‼️ AI gooners be warned: the FBI and DOJ announced the arrests of Cornelius Shannon and Arturo Hernandez, both charged with violations of the TAKE IT DOWN Act, which prohibits nonconsensual publication of AI-generated deepfake pornography.
Shannon and Hernandez allegedly posted thousands of images and videos that appeared to depict real people nude and engaging in sexual acts. Victims included actresses, singers, elected officials, and private acquaintances of the defendants.
Shannon, 51, of New Jersey, ran 360 albums depicting ~90 female victims, viewed millions of times. Hernandez, 20, of Texas, posted 113 albums depicting ~50 victims, including non-public figures whose innocent photos were morphed into explicit content.
The DOJ is charging conduct from May 19, 2025 onward, the day President Trump signed the TAKE IT DOWN Act into law. Both men allegedly kept posting for a full year after that date, into the new federal statute.
Each defendant faces up to 2 years in federal prison.
Shannon and Hernandez allegedly posted thousands of images and videos that appeared to depict real people nude and engaging in sexual acts. Victims included actresses, singers, elected officials, and private acquaintances of the defendants.
Shannon, 51, of New Jersey, ran 360 albums depicting ~90 female victims, viewed millions of times. Hernandez, 20, of Texas, posted 113 albums depicting ~50 victims, including non-public figures whose innocent photos were morphed into explicit content.
The DOJ is charging conduct from May 19, 2025 onward, the day President Trump signed the TAKE IT DOWN Act into law. Both men allegedly kept posting for a full year after that date, into the new federal statute.
Each defendant faces up to 2 years in federal prison.
🤣9❤3
‼️ Steam has listed a game in which you whip Black slaves to keep them working, called "Plantation Simulator".
It costs $0.83 USD. The developer, FzzyBzzy, describes the content on the Steam page like this:
"In this game, you will be whipping black people to keep your farm productive. If you whip your black person too much, they will die."
It costs $0.83 USD. The developer, FzzyBzzy, describes the content on the Steam page like this:
"In this game, you will be whipping black people to keep your farm productive. If you whip your black person too much, they will die."
🥰11🔥7🤯4🤣3😭2❤1🤬1🎉1🙏1
‼️ Dutch and French authorities have taken down "First VPN," a criminal VPN service that openly marketed itself to cybercriminals on dark web forums.
Every user received a notification on takedown that the service is gone and they have been identified.
Before pulling the service offline, police had full visibility into the criminal traffic of every user. 33 servers were seized. 83 intelligence packages were shared with ongoing investigations through a Europol Operational Taskforce.
First VPN advertised directly on known cybercrime forums and promised users no logs, no cooperation with justice, and no jurisdiction. Customers used it for ransomware attacks, system intrusions, and account hijacking.
The takedown ran on 19 and 20 May 2026, led by the Dutch Team High Tech Crime and the French authorities, with coordination support from Eurojust and Europol. Action days hit Ukraine, Switzerland, the UK, Romania, and Luxembourg simultaneously. The administrator was interrogated in Ukraine at France's request.
Every user received a notification on takedown that the service is gone and they have been identified.
Before pulling the service offline, police had full visibility into the criminal traffic of every user. 33 servers were seized. 83 intelligence packages were shared with ongoing investigations through a Europol Operational Taskforce.
First VPN advertised directly on known cybercrime forums and promised users no logs, no cooperation with justice, and no jurisdiction. Customers used it for ransomware attacks, system intrusions, and account hijacking.
The takedown ran on 19 and 20 May 2026, led by the Dutch Team High Tech Crime and the French authorities, with coordination support from Eurojust and Europol. Action days hit Ukraine, Switzerland, the UK, Romania, and Luxembourg simultaneously. The administrator was interrogated in Ukraine at France's request.
💩9❤5
Kash Patel's apparel website is reportedly hosting ClickFix malware, according to multiple visitors.
A fake Cloudflare verification page is tricking users into pasting OS-specific "verification" commands that execute malware. The macOS path fetches an infostealer targeting Keychain, browser data, session tokens, and crypto wallets.
A fake Cloudflare verification page is tricking users into pasting OS-specific "verification" commands that execute malware. The macOS path fetches an infostealer targeting Keychain, browser data, session tokens, and crypto wallets.
