Kash Patel's apparel website is reportedly hosting ClickFix malware, according to multiple visitors.
A fake Cloudflare verification page is tricking users into pasting OS-specific "verification" commands that execute malware. The macOS path fetches an infostealer targeting Keychain, browser data, session tokens, and crypto wallets.
A fake Cloudflare verification page is tricking users into pasting OS-specific "verification" commands that execute malware. The macOS path fetches an infostealer targeting Keychain, browser data, session tokens, and crypto wallets.
🤣24😭5🤪3👏1
This media is not supported in your browser
VIEW IN TELEGRAM
‼️ The controversial crypto casino Duel has been imitating the San Diego mosque shooter on its live streams.
This is the same casino that has reportedly offered to pay ChudTheBuilder's $1.25 million bond. ChudTheBuilder is Dalton Eatherly, the streamer charged with attempted first-degree murder after a May 13 shooting outside a Tennessee courthouse, known for shouting "Heil Hitler," "Stop chimping," and the n-word at Black people in live videos.
Duel's live tables have already been documented featuring Nazi imagery, racial slurs, and a dealer simulating whipping a Black co-host while forcing him into Nazi salutes. The San Diego shooter bit fits the pattern.
The casino is owned by Finnish operator Ossi Ketola (aka Monarch) via Immortal Snail LLC, licensed out of Anjouan.
This is the same casino that has reportedly offered to pay ChudTheBuilder's $1.25 million bond. ChudTheBuilder is Dalton Eatherly, the streamer charged with attempted first-degree murder after a May 13 shooting outside a Tennessee courthouse, known for shouting "Heil Hitler," "Stop chimping," and the n-word at Black people in live videos.
Duel's live tables have already been documented featuring Nazi imagery, racial slurs, and a dealer simulating whipping a Black co-host while forcing him into Nazi salutes. The San Diego shooter bit fits the pattern.
The casino is owned by Finnish operator Ossi Ketola (aka Monarch) via Immortal Snail LLC, licensed out of Anjouan.
🥰8😭7🔥1👏1🤪1
‼️🚨🇨🇳 BREAKING: We identified exposed admin panels for Chinese air defence and drone systems across an entire region.
The panels are reachable from the open internet and protected only by default credentials. Our investigation shows this is not isolated. A large number of these intelligence and military systems are deployed the same way.
We also identified exposed control panels for GPU clusters along the way.
Look at these GPUs. The NVIDIA A100 80GB has been banned for sale to China since 2022 under US export restrictions. New units retail at $10,000 to $20,000 depending on form factor, and on the Chinese black market a single A100 reportedly sells for up to $30,000.
So how did they get there?
The panels are reachable from the open internet and protected only by default credentials. Our investigation shows this is not isolated. A large number of these intelligence and military systems are deployed the same way.
We also identified exposed control panels for GPU clusters along the way.
Look at these GPUs. The NVIDIA A100 80GB has been banned for sale to China since 2022 under US export restrictions. New units retail at $10,000 to $20,000 depending on form factor, and on the Chinese black market a single A100 reportedly sells for up to $30,000.
So how did they get there?
😱5😁3🤔1🤣1
‼️🇳🇱🇷🇺 BREAKING: Dutch FIOD just dismantled the local arm of Stark Industries, the EU-sanctioned bulletproof host that has been powering Russian cyberattacks and disinformation across Europe.
They've arrested two suspects for violating the Dutch Sanctions Act, accused of indirectly providing economic resources to EU-sanctioned entities by keeping Stark's infrastructure online through Dutch front companies.
The arrested men:
- Youssef Zinad, 57, of Amsterdam, linked to WorkTitans B.V., the Dutch shell that took over Stark's operations as "THE[.]Hosting" after sanctions hit
- Andrey Nesterenko, 39, of The Hague, founder of MIRhosting, the Dutch provider that allegedly connected the rebranded servers to the internet
What FIOD seized:
- More than 800 servers
- Laptops, phones, and business records
- Across three offices in Enschede and Almere
- Two data centres in Dronten and Schiphol-Rijk
The chain: Stark Industries Solutions Ltd (UK, Companies House #13906017) was incorporated on February 10, 2022, two weeks before Russia invaded Ukraine. On May 20, 2025, the EU sanctioned Stark alongside its Moldovan owners Iurie and Ivan Neculiti for enabling Russian state-sponsored cyberattacks, disinformation, and hybrid threats against the EU.
