βΌοΈπ¨π¨π³ BREAKING: We identified exposed admin panels for Chinese air defence and drone systems across an entire region.
The panels are reachable from the open internet and protected only by default credentials. Our investigation shows this is not isolated. A large number of these intelligence and military systems are deployed the same way.
We also identified exposed control panels for GPU clusters along the way.
Look at these GPUs. The NVIDIA A100 80GB has been banned for sale to China since 2022 under US export restrictions. New units retail at $10,000 to $20,000 depending on form factor, and on the Chinese black market a single A100 reportedly sells for up to $30,000.
So how did they get there?
The panels are reachable from the open internet and protected only by default credentials. Our investigation shows this is not isolated. A large number of these intelligence and military systems are deployed the same way.
We also identified exposed control panels for GPU clusters along the way.
Look at these GPUs. The NVIDIA A100 80GB has been banned for sale to China since 2022 under US export restrictions. New units retail at $10,000 to $20,000 depending on form factor, and on the Chinese black market a single A100 reportedly sells for up to $30,000.
So how did they get there?
π±5π3π€1π€£1
βΌοΈπ³π±π·πΊ BREAKING: Dutch FIOD just dismantled the local arm of Stark Industries, the EU-sanctioned bulletproof host that has been powering Russian cyberattacks and disinformation across Europe.
They've arrested two suspects for violating the Dutch Sanctions Act, accused of indirectly providing economic resources to EU-sanctioned entities by keeping Stark's infrastructure online through Dutch front companies.
The arrested men:
- Youssef Zinad, 57, of Amsterdam, linked to WorkTitans B.V., the Dutch shell that took over Stark's operations as "THE[.]Hosting" after sanctions hit
- Andrey Nesterenko, 39, of The Hague, founder of MIRhosting, the Dutch provider that allegedly connected the rebranded servers to the internet
What FIOD seized:
- More than 800 servers
- Laptops, phones, and business records
- Across three offices in Enschede and Almere
- Two data centres in Dronten and Schiphol-Rijk
The chain: Stark Industries Solutions Ltd (UK, Companies House #13906017) was incorporated on February 10, 2022, two weeks before Russia invaded Ukraine. On May 20, 2025, the EU sanctioned Stark alongside its Moldovan owners Iurie and Ivan Neculiti for enabling Russian state-sponsored cyberattacks, disinformation, and hybrid threats against the EU.
Within nine days, the infrastructure was rebranded as THE[.]Hosting under WorkTitans B.V. in Almere. A new autonomous system, AS209847, was registered on June 24, 2025 to consolidate the rebrand.
WorkTitans and MIRhosting networks were allegedly heavily used in pro-Russian cyberattacks targeting Danish government organisations during the November 2025 municipal elections.
Suspect Andrey told de Volkskrant he was unaware that pro-Russian actors used his infrastructure and said he ended cooperation after the sanctions were imposed.
https://www.fiod.nl/fiod-houdt-twee-verdachten-aan-wegens-overtreding-sanctiewetgeving/
They've arrested two suspects for violating the Dutch Sanctions Act, accused of indirectly providing economic resources to EU-sanctioned entities by keeping Stark's infrastructure online through Dutch front companies.
The arrested men:
- Youssef Zinad, 57, of Amsterdam, linked to WorkTitans B.V., the Dutch shell that took over Stark's operations as "THE[.]Hosting" after sanctions hit
- Andrey Nesterenko, 39, of The Hague, founder of MIRhosting, the Dutch provider that allegedly connected the rebranded servers to the internet
What FIOD seized:
- More than 800 servers
- Laptops, phones, and business records
- Across three offices in Enschede and Almere
- Two data centres in Dronten and Schiphol-Rijk
The chain: Stark Industries Solutions Ltd (UK, Companies House #13906017) was incorporated on February 10, 2022, two weeks before Russia invaded Ukraine. On May 20, 2025, the EU sanctioned Stark alongside its Moldovan owners Iurie and Ivan Neculiti for enabling Russian state-sponsored cyberattacks, disinformation, and hybrid threats against the EU.
Within nine days, the infrastructure was rebranded as THE[.]Hosting under WorkTitans B.V. in Almere. A new autonomous system, AS209847, was registered on June 24, 2025 to consolidate the rebrand.
WorkTitans and MIRhosting networks were allegedly heavily used in pro-Russian cyberattacks targeting Danish government organisations during the November 2025 municipal elections.
Suspect Andrey told de Volkskrant he was unaware that pro-Russian actors used his infrastructure and said he ended cooperation after the sanctions were imposed.
https://www.fiod.nl/fiod-houdt-twee-verdachten-aan-wegens-overtreding-sanctiewetgeving/
π€―4β€2
This media is not supported in your browser
VIEW IN TELEGRAM
How honeypots in cybersecurity work, explained in 7 seconds.
