Ax Sharma

Am also on 🦋BlueSky ⏬ bsky.app/profile/axshar…

Canada Goose investigating as hackers leak 600K customer records - @Ax_Sharma bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

@troyhunt @canadagoose Canada Goose provided a statement: bleepingcomputer.com/news/security/…

Anyone seen a statement from @canadagoose on this? Or media coverage?

🚨Cyber Alert ‼️ WormGPT A threat actor known as Sythe claimed to have leaked the database of WormGPT, a cybercrime-focused AI platform, exposing data linked to more than 19,000 users. The leaked data allegedly includes email addresses, user IDs, and subscription and billing metadata. Sector: ICT Threat class: Cybercrime Observed: Feb 10, 2026 Status: Pending verification — About this post: Hackmanac provides early warning and cyber situational awareness through its social channels. This alert is based on publicly available information that our analysts retrieved from clear and dark web sources. No confidential or proprietary data was downloaded, copied, or redistributed, and sensitive details were redacted from the attached screenshot(s). For more details about this incident, our ESIX impact score, and additional context, visit HackRisk.io.

Despite #Zendesk suggesting safeguards and tightening up security last month, the massive spam wave has returned flooding inboxes with hundreds of bogus 'Activate account...' emails that bypass #spam filters bleepingcomputer.com/news/security/…

lmao for real?

Responsible disclosure is built on an assumption that "doing the right thing" = timely action & fair treatment, if not a bounty award. Lately, that assumption is collapsing. For CISOs, this is gradually evolving into a risk management nightmare. csoonline.com/article/412476…

A NationStates game player found a critical vulnerability and then crossed a line... He copied production data and app code to his personal system. bleepingcomputer.com/news/security/… Finding a flaw is enough. Demonstrate it safely, report it responsibly and stop there.

Such data can expose who runs what, at what scale, and when contracts renew. This serves as prime intel for competitors/customer poaching but also for threat actors aiming to launch targeted phishing, BEC and extortion attacks. bleepingcomputer.com/news/security/…

BREAKING: Threat actors are seeking data on ~1,800 MSPs after a Pax8 spreadsheet with customer and Microsoft licensing info was accidentally emailed to ~40 partners yesterday.

Especially problematic when these comments contain official lnkd[.]in shortener links and link previews don't load fully at times (first image). You'd have no definitive way of knowing that these are phishing at a first glance until you click!

Heads up: A new #phishing campaign is abusing LinkedIn comment-replies and directing users to external links to lift a bogus "temporary restriction." bleepingcomputer.com/news/security/…

Update: Multiple current and former Target employees confirm that source code samples shared online match real internal systems. The company also rolled out an "accelerated" security change restricting access to its Enterprise Git server bleepingcomputer.com/news/security/…

Target went silent after we shared evidence and links to the Gitea repos suggesting a possible breach.

EXCLUSIVE: Target's developer Git server went offline shortly after hackers claimed they had stolen internal source code and published what they claim are sample repositories for sale.

⚠️ Update: It has been 108 hours since #Iran introduced a nationwide internet shutdown leaving Iranians isolated from the rest of the world and each other 📉 The rights to free speech and free assembly are inviolable and must be protected #DigitalBlackoutIran

Think Telegram [@]usernames are harmless? Not always. A single click on these can expose your real IP address, via hidden proxy links. Telegram to warn users soon. h/t t.me/chekist42 @GangExposed_RU @0x6rss for disclosure and PoCs. bleepingcomputer.com/news/security/…

Microsoft Copilot prompt injections—vulnerabilities or AI limits? Microsoft implies that these don't constitute "serviceable vulnerabilities." But, security pros are divided, esp. when AIs like Claude restrict inputs that can cause system prompt leaks. bleepingcomputer.com/news/security/…

@TrustWallet hasn't gotten back to us on what caused the incident and if victims who received the quasi-trojanized extension update, wil be compensated, but it did confirm the incident and released a fixed v2.69 that you should upgrade to: x.com/TrustWallet/st…

At the same time, we observed some X accounts pushing a newly-emerged 'fix-trustwallet[.]com' domain claiming to patch a bogus "security vulnerability" but instead prompting you for your wallet seed phrases.

Too much going on. Trust Wallet's Chrome extension hit with a "security incident" on Christmas Eve - version 2.68.0 seen exfiltrating seed phrases - h/t @0xakinator @AndrewMohawk @PeckShieldAlert estimates >$6M in reported losses tied to the attack. bleepingcomputer.com/news/security/…