Arch
796 subscribers
28 photos
8 links
🗞 Stay in the loop with nonstop crucial information about cybersecurity and privacy.

Purely unbiased & constantly updated feed.

📩 https://t.me/arch?direct
Download Telegram
JUST IN: Starting today, on May 8th 2026, Instagram has officially disabled E2EE (end-to-end encryption) for Direct Messages.

While this change erupts a lot of doubts on user privacy, Meta will now be able to have the ability to scan and access message contents (including images, videos, and voice notes), ensuring this use for safety, moderation and also for legal requests.

While chats, unencrypted, still are safe from hackers, are no longer safe from Meta's access. The feature to create a "locked" conversation, also known as "secret chats", that only the participants can read will now be removed.

Users are also advised to download sensitive data from any encrypted conversations before the deadline & to switch to WhatsApp to continue using E2EE messaging via Meta.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
32🤯1
JUST IN: U.S. federal court approved transferring roughly $72 million in frozen Ether linked to the April 2026 Kelp DAO hack, allegedly tied to North Korea's Lazarus Group (🇰🇵).

Attackers exploited rsETH valuation and collateral mechanics on Arbitrum to borrow excessive ETH from Aave without sufficient backing, draining liquidity and creating undercollateralized debt across DeFi pools.

A recovery coalition (Aave, Kelp DAO, LayerZero, EtherFi) proposed redistributing assets to victims but faced legal opposition from attorneys representing North Korean terrorism victims seeking seizure for judgments against Pyongyang (🇰🇵). A Manhattan (🇺🇸) judge ruled the transfer could proceed, releasing approx. 30,766 ETH ($72,450,327.30) for recovery, though broader legal questions remain.

The case is a landmark for DeFi, DAO governance, and asset recovery, highlighting court influence over DAO funds and decentralization limits.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
64
JUST IN: Fake USDT token offers on getgems[.]io

Attackers on GetGems are sending numerous offers using a counterfeit USDT token and targeting high‑value NFTs.

2 high-value anonymous numbers have already been stolen using this fake token:
+888 0000 1917 ($784,000)
+888 8 321 ($864,000)


🤚Beware accepting offers on marketplace platforms
Fake USDT on TonViewer

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
112😱1🐳1
JUST IN: Apple and Google pushed out the beta for E2EE (End-to-end encrypted) RCS messaging.

Starting the 11th of May, Apple and Google released an update for their latest default messaging apps, which now include end-to-end encrypted RCS (Rich Communication Services) chats between iPhone and Android users.

This update applies for iPhone users, who are running the latest iOS (26.5) and Android users who have the most recent patch of Google Messages. Both parties have to be clients of respective carriers, that provide the service.

Update enables encryption by default, if the requirements are met and is enforced on every new chat made.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
63
JUST IN: Suspected Dream Market admin arrested in Germany faces U.S. charges

49-year-old Owe Martin Andresen faces up to 20 years in prison in the U.S. and was arrested in Germany on separate charges. Dream Market operated from 2013 to 2019 and facilitated the sale of massive quantities of illegal drugs before shutting down.

Andresen allegedly used the handle "Speedstepper" to run the marketplace. Prosecutors say he accessed dormant cryptocurrency wallets in late 2022 and laundered over $2 million between August 2023 and April 2025—including buying $1.7 million in gold bars shipped to his home in Germany.

German authorities raided his residence on May 7, 2026, and recovered the gold bars, $23,000 in cash, and evidence of $1.2 million in suspected Dream Market proceeds.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
25
JUST IN: Interpol dismantles MENA cybercrime ring in Operation Ramz targeting phishing and malware

Interpol published a public statement, that the operation executed in the MENA (Middle East and North Africa) region, was a terrific success and the first-of-its kind. 13 countries in the MENA region took part in the year long investigation.

As of now, 201 arrests have been made public, and 382 other suspects are under investigation. Authorities seized over 8,000 pieces of evidence and 53 servers, that were utilized to uphold crucial infrastructure.

