Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Leak. Show all posts
War Plans
Cyber Security Data Leak Pentagon Head Signal Threat Intelligence War Plans

Pentagon Director Hegseth Revealed Key Yemen War Plans in Second Signal Chat, Source Claims

 

In a chat group that included his wife, brother, and personal attorney, U.S. Defence Secretary Pete Hegseth provided specifics of a strike on Yemen's Iran-aligned Houthis in March, a person familiar with the situation told Reuters earlier this week. 

Hegseth's use of an unclassified messaging system to share extremely sensitive security details is called into question by the disclosure of a second Signal chat. This comes at a particularly sensitive time for him, as senior officials were removed from the Pentagon last week as part of an internal leak investigation. 

In the second chat, Hegseth shared details of the attack, which were similar to those revealed last month by The Atlantic magazine after its editor-in-chief, Jeffrey Goldberg, was accidentally included in a separate chat on the Signal app, in an embarrassing incident involving all of President Donald Trump's most senior national security officials.

The individual familiar with the situation, who spoke on the condition of anonymity, stated that the second chat, which comprised around a dozen people, was set up during his confirmation process to discuss administrative concerns rather than real military planning. According to the insider, the chat included details about the air attack schedule. 

Jennifer, Hegseth's wife and a former Fox News producer, has attended classified meetings with foreign military counterparts, according to photographs released by the Pentagon. During a meeting with his British colleague at the Pentagon in March, Hegseth's wife was found sitting behind him. Hegseth's brother serves as a Department of Homeland Security liaison to the Pentagon.

The Trump administration has aggressively pursued leaks, which Hegseth has warmly supported in the Pentagon. Pentagon spokesperson Sean Parnell said, without evidence, that the media was "enthusiastically taking the grievances of disgruntled former employees as the sole sources for their article.” 

Hegeseth'S tumultuous moment 

Democratic lawmakers stated Hegseth could no longer continue in his position. "We keep learning how Pete Hegseth put lives at risk," Senate Minority Leader Chuck Schumer said in a post to X. "But Trump is still too weak to fire him. Pete Hegseth must be fired.”

Senator Tammy Duckworth, an Iraq War veteran who was severely injured in combat in 2004, stated that Hegseth "must resign in disgrace.” 

The latest disclosure comes just days after Dan Caldwell, one of Hegseth's top aides, was taken from the Pentagon after being identified during an investigation into leaks at the Department of Defence. Although Caldwell is not as well-known as other senior Pentagon officials, he has played an important role for Hegseth and was chosen the Pentagon's point of contact by the Secretary during the first Signal chat.
Read more »
Data Leak
Anonymous Cyber Vigilantes CyberCrime Cyberhackers Cybersecurity CyberThreat Data Breach Data Leak

Cyber Vigilantes Strike Again as Anonymous Reportedly Leaks 10TB of Sensitive Russian Data

 


It has been a dramatic turn in the cyber world for the globally recognised hacktivist collective Anonymous in the last few days, with the claim that a colossal data breach has been perpetrated against the Russian government and its business elite. This is a bold claim made by Anonymous. According to reports, a group known for its high-profile digital interventions has allegedly leaked tens of terabytes of sensitive and classified data online. 
 
As a result of several sources that have been tracking the activities of the group, it appears that the breach may encompass a wide range of internal communications, financial records, and unreleased documents that are related to many key Russian institutions and corporations, including many of their key financial records. 

They first announced the leak in a post on X (formerly known as Twitter), stating the extent of the breach and describing the type of data that was compromised. There is also a mention of an unusual file titled "Leaked Data of Donald Trump" that is allegedly included within the cyber trove, adding an unexpected twist to the cyber saga. 

The authenticity of this particular file is still subject to scrutiny, but its presence implies that repercussions could extend beyond the borders of Russia because it has been leaked in the first place. As a result, it would be one of the largest political data leaks in recent years, raising serious concerns about cybersecurity vulnerabilities as well as the evolving tactics of digital activism in geopolitics, which could have a significant impact on the international landscape. Cyber analysts are closely watching the situation, as governments and corporations assess the potential fallout. 

