Ryan Moran (remo)

@OsintKitties SkidSec

Seems previous threat actors from seigedsec may be returning after a long break. #seigedsec #hacktivist

@BalaiBB For example when i said there is a mismatch and not as much details. Using posts collected from both accounts there's a variety in avg length / words per post. Zach also uses a slightly richer vocabulary in longer posts (higher unique word count relative to length).

@BalaiBB I guess if you could read you would understand that they said they've been following ZachXBT for a while now and that's the entire reason they decided to 'investigate' him. Simply they might be inspired by his style + It is not as detailed as ZachXBT posts.

Lmaooooooooooooooooooooooo Zachxbt himself wrote this thread This guy writes exactly just like Zach’s pattern He replied comments the exact same way Zach’s does 1) Zach uses ( 1/) to begin his thread 2) Thread was absolutely detailed 3) His comments reply was subtle 4) Zach didn’t untag himself

They drew the Ukrainian admin Tokha with a very non-Slavic appearance. Maybe they mixed him up with a different forum admin. Interestingly, according to the service team members, one of the admins is already locked up while the others are still free. They're also saying that everything is fine and that the service will continue soon. It seems Europol depicted a MiTM scenario in the cartoon where the agent intercepts the logs before the admin destroys them rather than implying the service kept logs long-term as most people understood.

🚨 First VPN Service has been seized by law enforcement operation-saffron.eu

Why is the FBI participating in misinformation defamation campaign against a... hacker group...? Has it gotten that bad where you'd rather resort to publishing misinformation instead of making seizures or arrests? You guys are a joke. Provide evidence of swatting or any harassment activity inclusive to physicality. What you write is what is done by Blackfile/UNC6671 not ShinyHunters. Blackfile has impersonated ShinyHunters in many instances to gain artificial credibility. Stop reporting and spreading misinformation.

Cybercriminal group ShinyHunters (SH) recently claimed credit for a cyber-attack that caused a service disruption affecting an online Learning Management System (LMS). Today the #FBI released a #PSA warning of potential future impacts related to the cyber-attack. SH specializes in large-scale data breaches and extortion. Educational institutions with exposed cloud-based management platforms, integrated third-party services, and access to sensitive data are at an elevated risk. SH actors’ access to compromised sensitive data could allow them to craft highly sophisticated spearphishing campaigns using real-world context to deceive victims. Following an intrusion, SH actors may send an extortion email to victims. They employ escalatory tactics—including harassment, extortion, and in some cases, swatting—to pressure victims into payment. Review the recommendations on what to do if you are contacted directly by anyone claiming to have your data, along with additional victim resources: ic3.gov/PSA/2026/PSA26…

"I traded my personal info being online (traditional) for my personal info being online (modern), here's how..."

@OrinKerr You need to go and take the bar exam again. The company did not commit a 18 U.S.C. § 1030.

18 U.S.C. § 1030 in the news. wapo.st/4diqs2n

@banthisguy9349 @TESSERACT___ Provide actual proof or stop spreading misinformation, retard. They have never "bullshitting" anything, their Wikipedia page is probably longer then you're resume 😂 Keep dickriding skids like SkidPCP, all you're good at.

@TESSERACT___ Since when are we believing cybercriminals? “Either way, they're paying, so they're taking the route that doesn't result in tons of student pii being leaked.” You know shinyhunters has a history of bullshitting right?

Oh great, you managed to get yourself hacked hard and now you are also paying cybercriminals. thehackernews.com/2026/05/instru… Goodjob keeping the ecosystem active.

@KeyserSoze1337 :')

Due to a recent surge in ShinyHunters impersonators in this international chaotic event, I am making this post to help the general public understand on how the "ShinyHunters" group operates: ShinyHunters does not contact any victims through unofficial channels nor do they ever contact individual downstream victim persons affected by a data breach for payment. They are not broke and don't want your money. Please do not be afool and accede to unsolicited demands from bad actors claiming to be ShinyHunters. They don't have your data and are using the chaos to their advantage as leverage. They are scammers. Many bad actors are using the ShinyHunters name to increase the attention they receive and to be perceived as credible. The real ShinyHunters organisation can only be found at shinyhunte.rs and their TOR onion addresses. Anyone else claiming to be from, in, a part of, associated, affiliated, or ShinyHunters is false. They do not operate on any social media platform. If you ever receive unsolicited communication from 'ShinyHunters' please disregard and move on. It is harmless. You'd automatically know if it is the real one by the way they engage in [solicited] communications. Always verify information through official means. Stay positively paranoid and safe out there!