🤣24😭5🤪3👏1
This media is not supported in your browser
VIEW IN TELEGRAM
‼️ The controversial crypto casino Duel has been imitating the San Diego mosque shooter on its live streams.
This is the same casino that has reportedly offered to pay ChudTheBuilder's $1.25 million bond. ChudTheBuilder is Dalton Eatherly, the streamer charged with attempted first-degree murder after a May 13 shooting outside a Tennessee courthouse, known for shouting "Heil Hitler," "Stop chimping," and the n-word at Black people in live videos.
Duel's live tables have already been documented featuring Nazi imagery, racial slurs, and a dealer simulating whipping a Black co-host while forcing him into Nazi salutes. The San Diego shooter bit fits the pattern.
The casino is owned by Finnish operator Ossi Ketola (aka Monarch) via Immortal Snail LLC, licensed out of Anjouan.
This is the same casino that has reportedly offered to pay ChudTheBuilder's $1.25 million bond. ChudTheBuilder is Dalton Eatherly, the streamer charged with attempted first-degree murder after a May 13 shooting outside a Tennessee courthouse, known for shouting "Heil Hitler," "Stop chimping," and the n-word at Black people in live videos.
Duel's live tables have already been documented featuring Nazi imagery, racial slurs, and a dealer simulating whipping a Black co-host while forcing him into Nazi salutes. The San Diego shooter bit fits the pattern.
The casino is owned by Finnish operator Ossi Ketola (aka Monarch) via Immortal Snail LLC, licensed out of Anjouan.
🥰8😭7🔥1👏1🤪1
‼️🚨🇨🇳 BREAKING: We identified exposed admin panels for Chinese air defence and drone systems across an entire region.
The panels are reachable from the open internet and protected only by default credentials. Our investigation shows this is not isolated. A large number of these intelligence and military systems are deployed the same way.
We also identified exposed control panels for GPU clusters along the way.
Look at these GPUs. The NVIDIA A100 80GB has been banned for sale to China since 2022 under US export restrictions. New units retail at $10,000 to $20,000 depending on form factor, and on the Chinese black market a single A100 reportedly sells for up to $30,000.
So how did they get there?
The panels are reachable from the open internet and protected only by default credentials. Our investigation shows this is not isolated. A large number of these intelligence and military systems are deployed the same way.
We also identified exposed control panels for GPU clusters along the way.
Look at these GPUs. The NVIDIA A100 80GB has been banned for sale to China since 2022 under US export restrictions. New units retail at $10,000 to $20,000 depending on form factor, and on the Chinese black market a single A100 reportedly sells for up to $30,000.
So how did they get there?
😱5😁3🤔1🤣1
‼️🇳🇱🇷🇺 BREAKING: Dutch FIOD just dismantled the local arm of Stark Industries, the EU-sanctioned bulletproof host that has been powering Russian cyberattacks and disinformation across Europe.
They've arrested two suspects for violating the Dutch Sanctions Act, accused of indirectly providing economic resources to EU-sanctioned entities by keeping Stark's infrastructure online through Dutch front companies.
The arrested men:
- Youssef Zinad, 57, of Amsterdam, linked to WorkTitans B.V., the Dutch shell that took over Stark's operations as "THE[.]Hosting" after sanctions hit
- Andrey Nesterenko, 39, of The Hague, founder of MIRhosting, the Dutch provider that allegedly connected the rebranded servers to the internet
What FIOD seized:
- More than 800 servers
- Laptops, phones, and business records
- Across three offices in Enschede and Almere
- Two data centres in Dronten and Schiphol-Rijk
The chain: Stark Industries Solutions Ltd (UK, Companies House #13906017) was incorporated on February 10, 2022, two weeks before Russia invaded Ukraine. On May 20, 2025, the EU sanctioned Stark alongside its Moldovan owners Iurie and Ivan Neculiti for enabling Russian state-sponsored cyberattacks, disinformation, and hybrid threats against the EU.
Within nine days, the infrastructure was rebranded as THE[.]Hosting under WorkTitans B.V. in Almere. A new autonomous system, AS209847, was registered on June 24, 2025 to consolidate the rebrand.
