‼️We did some OSINT on the leaked Kash Patel email addresses (spiderkash and patelkpp) and found some interesting things. A thread...

We found Kash identified himself as FEMALE on the Mindbody app. 💅
We can see he accessed his Gmail just today, two hours ago...

🚨‼️ BREAKING: FBI Director Kash Patel's Gmail account was hacked
by Iranian nation-state hackers.

They have published his entire inbox, including mails on his home in India, private life, personal data, business dealings and travel history (Havana, Cuba!).
Kash in Cuba...

❗️ Internal messages from Meta show employees discussing how 7.5 million child sexual abuse material reports annually disappeared after making FB Messenger end-to-end encrypted.

Meta simultaneously spent over $2 billion lobbying politicians, 4,433 grants totaling approximately $2.0 billion.

$0 of which went to child safety.

Instead, they invested millions into lobbying for app-store/OS-level age checks through the App Store Accountability Act, making sure they're not liable for age verification of children.

It seems as if Meta doesn't care about child safety or predators targeting our children. It is only concerned with making more money. They're going to lose a lot of money once a major part of their users can't be targeted by advertisers anymore.

Now the US is facing a major problem with age verification. Not only is legislation heavily influenced by big tech, but:
- Politicians are scared to be seen as ineffective and want to be reelected
- Conservatives push for it to prevent 18+ content
- Progressives push for it to stop predators from accessing children

Creating a Frankenstein set of laws...
Meta's Multi-Channel Influence Network

Five confirmed channels connect Meta's spending to ASAA advocacy: direct federal lobbying ($26.3M), state lobbyist networks (45 states), the Digital Childhood Alliance (astroturf 501(c)(4)), super PACs ($70M+), and state legislative campaigns (3 laws passed). A sixth channel through the Arabella dark money network is structurally possible but unproven.

🚨‼️ BREAKING: The source code of Swedish e-government services from CGI's "E-plattform" has been leaked.

A threat actor sent us samples.

Our initial analysis shows the breached repositories originate from an internal CGI GitLab instance. The leak exposes architecture, microservices, and configurations for Sweden's digital public infrastructure.

Leaked files:
▪️ Database passwords
▪️ Email/SMTP passwords
▪️ Keystore/truststore passwords & key passwords
▪️ SHS credentials / keystore details
▪️ Signe portal credentials/config
▪️ Embedded Git credentials
▪️ CGI staff data

Key components exposed:
▪️ Mina Engagemang: Frontend and backend code (me-portals) for citizen-facing apps and case management.
▪️ Signe & e-ID: E-signature portal configs, SAML/OpenSAML metadata (keyservice), and signing workflow templates.
▪️ Företrädarregister: Authorization registry services (foreg) governing who can legally represent organizations.
▪️ SHS Integration: Routing and config files (eintegration3) for secure inter-agency data exchange.

The leaked repos contain .git/config files with embedded credentials, severely elevating the risk of lateral movement or further supply chain compromise.

A major exposure of the trust anchors and identity routing powering Sweden's digital state.
Here's a tree of the repo:

‼️ They don't want you to know this: we searched Odido customers who missed payments or committed fraud, by ethnicity inferred from last names.

North Africans/Arabs and Turks are 20.8× more likely to miss payments or commit fraud according to Odido's dataset.

In fact, all non-Westerners are 16.9× more likely to miss payments or commit fraud compared to native Dutch.

This is just an experiment to show what can be done with Odido data and AI. It is also data that policymakers should act on.

These are absolute values:

‼️LinkedIn sends your face and other personal data to a “global network of trusted third-party data sources” including law enforcement.

Just like Discord, they use Persona.

Your ID and photo are used to train their AI.
Persona maintains a public list of subprocessors aka third-party companies that process your personal data on their behalf. Here's the full list:

‼️ Meet the personal hacker who worked for Epstein

His name was redacted, but based on what was previously known:
👉 Sold his company to CrowdStrike in 2017
👉 Took a VP role at the company after the acquisition
👉 Born in Calabria

We can now confirm he is Vincenzo Iozzo.
His LinkedIn shows his company "Iperlane" was sold to CrowdStrike and that he was also a board member of Black Hat, hence he invited Jeffrey to join him at Black Hat.

He is currently CEO of SlashID and likes to post about Shinyhunters on LinkedIn.

‼️A security researcher from Australia built a mass surveillance tool by scraping Waze reports and tracking the users behind them

He successfully linked usernames to real-world identities, allowing him to pinpoint where individuals live and work.

Waze has since responded by removing the feature that exposed usernames.


He was able to deanonymize custom usernames by using OSINT tools.

‼️A German hacker known as "Martha Root" dressed as a pink Power Ranger and deleted a white supremacist dating website live onstage

This happened during the recent CCC conference.

Martha had infiltrated the site, ran her own AI chatbot to extract as much information from users as possible, and downloaded every profile. She also uncovered the owner of the site. She has published all of the data. I found this video of “Marta Root” on her YouTube channel explaining what she did.

❗️On 11 July 2024, Belgian police found a dead body on a forest trail.

Initially, they thought it was suicide, but forensic investigation indicated homicide.

The suspected murderer was arrested and later released. He was using a GrapheneOS phone, which he claims did not work as intended.

He says he gave the duress PIN, but the device did not wipe itself, allowing law enforcement to access his data. One year later, the suspect is summoned to appear at the police station in Antwerp, Belgium, on suspicion of premeditated murder.

‼️🇮🇱 Smartphones worldwide were silently infected with Israeli malware via malicious ads

Simply viewing their ads was enough to get infected.

Surveillance company Intellexa gained full access to cameras, microphones, chat apps, emails, GPS locations, photos, files, and browsing activity. Internal leaked company documents, sales and marketing materials, as well as training videos from the “Intellexa Leaks” investigation provide a never-before-seen glimpse into the internal operations of a mercenary spyware company focused on exploiting vulnerabilities in mobile devices to enable targeted surveillance attacks on human rights defenders, journalists, and members of civil society.

‼️🇰🇵 Meet North Korean recruiter 'Aaron,' who infiltrates Western companies by using AI and posing as a remote IT worker using stolen or rented identities.

He was lured into a sandbox by researchers, who observed the wild APT in a controlled setting to see what he would do. He wanders around the web sending messages to people like "I’d like to offer your an opportunity that I think could be interesting.".. Turns out @MauroEldritch likes opportunities.

‼️ This is a story about a dev who got a job interview at xAI, where they stripped him of his knowledge about how he used the user X API to create two impressive projects, hence the job interview.

After they got what they wanted, X sent a cease and desist, and told him he wasn’t hired. Despite the developer being open about his project with X employees from the beginning, and getting a job interview and vouch because of it, Nikita Bier mocked him after he was sent a cease and desist.

Nikita deleted the post, but we still have a copy:

‼️ Secret Chinese documents have been leaked, revealing their internal cyberwarfare training program.

The documents show a focus on products from Cisco, Fortinet, WatchGuard, and Juniper as primary operational targets.

China has built digital cyber ranges that allow operatives to practice on infrastructure closely resembling the critical digital infrastructure of major adversaries. The documents show a network operations training environment capable of supporting 300 users and 10,000 concurrent connections. It includes DNS gateways, a URL classification database with 100 million entries, and support for 50,000 concurrent connections.

‼️ China's largest cybersecurity firm, Knownsec, was breached, exposing details of China's state cyber operations.

The data includes cyberweapon documentation, internal hacking tool source code, and global target lists covering over 20 countries, including Japan, Vietnam, and India.

A spreadsheet lists 80 hacked foreign organizations, plus evidence of 95 GB of stolen Indian immigration data and 3 TB of call records from South Korean mobile operator LG U Plus.

One of the documents mention a malicious power bank, disguised as a charging device.

Knownsec is key to China's cybersecurity, providing advanced defense and offensive capabilities, including espionage tools.

A thread with their tools 🧵 ZoomEye

A global search engine similar to Shodan or Censys, lists vulnerabilities for each host. It claims to scan the entire IPv4 address range in 7-10 days.

‼️ When Collins Aerospace shut down its Multi-User System Environment (MUSE), it informed the press and filed with the SEC, claiming a ransomware attack.

This caused major European airports to halt passenger processing, stranding thousands and delaying numerous flights.

Turns out they didn't have to turn off the systems.

The threat actor claims no ransomware or compromise occurred, alleging Collins Aerospace disabled the servers for insurance money.

They admit breaching an FTP server, exfiltrating data over days until access was blocked, and claim to have obtained 1,533,900 passenger records.

Screenshots of conversations between Everest and RTX, Collins Aerospace's parent company, are included in this post and they don't seem to mention any encrypted data.


This is the compromised SFTP server. Username: aiscustomer, password: muse-insecure. Insecure indeed. Why store sensitive files like passenger data, SQL, service documentation, and configurations on a publicly accessible, insecure SFTP server?

🚨 Multiple cybercriminals were arrested during Operation SIMCARTEL.

Europol and Latvian law enforcement dismantled five servers, seized 1,200 SIM box devices and 40,000 active SIM cards.

The criminals were linked to over 1,700 cyber fraud cases in Austria and 1,500 in Latvia, causing losses of several million euros, including EUR 4.5 million in Austria and EUR 420,000 in Latvia. “Yep, that’s me. You’re probably wondering how I got into this situation …”

🚨 Discord Breach Update

- Discord negotiated with the threat actor for two weeks, promising payment.
- Discord then ceased communication.
- The threat actor, now angry, is releasing files individually.

Leaked tables will be posted next.

https://twitter.com/IntCyberDigest/status/1975846997568737666

Tables:

id
username
email
verifiedlocation
premium_until
premium_type
pending_deletion
country
phone
mfa_enabled
last_seen

🚨 Scattered LAPSUS$ Hunters launched an onion website, listing all victims with a deadline of October 10, 2025.

We've made a thread with screenshots of the victims below 👇 FedEx

‼️🚨 Red Hat breached: Crimson Collective stole 28k private repositories, including credentials, CI/CD secrets, pipeline configs, VPN profiles, and infrastructure blueprints.

Our analysis of obtained data: 👇 The file tree includes thousands of repositories referencing major banks, telecoms, airlines, and public-sector organizations, such as Citi, Verizon, Siemens, Bosch, JPMC, HSBC, Merrick Bank, Telstra, Telefonica, and even mentions the U.S. Senate...

‼️ Meet the Chinese man who has sold over 6,500 counterfeit licenses to Americans and Canadians, making over $750k. He used more than 83 domains and multiple social media accounts to promote his services. He sent every order very discreetly packaged, going to great lengths to hide the true contents: counterfeit IDs.