Arch
796 subscribers
28 photos
8 links
🗞 Stay in the loop with nonstop crucial information about cybersecurity and privacy.

Purely unbiased & constantly updated feed.

📩 https://t.me/arch?direct
Download Telegram
Arch
JUST IN: Researchers found sensitive credentials belonging to CISA (US Cybersecurity Agency) stored in a public GitHub repository A firm called "GitGuardian" that scans public GitHub repositories for poorly kept secrets, made a discovery regarding CISA's…
JUST IN: Update related to the credential leak involving CISA (US Cybersecurity Agency)

It has come to light, that even though CISA claimed last week, that they're actively working on securing and replacing leaked secrets; an exposed RSA private key, that could grant an unauthorized user full access with full administrative rights to a GitHub app, which contains the entire CISA-IT GitHub organization with all code repos, was still valid.

Dylan Ayrey, founder of a company "TruffleHog", that works on identifying exposed secrets on GitHub, notified a renowned cybersecurity specialist Brian Krebs, who notified CISA of Ayrey's findings. As of now, CISA has invalidated the leaked RSA private key, but according to Ayrey, CISA has not yet changed the leaked credentials to various other sensitive security infrastructure. Situation is delicate due to the fact, that ill ridden advesaries could've seen CISA's secrets and critical infrastructure months ago.

US Congress has also joined the scandal, demanding answers from CISA's leadership.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
2
JUST IN: Salvation Army's Canadian operations are being ransomed by Bravox

RaaS (Ransomware-as-a-Service) group known as Bravox listed the ransom notice for Salvation Army's Canadian operations on their blog site.

Bravox is a RaaS group, who started their operations publicly back in January 2026, they originate from a forum called RAMP. Their primary targets are: US-based organizations in healthcare and retail.

Bravox is currently advertising 110.1GB worth of data to be leaked, if needs are not met. Salvation Army has not yet published any official public statements, regarding the situation. Infostealer activity indicates 1 compromised employee, 2 compromised users and 27 third-party employee credentials.

The Salvation Army operates in 134 countries, providing help to the people in need giving shelters, rehabilitation programs and resources for the vulnerable.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
1😭1
JUST IN: Infamous e-girl "Kenzie" AKA Makenna has been allegedly raided by federal agents.

She was known to be closely associated with Ransomware affiliates such as "Waifu", also known as Alexander "Connor" Riley Moucka, who was arrested in Kitchener, Ontario, on October 30, 2024, at the request of U.S. authorities He is currently in U.S. custody and facing 20 federal charges for his alleged role in massive cyberattacks, data breaches, and extortion schemes, notably known for the Snowflake breach.

It appears that she has gotten her device seized as of April 3rd 2026 (03/04/26), as she is under an on-going investigation due to receiving and spending illegal proceeds from various criminal activities, such as ransom payments or social engineered victim's funds, and spending the dirty funds to pay for VaaS (Violence-as-a-service) to harm other members of the community, through the means of swatting.

The attachments above depict her search warrant, ordered by the court of Kentucky.

This post is to warn about the new wave introduced by federal authorities involving closing in on known suspects and conducting rather quiet arrests, that do not make their way into the media. Most of these apprehensions end with them turning silent informants.

It is advised to stay away from her if you are affiliated with her in any shape, way or form.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
🤯75🐳3😱1
JUST IN: FBI IC3 released an advisory on a group known as "Silent Ransom Group"

Silent Ransom Group (SRG, Luna Moth, Chatty Spider, UNC3753), has been active since 2022, targeting finance, insurance, and healthcare companies, through social engineering attacks. Their playbook usually consists of impersonating IT helpdesk, sending phishing emails, establishing access to unauthorized systems and exporting data via legitimate remote access tools. SRG has also sent individuals in-person to victim corporations and gaining internal access that way. Group has been shifting their scopes onto US-based law firms, as of Spring 2023.

IC3 has called SRG: "Unconventional from different ransomware groups.", due to their unique nature. SRG does not follow the usual route, by relying on traditional ransomware encryption. Instead, they seek swift access to victims' systems, export the data, and extort the companies through threatening to leak the data publicly, or sell it.

Attackers call an employee to social engineer remote access; if that fails they send an operative to plug a device into the victim's machine, then trick the user into imaging/backing it up and use escalated privileges to exfiltrate data via WinSCP or a disguised Rclone.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
2
JUST IN: Threat Actor Ryan Pepper is allegedly tortured in Dubai Detention

27-year-old threat actor Ryan Pepper, from Kent, United Kingdom has reportedly been held in UAE custody for over 7 months without formal charges or a court appearance.