WorkTitans and MIRhosting networks were allegedly heavily used in pro-Russian cyberattacks targeting Danish government organisations during the November 2025 municipal elections.
Suspect Andrey told de Volkskrant he was unaware that pro-Russian actors used his infrastructure and said he ended cooperation after the sanctions were imposed.
https://www.fiod.nl/fiod-houdt-twee-verdachten-aan-wegens-overtreding-sanctiewetgeving/
They've arrested two suspects for violating the Dutch Sanctions Act, accused of indirectly providing economic resources to EU-sanctioned entities by keeping Stark's infrastructure online through Dutch front companies.
The arrested men:
- Youssef Zinad, 57, of Amsterdam, linked to WorkTitans B.V., the Dutch shell that took over Stark's operations as "THE[.]Hosting" after sanctions hit
- Andrey Nesterenko, 39, of The Hague, founder of MIRhosting, the Dutch provider that allegedly connected the rebranded servers to the internet
What FIOD seized:
- More than 800 servers
- Laptops, phones, and business records
- Across three offices in Enschede and Almere
- Two data centres in Dronten and Schiphol-Rijk
The chain: Stark Industries Solutions Ltd (UK, Companies House #13906017) was incorporated on February 10, 2022, two weeks before Russia invaded Ukraine. On May 20, 2025, the EU sanctioned Stark alongside its Moldovan owners Iurie and Ivan Neculiti for enabling Russian state-sponsored cyberattacks, disinformation, and hybrid threats against the EU.
Within nine days, the infrastructure was rebranded as THE[.]Hosting under WorkTitans B.V. in Almere. A new autonomous system, AS209847, was registered on June 24, 2025 to consolidate the rebrand.
WorkTitans and MIRhosting networks were allegedly heavily used in pro-Russian cyberattacks targeting Danish government organisations during the November 2025 municipal elections.
Suspect Andrey told de Volkskrant he was unaware that pro-Russian actors used his infrastructure and said he ended cooperation after the sanctions were imposed.
https://www.fiod.nl/fiod-houdt-twee-verdachten-aan-wegens-overtreding-sanctiewetgeving/
🤯4❤2
This media is not supported in your browser
VIEW IN TELEGRAM
How honeypots in cybersecurity work, explained in 7 seconds.
🤣43💩3
Media is too big
VIEW IN TELEGRAM
❗️🇹🇭 Yesterday, Thai police arrested six Nigerian men running a romance scam ring built on AI-generated faces and fake video calls in Nonthaburi, Thailand.
🤣22👍6😁2
‼️🚨 Research shows infostealers are the origin of the compromised accounts pushing the malware for the Megalodon 5,000+ repo supply chain attack.
Further analysis suggests similar attacks may be imminent: over 24,000 companies have employees with compromised GitHub credentials sitting in infostealer logs.
Hudson Rock cross-referenced the Megalodon GitHub usernames against their cybercrime intelligence database and matched 331 of 978 unique usernames (33%) to computers already infected by infostealers. Deeper manual lookups (pulling old commit emails and rechecking) push the compromised rate close to 100%.
The wider exposure: Accenture alone has 10+ infected employees with GitHub access. Dell's partner ecosystem maps 11,000+ compromised third parties, including ABB. Anheuser-Busch InBev is also on the list. Infostealer logs are now the fuel feeding mass GitHub supply chain attacks.
https://www.infostealers.com/article/infostealers-just-spawned-a-5000-repo-github-supply-chain-attack/
Further analysis suggests similar attacks may be imminent: over 24,000 companies have employees with compromised GitHub credentials sitting in infostealer logs.
Hudson Rock cross-referenced the Megalodon GitHub usernames against their cybercrime intelligence database and matched 331 of 978 unique usernames (33%) to computers already infected by infostealers. Deeper manual lookups (pulling old commit emails and rechecking) push the compromised rate close to 100%.
The wider exposure: Accenture alone has 10+ infected employees with GitHub access. Dell's partner ecosystem maps 11,000+ compromised third parties, including ABB. Anheuser-Busch InBev is also on the list. Infostealer logs are now the fuel feeding mass GitHub supply chain attacks.
https://www.infostealers.com/article/infostealers-just-spawned-a-5000-repo-github-supply-chain-attack/
❤2👍1