Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
International Cyber Digest Profile picture
International Cyber Digest
@IntCyberDigest
Your weekly go-to cybersecurity newsletter, curated and commented on by our senior analysts. Got tips? Signal: IntCyberDigest.17
Oct 22 4 tweets 7 min read
‼️ When Collins Aerospace shut down its Multi-User System Environment (MUSE), it informed the press and filed with the SEC, claiming a ransomware attack.

This caused major European airports to halt passenger processing, stranding thousands and delaying numerous flights.

Turns out they didn't have to turn off the systems.

The threat actor claims no ransomware or compromise occurred, alleging Collins Aerospace disabled the servers for insurance money.

They admit breaching an FTP server, exfiltrating data over days until access was blocked, and claim to have obtained 1,533,900 passenger records.

Screenshots of conversations between Everest and RTX, Collins Aerospace's parent company, are included in this post and they don't seem to mention any encrypted data.Image
Image
Image
Image This is the compromised SFTP server. Username: aiscustomer, password: muse-insecure. Insecure indeed. Why store sensitive files like passenger data, SQL, service documentation, and configurations on a publicly accessible, insecure SFTP server? Image
Oct 17 4 tweets 2 min read
🚨 Multiple cybercriminals were arrested during Operation SIMCARTEL.

Europol and Latvian law enforcement dismantled five servers, seized 1,200 SIM box devices and 40,000 active SIM cards.

The criminals were linked to over 1,700 cyber fraud cases in Austria and 1,500 in Latvia, causing losses of several million euros, including EUR 4.5 million in Austria and EUR 420,000 in Latvia. “Yep, that’s me. You’re probably wondering how I got into this situation …” Image
Oct 8 5 tweets 2 min read
🚨 Discord Breach Update

- Discord negotiated with the threat actor for two weeks, promising payment.
- Discord then ceased communication.
- The threat actor, now angry, is releasing files individually.

Leaked tables will be posted next. Image Tables:

id
username
email
verifiedlocation
premium_until
premium_type
pending_deletion
country
phone
mfa_enabled
last_seen Image
Oct 3 26 tweets 7 min read
🚨 Scattered LAPSUS$ Hunters launched an onion website, listing all victims with a deadline of October 10, 2025.

We've made a thread with screenshots of the victims below 👇 Image FedEx Image
Oct 1 12 tweets 5 min read
‼️🚨 Red Hat breached: Crimson Collective stole 28k private repositories, including credentials, CI/CD secrets, pipeline configs, VPN profiles, and infrastructure blueprints.

Our analysis of obtained data: 👇 Image The file tree includes thousands of repositories referencing major banks, telecoms, airlines, and public-sector organizations, such as Citi, Verizon, Siemens, Bosch, JPMC, HSBC, Merrick Bank, Telstra, Telefonica, and even mentions the U.S. Senate...
Sep 26 7 tweets 3 min read
‼️ Meet the Chinese man who has sold over 6,500 counterfeit licenses to Americans and Canadians, making over $750k. He used more than 83 domains and multiple social media accounts to promote his services. Image He sent every order very discreetly packaged, going to great lengths to hide the true contents: counterfeit IDs. Image
Image
Image
Image
Sep 7 10 tweets 2 min read
🚨 UPDATE 🚨 on the Mandiant investigation into the compromise of the Salesforce Drift platform reveals how it was compromised. The attackers initially gained access to Salesloft’s GitHub account, and that’s when things took off… Image In March through June 2025, the threat actor accessed the Salesloft GitHub account. With this access, the threat actor was able to download content from multiple repositories, add a guest user and establish workflows.
Aug 29 6 tweets 2 min read
Ladies and gentlemen, we present to you Conti Ransomware group 💀 Image This group posted videos of their luxurious lifestyles, flying in private jets.
Aug 18 10 tweets 2 min read
🚨 Nova ransomware gang demanded $30M from Clinical Diagnostics/Eurofins to not leak 480k+ people's sensitive medical data. Allegedly received $50k. Unsatisfied, they now demand more. Image We're unaccustomed to seeing double or triple extortion from ransomware gangs, as it undermines their business model. Moreover, Nova misrepresented their reasons for demanding more, making them (surprise) an unreliable party.
Nov 7, 2024 8 tweets 2 min read
🚨🔓 Ransomware group Hellcat is uploading @SchneiderElec breach data as we post. What happened?

- How did @SchneiderElec get breached for the third time in a year?
- What can we learn from this breach to better protect ourselves?

🧵 A thread... Image 1/ Is this really bad for @SchneiderElec? We don't know yet. We've had contact with Hellcat spokesperson @holypryx, he told us 'Today we are leaking everything so samples won't be important anymore right?'