Many are anticipating a wave of digital confrontations across global borders, as well as a response by governments and corporations. It was reported on Tuesday that the latest breach is a result of ongoing tensions between Russia and the digital activist community Anonymous, which is a decentralised and leaderless collective known for conducting cyberattacks against oppressive or corrupt entities. Anonymous warned internet users that former US President Donald Trump and Russian President Vladimir Putin have been alleged to be linked. 

Digital disruption has long been a cornerstone of the group's agenda, which seeks to promote transparency. In most cases, the group targets authoritarian regimes, controversial political figures, and powerful corporations, often blurring the line between cyberwarfare and protest. 

On April 15, 2025, a leaked archive allegedly contained a large amount of politically charged material that has been leaked. Several classified documents have been compiled in the book, including classified details on the internal political machinery of the Russian Federation, as well as sensitive information on local companies and their financial operations. Particularly noteworthy are files that are allegedly about Kremlin-linked assets located overseas and influence networks spanning Western countries. 

An anonymous statement was published on their official X (formerly Twitter) account by Anonymous on September 21st: "In defense of Ukraine, Anonymous has released 10TB of data in support of Ukraine, including leaked information about every Russian business operating in the West, all Kremlin assets, pro-Russian officials, Donald Trump, and many more." In light of the extent of the unprecedented in scope as well as the implication wave of speculation, scrutiny, and concern has swept global intelligence and cybersecurity officials. 
 
With the publication of this digital exposition, it has been possible to shed new light on a variety of things that occurred behind the scenes, ranging from undisclosed financial affiliations to private information regarding high-profile politicians and other figures. As a result of the addition of data allegedly related to Donald Trump to the breach, the geopolitical implications of it grow even more significant, suggesting that Anonymous may not only be trying to expose the Russian state's inner workings, but also to highlight covert operations and transnational alliances that were previously unknown. 
 
In a statement released on Tuesday, April 15, Anonymous claimed responsibility for the leak of approximately ten terabytes of Kremlin-linked data, which was the result of what they described as a massive cyber attack conducted by the hacktivist group in support of Ukraine. Initially, Anonymous TV, a prominent affiliate channel on the social media platform X (formerly Twitter), made the disclosure as part of their first campaign for public awareness of the group’s activities. There is an indication that this trove has been leaked by the Russian government, as well as the Kremlin assets located in the West as and pro-Russian officials. 

Among the information gathered was a reshared file titled “Leaked Data of Corrupt Officials”, which was originally published by Anonymous France, a second X-based account associated with this movement. Because Anonymous is a decentralised and loosely coordinated organisation, it remains unclear what the exact relationship is between these different factions, such as Anonymous TV and Anonymous France, because their nature remains decentralised and loosely coordinated. 

Often, because of the movement's structure, cells and supporters can act independently from each other, blurring the lines between direct affiliations and amplifying the reach and impact of their campaigns at the same time. Among the screenshots shared by Anonymous TV, a glimpse of the structure of the directory was revealing. To describe the contents of the folder, it was divided into several subfolders under the heading "Leaked Data of", which contained the names of people and organisations from various fields. There was a remarkable number of entries, including those of Serbian President Aleksandar Vučić, former US President Donald Trump and, not surprisingly, the American fast food chain Domino's Pizza. 

A broad range of entities included in this data release suggests the release is not just aimed at governments and politicians, but is likely to target commercial interests believed to be operating in Kremlin-linked spheres of influence. There is no doubt that Anonymous's digital crusade is complex and it is often controversial, because of the breadth and unpredictability of its targets. There has been widespread media coverage of the alleged Anonymous data leak, but questions have emerged about the source and significance of the data that have ascended to thrface as a result. 

According to Technology journalist Mikael Thalen, in a separate report, there could be a possible source of the files as well: A user using the handle @CyberUnknown45 who reportedly had begun teasing about and discussing the existence of such data caches as early as December 2023. 

In this regard, Thalen believes that a significant percentage of the leaked material consists of previous leaks, as well as documents which have already been publicly available, scraped from various online sources, as well as documents which were previously leaked in prior hacks. Additionally, he referred to cyber researcher Best, whose insights aligned with this assessment as well. Further, Cybernews, a well-known cybersecurity publication, expressed scepticism about the archive, saying it contained a “large amount of random data,” according to the publication. 

