(immediately dumped discord)
#nothanks
39min
Discord's Disturbing Ties to Global Surveillance | ID Verification, Palantir, & Thiel
#GamersNexus
Feb 14, 2026
#discord #facescan #PeterThiel #palantir #surveillance #Orwell #Orwellian #yeahnah #globalsurveillance #UKID #safeact #epstein #databreach #Thiel #alternatives
https://www.youtube.com/watch?v=qhxsE8dvbs4
#dataBreach
DATE: February 14, 2026 at 11:07AM
SOURCE: HEALTHCARE INFO SECURITY
Direct article link at end of text block below.
Will the #Conduent hack rank as the largest #databreach in U.S. history? https://t.co/jf9pKntU0X
Here are any URLs found in the article text:
Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"
-------------------------------------------------
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.
-------------------------------------------------
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
@XposedOrNot += Under Armour Data Breach
The Under Armour #databreach was reported in November 2025 after the Everest ransomware group claimed the American sportswear brand as a victim in an attempted extortion, alleging access to 343GB of data. Customer data from the incident was later published publicly in January 2026, exposing 73M email addresses, with many records also containing names, dates of birth, genders, geographic locations, and purchase information.
Exposed data: Email addresses, Names, Dates of birth, Genders, Geographic locations, Purchase information
Potential risks: Privacy breaches, Phishing, Identity theft, Targeted scams, Consumer fraud
@XposedOrNot += Raaga Data Breach
The Raaga #databreach was reported in December 2025 after a dataset allegedly stolen from the Indian music streaming service was posted for sale on a popular hacking forum. The exposed data contained 10.2M unique email addresses along with names, genders, dates of birth, and passwords stored as unsalted MD5 hashes.
Exposed data: Email addresses, Names, Genders, Dates of birth, Passwords (unsalted MD5)
Potential risks: Account takeover, Credential stuffing, Phishing, Identity theft
Telegram Allegedly Impacted by Massive Data Leak Exposing 200 Million User Records
A threat actor leaked a dataset allegedly containing 200 million Telegram user records, including phone numbers and emails. The company claims the data consists only of public information gathered via contact imports.
****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/telegram-allegedly-impacted-by-massive-data-leak-exposing-200-million-user-records-f-q-5-e-2/gD2P6Ple2L
Fintech Lender Figure Technology Reports Data Breach Claimed by ShinyHunters
Figure Technology confirmed a data breach caused by a social engineering attack that allegedly allowed the ShinyHunters group to exfiltrate 2.5 GB of customer data.
****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/fintech-lender-figure-technology-reports-data-breach-claimed-by-shinyhunters-k-7-7-p-5/gD2P6Ple2L
Threats to the Defense Industrial Base | Google Cloud Blog
https://cloud.google.com/blog/topics/threat-intelligence/threats-to-defense-industrial-base
Romaniaโs pipeline operator Conpet S.A. confirmed the Qilin ransomware gang stole company data in a recent cyberattack. Nearly 1TB of documents were allegedly exfiltrated, including sensitive financial and personal info. #databreach
Dutch telecom provider Odido says a cyberattack exposed the personal data of 6.2M customers via its contact system. No passwords or call data were affected.
The #databreach was reported to the Dutch regulator, and impacted users are being notified.
DATE: February 13, 2026 at 05:05PM
SOURCE: HEALTHCARE INFO SECURITY
Direct article link at end of text block below.
#TexasAG Investigating #Conduent, #BCBSTexas in Hack https://t.co/IT1VNCR4h3 #HIPAA @KenPaxtonTX #databreach #BCBS
Here are any URLs found in the article text:
Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"
-------------------------------------------------
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.
-------------------------------------------------
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
It's been a busy 24 hours in the cyber world with significant updates on actively exploited vulnerabilities, recent data breaches, and a deep dive into evolving nation-state tactics. Let's take a look:
Actively Exploited Vulnerabilities & Zero-Days โ ๏ธ
- A critical pre-authentication RCE (CVE-2026-1731, CVSS 9.9) in BeyondTrust Remote Support and Privileged Remote Access appliances is now being actively exploited. Attackers are using specially crafted client requests to extract `x-ns-company` values and establish WebSocket channels for command execution. On-premise customers must patch immediately.
- A critical SQL injection vulnerability (CVE-2024-43468, CVSS 9.8) in Microsoft Configuration Manager, patched in October 2024, is now under active exploitation. This allows unauthenticated remote attackers to execute commands on the server or underlying database. CISA has added it to their KEV catalog, urging federal agencies to patch by March 5th.
- Apple has disclosed its first actively exploited zero-day of 2026, a memory corruption flaw (CVE-2026-20700) in `dyld` affecting iPhones and iPads running iOS versions prior to 26. This vulnerability was used in "extremely sophisticated attacks against specific targeted individuals," likely for commercial spyware.