Within nine days, the infrastructure was rebranded as THE[.]Hosting under WorkTitans B.V. in Almere. A new autonomous system, AS209847, was registered on June 24, 2025 to consolidate the rebrand.
WorkTitans and MIRhosting networks were allegedly heavily used in pro-Russian cyberattacks targeting Danish government organisations during the November 2025 municipal elections.
Suspect Andrey told de Volkskrant he was unaware that pro-Russian actors used his infrastructure and said he ended cooperation after the sanctions were imposed.
https://www.fiod.nl/fiod-houdt-twee-verdachten-aan-wegens-overtreding-sanctiewetgeving/
They've arrested two suspects for violating the Dutch Sanctions Act, accused of indirectly providing economic resources to EU-sanctioned entities by keeping Stark's infrastructure online through Dutch front companies.
The arrested men:
- Youssef Zinad, 57, of Amsterdam, linked to WorkTitans B.V., the Dutch shell that took over Stark's operations as "THE[.]Hosting" after sanctions hit
- Andrey Nesterenko, 39, of The Hague, founder of MIRhosting, the Dutch provider that allegedly connected the rebranded servers to the internet
What FIOD seized:
- More than 800 servers
- Laptops, phones, and business records
- Across three offices in Enschede and Almere
- Two data centres in Dronten and Schiphol-Rijk
The chain: Stark Industries Solutions Ltd (UK, Companies House #13906017) was incorporated on February 10, 2022, two weeks before Russia invaded Ukraine. On May 20, 2025, the EU sanctioned Stark alongside its Moldovan owners Iurie and Ivan Neculiti for enabling Russian state-sponsored cyberattacks, disinformation, and hybrid threats against the EU.
Within nine days, the infrastructure was rebranded as THE[.]Hosting under WorkTitans B.V. in Almere. A new autonomous system, AS209847, was registered on June 24, 2025 to consolidate the rebrand.
WorkTitans and MIRhosting networks were allegedly heavily used in pro-Russian cyberattacks targeting Danish government organisations during the November 2025 municipal elections.
Suspect Andrey told de Volkskrant he was unaware that pro-Russian actors used his infrastructure and said he ended cooperation after the sanctions were imposed.
https://www.fiod.nl/fiod-houdt-twee-verdachten-aan-wegens-overtreding-sanctiewetgeving/
🤯4❤2
This media is not supported in your browser
VIEW IN TELEGRAM
How honeypots in cybersecurity work, explained in 7 seconds.
🤣43💩3
Media is too big
VIEW IN TELEGRAM
❗️🇹🇭 Yesterday, Thai police arrested six Nigerian men running a romance scam ring built on AI-generated faces and fake video calls in Nonthaburi, Thailand.
🤣22👍6😁2
‼️🚨 Research shows infostealers are the origin of the compromised accounts pushing the malware for the Megalodon 5,000+ repo supply chain attack.
Further analysis suggests similar attacks may be imminent: over 24,000 companies have employees with compromised GitHub credentials sitting in infostealer logs.
Hudson Rock cross-referenced the Megalodon GitHub usernames against their cybercrime intelligence database and matched 331 of 978 unique usernames (33%) to computers already infected by infostealers. Deeper manual lookups (pulling old commit emails and rechecking) push the compromised rate close to 100%.
The wider exposure: Accenture alone has 10+ infected employees with GitHub access. Dell's partner ecosystem maps 11,000+ compromised third parties, including ABB. Anheuser-Busch InBev is also on the list. Infostealer logs are now the fuel feeding mass GitHub supply chain attacks.
https://www.infostealers.com/article/infostealers-just-spawned-a-5000-repo-github-supply-chain-attack/
Further analysis suggests similar attacks may be imminent: over 24,000 companies have employees with compromised GitHub credentials sitting in infostealer logs.
Hudson Rock cross-referenced the Megalodon GitHub usernames against their cybercrime intelligence database and matched 331 of 978 unique usernames (33%) to computers already infected by infostealers. Deeper manual lookups (pulling old commit emails and rechecking) push the compromised rate close to 100%.
The wider exposure: Accenture alone has 10+ infected employees with GitHub access. Dell's partner ecosystem maps 11,000+ compromised third parties, including ABB. Anheuser-Busch InBev is also on the list. Infostealer logs are now the fuel feeding mass GitHub supply chain attacks.
https://www.infostealers.com/article/infostealers-just-spawned-a-5000-repo-github-supply-chain-attack/
❤2👍1