3,867 victims have been identified, and authorities are working on restitutions.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
54
JUST IN: Netherlands launched a new campaign called "Game Over!?" to weaken cybercrime

Dutch police organized a scheme that involves uploading blurred pictures of known fraudsters onto social media and promising to make their identities public, if they do not turn themselves in within a two week period. The operation was targeting fraudsters, that ran banking helpdesk impersonation, fake police officer and card collector schemes. Main aim was to root out banking fraud, due to the large influx of elderly victims involved.

Police was essentially taunting alleged offenders, promising to plaster their identities around publicly, on social media channels as well as have posters of them up on the streets for everybody to see.

Dutch authorities went through with the plan, as of now: 34 alleged cybercriminals turned themselves in. Revelation also prompted authorities to uncover the identities of 40 other suspects. Six arrests have been confirmed.

Officials also have come out with an age demographic between these perpetrators, the youngest being just 14 years old. The average age being 22 years.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
2🐳1
JUST IN: Researchers found sensitive credentials belonging to CISA (US Cybersecurity Agency) stored in a public GitHub repository

A firm called "GitGuardian" that scans public GitHub repositories for poorly kept secrets, made a discovery regarding CISA's publicly available sensitive logins.

Suggestions indicate, that the scandal originated from a third-party contractor, related to CISA and DHS (Department of Homeland Security), and possibly happened due to human error. The repository was created back in Nov 2025, and has been fully accessible to the public all this time. Over the year, multiple commits have been made to the files within in the repo, one of them being an automated feature that warns the owner of potential leaks.

Bad security led to the following data to be exposed: credentials and passwords for internal infrastructure, logs, AWS tokens and cloud keys. AWS tokens exposed logins to 3 GovCloud servers (AWS environment that is specifically designed for US government).

CISA responded with a public statement saying, that the credentials weren't manipulated in any way, so no citizen data was compromised.

As of now, CISA has made the repository private, denying any further access to possible threat actors.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
22🐳1
JUST IN: Dutch FIOD (Financial crime investigations) seized 800 servers from a bulletproof hosting provider

On May 22, FIOD announced that successful raids involving a server hosting provider "Stark Industries" were carried out.

Stark Industries is a web hosting company, already known within federal agencies for upholding criminal infrastructure and enabling cybercrime/cyberattacks. Stark Industries has been linked to Russian state-sponsored campaigns, by providing financial resources and their hosting infrastructure. These actions led them being sanctioned by the United Kingdom last May, which prompted them to move operations to a Dutch based company.

Stark Industries has also partnered in the past with a Russian hacktivist group, giving them access to much-needed resources, to launch massive DDoS campaigns that targeted major corporations.

FIOD stated that, in their raids, that were conducted in the Netherlands, precisely in Schiphol-Rijk and Dronten, they were able to seize the following: 800 servers, several other devices and records. Two arrests were made, a 57 year old suspect, who led the company and a 39 year old, who owns a company that provided internet services to Stark Industries.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
🐳1
JUST IN : John Daghita is appearing this morning before the Indictment Chamber of the Court of Appeal in Basse-Terre, which is set to examine an extradition request. He is suspected of having stolen $46 million in cryptocurrency from the U.S. federal government.

It is alledged that the magistrates have placed their deliberation until May 28th. John Daghita's lawyer plans to file a request for release on bail as early as next week for her client, who is still being held in the Basse-Terre prison.

Do you believe that there could be an outcome where M.Daghita is out on bond?

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
15🤯4🐳1
(Other attachment of John Daghita, for the people), @arch
🤯4🐳4
⚠️ JUST IN: Former call tracking executives plead guilty for enabling global tech support scam ring

Former CEO Adam Young and former CSO Harrison Gevirtz pleaded guilty to hiding a long-running tech support fraud tied to their company C.A. Cloud Attribution Ltd. They face up to three years in federal prison and fines up to $250,000; sentencing is June 16.

