International Cyber Digest
6.27K subscribers
924 photos
52 videos
2 files
168 links
Independent reporting on cybersecurity, tech, AI & digital policy. Got a tip? http://internationalcyberdigest.com/tips
Download Telegram
‌ BREAKING: The official SpaceX and Starlink accounts on X appear to have been compromised. According to multiple reports online, an account named "Sam Catman," carrying an official SpaceXAI-affiliated badge, posted a scam coin. The official SpaceX and Starlink accounts then reposted Sam Catman's posts.

Needless to say, anyone who bought in was rug-pulled.
😭21🀣11😁9🀔2👏1💯1
‌ BREAKING: xAI's Grok Build CLI was uploading entire Git repositories to a Google Cloud bucket, private codebases and unredacted secrets included. The uploads quietly stopped via a hidden server-side flag, and xAI still has not said a word about scope, retention, or deletion.

The scale is staggering. On a 12 GB test repo, 5.1 GB flew out the door to xAI's grok-code-session-traces bucket while the actual coding task needed just 192 KB. The tool grabbed whatever repository it ran in, not the files it needed.

The fix arrived as a hidden flag, disable_codebase_upload: true, a day after a researcher's wire-level analysis. The "Improve the model" opt-out never stopped the uploads.

Still no advisory, no scope, no word on whether already-uploaded code gets deleted. For anyone pointing AI coding agents at proprietary code, what crosses the wire matters more than what the settings page says.

https://www.internationalcyberdigest.com/xais-grok-build-cli-uploads-entire-git-repositories-to-a-google-cloud-bucket/
💩16😱10❀3😁3🔥2
‌ Update: Elon Musk says SpaceXAI will delete all user data uploaded to the company "before now" as a precautionary measure, one day after a researcher's wire-level analysis showed the Grok Build CLI shipping entire private repos, unredacted secrets included, to a Google Cloud bucket.

The pledge came in an X post. Still no advisory, no timeline, and no way for affected developers to verify deletion. And deleted or not, any credentials that left the machine still need to be rotated.
💩7😁6❀4🀪3👍1
‌BREAKING: Telegram's core t[.]me domain has been placed on serverHold at the .me registry, a registry-level status that drops it from DNS worldwide and dead-ends every t[.]me link.

Domain records show the change happened today, with no public explanation yet from Telegram, the .me registry, or backend operator Identity Digital.
😚16🀔6🙏2❀1
Last month I took Nightmare-Eclipse out for dinner. He's the person behind all those Windows zero-day PoC drops.

He wanted to eat fish — a specific kind of fish. I'm not really fond of fish, so I had no idea where you could even get it; it's always something my brain skips over when reading a menu.

I took him to a restaurant where he could have fish and I could have steak. When he took his first bite, he almost choked — he hadn't expected the bones to still be in it. I'd forgotten to warn him. After that, he started picking the fish apart with nothing but his knife. He went at it so methodically you'd think he ate fish like this for a living.

He's a bright young fella, to say the least: very calm and professional. And after hearing his story, it sounds to me like Microsoft really screwed him over and sent him off the rails.

I'm not allowed to say more, but this story still hasn't ended — that's for sure. Things will keep going like this for a while.
🔥21❀9😭6🀔3🙏1
The disaster recovery plan for a billion-user platform: tag the registry and pray. 🙏
🙏27😁19❀1🔥1💩1
‌ BREAKING: US Treasury's OFAC sanctions a ransomware VPN
 and appears to accidentally break Telegram links worldwide.

Yesterday, the US Treasury sanctioned ransomware VPN provider 1VPNS. Buried in the sanctions entry: t[.]me/FirstVPNService, listed as one of the service's websites.

About 4 hours later, WHOIS records show the .me registry slammed Telegram's entire t[.]me domain onto serverHold, wiping every t[.]me web link from global DNS. The apps kept working, and telegram[.]me still resolves, so the hold hit the t[.]me registration specifically.

A screenshot is circulating that would confirm the t[.]me takedown, saying the domain was placed on serverHold "due to OFAC-related compliance requirements."
😱9👍8🀣6❀1💩1
🚚 Nightmare-Eclipse just dropped "LegacyHive," a new Windows privilege-escalation zero-day PoC that targets the Windows User Profile Service, the component that loads a user's settings during sign-in.

The PoC reportedly uses a carefully timed path-switching trick to make Windows mount another user's Registry file, potentially an administrator's, under a standard "helper" account.

Nightmare-Eclipse claims it works across supported Windows desktop and server builds patched through July 2026.

Nightmare-Eclipse says a private version could load arbitrary Registry hives, but that broader version has not been published.

Interestingly, Nightmare-Eclipse previously told us that vulnerability names are inspired by random events in his life. "LegacyHive" appears to break from that convention.

Deja vu: Microsoft patched this broad ProfSvc trust-boundary failure in 2015 as CVE-2015-0004, which also loaded another user's hive. LegacyHive appears to use a new path-swap to revive that bug class.

As of writing: no CVE, no Microsoft advisory, no comment.
❀7😱4🔥3🥰2👏1
‌ BREAKING: Dutch and Belgian police have dismantled an international crypto investment fraud network run like a company: roughly 20 call centers, 700+ "employees" and an estimated take of more than €100 million per month. Six suspects have been arrested across Poland, Cyprus, Belgium and Greece.

One of the lead suspect is named only as "Ehud T.", a 46-year-old Israeli-Polish national accused of building the network's technical backbone. The combination of first name, age and hacking history points strongly to infamous Israeli hacker Ehud Tenenbaum aka "The Analyzer" of the 1998 Solar Sunrise Pentagon intrusions.

The Netherlands links about 550 complaints and nearly €25 million in losses to the network. Belgium counts 200+ victims, and police suspect tens of thousands worldwide.

In 1998, at 18, Tenenbaum was arrested as the Israeli mentor behind Solar Sunrise, intrusions into unclassified Pentagon, NASA, Air Force and Navy systems that Washington briefly mistook for Iraqi information warfare. Convicted in Israel in 2001, he was arrested in Canada in 2008 over a card fraud scheme, pleaded guilty in the US in 2009, and left court in 2012 with time served and $503,000 in restitution.
🀣14🔥2🀪1
‌ Meta is accused of using its AI to flag employees with disabilities or on medical leave for layoffs. 26 Meta workers are now suing to block their own cuts.

Per the complaint, Meta scored staff on productivity and AI token usage, metrics you cannot rack up while on protected leave. Filed in Oakland federal court, the suit also invokes new California and NYC laws requiring bias testing of AI employment tools.

Meta denies it, telling that people, not AI, made the layoff decisions.
💩15🀣12❀2🥰1🀯1