According to the publication, early impressions from the cybersecurity community indicate that the leak is not as sensational as initially claimed. According to Cybernews, the vast trove of leaked information seems to be simply not that exciting and is more of a noise than anything. Cybernews wrote that most people do not seem to be that interested in the information released. However, an analysis of the data has been provided by an individual whose Reddit profile is titled civilservant2011, who claims to have downloaded and examined it. Their post indicated that the archive was mainly divided into company-specific folders, which contained a variety of PDF documents related to various Russian companies, primarily those associated with the defence sector. 

The user mentioned that this archive may be useful for the Ukrainian armed forces, since it contains hundreds of documents about Russian defence contractors, as well as many others related to the Ukrainian armed forces. There is no doubt that this content does not appear to be headline-worthy at first glance, however, it can still have a substantial strategic value to military intelligence or geopolitical analysts. Additionally, the report is contextualised by previous claims that Ukraine’s Defence Intelligence Agency (HUR) made in March 2024, when it claimed that Russian Ministry of Defence databases were breached.  

In addition, the HUR report also states that this operation yielded sensitive data on the Russian Armed Forces, enabling Ukraine to better understand its adversary's military infrastructure. As a result of these developments, it is becoming increasingly apparent that cyber warfare is becoming increasingly complex, where the line between hacktivism, espionage, and information warfare is continuing to get blurred.
Read more »
Threat Intelligence
Black Basta Cyber Security Data Leak Ransomware Outfit Threat Intelligence

Black Basta: Exposing the Ransomware Outfit Through Leaked Chat Logs

 

The cybersecurity sector experienced an extraordinary breach in February 2025 that revealed the inner workings of the well-known ransomware gang Black Basta. 

Trustwave SpiderLabs researchers have now taken an in-depth look at the disclosed contents, which explain how the gang thinks and operates, including discussions about tactics and the effectiveness of various attack tools. Even going so far as to debate the ethical and legal implications of targeting Ascension Health. 

The messages were initially posted to MEGA before being reuploaded straight to Telegram on February 11 by the online identity ExploitWhispers. The JSON-based dataset contained over 190,000 messages allegedly sent by group members between September 18, 2023 and September 28, 2024. 

This data dump provides rare insight into the group's infrastructure, tactics, and internal decision-making procedures, providing obvious links to the infamous Conti leaks of 2022. The leak does not provide every information about the group's inner workings, but it does provide a rare glimpse inside one of the most financially successful ransomware organisations in recent years. 

The dataset reveals Black Basta's internal workflows, decision-making processes, and team dynamics, providing an unfiltered view of how one of the most active ransomware gangs functions behind the scenes, with parallels to the infamous Conti leaks. Black Basta has been operating since 2022. 

The outfit normally keeps a low profile while carrying out its operations, which target organisations in a variety of sectors and demand millions in ransom payments. The messages demonstrate members' remarkable autonomy and ingenuity in adjusting fast to changing security situations. The leak revealed Black Basta's reliance on social engineering tactics. While traditional phishing efforts are still common, they can take a more personable approach in some cases. 

The chat logs provide greater insight into Black Basta's strategic approach to vulnerability exploitation. The group actively seeks common and unique vulnerabilities, acquiring zero-day exploits to gain a competitive advantage. 

Its weaponization policy reveals a deliberate effort to increase the impact of its attacks, with Cobalt Strike frequently deployed for command and control operations. Notably, Black Basta created a custom proxy architecture dubbed "Coba PROXY" to manage massive amounts of C2 traffic, which improved both stealth and resilience. Beyond its technological expertise, the leak provides insight into Black Basta's negotiation strategies. 

The gang uses aggressive l and psychologically manipulative tactics to coerce victims into paying ransoms. Strategic delays and coercive rhetoric are standard tactics used to extract the maximum financial return. Even more alarming is its growth into previously off-limits targets, such as CIS-based financial institutions.

