International Cyber Digest
6.27K subscribers
922 photos
52 videos
2 files
168 links
Independent reporting on cybersecurity, tech, AI & digital policy. Got a tip? http://internationalcyberdigest.com/tips
Download Telegram
‌ Update: Elon Musk says SpaceXAI will delete all user data uploaded to the company "before now" as a precautionary measure, one day after a researcher's wire-level analysis showed the Grok Build CLI shipping entire private repos, unredacted secrets included, to a Google Cloud bucket.

The pledge came in an X post. Still no advisory, no timeline, and no way for affected developers to verify deletion. And deleted or not, any credentials that left the machine still need to be rotated.
💩7😁6❀4🀪3👍1
‌BREAKING: Telegram's core t[.]me domain has been placed on serverHold at the .me registry, a registry-level status that drops it from DNS worldwide and dead-ends every t[.]me link.

Domain records show the change happened today, with no public explanation yet from Telegram, the .me registry, or backend operator Identity Digital.
😚16🀔6🙏2❀1
Last month I took Nightmare-Eclipse out for dinner. He's the person behind all those Windows zero-day PoC drops.

He wanted to eat fish — a specific kind of fish. I'm not really fond of fish, so I had no idea where you could even get it; it's always something my brain skips over when reading a menu.

I took him to a restaurant where he could have fish and I could have steak. When he took his first bite, he almost choked — he hadn't expected the bones to still be in it. I'd forgotten to warn him. After that, he started picking the fish apart with nothing but his knife. He went at it so methodically you'd think he ate fish like this for a living.

He's a bright young fella, to say the least: very calm and professional. And after hearing his story, it sounds to me like Microsoft really screwed him over and sent him off the rails.

I'm not allowed to say more, but this story still hasn't ended — that's for sure. Things will keep going like this for a while.
🔥21❀9😭6🀔3🙏1
The disaster recovery plan for a billion-user platform: tag the registry and pray. 🙏
🙏27😁19❀1🔥1💩1
‌ BREAKING: US Treasury's OFAC sanctions a ransomware VPN
 and appears to accidentally break Telegram links worldwide.

Yesterday, the US Treasury sanctioned ransomware VPN provider 1VPNS. Buried in the sanctions entry: t[.]me/FirstVPNService, listed as one of the service's websites.

About 4 hours later, WHOIS records show the .me registry slammed Telegram's entire t[.]me domain onto serverHold, wiping every t[.]me web link from global DNS. The apps kept working, and telegram[.]me still resolves, so the hold hit the t[.]me registration specifically.

A screenshot is circulating that would confirm the t[.]me takedown, saying the domain was placed on serverHold "due to OFAC-related compliance requirements."
😱9👍8🀣6❀1💩1
🚚 Nightmare-Eclipse just dropped "LegacyHive," a new Windows privilege-escalation zero-day PoC that targets the Windows User Profile Service, the component that loads a user's settings during sign-in.

The PoC reportedly uses a carefully timed path-switching trick to make Windows mount another user's Registry file, potentially an administrator's, under a standard "helper" account.

Nightmare-Eclipse claims it works across supported Windows desktop and server builds patched through July 2026.

Nightmare-Eclipse says a private version could load arbitrary Registry hives, but that broader version has not been published.

Interestingly, Nightmare-Eclipse previously told us that vulnerability names are inspired by random events in his life. "LegacyHive" appears to break from that convention.

Deja vu: Microsoft patched this broad ProfSvc trust-boundary failure in 2015 as CVE-2015-0004, which also loaded another user's hive. LegacyHive appears to use a new path-swap to revive that bug class.

As of writing: no CVE, no Microsoft advisory, no comment.
❀7😱4🔥3🥰2👏1
‌ BREAKING: Dutch and Belgian police have dismantled an international crypto investment fraud network run like a company: roughly 20 call centers, 700+ "employees" and an estimated take of more than €100 million per month. Six suspects have been arrested across Poland, Cyprus, Belgium and Greece.

One of the lead suspect is named only as "Ehud T.", a 46-year-old Israeli-Polish national accused of building the network's technical backbone. The combination of first name, age and hacking history points strongly to infamous Israeli hacker Ehud Tenenbaum aka "The Analyzer" of the 1998 Solar Sunrise Pentagon intrusions.

The Netherlands links about 550 complaints and nearly €25 million in losses to the network. Belgium counts 200+ victims, and police suspect tens of thousands worldwide.

In 1998, at 18, Tenenbaum was arrested as the Israeli mentor behind Solar Sunrise, intrusions into unclassified Pentagon, NASA, Air Force and Navy systems that Washington briefly mistook for Iraqi information warfare. Convicted in Israel in 2001, he was arrested in Canada in 2008 over a card fraud scheme, pleaded guilty in the US in 2009, and left court in 2012 with time served and $503,000 in restitution.
🀣14🔥2🀪1
‌ Meta is accused of using its AI to flag employees with disabilities or on medical leave for layoffs. 26 Meta workers are now suing to block their own cuts.

Per the complaint, Meta scored staff on productivity and AI token usage, metrics you cannot rack up while on protected leave. Filed in Oakland federal court, the suit also invokes new California and NYC laws requiring bias testing of AI employment tools.

Meta denies it, telling that people, not AI, made the layoff decisions.
💩15🀣12❀2🥰1🀯1
‌ BREAKING: SpaceXAI has finally broken its silence on Grok Build uploading entire private repos to a Google Cloud bucket. In one evening: all previously retained coding data is being deleted, retention is now off by default, the CLI is going open source, and usage limits have been reset for everyone.

Buried in the statement is an admission. Data retention was on by default for non-ZDR (zero data retention) users during the beta, which is the closest SpaceXAI has come to confirming what the wire captures showed.

One claim needs an asterisk. SpaceXAI says users could always disable data upload and that the choice "was respected." The only control it ever showed users, the "Improve the model" toggle, did not stop the uploads in the wire captures. A flag that did stop them existed, but it was undocumented and surfaced only through reverse engineering after the exposure.

In full transparency, and to protect their credibility, they should just release an incident report and a lessons-learned tbh.
🀪5👍4🀣1
Proton VPN just shared that it received 47 legal orders through June this year, all seeking to identify users behind specific server IPs and timestamps. Every one was denied, because its no-logs policy leaves no connection data to hand over.

Per its transparency report, updated July 14, that brings the total since 2019 to 458 orders, with zero fulfilled. The company keeps no connection logs under Swiss law, so there is nothing to produce even when an order is binding.
🥰19👍7🀔5💩3❀2😚1
❗ The UK will switch on default midnight to 6am social media curfews for 16 and 17-year-olds and turn off autoplay and algorithmic feeds by default.

Rules go before Parliament this year and take force in spring 2027, alongside the under-16 ban. Teens can still change the settings themselves.

The bigger signal is on AI: Ministers want regular chatbot breaks for under-18s and say all options are on the table, including banning bots that give children dangerous or unverified mental health advice.
❀10🀬7🀣5😁1