CTI Updates

@techspence @gcvftw British people arent real

@gcvftw Honestly sounds kinda British

Phishing emails go hard in 2026

@_sysengineer DM him a pic of some crack and I bet he will

I paid $4 for a verification here so I could DM Hunter Biden and he didn’t respond. lol

Open directory indexing on a website exposed multiple phishing templates - Fake #SharePoint document portal - Multiple #Microsoft email verification pages - Fake #Outlook login page - #ConnectWise executable delivered as a document download URLs: brcee[.]com brcee[.]com/test/ brcee[.]com/test2/ brcee[.]com/test3/ synergyconsulting[.]com[.]br/zmsso/ synergyconsulting[.]com[.]br/docu-zconnecting/ SHA256: 5172c183e2a809439aeea23980e8168dbff4c23fd603d7e217821413a6da81e8 @500mk500 @skocherhan #credentialharvesting #malware

a threat actor named Nemoris_Hacking claims they have access to NCIC (National Criminal Information Center) and that they have exfil'd data from correctional facilities across the US #lawenforcement #NCIC #threatintel #osint

@shenetworks goatse IRL at a restaurant

If I went to jail, what would you assume it was for?

FulcrumSec popped Novo Nordisk and leaked 264GB of their stuffs "Their pharmacovigilance middleware — the system that processes reports of patients dying, having strokes, going into comas, or attempting suicide while on their drugs — is encrypted with the password novo123. A second master key, p_assw0?rd, protects the TLS keystore. These passwords are hardcoded across at least four production MuleSoft repositories. We wish we were joking." yikes #osint #threatintel #medical

@HowToPrompt__ Last updated: 11 months ago pass

Someone open-sourced a tool that takes any username or email and finds every account linked to it across 600+ social networks in seconds. Just one command and it scans every platform, runs free AI profiling to build a full behavioral profile of the target, and exports the whole thing as a clean PDF report. → 600+ sites scanned → free AI profiling included → username OR email lookup → low false positive rate → PDF + CSV exports → runs from one CLI 100% Open Source.

@obscaries very cool idea!~

DorkSearch generates Google dorks for discovering exposed admin panels, public files, leaks, and hidden endpoints. Useful for faster recon. Source: dorksearch.com #BugBounty #OSINT #CyberSecurity

@GlobalGenre @theNovacyberqfs these are scammers for anyone curious ^ ⚠️⚠️⚠️⚠️

Filed with IC3 on behalf of my elderly folks that were scammed approximately 1yr ago. They lost a decent chunk of their nest egg. Never heard from IC3, police don’t do cybercrimes, there is literally no recourse. However @theNovacyberqfs came to my Rescue

Nova ransomware group lists SUNASS, Peru’s water and sanitation services regulator, claiming to have stolen 175 GB of data.

they was cookin'

ShinyHunters must be cookin' up something 🤔

@MonThreat That is just recycled old Shinyhunters data. malwarebytes.com/blog/news/2026…

🚨 Betterment Data Breach Exposes PII of 1.4 Million Customers via Social Engineering A data breach involving US-based digital wealth management firm Betterment LLC has compromised the personally identifiable information (PII) of approximately 1.4 million customers. The incident, attributed to a social engineering attack, resulted in the exposure of over 2 million records containing sensitive client data. Betterment, founded in 2008 and headquartered in New York City, is a prominent robo-advisor and fintech company managing over $30 billion in assets for more than 2.5 million customers. The compromised dataset represents a substantial portion of the firm's user base. According to threat intelligence, the leaked data includes names, email addresses, phone numbers, physical addresses, and dates of birth for a subset of the affected accounts. Passwords were reportedly not included in the dump. The extensive sample data reveals a comprehensive CRM and sales database, likely extracted from Betterment's internal customer relationship management systems. Fields exposed include detailed 401(k) plan information, lead scoring metrics, account manager contacts, payroll integration statuses, and various customer lifecycle and engagement data points. The breach was publicized on the Telegram channel @dataseller247. Social engineering attacks on financial institutions often target employee credentials to gain unauthorized access to internal databases. The exposure of such granular client and operational data could facilitate targeted phishing campaigns, identity theft, and further corporate espionage. Betterment has not yet issued a public statement regarding the incident. Financial regulators and cybersecurity experts are likely to scrutinize the firm's security protocols following the disclosure. Customers are advised to monitor their accounts for suspicious activity and remain vigilant against potential phishing attempts leveraging the compromised information. #BettermentBreach #FintechSecurity #DataLeak #SocialEngineering #InvestmentFirm #CyberThreat #DarkWeb

@sayodotfun do no contact them back at all. they are asking you questions they already know the answers too and are just fishing for info to see how you respond. only talk to them via a lawyer, never directly. its a trap. fuck the FBI.

1) what

apparently there’s a sticker pack on telegram with all infamous ransomware operators 🎩

Qilin ransomware group lists MAVA Healthcare, also known as MAVA Behavioral Health. MAVA Behavioral Health provides mental health services for children, teens, and adults, including care for anxiety, depression, ADHD, bipolar disorder, PTSD, and other conditions. #threatintel #osint #healthcare #hipaa

Scattered Lapsus$ Hunters just listed its largest target yet: Sysco, the world's biggest food distributor at $83B revenue, alongside Kodak and Houston Community College. SLSH's US-heavy extortion run, already through Charter, Nexstar and Ralph Lauren this month, is now reaching Fortune 500 scale. Sysco has drawn ransomware claims before, so treat attribution with care - this listing is unconfirmed and nothing is published yet.

i may, or may not have found an RCE in Jellyfin... 👀

Me when I see LimeWire being used in an Akira affiliate ransomware attack in the year of our lord 2026 huntress.com/blog/akira-ran…

Nintendo listed by ShadowByt3s #osint #threatintel

Threat actor Orcinus orca claims to have hacked the FBI .gov website #osint #threatintel