- Two critical RCE vulnerabilities (CVE-2026-1281, CVE-2026-1340, CVSS 9.8) in Ivanti Endpoint Manager Mobile (EPMM) are being actively exploited, leading to compromises of several European government agencies, including the European Commission and Dutch and Finnish governments. This highlights the ongoing challenge of securing widely deployed edge devices.
- CISA also added CVE-2025-15556 (Notepad++ download integrity bypass) and CVE-2025-40536 (SolarWinds Web Help Desk security control bypass) to its KEV catalog. The Notepad++ flaw was exploited by the China-linked Lotus Blossom APT to deliver the Chrysalis backdoor via trojanised installers, targeting specific high-value individuals.
๐ค Bleeping Computer | https://www.bleepingcomputer.com/news/security/critical-beyondtrust-rce-flaw-now-exploited-in-attacks-patch-now/
๐ต๐ผ The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/13/critical_microsoft_bug_from_2024/
๐ค Bleeping Computer | https://www.bleepingcomputer.com/news/security/cisa-flags-microsoft-configmgr-rce-flaw-as-exploited-in-attacks/
๐คซ CyberScoop | https://cyberscoop.com/apple-zero-day-vulnerability-cve-2026-20700/
๐ฐ The Hacker News | https://thehackernews.com/2026/02/researchers-observe-in-wild.html
๐ป Dark Reading | https://www.darkreading.com/endpoint-security/ivanti-epmm-zero-day-bugs-exploit
Recent Cyber Attacks & Breaches ๐จ
- Louis Vuitton, Christian Dior Couture, and Tiffany have been collectively fined $25 million by South Korea for inadequate security leading to data exposure for over 5.5 million customers. Breaches stemmed from malware on an employee device and phishing attacks compromising a shared cloud-based customer management service.
- The Netherlands' largest mobile network operator, Odido, disclosed a breach of its customer contact system affecting approximately 6.2 million people. Stolen data includes names, addresses, phone numbers, dates of birth, bank account numbers, and ID document details, prompting warnings about potential impersonation and phishing scams.
๐ค Bleeping Computer | https://www.bleepingcomputer.com/news/security/louis-vuitton-dior-and-tiffany-fined-25-million-over-data-breaches/
๐ต๐ผ The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/13/odido_breach/
New Threat Research & Techniques ๐ฌ
- Google's Threat Intelligence Group (GTIG) has attributed a previously undocumented, possibly Russian intelligence-affiliated threat actor to attacks on Ukrainian defense, military, government, and energy organisations using CANFAIL malware. This group is noted for using Large Language Models (LLMs) for reconnaissance, lure creation, and basic technical questions for C2 setup.
- Threat actors are leveraging Claude LLM artifacts and Google Ads in "ClickFix" campaigns to deliver Mac infostealer malware. Malicious search results lead users to public Claude guides or fake Apple Support pages instructing them to execute shell commands in Terminal, which fetches the MacSync infostealer to exfiltrate sensitive system data.
- Nation-state actors, particularly China and Russia, are aggressively targeting the Defense Industrial Base (DIB), employing zero-day exploits against edge devices (VPNs, security gateways) for initial access and "pre-positioning" in networks. This strategy aims for persistent intelligence collection during peacetime and disruption options during crises, with a focus on devices often slower to patch and less monitored.
- Microsoft faces increasing pressure over Bring-Your-Own-Vulnerable-Driver (BYOVD) attacks, where threat actors exploit legitimate, but vulnerable, drivers to disable security products with kernel-level access. Despite Microsoft's efforts, gaps exist, such as allowing drivers with revoked certificates, and slow blocklist updates, making it a persistent challenge for defenders.
- A security researcher demonstrated multiple techniques to manipulate Windows LNK shortcut files, allowing attackers to display a benign target in file properties while executing a malicious payload. Microsoft's Security Response Center declined to classify these as vulnerabilities, citing user interaction, despite historical exploitation of similar LNK flaws.
- npm has overhauled its authentication, revoking classic tokens and defaulting to short-lived, session-based tokens with MFA for publishing, and encouraging OIDC Trusted Publishing. While a significant step, risks remain as MFA phishing can still yield short-lived tokens, and optional MFA bypass for 90-day tokens leaves a vulnerability similar to previous classic tokens.
๐ฐ The Hacker News | https://thehackernews.com/2026/02/google-ties-suspected-russian-actor-to.html
๐ค Bleeping Computer | https://www.bleepingcomputer.com/news/security/claude-llm-artifacts-abused-to-push-mac-infostealers-in-clickfix-attack/
๐ป Dark Reading | https://www.darkreading.com/cyber-risk/nation-state-hackers-defense-industrial-base-under-siege
๐ป Dark Reading | https://www.darkreading.com/application-security/microsoft-under-pressure-defenses-byovd-attacks
๐ค Bleeping Computer | https://www.bleepingcomputer.com/news/microsoft/microsoft-new-windows-lnk-spoofing-issues-arent-vulnerabilities/
๐ฐ The Hacker News | https://thehackernews.com/2026/02/npms-update-to-harden-their-supply.html
Threat Landscape & Geopolitics ๐
- Estonia's foreign intelligence chief urged European governments and industry to invest in homegrown offensive cyber capabilities, arguing that Europe is too reliant on non-European tools and needs to match adversaries' ability to penetrate, disrupt, or manipulate digital systems.