Prosecutors say C.A. Cloud, active from 2017 to April 2022, sold phone numbers, call recordings, routing and call-tracking to customers they knew ran scams. Those customers used fake pop-up warnings, impersonated Microsoft and Apple, pressured victims to pay hundreds for bogus fixes, remotely accessed computers, and in some cases stole data and money.

Rather than report the abuse, the executives allegedly told clients to rotate large pools of phone numbers to dodge complaints and shutdowns, steered sales toward fraudulent businesses, and sometimes brokered call trades. They also ran a Tunisia call center where staff carried out similar scams.

The FBI says the pair profited from schemes that targeted the elderly and vulnerable, leaving many frightened or financially ruined. Related cases include a leader sentenced to seven years after taking over $6 million from about 6,500 elderly victims, and the FBI reported Americans lost at least $2.1 billion to tech support fraud last year based on nearly 48,000 complaints to its Internet Crime Complaint Center.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
7🐳1
⚠️JUST IN: FBI & IC3 warn of PhaaS stealing Microsoft 365 OAuth tokens

The FBI and IC3 published a joint PSA after Kali365, a Telegram marketed Phishing‑as‑a‑Service observed in April 2026, was found automating OAuth Device Authorization phishing to capture Microsoft 365 access. The phishing kit packages the full attack chain: AI-written lures, multilingual templates, dynamic device‑code generation, live cookie capture panels, and affiliate access which makes it easy for low-skill actors to run high‑volume campaigns.

Uses on‑demand device codes and clipboard tricks to remove timing issues, raising success rates.
Automates the full attack chain.
Refresh cookies provide persistent, stealthy access across services without needing passwords.


Requires user interaction (victim must paste the code).
Visible account activity or security alerts, token revocation and conditional access policies can detect or block misuse.
Reliant on OAuth/device‑flow implementations, rate limits and device code policies reduce effectiveness.


@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
3🤯3
Arch
JUST IN: Researchers found sensitive credentials belonging to CISA (US Cybersecurity Agency) stored in a public GitHub repository A firm called "GitGuardian" that scans public GitHub repositories for poorly kept secrets, made a discovery regarding CISA's…
JUST IN: Update related to the credential leak involving CISA (US Cybersecurity Agency)

It has come to light, that even though CISA claimed last week, that they're actively working on securing and replacing leaked secrets; an exposed RSA private key, that could grant an unauthorized user full access with full administrative rights to a GitHub app, which contains the entire CISA-IT GitHub organization with all code repos, was still valid.

Dylan Ayrey, founder of a company "TruffleHog", that works on identifying exposed secrets on GitHub, notified a renowned cybersecurity specialist Brian Krebs, who notified CISA of Ayrey's findings. As of now, CISA has invalidated the leaked RSA private key, but according to Ayrey, CISA has not yet changed the leaked credentials to various other sensitive security infrastructure. Situation is delicate due to the fact, that ill ridden advesaries could've seen CISA's secrets and critical infrastructure months ago.

US Congress has also joined the scandal, demanding answers from CISA's leadership.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
2
JUST IN: Salvation Army's Canadian operations are being ransomed by Bravox

RaaS (Ransomware-as-a-Service) group known as Bravox listed the ransom notice for Salvation Army's Canadian operations on their blog site.

Bravox is a RaaS group, who started their operations publicly back in January 2026, they originate from a forum called RAMP. Their primary targets are: US-based organizations in healthcare and retail.

Bravox is currently advertising 110.1GB worth of data to be leaked, if needs are not met. Salvation Army has not yet published any official public statements, regarding the situation. Infostealer activity indicates 1 compromised employee, 2 compromised users and 27 third-party employee credentials.

The Salvation Army operates in 134 countries, providing help to the people in need giving shelters, rehabilitation programs and resources for the vulnerable.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
1😭1
JUST IN: Infamous e-girl "Kenzie" AKA Makenna has been allegedly raided by federal agents.