While the immediate impact of the breach is unknown, the disclosure of Black Basta's inner workings provides a unique chance for cybersecurity specialists to adapt and respond. Understanding its methodology promotes the creation of more effective defensive strategies, hence increasing resilience to future ransomware assaults.
Read more »
User Privacy
Bangchak Data Breach Data Leak PDPC User Privacy

PDPC Probes Bangchak Data Breach Impacting 6.5 Million Records

 

A major data breach involving Bangchak Corporation Public Company Limited is being swiftly investigated by Thailand's Personal Data Protection Committee (PDPC). The company stated that unauthorised access to its customer feedback system had affected roughly 6.5 million records. 

A statement posted on the PDPC Thailand Facebook page on April 11 claims that Bangchak discovered the breach on April 9 and acted right away to secure the compromised systems and prevent unauthorised access. The portal from which the hacked data originated was used to gather customer input. 

The PDPC has directed Bangchak to conduct an extensive internal investigation and submit a comprehensive report outlining the nature of the exposed data, the impact on consumers, the root cause of the breach, and a risk assessment. The agency is also investigating whether there was a violation of Thailand's Personal Data Protection Act (PDPA), which might result in legal action if noncompliance is discovered.

In response to the breach, Bangchak delivered SMS alerts to affected customers. The company declared that no sensitive personal or financial information was compromised. However, it advised users not to click on strange links or share their OTP (One-Time Password) tokens with others, which is a typical practice in phishing and fraud schemes. The PDPC stressed the necessity of following data protection rules and taking proactive measures to avoid similar incidents in the future. 

Prevention tips

Set security guidelines: Security protocols must include the cybersecurity policies and processes necessary to safeguard sensitive company data. One of the most effective strategies to prevent data theft is to establish processes that ensure unauthorised persons do not have access to data. Only authorised personnel should be able to view sensitive information. Businesses should have a thorough grasp of the data that could be compromised in order to minimise the risk of a cybersecurity attack.

Implement password protection: One of the most effective things a small business can do to protect itself from a data breach is to use strong passwords for all sites visited on a daily basis. Strong passwords should be unique for each account and include a mix of letters, numbers, and symbols. Furthermore, passwords should never be shared with coworkers or written down where others can see them.

Update security software: Employing firewalls, anti-virus software, and anti-spyware applications can help businesses make sure that hackers can't just access confidential information. To maintain these security programs free of vulnerabilities, they also need to be updated on a regular basis. To find out about impending security patches and other updates, visit the websites of any software suppliers.
Read more »
US Regulator
Data Breach Data Leak Financial Data OCC US Regulator

US regulator OCC Claims Email Hack Exposed Sensitive Bank Details

 

The US Office of the Comptroller of the Currency (OCC), a key banking regulator, officially classified a significant breach of its email system as a "major information security incident" after learning that malicious actors accessed highly sensitive bank supervisory data for eight to nine months before being detected. 

On February 11, 2025, the OCC became aware of "unusual interactions" between a system administrative account and user mailboxes in its office automation environment. By February 12, the agency had determined that the activity was unauthorised, engaged its incident response mechanisms, reported the problem to CISA (Cybersecurity Infrastructure and Security Agency), and blocked the compromised administrative accounts, effectively terminating the unauthorised access.

However, subsequent investigations, including internal evaluations and those conducted by independent third parties, revealed that the infiltration was much larger than previously thought. According to Bloomberg News, citing sources familiar with the investigation, the unauthorised access began in May or June 2024 and was discovered in February 2025. During this prolonged period, the attackers gained access to around 150,000 emails from 100 to 103 accounts, including those of senior OCC executives and workers.

On April 8, 2025, the OCC formally informed the United States Congress that the breach satisfied the threshold for a "major incident" under the Federal Information Security Modernisation Act (FISMA). This classification is based on the fact that the stolen emails and attachments contained "highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes.”

Acting Comptroller of the Currency Rodney E. Hood stated unequivocally that "long-held organisational and structural deficiencies" led to the incident and promised "full accountability for the vulnerabilities identified and any missed internal findings." The OCC is conducting a thorough audit of its IT security rules and procedures, and it has engaged third-party cybersecurity experts for review. Additional experts may be brought in to analyse internal cyber incident processes. 

