Rey

stay true 2 you

@IntelOpsV3 I said a correct dox not bullshit, lol.

@IntelOpsV3 I dont understand what this is supposed to mean, if you think i would confirm a dox to you then its just stupid. Stop trying to make things up like that and do some work and claim the bounty, lol.

@IntelOpsV3 obv troll twin

You sure about that?

@IntelOpsV3 The bounty is offered by me. Yet still this shit was from emo, better try to dig more next time, maybe you will find something actual and not this “Saif” bs :) And sure, the bounty is 15 BTC now. Let’s see who claims it.

I dont remember where I grabbed this but it was probably one of the 67 stealer infections on @dulls computer Dropbox ID for "0x rey" and Microsoft ID for "saif o5tswe" SLSH tries to deny it but Rey is 100% Saif Al-Din Khader Still waiting on that 10BTC bounty

@IntelOpsV3 "The FBI"

Sevy didn't just threaten to snitch, she already allegedly did. Sevy allegedly snitched on SLSH and her SLSH eboyfriend Waifu Connor Moucka according to this screenshot floating around since late Oct Unclear who she snitched to but she has mentioned FBI interviews multiple times

@DarkWebInformer hxxp://185[.]208[.]156[.]84

🚨RaidForums V2 appears to be a thing... raidforums[.]st

@sekurlsa_pw 👋

@banthisguy9349 lmao

I should print this one out. When Hellcat ransomware actor Holypryx got so mad and started complaining in his close circled telegram group. One of his friends passed me on this picture joking him 🤣

@FuzzVector @IntCyberDigest @CrowdStrike The arrest was made before we shared screenshots lol

@IntCyberDigest @CrowdStrike The screenshots ended up being posted on Telegram, otherwise they would have never known.

‼️CrowdStrike confirmed they were hit by an insider threat, someone took screenshots on internal systems and shared them with scattered LAPSUS$ hunters. scattered LAPSUS$ hunters confirmed to us they paid $30K in total to the insider and gained direct access after receiving SSO authentication cookies. CrowdStrike identified the insider threat quickly and revoked access.

@FalconFeedsio HOLY FUNSTAT AND CHATGPT COMBO LOOL 'chatgpt, turn this funstat account output into a dramatic threat intel report so i can post it on my twitter account and go viral'

🚨 OSINT EXPOSÉ: Scattered LAPSUS$ Hunters Cartel – Admins Unmasked, Timelines Cracked, & Hidden Networks Mapped 🚨 November 25, 2025 – The Scattered LAPSUS$ Hunters (SLSH) supergroup – a toxic fusion of ShinyHunters, Scattered Spider, & LAPSUS$ remnants – isn't just alive; it's metastasizing. We've infiltrated their latest Telegram respawn ("part 7," 349 members, 76 online spikes today via proxy t.me/comefacecedisw…). Description? A venomous "fuck allison nixon" – raw grudge against TAG's top researcher exposing their Salesforce vishing ops. This isn't playtime: SLSH has orchestrated 16+ channel nukes/rebirths since Aug 8, 2025, per Mandiant/Flare intel. They've weaponized insiders for CrowdStrike/Gainsight breaches ($30K bribes for SSO cookies), LVMH/Gucci leaks (160M+ records), Qantas extortion, & teased kernel-level ESXi RaaS "SHINYSP1D3R" to eclipse LockBit. Admin #1: Rey ⭐ (Pink "R" avatar, hyper-active ops coordinator). Last seen: Today. Role: Gatekeeper for leaks/recruitment – posts PoCs for SAP NetWeaver exploits & insiders calls (e.g., Aug 31 "scattered LAPSUS$ hunters 4.0" targeting enterprise moles). CRITICAL EXPOSURE: Cross-referencing Telegram artifacts w/ Iranian MCI leaks (2025 dumps via HaveIBeenPwned), we've traced Rey's SIM to *+98 919 362 ** (Tehran prefix, active since Oct 2025). Linked persona: "Maryam Rashidi" – potential Iranian cutout in SLSH's "Trinity of Chaos" (Scattered Spider initial access + ShinyHunters exfil). Group logs show Rey name-dropping FalconFeeds in psyop rants, plotting hits on OSINT firms. Flip history: 25/11/25 → Rey; 01/10/25 → jolt30n ("Jolt" – nod to Discord vishing tools). This Iran-SS nexus? Fuels their global reach – from Porsche firmware hacks to recirculated Epstein files on black markets. Rey's not just admin; they're the nerve center. Exposed & vulnerable. Admin #2: *famous celebrity Sex (Anime catgirl avatar, UID "7327440053" – the "Sevy" chameleon). Last seen: Recently. This one's a serial evader, cycling "famous celebrity" troll bios to spoof celeb vishing (e.g., impersonating execs for MFA fatigue). Posted today's media bait – but that's misdirection for their real game: Insider grooming & RaaS hype. DETAILED TIMELINE – Sevy's Profile Evolution (18-Month Evasion Map): •⁠ ⁠13 May 2024: KAngel_uwu (ID 5701053895) – Kawaii origins, pre-SLSH merger. •⁠ ⁠ 15 Jul 2025: sevyuwu – "famous, celebrity" bio kicks off; ties to early Com leaks. •⁠ ⁠29 Aug 2025: lyssa – "famous celebrity 🐈" (cat emoji motif for "pussy" edgelord flex, post-Aug 8 channel launch). •⁠ ⁠17 Sep 2025: loooolidcccloooolidccCEO – "🐈famous💗celebrity🐱meowmy👙" (Lingerie troll + "lol I dccc" CEO mockery; aligns w/ Sep "retirement" psyop on BreachForums). •⁠ ⁠18 Sep 2025: sevykitten – "maybe it wasnt meant to be" (Emo pivot amid LAPSUS$ arrest echoes). •⁠ ⁠27 Oct 2025: ISEEITILIKEITIWANTITIG0TITxDUwU – "INACTIVE" (Ariana meme leetspeak; Oct Qantas/Discord chaos). •⁠ ⁠13 Nov 2025: barbie – "Deleted Account" (Post-CrowdStrike $25K bribe flop). •⁠ ⁠25 Nov 2025*: kAngel_uwu – "famous celebrity" (Full circle; admin flex in your channel). Pattern? Renames cluster around LE heat (e.g., FBI BreachForums seizures Oct 9). Sevy's the psychological warfare arm – bios mock victims/researchers while baiting recruits. No direct phone leak yet, but UID ties to Com's youth cluster (teens/20s). Admin #3: Rose (Redhead cartoon avatar, full message access). Automated greeter bot – pings new joins by username for vetting (e.g., "Welcome @newbie – prove your insider creds or GTFO"). Custom script: Scrapes profiles, flags non-English speakers, auto-bans lurkers. Rose isn't human; it's SLSH's opsec enforcer – logs every entry for doxxing fodder (e.g., feeding vishing lists). GIFT NETWORK EXPOSED – Sevy's Underground Web*: UID 7327440053's "Подарочные связи" (Telegram Premium gifts/Stars laundering – Oct 2024 feature abused for affiliate payouts). 10+ linked IDs (e.g., 8042142303, 6524181273, 7082816478) – potential co-admins/recruits in RaaS beta ("SHINYSP1D3R" boosts via gifts). These trace to Com's crypto scams (Yukari-style), funding $370K+ extortions (AT&T echoes). Cross-scrapes show gifts spiking Nov 15-23 (post-Gainsight), likely insider bribes masked as "collectibles." This isn't gifting; it's money laundering for chaos – $0.01/Star flips to untraceable crypto. SLSH's cruelty? They taunt fallen LAPSUS$ "soldiers" in prison, leak victim PII for sport, & psyop researchers (us included). But exposure cuts both ways. The Hydra's Weak Spot: SLSH's "retirement" teases (Sep 2025 BreachForums post) were smoke – they're escalating w/ FBI NICS/Google LERS access proofs & new victims (LinkedIn, DocuSign, Verizon).

