CTI Updates

@HowToPrompt__ Last updated: 11 months ago pass

Someone open-sourced a tool that takes any username or email and finds every account linked to it across 600+ social networks in seconds. Just one command and it scans every platform, runs free AI profiling to build a full behavioral profile of the target, and exports the whole thing as a clean PDF report. → 600+ sites scanned → free AI profiling included → username OR email lookup → low false positive rate → PDF + CSV exports → runs from one CLI 100% Open Source.

@obscaries very cool idea!~

DorkSearch generates Google dorks for discovering exposed admin panels, public files, leaks, and hidden endpoints. Useful for faster recon. Source: dorksearch.com #BugBounty #OSINT #CyberSecurity

@GlobalGenre @theNovacyberqfs these are scammers for anyone curious ^ ⚠️⚠️⚠️⚠️

Filed with IC3 on behalf of my elderly folks that were scammed approximately 1yr ago. They lost a decent chunk of their nest egg. Never heard from IC3, police don’t do cybercrimes, there is literally no recourse. However @theNovacyberqfs came to my Rescue

Nova ransomware group lists SUNASS, Peru’s water and sanitation services regulator, claiming to have stolen 175 GB of data.

they was cookin'

ShinyHunters must be cookin' up something 🤔

@MonThreat That is just recycled old Shinyhunters data. malwarebytes.com/blog/news/2026…

🚨 Betterment Data Breach Exposes PII of 1.4 Million Customers via Social Engineering A data breach involving US-based digital wealth management firm Betterment LLC has compromised the personally identifiable information (PII) of approximately 1.4 million customers. The incident, attributed to a social engineering attack, resulted in the exposure of over 2 million records containing sensitive client data. Betterment, founded in 2008 and headquartered in New York City, is a prominent robo-advisor and fintech company managing over $30 billion in assets for more than 2.5 million customers. The compromised dataset represents a substantial portion of the firm's user base. According to threat intelligence, the leaked data includes names, email addresses, phone numbers, physical addresses, and dates of birth for a subset of the affected accounts. Passwords were reportedly not included in the dump. The extensive sample data reveals a comprehensive CRM and sales database, likely extracted from Betterment's internal customer relationship management systems. Fields exposed include detailed 401(k) plan information, lead scoring metrics, account manager contacts, payroll integration statuses, and various customer lifecycle and engagement data points. The breach was publicized on the Telegram channel @dataseller247. Social engineering attacks on financial institutions often target employee credentials to gain unauthorized access to internal databases. The exposure of such granular client and operational data could facilitate targeted phishing campaigns, identity theft, and further corporate espionage. Betterment has not yet issued a public statement regarding the incident. Financial regulators and cybersecurity experts are likely to scrutinize the firm's security protocols following the disclosure. Customers are advised to monitor their accounts for suspicious activity and remain vigilant against potential phishing attempts leveraging the compromised information. #BettermentBreach #FintechSecurity #DataLeak #SocialEngineering #InvestmentFirm #CyberThreat #DarkWeb

@sayodotfun do no contact them back at all. they are asking you questions they already know the answers too and are just fishing for info to see how you respond. only talk to them via a lawyer, never directly. its a trap. fuck the FBI.

1) what

apparently there’s a sticker pack on telegram with all infamous ransomware operators 🎩

Qilin ransomware group lists MAVA Healthcare, also known as MAVA Behavioral Health. MAVA Behavioral Health provides mental health services for children, teens, and adults, including care for anxiety, depression, ADHD, bipolar disorder, PTSD, and other conditions. #threatintel #osint #healthcare #hipaa

Scattered Lapsus$ Hunters just listed its largest target yet: Sysco, the world's biggest food distributor at $83B revenue, alongside Kodak and Houston Community College. SLSH's US-heavy extortion run, already through Charter, Nexstar and Ralph Lauren this month, is now reaching Fortune 500 scale. Sysco has drawn ransomware claims before, so treat attribution with care - this listing is unconfirmed and nothing is published yet.

i may, or may not have found an RCE in Jellyfin... 👀

Me when I see LimeWire being used in an Akira affiliate ransomware attack in the year of our lord 2026 huntress.com/blog/akira-ran…

Nintendo listed by ShadowByt3s #osint #threatintel

Threat actor Orcinus orca claims to have hacked the FBI .gov website #osint #threatintel

Welp it's official, blogger started removing my posts as well, crazy how even google is hating me now. Is that like supposed to make stop ? Kinda feeling even more motivated.

@kraytovsupp @NASA agreed!

@CTI__Updates @NASA I don't think this is really a leak, it could be public data, for example there are many PDFs on the NASA website, so it could be wrong or a trick?

A threat actor is claiming to have full (@NASA) NASA .gov infra control & data dump 👀 #space #osint #threatintel

Insomnia ransomware group lists Texas-based The Vant Group, an M&A advisory firm founded in 1999. The company provides valuations, sell-side and buy-side advisory, and employee/partner buyout services for businesses up to $250M in revenue. #raas #osint #threatintel #ransomware

Iranian proxy hacking group Handala Hack claims to have had the FBIs FPV security drone system hacked #fbi #osint #threatintel #nationalsecurity #lol #iran

@X3r0DaySec what encryption algo did they use?

They "fixed" my last Indian Govt data dump by encrypting it (srsly lol?) Bypassed that too lmao 48,593 contacts. 37,598 users. All decrypted with a PoC. (IP, Pass, Aadhaar..) CERT-In has been notified. Not dropping full details until it's actually fixed. x.com/X3r0DaySec/sta…

@NASA the ss is them running a WordPress exploit (lol) so not really sure what important info they could have even got. good one to keep an eye on.