The prolonged, undetected access to highly sensitive regulatory information about the health and oversight of US national banks constitutes a severe security flaw within a critical financial regulatory body. Exposure to such data increases the risk of its misuse for market manipulation, espionage, or enabling targeted assaults on financial institutions. While the OCC claimed in February that there was "no indication of any impact to the financial sector," the sensitivity of the exposed data may potentially cause "demonstrable harm to public confidence.”
Read more »
User Privacy
Apollo Hospitals Data Breach Data Leak Medical Data User Privacy

Researchers Unearth a Massive Data Leak Within Apollo Hospitals

 

For security analysts Akshay and Viral, a casual check of a healthcare system's security quickly turned into a huge finding. The duo discovered a major data leak at Apollo Hospitals, one of India's leading hospital networks. 

The breach first came to their attention on January 9, when they discovered a zip file on one of Apollo's subsidiary websites. Recognising the sensitivity, they notified Apollo's management within a few hours on January 10.

The file was erased by February 1, but they raised the issue with the Indian Computer Emergency Response Team (CERT-In) and the National Critical Information Infrastructure Protection Centre (NCIIPC), urging further investigation. 

In March, they uncovered another zip file, which was smaller in size but still included sensitive material, raising new concerns about ongoing security threats. It remains unknown whether Apollo or an intruder is adding and deleting files from the server. 

The leaked data include scanned copies of critical personal documents such as work identification cards, PAN cards, Aadhaar cards, passports, and student IDs. This type of data can be used to commit identity theft, fraud, or illegal access to services. 

Additionally, the breach exposed patient medical records, immunisation information, and credentials associated with patient IDs and many internal databases. This means that an attacker could misuse or publicly disclose confidential health information, such as diagnosis, prescriptions, and treatments.

Who is behind the leak?

The experts suspect the attack was carried out by the KillSec ransomware organisation, a well-known cybercriminal outfit that has attacked a variety of sectors, including healthcare.

Using Halcyon, a cybersecurity platform that tracks ransomware gangs and its actions, they learnt that KillSec targeted Apollo Hospitals in October 2024. The compromised data they discovered also dated back to that time period, establishing the connection.

KillSec is notorious for stealing sensitive data and threatening to publish or sell it unless a ransom is paid. Unlike some ransomware gangs who encrypt data to demand payment, KillSec frequently uses double extortion—stealing data before spreading ransomware, giving them leverage even if the victim refuses to pay. 

No action taken 

The researchers highlighted that well over 60 days had passed since their initial attempt to notify Apollo, far exceeding the industry threshold for responsible disclosure. While non-critical security issues are routinely addressed within this timeframe, breaches of this magnitude are usually resolved within hours by firms of comparable size. 

Organisations must report particular types of cyber incidents to CERT-In within six hours of detection. They must submit accurate data, such as the nature of the breach, the systems involved, and any preliminary results.
Read more »
Personal Data
Dark Web Dark website Data Breach Data Brokers Data Leak data security DOGE Elon Musk ParkMobile Personal Data

Dark Web Site DogeQuest Targets Tesla Owners Using Data from ParkMobile Breach

 

A disturbing dark web website known as DogeQuest has surfaced, targeting Tesla owners and associates of Elon Musk by publishing their personal information. The data used on the site appears to have been sourced largely from a 2021 breach of the ParkMobile app, which affected over 21 million users. 

According to privacy research group ObscureIQ, 98.2% of the individuals listed on DogeQuest can be matched to victims of the ParkMobile hack. The site initially operated on the surface web but now functions under a .onion domain, which anonymizes its hosting and complicates takedown efforts by authorities. The purpose of DogeQuest is masked as an “artistic protest” platform, encouraging acts of vandalism against Tesla vehicles. 

Although the site claims neutrality by stating it does not endorse or condemn actions taken, it openly hosts names, home addresses, contact details, and even employment information of more than 1,700 individuals. These include not only Tesla drivers but also DOGE employees, their families, and high-profile individuals from the military, cybersecurity, and diplomatic sectors. The website’s presence has allegedly been linked to real-world vandalism, prompting federal investigations into its operations. 

ObscureIQ’s analysis reveals that the core data used by DogeQuest includes email addresses, phone numbers, and license plate details—information originally accessed through ParkMobile’s compromised Amazon Web Services cloud storage. While ParkMobile claimed at the time that no financial data was exposed, the combination of breached user data and information purchased from data brokers has been enough to target individuals effectively. 