She was known to be closely associated with Ransomware affiliates such as "Waifu", also known as Alexander "Connor" Riley Moucka, who was arrested in Kitchener, Ontario, on October 30, 2024, at the request of U.S. authorities He is currently in U.S. custody and facing 20 federal charges for his alleged role in massive cyberattacks, data breaches, and extortion schemes, notably known for the Snowflake breach.

It appears that she has gotten her device seized as of April 3rd 2026 (03/04/26), as she is under an on-going investigation due to receiving and spending illegal proceeds from various criminal activities, such as ransom payments or social engineered victim's funds, and spending the dirty funds to pay for VaaS (Violence-as-a-service) to harm other members of the community, through the means of swatting.

The attachments above depict her search warrant, ordered by the court of Kentucky.

This post is to warn about the new wave introduced by federal authorities involving closing in on known suspects and conducting rather quiet arrests, that do not make their way into the media. Most of these apprehensions end with them turning silent informants.

It is advised to stay away from her if you are affiliated with her in any shape, way or form.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
🤯75🐳3😱1
JUST IN: FBI IC3 released an advisory on a group known as "Silent Ransom Group"

Silent Ransom Group (SRG, Luna Moth, Chatty Spider, UNC3753), has been active since 2022, targeting finance, insurance, and healthcare companies, through social engineering attacks. Their playbook usually consists of impersonating IT helpdesk, sending phishing emails, establishing access to unauthorized systems and exporting data via legitimate remote access tools. SRG has also sent individuals in-person to victim corporations and gaining internal access that way. Group has been shifting their scopes onto US-based law firms, as of Spring 2023.

IC3 has called SRG: "Unconventional from different ransomware groups.", due to their unique nature. SRG does not follow the usual route, by relying on traditional ransomware encryption. Instead, they seek swift access to victims' systems, export the data, and extort the companies through threatening to leak the data publicly, or sell it.

Attackers call an employee to social engineer remote access; if that fails they send an operative to plug a device into the victim's machine, then trick the user into imaging/backing it up and use escalated privileges to exfiltrate data via WinSCP or a disguised Rclone.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
2
JUST IN: Threat Actor Ryan Pepper is allegedly tortured in Dubai Detention

27-year-old threat actor Ryan Pepper, from Kent, United Kingdom has reportedly been held in UAE custody for over 7 months without formal charges or a court appearance.

During his detention, he allegedly suffered severe abuse, including repeated beatings and torture while imprisoned in Sharjah.

According to reports, Pepper managed to smuggle handwritten notes out of prison describing violent treatment and inhumane conditions, even nothing that his teeth were pulled out. His family claims they were left without information on his whereabouts for weeks after his disappearance.

Human rights campaigners are now calling on UK authorities to take stronger action, accusing the UAE of arbitrary detention practices and abuse of foreign nationals. The UK Foreign Office says it is providing consular support and has raised concerns with Emirati officials.

The case has reignited criticism surrounding the UAE’s detention system, with advocacy groups warning travelers about the risks of imprisonment and mistreatment in the country.

It is to note, that according to insider sources, it is alledged that other threat actors are getting similar treatment, notably people involved in the wave of arrests in December 2025, with some notable names tied to the theft in the $243M Genesis Creditor theft from August 2024, as well as other notable threat actors from the community causing well over 8 figures in damages.

Ironically, Dubai has long been viewed online as a safe haven for fraudsters, cybercriminals, and organized scam networks due to weak enforcement, luxury protection culture, and the difficulty foreign agencies face when pursuing suspects operating from the region. Over the past few years, countless figures tied to financial fraud, ransomware, crypto scams, and social engineering operations have openly relocated there believing they were untouchable.

However, recent arrests, detentions, extraditions, and international cooperation efforts suggest that image may slowly be changing. Authorities in the UAE appear to be increasing pressure on certain criminal networks, particularly as global attention surrounding cybercrime and financial fraud continues to grow.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
😭157👀3