GarWarner

❗️🚨 Microsoft Edge keeps every saved password in process memory as cleartext from the moment it launches. Microsoft's responsed when reported: "by design." All of them. Including credentials for sites you won't open this session. Researcher @L1v1ng0ffTh3L4N tested every major Chromium browser. Edge is the only one that behaves this way. Chrome decrypts credentials on demand, and App-Bound Encryption locks the keys to an authenticated Chrome process so other processes can't reuse them. In Chrome, plaintext surfaces only during autofill or when a password is viewed, making memory scraping far less useful. What makes this extra weird is that Edge still demands re-authentication before revealing those passwords in its Password Manager UI, while the same browser process already holds every one of them in plaintext. In shared environments, this turns into a credential harvest. On a terminal server, an attacker with admin rights can read the memory of every logged-on user process. In the published PoC video, a compromised admin account lifts stored credentials from two other logged-on (and even disconnected) users with Edge running. Microsoft's official response when notified: "by design." The finding was disclosed April 29 at BigBiteOfTech by PaloAltoNtwks Norway, alongside a small educational tool that lets anyone verify the cleartext storage for themselves.

U.S. businesses and individuals were targeted and hacked by Nigerian-linked fraud organizations in an email scheme that spanned 47 states and 19 countries. In Ohio, victims were in Norwalk, Kent, Akron, Hudson, Maple Heights, Westfield Center, New Riegel, and Greenwich. Outstanding work by our USAO federal prosecutors and FBI investigators! CONVICTION DETAILS HERE: justice.gov/usao-ndoh/pr/2… @FBICleveland

One of the 29 Sanctioned Targets Is a Cambodian Commercial Bank Heng Feng Cambodia Bank plc, a licensed NBC commercial bank with $382 million in total assets as of end-2024, is now on the OFAC SDN list. Treasury says the bank is controlled by Sai Aung Linn, a 40% shareholder, director, and former chairman who also sits on the board's risk and audit committees. Sai Aung Linn is Burmese-born and obtained Cambodian citizenship while investing in the country's scam industry, per Treasury. He's also co-owner of Xihu Resort Hotel, a sanctioned Sihanoukville casino tied to Rithy Raksmei's K99 Group. The bank's own 2024 annual report lists its Preah Sihanouk forex counter as operating from the ground floor of Xihu Resort Hotel.

New version is out!

Ransomware Negotiator selling data to the Ransomware threat actors. Not cool. justice.gov/opa/pr/florida…

68 Indian Nationals Arrested in Back-to-Back Pattaya Villa Raids Over $70 Million Gambling Operation Thai police hit two luxury villas in Pattaya's Nong Prue area arresting 68 Indian nationals running online gambling operations out of rented pool villas. Combined estimated annual turnover across both sites was 2.3 billion baht, roughly $70 million. The first villa, near Mabprachan reservoir, had been rented for over a year at 120,000 baht/month. Officers found 43 men working as admins for 23 gambling websites targeting Indian customers. The operation allegedly pulled in up to 5 billion rupees annually. A figure known only as "AK" is believed to have managed logistics. Hours later, immigration police raided a second villa where 25 more men were running three gambling sites with domain names ending in "777." That operation was generating about 5.6 million rupees per day. The garage had been converted into a sealed glass office hidden behind tarps, with generators and frozen food stockpiled so nobody had to leave. All 68 were on tourist visas. They've been charged with working without permits. Police say they're now going after the Thai and foreign financiers behind both networks.

More than 100 foreigners arrested in an online scam crackdown at Wyndham Grand Phnom Penh Capital building in Phnom Penh.

The 2025 Internet Crime Report from the FBI's IC3 shows that Investment Scams had 52.3% more victims than in 2024 and lost 31.6% more money. $8.6 Billion of the $20.87 Billion in losses were to Investment Scams. For the first time, MOST of the stolen funds were crypto! (54.4%) ic3.gov/AnnualReport/R…

As I watched last night’s game I was thinking about how Harden is now a Cavalier while James was when they first met on the court. Made me wonder what teams each had played on when the faced each other. Here’s The Beard vs The King

@LakersReporter Summertime Switch - right here youtu.be/CFfGVpOtn7g?t=…

Following a four-year investigation, the FBI’s Eurasian Organized Crime Task Force arrested eleven people today in a title fraud case called “Operation Hard Money.” The defendants were indicted for allegedly defrauding lenders by stealing the identities of elderly victims, then using the stolen information to access title reports and solicit loans backed by the properties.

@shanaka86 Wow

BREAKING: On December 6 2025, an Iranian intelligence agent contacted a 26-year-old Israeli reservist on Telegram and offered him money for information. The reservist, Raz Cohen of Jerusalem, volunteered that he served in the Iron Dome air defence system. He said he worked in the battery’s control centre. He said he was responsible for replacing cases and arming the launcher. Three days later he sent 27 photographs and videos showing firing processes, rates of fire, backup launcher configurations, and arming procedures. The payment was $1,000 in cryptocurrency. The system he betrayed costs $50 million per battery. Cohen was indicted on March 20th in the Jerusalem District Court on charges of assisting the enemy during wartime, transmitting information with the intention of harming state security, and transmitting information likely to assist the enemy. The Shin Bet and the Israel Police’s Lahav 433 major crimes unit conducted the joint investigation. He was arrested at the start of the war. The information Cohen allegedly passed was not generic. According to the indictment, he provided precise GPS coordinates of seven Israeli Air Force bases where he had previously served in the Iron Dome system. He provided the locations of two specific Iron Dome batteries, one at Hatzerim and one at Palmachim. He provided details about the system’s armaments and interception procedures. He provided personal details and contact information for other Israelis, including a security guard at the President’s Residence and a relative serving as an air force pilot. While Cohen was passing this data, Iran was preparing to fire missiles at the targets he was mapping. The current war began on February 28. Cohen was called up to reserve duty on January 18 to prepare for the conflict he had been helping Iran prosecute. He reported for duty in the same Iron Dome unit whose coordinates he had transmitted to the same country whose missiles the system was designed to intercept. The indictment states he served in the unit following the October 7 2023 Hamas invasion, during the 12-day war with Iran in June 2025, and in the current conflict, until he was arrested. The recruitment method is the story as much as the betrayal. An Iranian agent messaged a reservist on Telegram. The reservist responded. The agent offered money. The reservist accepted. No honeytrap. No ideology. No sophisticated tradecraft. A direct message, a cryptocurrency wallet, and a willingness to sell classified information about the system that stands between Iranian warheads and Israeli cities. The entire transaction, from first contact to 27 classified images, took three days. This is not an isolated case. The Jerusalem Post reported that Israeli authorities have filed over 35 indictments related to Iranian recruitment since October 7 2023, involving nearly 60 defendants. In January 2025, another Iron Dome reservist, Yuri Ilyaspov, 22, was indicted on similar charges. The pattern is consistent: Iranian agents contact Israelis through social media, offer modest payments, and extract whatever information the contact can access. The targets range from a 13-year-old boy in Tel Aviv to reservists inside classified military systems. Iran’s Intelligence Ministry simultaneously announced the arrest of 97 individuals it described as Israel-recruited mercenaries inside Iran. Both sides are recruiting inside each other’s populations through the same platforms, the same payments, and the same exploitation of individuals who will sell access for amounts that would not cover a month’s rent in either Jerusalem or Tehran. One thousand dollars. Twenty-seven photographs. Seven base locations. Two battery coordinates. One air defence system. The price of betrayal is not always proportional to the value of what is betrayed. open.substack.com/pub/shanakaans…

🔴 COMMANDER OF THE BASIJ UNIT ELIMINATED Yesterday, the IDF targeted & eliminated Gholamreza Soleimani, who operated as commander of the Basij unit for the past 6 years. Under Soleimani, the Basij unit led the main repression operations in Iran, employing severe violence, widespread arrests, and the use of force against civilian demonstrators.

Hundreds of Chinese Nationals Just Moved Into a Sihanoukville Building With Computers and Equipment I can't confirm exactly what's happening here, but I can confirm the building is being filled with Chinese nationals. Scam vans, loads of people going in and out, some with roller suitcases. It lines up with what this Chinese social media post is claiming, which I checked last night. According to the post, a large group of Chinese nationals moved into the Wuzhou Express Apartment Hotel (五洲快捷公寓酒店) in Sihanoukville carrying computers and equipment, effectively converting the residential hotel into an office. The group reportedly relocated from the Zhejiang Business Hotel (浙商酒店). Existing residents were told by management to vacate immediately to make room. This same area already has history. Back in December, police raided a building in Sihanoukville's Sangkat 3 and arrested five Chinese nationals and six Cambodians for allegedly grabbing a Chinese man off the street, beating him, and dragging him inside. cc-times.com/posts/30798

The Islamic State is actively expanding into northern Azerbaijan after officially establishing a new branch there in 2024. Authorities have recently thwarted multiple plots by The Islamic State's Khorasan Province to attack diplomatic and religious targets in Baku. Islamic State’s New Threats in Northern Azerbaijan (by @SaladinAlDronni for @JamestownTweets) jamestown.org/islamic-states…

Today, Treasury’s Office of Foreign Assets Control designated four sham charities that directly fund Hamas’s Military Wing and its terrorist activities. Hamas continues to rely on deceitful practices to hide its revenue-generating activities behind civilian organizations under the pretense of conducting humanitarian work, while in reality supporting the group’s continued efforts to fund their terrorist operations.

Thailand now threatening up to three years in prison for anyone caught registering "mule SIMs" on behalf of scammers. Those who broker or advertise the sale of mule SIMs face two to five years. Part of an escalating crackdown on call center fraud infrastructure. nationthailand.com/blogs/news/gen…

Last night, John Daghita – a U.S. government contractor who allegedly stole more than $46 million in cryptocurrency from the U.S Marshals Service – was arrested on the island of Saint Martin by the French Gendarmerie’s premier elite tactical unit in a joint operation with the @FBI.   Thanks to the International Cooperation Team Serious Crime Unit of the French Gendarmerie National in Saint Martin, and the Groupe d’intervention de la Gendarmerie nationale of Guadeloupe for the outstanding coordination.   FBI will continue working 24/7 with our international partners to track down, apprehend, and bring to justice those who attempt to defraud American taxpayers—no matter where they try to hide.

@volkova_ma57183 yes, a beautiful AI mash-up of the 2015 Tianjin chemical fire and some stock footage from Erbil. (the crane in the flames is a dead giveaway)

🇮🇷🇺🇸 Tasnim has published footage of a massive fire at an American base in the Iraqi city of Erbil. At least four impact sites have been confirmed—a huge plume of smoke is visible from space.