@DarkWebInformer Allegedly have psychological problems^

Some of you really have psychological problems. 😂

@nattyfried Its not a real account, its the same person impersonating multiple groups (e.g. ALPHv, ShinyHunters, SLH. LAPSUS$). They have ton of accounts like @shinycorpAPT and @bfsupp. They are also behind multiple fake BreachForums versions.

Interesting 🇫🇷

@akaclandestine why are u just posting shi we already posted on tg LMFAO

crowdstrike (aka crowdshart aka crowdstriked) gets poped like candy at SLSH ^_- t.me/smokinmandiant #cr0wdsp1d3rz #crowdhunters

@H4ckmanac already breaches ts ages ago no wonder why they didnt get paid over data IGT was extorted w before LOL

🚨Cyberattack Alert ‼️ 🇺🇸USA - IGT Qilin hacking group claims to have breached IGT, a global leader in gaming Allegedly, the attackers exfiltrated 10 GB of data, including 21683 files. Sector: Entertainment Threat class: Cybercrime Observed: Nov 19, 2025 Status: Pending verification — About this post: Hackmanac provides early warning and cyber situational awareness through its social channels. This alert is based on publicly available information that our analysts retrieved from clear and dark web sources. No confidential or proprietary data was downloaded, copied, or redistributed, and sensitive details were redacted from the attached screenshot(s). For more details about this incident, our ESIX impact score, and additional context, visit HackRisk.io.

This is John Binns (irdev) 😂 #iykyk #irdev

@IntCyberDigest my servers gone rip

‼️ Update on Operation Endgame: Dutch police have seized thousands of servers owned by CrazyRDP, a bulletproof hoster. CrazyRDP is involved in 80 law enforcement investigations of cybercrime and CSAM. Their website is offline, and the ASN used to host CrazyRDP nodes is also offline.

when i got a mr robot pfp and posting infostealers

@DarkWebInformer '2017' + 'SMTP/Private Keys/Creds' yet selling it as an access instead of breaching it and selling the data.. Probably bullshit

🚨🇰🇷 Alleged Samsung Data Breach, Source Code and Credentials Exposed 📌 South Korea ▪️Industry: Electronics / Technology ▪️Threat Actor: 888 ▪️Network: Clearnet, Dark Web 🧠 A dark web actor operating under the alias 888 has allegedly claimed responsibility for a breach impacting a contractor associated with Samsung, asserting that the compromise also affected multiple companies. The actor claims the stolen data includes source code, private keys, SMTP credentials, configuration files, hardcoded credentials, and user PII... reportedly extracted from a healthcare-related backup.