❗️ Interesting move from the French police: they posted on a breaches forum directly from a threat actor's account after they arrested him.

‼️🇫🇷 The threat actor behind the ANTS breach told us he doesn't want any money, he just wanted to prove government systems are easy to hack.

ANTS was breached via an IDOR access control flaw. 80GB of passwords, source code, logs, and PII stolen.

We've seen the samples...

Stolen records included "support@context[.]ai," assessed as a core Context-Inc Vercel team account, likely enabling privilege escalation into Vercel infrastructure.

🚨 The Vercel breach traces back to a Context[.]ai gooner employee infected with Lumma infostealer. The malware harvested his Google Workspace credentials, porn and anime site logins, and the in-game username "lecoonjames" (see profile pic below, he changed the username post-infection, I wonder why).

The Dutch military postal system missed the device entirely. The Ministry of Defense has now banned greeting cards with batteries.

🚨‼️ A Dutch NATO ship escorting France's nuclear flagship carrier Charles de Gaulle was tracked via a cheap Bluetooth tracker, mailed to the vessel inside a greeting card by a Dutch TV station.

Exposed fields include full name, email, address, date and place of birth, phone number, and identity verification data. Confirmed by the Ministry of the Interior.

🚨🇫🇷 France's ANTS portal, the government system issuing IDs, passports, and driver's licenses, has been breached.

Up to 19 million French citizens may be affected. ANTS has confirmed the breach.

Vercel is recommending customers to rotate keys.

🚨 BREAKING: Vercel has been breached. A threat actor has listed their customers' data, source code, databases, and keys up for sale.

Vercel has also publicly disclosed they've identified a security incident involving unauthorized access to their internal systems.

❗️🇨🇳 China's humanoid robots have advanced dramatically in the span of a single year. Imagine where they'll be in a couple more.

Damn..

🚨 The Ukrainians then went a step further and invaded the meeting itself, asking questions and taunting the Russian officials live on the call.

🚨🇺🇦 BREAKING: Ukrainians hacked yesterday's closed-door Russian Ministry of Industry and Trade meeting on drone production.

Turns out Russia can't source even basic components and is now fully dependent on China.

They joke about even having to import copper wire and plastic.

🚨🇮🇱 BREAKING: Israel is using dogs to rape and sexually assault Palestinian detainees at Israeli detention sites, per survivor testimonies logged by PCHR, Euro-Med, and Israeli group B'Tselem. Israeli analyst Shaiel Ben-Ephraim says two Sde Teiman guards confirmed the accounts to him directly.

The FBI Director Is MIA Kash Patel has alarmed colleagues with episodes of excessive drinking and unexplained absences.

www.theatlantic.com/politics/202...

Officials question whether alcohol played a role in Patel publicly pushing bad info on active cases, including the Charlie Kirk murder investigation.

He still has the job. But senior Trump officials are already discussing replacements, and a former official calls him "rightly paranoid."

Describing heavy drinking, unexplained absences, and colleagues who now view him as a national-security vulnerability.

Trump personally called Patel to express his unhappiness after a video surfaced of him chugging beer with the U.S. Olympic hockey team in Italy.

🚨🇺🇸 A week ago, the FBI Director couldn't log into his FBI account, so he panicked and called White House aides convinced he'd been fired. It was a technical glitch.

That's just one scene from The Atlantic's new report on Kash Patel, drawn from 24+ sources..

❗️X lost its 4th court battle today against a European user — a tech lecturer who filed a GDPR data request after getting shadowbanned. He just wanted to see his data.

This raises the question of how many privacy and data protection laws they broke, and how much data they collect on users, since they had enough to single out owners of third-party devices.

This past week they pushed config changes that got customers banned from using FSD. Experts confirm the mechanism is simple: an SMS wakes the car up, then software is pushed and installed from the mothership straight to the car's media control unit without user interaction.

Tesla has remotely altered tens of thousands of customer cars without consent, confirming you don't actually OWN your Tesla when you buy one.

They've demonstrated there's one single point of failure: the mothership. Whoever owns that, owns every Tesla on the road.

🚨 Bluesky was attacked by Iranian threat actors today and experienced some downtime.

I have no idea why they would target Bluesky — this seems like a friendly fire incident. 😂 because it's the one platform that has the same enemies as Iran.

It gets worse. The app's "too many attempts" lockout is just a counter in a text file. Reset it to 0 and keep guessing. The biometric check (face/fingerprint) is a simple on/off switch in the same file. Flip it to off and the app skips it entirely.

An attacker can delete a couple of entries from a file on the phone, restart the app, pick a new PIN, and the app happily hands over the original user's verified identity credentials as if nothing happened.

‼️🇪🇺 The EU's new Age Verification app was hacked with little to no effort.

When you set it up, the app asks you to create a PIN. But that PIN isn't actually tied to the identity data it's supposed to protect.

The scheme generated $5M+ in revenue for North Korea, and gave them access to confidential data, including US defense contractor files.

❗️🇺🇸🇰🇵 Two U.S. nationals have been sentenced to 108 and 92 months in prison for running North Korean IT "laptop farms" that helped North Koreans pose as Americans and get hired at over 100 U.S. companies, including Fortune 500s.

X users are the only major platform users in Europe who are effectively forced to sue in court just to get their rights.