π€£43π©3
Media is too big
VIEW IN TELEGRAM
βοΈπΉπ Yesterday, Thai police arrested six Nigerian men running a romance scam ring built on AI-generated faces and fake video calls in Nonthaburi, Thailand.
π€£22π6π2
βΌοΈπ¨ Research shows infostealers are the origin of the compromised accounts pushing the malware for the Megalodon 5,000+ repo supply chain attack.
Further analysis suggests similar attacks may be imminent: over 24,000 companies have employees with compromised GitHub credentials sitting in infostealer logs.
Hudson Rock cross-referenced the Megalodon GitHub usernames against their cybercrime intelligence database and matched 331 of 978 unique usernames (33%) to computers already infected by infostealers. Deeper manual lookups (pulling old commit emails and rechecking) push the compromised rate close to 100%.
The wider exposure: Accenture alone has 10+ infected employees with GitHub access. Dell's partner ecosystem maps 11,000+ compromised third parties, including ABB. Anheuser-Busch InBev is also on the list. Infostealer logs are now the fuel feeding mass GitHub supply chain attacks.
https://www.infostealers.com/article/infostealers-just-spawned-a-5000-repo-github-supply-chain-attack/
Further analysis suggests similar attacks may be imminent: over 24,000 companies have employees with compromised GitHub credentials sitting in infostealer logs.
Hudson Rock cross-referenced the Megalodon GitHub usernames against their cybercrime intelligence database and matched 331 of 978 unique usernames (33%) to computers already infected by infostealers. Deeper manual lookups (pulling old commit emails and rechecking) push the compromised rate close to 100%.
The wider exposure: Accenture alone has 10+ infected employees with GitHub access. Dell's partner ecosystem maps 11,000+ compromised third parties, including ABB. Anheuser-Busch InBev is also on the list. Infostealer logs are now the fuel feeding mass GitHub supply chain attacks.
https://www.infostealers.com/article/infostealers-just-spawned-a-5000-repo-github-supply-chain-attack/
β€2π1
βοΈ OpenAI is shipping a limited-edition collectible pen to its earliest ChatGPT Pro subscribers. Eligible users were notified around two months ago.
Supplies are capped at the first 4,000 who opt in through OpenAI's claim form.
Supplies are capped at the first 4,000 who opt in through OpenAI's claim form.
π©19π2π€1
βΌοΈπ¨ Researcher "Nightmare-Eclipse" had their GitHub account flagged and wiped after publicly dropping zero-day PoCs targeting Microsoft products.
In a message, they accuse Microsoft of deleting the account they used to report bugs (with zero payout for past disclosures).
The signed message ends with a direct threat: "Mark this date July 14th, I will make sure your bones are shattered that day."
A new GitLab account is already up at gitlab.com/nightmare-ecliβ¦, with the bio "Microsoft's nightmare."
In a message, they accuse Microsoft of deleting the account they used to report bugs (with zero payout for past disclosures).
The signed message ends with a direct threat: "Mark this date July 14th, I will make sure your bones are shattered that day."
A new GitLab account is already up at gitlab.com/nightmare-ecliβ¦, with the bio "Microsoft's nightmare."
π₯27β€3π₯°2
βοΈ Pope Leo XIV says AI must be "disarmed" or it will deepen inequality and concentrate power. The warning runs 42,300 words in "Magnifica Humanitas," his first encyclical and the first papal encyclical in history dedicated to artificial intelligence.
Anthropic co-founder Chris Olah was among the presenters at the Vatican Synod Hall release on May 25, alongside Cardinals VΓctor Manuel FernΓ‘ndez and Michael Czerny. Leo XIV is the first pontiff to personally present an encyclical.
For those who donβt know: an encyclical is a formal teaching letter from the Pope addressed to bishops, clergy, and the wider Catholic Church, often the entire world. It carries the highest weight of papal doctrine short of an infallible declaration and sets official Church teaching on faith, morals, or social issues.
Anthropic co-founder Chris Olah was among the presenters at the Vatican Synod Hall release on May 25, alongside Cardinals VΓctor Manuel FernΓ‘ndez and Michael Czerny. Leo XIV is the first pontiff to personally present an encyclical.
For those who donβt know: an encyclical is a formal teaching letter from the Pope addressed to bishops, clergy, and the wider Catholic Church, often the entire world. It carries the highest weight of papal doctrine short of an infallible declaration and sets official Church teaching on faith, morals, or social issues.
π₯24π€£9β€6π2π©1π₯΄1
βΌοΈ Lock βem up! Dropshippers are now using Down syndrome and AI-generated content to manipulate buyers into purchasing cheap resin lamps as "handmade" products.
π€£30π€¬9