A class-action lawsuit against ParkMobile later resulted in a $32 million settlement for failing to secure user data. Despite the gravity of the situation, no other public reporting had directly connected DogeQuest to the ParkMobile breach until ObscureIQ’s findings were shared. The doxxing platform has evolved into a larger campaign, now also publishing details of prominent federal employees and private sector figures. A spreadsheet reviewed by the Daily Caller News Foundation highlights how widespread and strategic the targeting has become, with individuals from sensitive fields like defense contracting and public health policy among the victims. 

Law enforcement agencies, including the FBI and DOJ, are now actively investigating both the digital and physical components of this campaign. Just last week, the Department of Justice charged three individuals suspected of attacking Tesla vehicles and infrastructure across multiple states. However, officials have not yet confirmed a direct link between these suspects and DogeQuest. The FBI has also noted a troubling increase in swatting incidents aimed at DOGE staff and affiliates, indicating that the site’s influence may extend beyond digital harassment into coordinated real-world disruptions. 

With DogeQuest continuing to evade takedown attempts due to its anonymized hosting, federal authorities face an uphill battle in curbing the campaign. ParkMobile has so far declined to comment on the matter. As the scope and sophistication of this doxxing effort grow, it underscores the lingering impact of data breaches and the increasing challenges in protecting personal information in the digital age.
Read more »
Windows
ChatGPT Cyber Crime Data Leak Microsoft Windows

Hacker's Dual Identity: Cybercriminal vs Bug Bounty Hunter

Hacker's Dual Identity: Cybercriminal vs Bug Bounty Hunter

EncryptHub is an infamous threat actor responsible for breaches at 618 organizations. The hacker reported two Windows zero-day flaws to Microsoft, exposing a conflicted figure that blurs the lines between cybercrime and security research. 

The reported flaws are CVE-2025-24061 (Mark of the Web bypass) and CVE-2025-24071 (File Explorer spoofing), which Microsoft fixed in its March 2025 Patch Tuesday updates, giving credit to the reporter as ‘SkorikARI.’ In this absurd incident, the actor had dual identities—EncryptHub and SkorikARI. The entire case shows us an individual who works in both cybersecurity and cybercrime. 

Discovery of EncryptHub’s dual identity 

Outpost24 linked SkorikARI and EncryptHub via a security breach, where the latter mistakenly revealed their credentials, exposing links to multiple accounts. The disclosed profile showed the actor’s swing between malicious activities and cybersecurity operations. 

Actor tried to sell zero-day on dark web

Outpost24’ security researcher Hector Garcia said the “hardest evidence was from the fact that the password files EncryptHub exfiltrated from his system had accounts linked to both EncryptHub” such as credentials to EncryptRAT- still in development, or “his account on xss.is, and to SkorikARI, like accesses to freelance sites or his own Gmail account.” 

Garcia also said there was a login to “hxxps://github[.]com/SkorikJR,” which was reported in July’s Fortinet story about Fickle Stealer; this helped them solve the puzzle. Another big reveal of the links to dual identity was ChatGPT conversations, where activities of both SkorikARI and EncryptHub could be found. 

Zero-day activities and operational failures in the past

Evidence suggests this wasn't EncryptHub's first involvement with zero-day flaws, as the actor has tried to sell it to other cybercriminals on hacking forums.

Outpost24 highlighted EncryptHub's suspicious activities- oscillating between cybercrime and freelancing. An accidental operational security (OPSEC) disclosed personal information despite their technical expertise. 

EncryptHub and ChatGPT 

Outpost24 found EncryptHub using ChatGPT to build phishing sites, develop malware, integrate code, and conduct vulnerability research. One ChatGPT conversation included a self-assessment showing their conflicted nature: “40% black hat, 30% grey hat, 20% white hat, and 10% uncertain.” The conversation also showed plans for massive (although harmless) publicity stunts affecting tens of thousands of computers.

Impact

EncryptHub has connections with ransomware groups such as BlackSuit and RansomHub who are known for their phishing attacks, advanced social engineering campaigns, and making of Fickle Stealer- a custom PowerShell-based infostealer. 

Read more »
Subscribe to: Posts (Atom)