A Threat Actor identified a bug in the Duolingo API. Sending a valid email to the API returns generic account information on the user (name, email, languages studied).

They used an email list to assemble over 2.6m unique entries.

This will be used for doxxing.

That deals with most of the scammers in our DMs
https://t.me/BellumActaNews/101907

📸 🇺🇸 Donald Trump's Mugshot

Fake news 😒

Of course they give the black White Supremacist the longest sentence 😤 typical racist injustice system ✊🏿

https://edition.cnn.com/2023/09/05/politics/enrique-tarrio-sentencing-proud-boys-seditious-conspiracy/index.html

ADL had their contact info leaked. Here it is because fuck the ADL.

Video from Nathan Hughes regarding the FBI & Liberty Safe.

In a separate post he stated the FBI moved all the items in his safe (likely recording serial numbers but that's just my guess...) but nothing appeared to be missing...

Belgium:

This Frenchman had his bag and MacBook stolen in Brussels which lead him to tracking down the thieves and dismantling a huge stolen goods network.

The ethnicity of the thieves will surprise you.

To the ETH fan boys: Vitalik's X (Twitter) account has been compromised. Over $520k of Aryan Ape NFTs have been stolen already.

A Fox News investigation a few months after 9/11 discusses how Israeli telecom companies spy on Americans, and even have backdoor access to federal law enforcement wiretaps. The implication is that it is difficult to believe Israel didn't, at minimum, know about the attacks. This video series has been scrubbed from the internet multiple times, thus the poor quality of what can be found.

Think anything has changed in 22 years? Think again. One of the companies involved still has contracts with every major phone and data company, and is now located in the United States.

https://archive.ph/kekAG

2FA based on phone numbers is trash and cannot be trusted.
https://cointelegraph.com/news/vitalik-buterin-reveals-x-account-hack-was-caused-by-sim-swap-attack

It appears the hot wallets for CoinEX are currently being drained for $54M+ so far on ETH, TRON, BSC, BTC, XRP, and Polygon.

ETH
0x8bf8cd7F001D0584F98F53a3d82eD0bA498cC3dE
0x483D88278Cbc0C9105c4807d558E06782AEFf584
0xCC1AE485b617c59a7c577C02cd07078a2bcCE454
TRON
TPFUjxQzG88Vwynrpj2W61ZAkQ9W2QYgAQ
BSC
0xc844f7178379782ec19f3ee6e399f2eb7b2b984f
BTC
1BHNb9UJy4cWFB5wywZkTVgoNB4JbFmswH
XRP
rpQxVcjVF2fC23r3xKyJS53jw8d5SRhZQf
SOL
G3udanrxk8stVe8Se2zXmJ3QwU8GSFJMn28mTfn8t1kq
Polygon
0x4515bE0067E60d8e49b2425D37e61c791C9B95e9
BCH
qrgxyhj8rzl4l7fgauu6q6vtu2grct4jeyrnaq2s75

Update: This hack appears to have been done by North Korea.

One hour ago they were moving funds from the CoinEX hack to 0x75 on OP.

0x75 on Polygon was funded from the $41M Stake hack.

A critical heap overflow vulnerability has been discovered in libwebp that is being actively exploited in the wild and potentially allows for remote code execution. This affects at least all the popular browsers and Electron-based apps, including messengers such as Signal and Telegram, and additionally LibreOffice.

The major web browsers have already released an update, so make sure you update your browsers. Electron has released an update too, but the app vendors will need to integrate it into updated versions of their apps. There is the potential for zero-click exploits for the Electron-based messengers until they update, so be careful with opening messages from unknown contacts until then.

https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/