During his detention, he allegedly suffered severe abuse, including repeated beatings and torture while imprisoned in Sharjah.

According to reports, Pepper managed to smuggle handwritten notes out of prison describing violent treatment and inhumane conditions, even nothing that his teeth were pulled out. His family claims they were left without information on his whereabouts for weeks after his disappearance.

Human rights campaigners are now calling on UK authorities to take stronger action, accusing the UAE of arbitrary detention practices and abuse of foreign nationals. The UK Foreign Office says it is providing consular support and has raised concerns with Emirati officials.

The case has reignited criticism surrounding the UAE’s detention system, with advocacy groups warning travelers about the risks of imprisonment and mistreatment in the country.

It is to note, that according to insider sources, it is alledged that other threat actors are getting similar treatment, notably people involved in the wave of arrests in December 2025, with some notable names tied to the theft in the $243M Genesis Creditor theft from August 2024, as well as other notable threat actors from the community causing well over 8 figures in damages.

Ironically, Dubai has long been viewed online as a safe haven for fraudsters, cybercriminals, and organized scam networks due to weak enforcement, luxury protection culture, and the difficulty foreign agencies face when pursuing suspects operating from the region. Over the past few years, countless figures tied to financial fraud, ransomware, crypto scams, and social engineering operations have openly relocated there believing they were untouchable.

However, recent arrests, detentions, extraditions, and international cooperation efforts suggest that image may slowly be changing. Authorities in the UAE appear to be increasing pressure on certain criminal networks, particularly as global attention surrounding cybercrime and financial fraud continues to grow.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
😭157👀3
⚠️ We have introduced a new direct message function so that you guys are able to reach out to us with any questions, stories or tips, as well as support to any questions you may have about any posts.

Our main aim has always been to serve our dear community with quality topics and intriguing articles. We are community oriented, and feel the need to cast news, that are personalized to your liking.

The direct message link can be found by clicking onto our channel's profile, and scrolling to the bottom, revealing a link, where anyone can send us a direct message.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
1🙏5😭41
⚠️ JUST IN: Telegram casino "Unbox" exploited for approximately $130,000 via race-condition vulnerability.

A vulnerability in the Telegram-based casino "Unbox", operated by well-known middleman @nine, was allegedly exploited to convert roughly $120 into nearly $130,000.

According to reports, the attacker automated two API requests against a mines-style game within the same millisecond. While a game round was still active, the attacker triggered a seed reset, because the previous seed had already been revealed before the round was finalized, the attacker was able to determine the outcome tied to the old seed and complete the game with effectively guaranteed winning bets. By repeatedly abusing the race-condition flaw, the attacker reportedly scaled their balance significantly.

After attempting to withdraw the funds, the account was reportedly blacklisted by the platform.

After their withdrawal was blocked, the exploiter publicly criticized the casino and suggested misconduct on its part. The individual later admitted that the funds had been obtained by exploiting a vulnerability in the platform, undermining claims that the incident constituted an exit scam.

We reached out to @nine about the exploit for comment but did not receive a response by publication time.

The incident highlights a broader issue facing many Telegram-based casinos and gambling applications. Security controls, game-state validation, concurrency protections, and backend auditing are often less mature than those found at larger regulated gaming platforms, making race conditions and logic flaws particularly dangerous when real funds are involved.

At the time of writing, there is no evidence that @unbox or it's operator, @nine, conducted an exit scam.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
519
⚠️JUST IN: Nemesis Market vendor Darren Hughes sentenced to 26+ years for trafficking

39-year-old Darren Hughes, of San Jose, California, has been sentenced to more than 26 years in federal prison after a November 2025 conviction for trafficking fentanyl and methamphetamine through Nemesis Market.

Hughes operated a Nemesis Market storefront that offered free meth samples; after an undercover agent received a free sample, Hughes sold meth and fentanyl pills to the agent on five separate occasions in 2023. He was arrested on June 28, 2023, after arranging another sale; officers found ~672 grams of methamphetamine and a loaded 9mm “ghost gun” in his vehicle.

Prosecutors say Hughes exploited the dark web to distribute drugs and that law enforcement investigations into Nemesis Market began in October 2022 and culminated in the market’s shutdown in March 2024. At its peak Nemesis hosted hundreds of thousands of user accounts, processed hundreds of thousands of orders (including thousands for opioids and tens of thousands for stimulants), and was dismantled by coordinated German–U.S. actions that seized infrastructure and assets.

Officials from the U.S. Attorney’s Office and IRS-CI emphasized that dark web marketplaces are not beyond law enforcement’s reach and highlighted the ongoing multinational efforts that led to Nemesis Market’s takedown and related prosecutions.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
4😱2
⚠️JUST IN: Threat actor Ryan Pepper speaks from UAE detention

28 year old Ryan Pepper from Kent, UK, has now been held in Sharjah detention centre for over 7 months without charges. He still does not know what crime he is accused of.

In a secretly recorded voice note, Pepper revealed he and other detainees were forced to sign legal documents in Arabic under threat of having their hands broken. None were given translations.

Pepper and 14 others on his case including 7 British nationals, all in their twenties — allege they were blindfolded, stripped, beaten, sexually assaulted, and psychologically tortured in small rooms where CCTV was turned off. Guards allegedly recorded the assaults and shared them on WhatsApp and Snapchat. Pepper was hospitalized at least once.

Conditions include 30–40 minutes outside his cell per day, months without daylight, constant bright lights preventing sleep, and no drinking water. Detainees believe the food is drugged and only eat commissary items purchased with family money.

British Embassy officials visited Pepper and witnessed his cracked teeth and head bandage, yet the family has been told an investigation could take over a year. His two children, aged 1 and 3, haven’t seen him in over six months.

Radha Stirling, CEO of Detained in Dubai, confirmed a dramatic spike in British citizens reporting torture and arbitrary detention in the UAE, calling Pepper’s case “not an isolated incident.”

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
67😱107😭1
⚠️JUST IN: Crypto “Godfather” Adam Iza Pleads Guilty to Orchestrating Kidnapping Over $245M Bitcoin Heist

25-year-old Adam Iza, also known as Ahmed Faiq, a California-based cryptocurrency mogul who referred to himself as “The Godfather,” pleaded guilty Monday to conspiracy to interfere with commerce by robbery. Federal prosecutors are seeking at least 14 years in prison.

The case stems from an August 2024 carjacking in Danbury, Connecticut, where six men pulled a couple — Sushil and Radhika Chetal — from their Lamborghini SUV in broad daylight, beat them with a baseball bat, dragged the woman by her hair, bound them with duct tape, and forced them into a white van. An off-duty FBI agent and multiple witnesses called police, leading to a chase, crash, and all six suspects being arrested.

The couple’s son, Veer Chetal, had stolen 4,100 Bitcoin (~$245M) from a Washington, D.C. resident weeks earlier by impersonating Google and crypto exchange support staff. He and two accomplices spent millions on cars, jewelry, mansions, and nightclub parties before being arrested. Iza orchestrated the parents’ kidnapping to extort a share of the stolen crypto.

Before the kidnapping charges, Iza was already under federal investigation in California for running an extortion operation out of a Bel Air mansion. He paid ~$100K/month to a private security firm staffed by off-duty LA County sheriff’s deputies, using them as personal enforcers — intimidating rivals, running illegal database searches, obtaining fraudulent warrants, and in one case holding a victim at gunpoint to force a $25,000 transfer.

Iza also admitted to stealing over $37 million by fraudulently accessing Meta Platforms’ business manager accounts and lines of credit between 2020 and 2022. He pleaded guilty to wire fraud, conspiracy against rights, and tax evasion in that case. He also reportedly spent money on cosmetic surgery to lengthen his legs.

All six Florida men who carried out the kidnapping have pleaded guilty. Two have been sentenced to 11 years. Two alleged co-conspirators James Schwab and Iza’s brother Saif Faiq have pleaded not guilty.

The case is part of an increasing global trend of cryptocurrency theft spilling over into real-world violence, with physical attacks, kidnappings, and extortion becoming more common as the sums involved grow larger.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
7🤯7
⚠️JUST IN: UK government announced an under-16 social media ban

Keir Starmer, the Prime Minister of United Kingdom has announced the Under-16 social media ban once again, as a refresher, only one could presume.

This proposed legislation follows the guidelines to exclude the under 16 year old demographic from accessing "user-to-user" platforms (ex. TikTok, Facebook, Snapchat; etc.), as well as exclude children from accessing livestreams. A "social media curfew" is also in the debate, planned to release in July 2027, to stop late-night doomscrolling for people under the age of 18.

Messaging apps such as Whatsapp, Signal; will not be affected, and can still be used by the under-16 group, but are regulated so that strangers are not able to message children.

Lawmakers have also tackled the problem of chatbots (especially bots that allow artificial romantic relationships). These features are now banished for people under the age of 18.

As of now, the timetable has been set. Legislation will be enforced before Christmas, and follow up with "protections" rolling out in Spring 2027.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
👀53😭2
⚠️JUST IN: Coinbase to unveil the next phase of its "Everything Exchange" during a major "Take Control" on a livestream today at 3:00PM EST.

The company is expected to showcase expanded trading capabilities across crypto, stocks, and commodities as it continues to broaden its financial services platform, as well as the main focus being helping users gain more control over their assets.

Over the recent months, Coinbase has made numerous updates within their application :
    
- Rollout of stock trading and prediction markets within the main app.
- Simplified access to futures and perpetual contracts.
- Day-one trading access for new Solana-based assets and participation in primary token sales.
- Launch of the global Base App, designed as an on-chain "everything app."
- US-regulated access to global crypto perpetual futures and options for institutional clients.

More details are expected during today's livestream.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
😭32👀2
⚠️JUST IN: Malware surge within a popular tool Wallpaper Engine

Cybersecurity company Kaspersky has stated, that malware is being spread via Wallpaper Engine, a popular customization utility found on Steam's marketplace.

The campaign has been ongoing since late 2025, primarily targeting Steam users from China and Russia; of course, users from other countries have been affected as well.

Malicious content essentially acts as an infostealer, stealing accounts and other credentials. Reports indicate that numerous amounts of infected wallpapers were found, totaling about tens of thousands in downloads.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
🤯1
⚠️JUST IN: NSA claimed that Anthropic's "Mythos" model breached their internal systems within hours

A senate hearing that happened on June 11 revealed that Sen. Mark Warner, vice chairman of the Senate Intelligence committee mentioned that the NSA and Cyber Command Chief Joshua Rudd, claimed that Anthropic's Mythos model, had breached NSA's internal classified systems within hours of testing.

No official details have been released, but supposedly, the NSA was red-teaming against their own infrastructure, and were quite surprised with the swift results. As of now, Fable 5's and Mythos' general use is still prohibited.

Could widespread access to powerful generative models shift the balance of power in cyber espionage between states?

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
503
⚠️JUST IN: Authorities have dismantled a Polish sim-swap group, 4 threat actors including "Merry" arrested

Polish CBZC officers, with support from the FBI and HSI (Homeland Security Investigations), have arrested four members of a international criminal group behind large-scale SIM-swap attacks, cryptocurrency theft and money laundering totalling tens of millions of zlotys. Among those detained is a significant figure known as "Merry" (Wojtek), believed to be a key member of the ring. All four are now in pretrial detention.

The group used social engineering and specialised software to hijack phone numbers and seize crypto exchange accounts. Stolen funds were laundered through international bank accounts and digital wallets. Charges carry sentences of up to 25 years.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
😭51
⚠️JUST IN: Alleged member of Scattered Spider has been extradited to the United States

Department of Justice came out with a new press release regarding their new charges against Peter Stokes, a 19 year old presumed Scattered Spider member also known as "Bouquet". Court documents indicate that Stokes is being described in 4 intrusions, the first one happening when he was only 16 years old.

Peter was first apprehended back in April by Finnish authorities when he was about to board a flight from Helsinki Airport to Japan.

As of now, he has been extradited to the United States, where he stands before U.S. District Court in Chicago. He is facing federal conspiracy, cyber intrusion, and fraud offences.

The official Department of Justice statement following up on the situation.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
6
⚠️JUST IN: A 19 year old Belgian arrested under the suspicion of running a phishing ring

Belgian federal police announced their apprehension of a 19 year old teenager from Antwerp. Authorities believe that he is one of the key members of a group, that specializes in Europe and runs organized phishing campaigns and engages in money laundering.

The investigation started in March 2026, organized by the Federal Judicial Police East Flanders. They describe a common fraud model of said group. Victims receive a call from a phony government official, which then triggers a call from a bank helpdesk, who persuades the victim to install remote access software. Afterwards, the fraudsters have free reign over the victim's financial accounts.

Authorities are speculating that the organization originates from the Netherlands, and runs part of their operations in Belgium.

@arch
Please open Telegram to view this post
VIEW IN TELEGRAM
5👀53