 2021 AT&T data had three files, a MASTER file containing encrypted SSNs and date of births, and two other files mapping the encrypted data to the plain text SSNs and DOBs. The new repackaged leak adds the unencrypted SSNs and DOBs to each customer record.

FYI, the repackaged AT&T data breach leak on XSS is from the 2021 breach, not the April 2024 Snowflake data theft attacks. Data matches the 2021 data leaked in March 2024. https://t.co/UuvgaxzyIb

ShinyHunters is the threat cluster to track this year. They, or threat actors claiming to be, are behind a lot of the attacks we are seeing. https://t.co/80tJLcdWs8

Looks like RansomEXX ransomware op is still around. 👋 https://t.co/IPN3o3oVPv

🚨 How was Black Basta structured? What were its members’ roles? How did its infrastructure operate? Leaked chats reveal a highly organized ransomware group with defined leadership, internal teams, and external affiliates. More in my article ⬇️ https://t.co/YJHXxf5H4n

I’ve had a few people flag this with me as a “data breach”. It’s not, it’s authorised access. Not liking that authorisation does not make it a data breach. If one of these guys then accidentally leaks it all over the place to unauthorised parties, *then* it’s a data breach!

https://t.co/GkKPk7WY4M is a good example to what platforms should fight against (but they do not!) : low quality hunters. Those guys are taking a lot of resources (and energy) to be managed. That lowers the quality for us all. #hackerone #bugbounty

Wow: USAID paid Microsoft to shut down Windows Phone because it was too secure for the CIA to spy on it

New unverified breach: Data allegedly taken from Brazilian lead gen platform Speedio was posted for sale last week. It included 27M email addresses along with company names, addresses and phone numbers. 51% were already in @haveibeenpwned. Read more:

Domains known to have been seized today by the FBI are: 🔴Cracked[.]io 🔴Nulled[.]to 🔴Starkrdp[.]io 🔴SellIX[.]io 🔴MySellIX[.]io While it is not confirmed, it appears that today's law enforcement action targets credential stuffing attacks and the sale of stolen accounts.

FBI seizes domains for https://t.co/AQtlCuVu4P, https://t.co/EUzbMJ1aSS hacking forums - @serghei https://t.co/THqbokuvf6 https://t.co/THqbokuvf6

My scoop from yesterday: Hacker behind PowerSchool breach claimed to steal the data of 62.4 million students and 9.5 million teachers. https://t.co/YgVfZB2wtd