CTI Updates

they was cookin'

ShinyHunters must be cookin' up something 🤔

@MonThreat That is just recycled old Shinyhunters data. malwarebytes.com/blog/news/2026…

🚨 Betterment Data Breach Exposes PII of 1.4 Million Customers via Social Engineering A data breach involving US-based digital wealth management firm Betterment LLC has compromised the personally identifiable information (PII) of approximately 1.4 million customers. The incident, attributed to a social engineering attack, resulted in the exposure of over 2 million records containing sensitive client data. Betterment, founded in 2008 and headquartered in New York City, is a prominent robo-advisor and fintech company managing over $30 billion in assets for more than 2.5 million customers. The compromised dataset represents a substantial portion of the firm's user base. According to threat intelligence, the leaked data includes names, email addresses, phone numbers, physical addresses, and dates of birth for a subset of the affected accounts. Passwords were reportedly not included in the dump. The extensive sample data reveals a comprehensive CRM and sales database, likely extracted from Betterment's internal customer relationship management systems. Fields exposed include detailed 401(k) plan information, lead scoring metrics, account manager contacts, payroll integration statuses, and various customer lifecycle and engagement data points. The breach was publicized on the Telegram channel @dataseller247. Social engineering attacks on financial institutions often target employee credentials to gain unauthorized access to internal databases. The exposure of such granular client and operational data could facilitate targeted phishing campaigns, identity theft, and further corporate espionage. Betterment has not yet issued a public statement regarding the incident. Financial regulators and cybersecurity experts are likely to scrutinize the firm's security protocols following the disclosure. Customers are advised to monitor their accounts for suspicious activity and remain vigilant against potential phishing attempts leveraging the compromised information. #BettermentBreach #FintechSecurity #DataLeak #SocialEngineering #InvestmentFirm #CyberThreat #DarkWeb

@sayodotfun do no contact them back at all. they are asking you questions they already know the answers too and are just fishing for info to see how you respond. only talk to them via a lawyer, never directly. its a trap. fuck the FBI.

1) what

apparently there’s a sticker pack on telegram with all infamous ransomware operators 🎩

Qilin ransomware group lists MAVA Healthcare, also known as MAVA Behavioral Health. MAVA Behavioral Health provides mental health services for children, teens, and adults, including care for anxiety, depression, ADHD, bipolar disorder, PTSD, and other conditions. #threatintel #osint #healthcare #hipaa

Scattered Lapsus$ Hunters just listed its largest target yet: Sysco, the world's biggest food distributor at $83B revenue, alongside Kodak and Houston Community College. SLSH's US-heavy extortion run, already through Charter, Nexstar and Ralph Lauren this month, is now reaching Fortune 500 scale. Sysco has drawn ransomware claims before, so treat attribution with care - this listing is unconfirmed and nothing is published yet.

i may, or may not have found an RCE in Jellyfin... 👀

Me when I see LimeWire being used in an Akira affiliate ransomware attack in the year of our lord 2026 huntress.com/blog/akira-ran…

Nintendo listed by ShadowByt3s #osint #threatintel

Threat actor Orcinus orca claims to have hacked the FBI .gov website #osint #threatintel

Welp it's official, blogger started removing my posts as well, crazy how even google is hating me now. Is that like supposed to make stop ? Kinda feeling even more motivated.

@kraytovsupp @NASA agreed!

@CTI__Updates @NASA I don't think this is really a leak, it could be public data, for example there are many PDFs on the NASA website, so it could be wrong or a trick?

A threat actor is claiming to have full (@NASA) NASA .gov infra control & data dump 👀 #space #osint #threatintel

Insomnia ransomware group lists Texas-based The Vant Group, an M&A advisory firm founded in 1999. The company provides valuations, sell-side and buy-side advisory, and employee/partner buyout services for businesses up to $250M in revenue. #raas #osint #threatintel #ransomware

Iranian proxy hacking group Handala Hack claims to have had the FBIs FPV security drone system hacked #fbi #osint #threatintel #nationalsecurity #lol #iran

@X3r0DaySec what encryption algo did they use?

They "fixed" my last Indian Govt data dump by encrypting it (srsly lol?) Bypassed that too lmao 48,593 contacts. 37,598 users. All decrypted with a PoC. (IP, Pass, Aadhaar..) CERT-In has been notified. Not dropping full details until it's actually fixed. x.com/X3r0DaySec/sta…

@NASA the ss is them running a WordPress exploit (lol) so not really sure what important info they could have even got. good one to keep an eye on.

Georgian authorities, in cooperation with Polish and American officials, have detained two foreigners (a Ukrainian and a Russian) in Georgia who are responsible for the AudiA6 crypto exchange and the Dark2Web forum #osint #threatintel #darkweb #deepweb #tor

Handala Hack claims to have hacked "California Water Facilities". #osint #threatintel #iran

ShinyHunters lists two new victims - Nexstar Media Group - Ralph Lauren Corporation