@intelkink @AlvieriD Because their actual name is SkidPCP. They can't compare to any group on the top 10 list.

@AlvieriD bro literally forgot teampcp

Top 10 non-APT threat groups in 2026 1. ShinyHunters 2. Clop Ransomware 3. Lapsus 4. WorldLeaks - formerly Hunters Int 5. Qilin Ransomware 6. INC Ransom 7. Interlock 8. Akira Ransomware 9. Medusa Team 10. Play Ransomware More - RansomHouse, Chaos, Rhysida, BlackWater, LockBit, Everest… ⚠️ Executives and the public see some of these names and laugh them off but I assure you these groups are no joke ⚠️ Listed by proprietary model - not volume > 1st time 𝑒𝓋𝑒𝓇 LockBit is NOT a Top 10

@DailyDarkWeb You're just farming views by interviewing Impersonators who are clearly just scammers. And all of your posts are just AI stacked on top of AI stop with the slop.

@rmoskovy So are you the real one?

For the first time, Daily Dark Web interviewed the individuals claiming to be behind the ShinyHunters identity. But that’s not all. We also spoke with the person who allegedly leaked the internal conversations connected to the ShinyHunters ecosystem. Two sides. One story. This investigation covers: • Internal conflicts • Identity disputes • Underground ecosystem dynamics • Telegram leaks • Attribution claims • The evolution of the ShinyHunters name The interview will be published soon exclusively on Daily Dark Web. Disclaimer: This content is shared strictly for journalistic, research, and cybersecurity awareness purposes. Daily Dark Web does not support, encourage, or participate in illegal activities. #DDW #DarkWeb #CyberSecurity #ThreatIntelligence #ShinyHunters #CyberCrime #OSINT #DataBreach #ThreatActors #InfoSec #Intelligence

@AlvieriD You just listed a fake LAPSUS as #3…?? They have done nothing but lie and steal breaches. They started off with a lie by impersonating the original LAPSUS. And Cl0p is dead. They’ve done nothing this year.

@insidedarknet What major threat are you talking about? .. if its SkidPCP.. its more likely a Weak-threat. "something like OIDC really doesn't protect anyone from this." does this guy even know what ODIC is or its purpose.. sounds like an absolute retard

TeamPCP is the main group behind the CanisterWorm supply chain attack, that compromised over 500,000 machines and numerous open-source tools. I spoke to the leader; about the methodology, how ShinyHunters scammed TeamPCP and a lot more. buymeacoffee.com/insidedarknet/…

@X264W60313 @WIRED LOL

@rmoskovy @WIRED

Thousands of schools around the US were paralyzed on Thursday after education tech firm Instructure shut down access to its Canvas platform following a breach by hackers going by the name ShinyHunters. wired.com/story/canvas-h…

ShinyHunters has been a persistent thorn in the side of the United States government for 7 years now. Each and every time the Federal Bureau of Investigation (FBI) WFO and the USAO DOJ has managed to exceptionally fail at arresting and prosecuting the core operators of the ring. They couldn't stop them either during a major national security crisis in 2024, ended up arresting some schizo folks who were just scapegoats instead. Prior cases have been similar including most recent ones. This is a nothing burger. Life and business will move on. If anything this was a massive PR win for them to successfully and completely establish their business model at an unprecedented scale, permanently. No threat group can ever compare. Thank you for your attention to this matter.

@DiffeKey Not the actual ShinyHunters. Stop views-farming with false information.

Ticketmaster has reportedly been breached again, with "shinyhunters" claiming to sell access to 980M sales orders, 680M order details, 1.2B party lookup records, 440M unique email addresses, 560M AVS records, and 400M partially encrypted credit card records for $10K lifetime server access. Alleged data also includes millions of uncased/deduped records and references to Taylor Swift Eras Tour ticket barcodes. #cybernews #cybersecurity #news #ticketmaster