- Taiwan warns that China may be rehearsing a "digital siege" using platforms like "Expedition Cloud" to simulate attacks on critical infrastructure. This suggests a shift from espionage to disruption, with Taiwan serving as a proving ground for new, aggressive cyber tactics.
- NATO's deputy secretary general stated that the alliance must be ready to impose costs on Russia and China for cyber and hybrid attacks, which increasingly target critical infrastructure and government services. This includes strengthening defense, boosting innovation, and integrating military, civilian, and industry efforts.
- The EU's top tech official warned that Europe can no longer be "naive" about adversaries' ability to shut down critical infrastructure. She called for tougher rules, more investment, and phasing out high-risk suppliers (like Huawei/ZTE) to protect against coordinated cyber and physical threats.
- Officials and executives at the Munich Cyber Security Conference highlighted space as the next arena of great power competition, vulnerable to disruption. Concerns include the reliance of modern life on satellites and the vulnerability of subsea cables, with calls for independent "outernet" satellite networks to ensure resilience.
- Sweden's Ministry of Defence states that cyber and hybrid threats are now a permanent feature of Europe's security environment. Societies must be built to function under sustained pressure, rather than assuming disruptions are rare, emphasising a "total defense" concept with strong public-private cooperation.
๐๏ธ The Record | https://therecord.media/estonia-spy-chief-calls-on-europe-to-invest-in-own-offense
๐๏ธ The Record | https://therecord.media/china-taiwan-digital-siege-munich
๐๏ธ The Record | https://therecord.media/nato-must-impost-costs-russia-china-cyber-hybrid-deputy-secretary
๐๏ธ The Record | https://therecord.media/eu-cyber-critical-infrastructure-tech
๐๏ธ The Record | https://therecord.media/space-cybersecurity-new-front-war
๐๏ธ The Record | https://therecord.media/sweden-cyber-threats-europe-permanent
Regulatory & Communication Blockades ๐
- The Russian government is intensifying its crackdown on communication platforms outside its control, attempting to fully block WhatsApp and aggressively throttling Telegram. This move aims to encourage citizens to use the Kremlin-controlled MAX messenger app, which has raised privacy concerns.
๐ค Bleeping Computer | https://www.bleepingcomputer.com/news/security/russia-tries-to-block-whatsapp-telegram-in-communication-blockade/
Industry News / Acquisitions ๐ค
- Proofpoint has acquired AI security startup Acuvity to address the growing security risks associated with widespread corporate adoption of agentic AI. This move aims to strengthen Proofpoint's capabilities in monitoring and securing AI-powered systems, tackling new attack vectors like prompt injection and model manipulation.
๐คซ CyberScoop | https://cyberscoop.com/proofpoint-acuvity-deal-agentic-ai-security/
#CyberSecurity #ThreatIntelligence #Vulnerabilities #ZeroDay #RCE #DataBreach #NationState #APT #Malware #AI #LLM #SupplyChainSecurity #CriticalInfrastructure #Geopolitics #InfoSec #CyberAttack #IncidentResponse
The #Odido #databreach was no surprise to me after all the signals of their poor architecture.
Now it seems the attack vector was social engineering of MFA from their customer service agents.
If you trust broad access personal info of millions (inc. DoB and passport numbers) to CSA-level employees... your #CISO, architects, and all managers have brought shame to their houses.
My rediculously naive ideas about proper security in a Dutch comment. https://tweakers.net/nieuws/244720/nos-odido-hackers-kwamen-binnen-door-2fa-codes-te-social-engineeren.html?showReaction=21873216#r_21873216
Questa me l'ero persa: #flickr ha subito un #databreach a inizio febbraio...
Occhio alle password!
๐ฎ๐ท 641a3 claims data breach on Iran's Government & Defense organization. Leaked ~1.6M Iranian records (first names, last names, and phone numbers). #DataBreach #Government #Iran #ThreatIntel
โ ๏ธ Odido data breach impacts 6 million customers
Dutch telecom provider #Odido disclosed a data breach affecting around 6 million customers after attackers accessed a third-party marketing platform, exposing names, contact details, and partial identification data.
#ransomNews #DataBreach #Telecom
Dutch Carrier Odido Discloses ...
Telecom Provider Odido Data Breach Affects 6.2 Million Customers
Odido confirmed a cyberattack on its customer contact system that exposed the personal data of 6.2 million customers, including names, IBANs, and passport numbers. The Dutch telecom provider has blocked the unauthorized access and is notifying affected individuals.
****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/telecom-provider-odido-data-breach-affects-6-2-million-customers-t-x-4-d-f/gD2P6Ple2L
#Odido #DataBreach exposes personal info of 6.2 million customers
More US investors sue South Korean government over handling of #Coupang #DataBreach
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst