I added an external link warning when you click on links that take you to external sites. You can always click on don't show the warning again and it will remember. It will save to your browser's localstorage.

‼️🇫🇷 The French Army (Armée de Terre) has allegedly had internal documents leaked by a threat actor known as "Angel_Batista," who claims to have exfiltrated 2,971 files including 1,533 PDFs from defense.gouv.fr, with the leaked portion containing "Diffusion Restreinte" (restricted distribution) files and technical guides totaling 4.5 GB.

‼️New RaidForums link:

raidforums[.]wtf

I was just informed by Spamhaus/@abuse_ch, that I am now required to have a commercial license in order to use their API.

As you know I use their API for the two IOCs feeds which is also used on my API for customers.

Not sure of a solution to replace these. If not, I will be taking them down when they start denying my access.

‼️🇧🇷 A threat actor is offering 1 million lines from Brazil's COVID vaccination database (SUS - Sistema Único de Saúde) covering 2021-2023, with the full database allegedly containing over 525 million records including patient names, CPF numbers, dates of birth, addresses, vaccination details, and healthcare facility information.

‼️🇫🇷 Inria, the French national research institute specializing in computer science, AI, robotics, and cybersecurity, has allegedly had employee data leaked, with the breach reportedly containing 21,647 lines of staff records including usernames, names, emails, and organizational details.

The PoC CVE Explorer is coming along. There is obviously no way to verify almost 90K or so PoCs so I placed a disclaimer at the top. Also enriching with the details of the repo is kind of a pain. This is still likely available at the end of February at the earliest. No spot checks have been done yet either.

‼️ PLAY Ransomware Claims 3 Victims

🇺🇸 Transaction Packing
🇺🇸 NAI Plotkin
🇺🇸 Bar S Services

❗️🇺🇸 A threat actor claims to have breached Apollo[.]io, a B2B sales intelligence platform, allegedly exposing 48.03 GB of compressed data including names, emails, organization names, job titles, and other contact information.

Threat actor avatars/aliases still going wild, lol.

Hearing a lot about Stopice[.]net having plate tracker images defaced and then the website being completely hacked all within the last 24 hours or so. I've attached images. This site is literally the weirdest fucking thing I've seen all year.

This is some of the information I was able to gather. A lot of errors show up in the console when visiting the site, the JS/CSS path is completely open, among other things. It's definitely incredibly vulnerable.

IP: 216.243.62.131
ASN: 54858
ASName: Wave Broadband
Server: openresty
cPanel: https://stopice.net:2083/
Webmail: https://stopice.net:2096/
/js/
/css/

Stop ICE Raids Alert Network:

IP: 15.235.11.14
ASN: 16276
ASName: OVH SAS
Server: Apache

DNS Names:

*.alert.stopice.net *.alerta.stopice.net *.alerts.stopice.net *.stopice.net alert.stopice.app alert.stopice.site alert1.stopice.app alert1.stopice.site alert2.stopice.app alert2.stopice.site alert3.stopice.app alert3.stopice.site alert4.stopice.app alert4.stopice.site alerts.stopice.app alertstopice.ddns.net alertstopice.hopto.org login.stopice.app login.stopice.site mail.stopicealert.ddns.net stopice.ddns.me stopice.ddns.net stopice.hopto.org stopice.net stopice.zapto.org stopice2.ddns.me stopice2.ddns.net stopice2.hopto.org stopice3.ddns.net stopice4.ddns.net stopice5.ddns.net stopicealert.ddns.net stopicealerta.ddns.net stopicealerts.ddns.net stopicealerts.zapto.org stopiceapp.ddns.net stopicenet.ddns.me stopicenet.ddns.net stopicenet.hopto.org stopicenet.zapto.org www.stopicealert.ddns.net

❗️ More malware source code