Δ€ŁT4 TΞ¢H

🇷🇸 A threat actor is claiming to possess a massive “72 million” record dataset allegedly linked to Serbian telecommunications providers, prominently referencing Telekom Srbija and multiple regional telecom operators. The exposed fields shown in the listing allegedly include: • Full names • National ID/JMBG-related identifiers • Addresses • Mobile phone numbers • Partner/customer IDs • Installation/service details • Device serial numbers • Employee and distributor information • Service package and infrastructure metadata The post references several major Serbian telecom and ISP brands, including: • Telekom Srbija • Yettel Serbia • CETIN Serbia • A1 Serbia • SBB • Orion Telekom • YUNET At this stage, the authenticity, origin, and actual scale of the dataset remain unverified. The claimed volume appears unusually large relative to Serbia’s population, which may indicate: • Aggregated multi-source telecom datasets • Historical/internal infrastructure records • Duplicated entries • Scraped operational data • Inflated claims for attention or resale value If legitimate, the exposure could create significant risks: • SIM swap targeting • Telecom fraud • Identity theft • Social engineering campaigns • Infrastructure reconnaissance • Insider targeting • Credential-reset abuse using subscriber information Telecom providers and affected organizations should: • Monitor for unusual account recovery activity • Increase anti-SIM-swap protections • Audit exposed internal operational systems • Review third-party/vendor access • Monitor dark web resale channels and credential markets • Alert customers regarding phishing risks No official confirmation regarding the alleged dataset has been publicly identified at this time. #DDW #Intelligence #Serbia #Telecom #CyberSecurity #DarkWeb #DataBreach

⚠️Hackers Actively Exploiting Critical NGINX RCE Vulnerability in the Wild Source: https://t.co/7FVnJNpPPW Hackers are wasting no time exploiting a newly disclosed critical vulnerability in NGINX, with security researchers already observing real-world attacks just days after its public release. Threat actors are actively targeting CVE-2026-42945, a heap buffer overflow flaw affecting both NGINX Open Source and NGINX Plus. According to Censys data, around 5.7 million internet-facing NGINX servers could be running vulnerable versions. #cybersecuritynews

Russian spies hacked several TP-Link routers in Latvia and thousands more worldwide. They used a known weakness in older models to change the router’s settings, this let them spy on internet traffic from connected phones and computers, stealing passwords and other data. In late March 2026, the FBI and Latvian security services worked together in Operation Masquerade and they remotely fixed the affected routers in Latvia to block further access. To stay safe: >Update your router’s software right away. >Change the default admin password to a strong one. >Replace any very old router that no longer gets updates. Check with your internet provider or CERT(.)lv if you’re not sure.

⚠️ Udemy Data Breach - ShinyHunters Claims Compromise of 1.4M User Records Source: https://t.co/AFS9aFEkqt The notorious cybercriminal group ShinyHunters has claimed responsibility for a major data breach targeting Udemy, Inc., one of the world's largest online learning platforms, and has alleged the compromise of over 1.4 million records containing personally identifiable information (PII) and internal corporate data. The claim was first observed on April 24, 2026, when ShinyHunters posted a "Pay or Leak" warning on their data leak site, setting a final deadline of April 27, 2026, for Udemy to respond or face public exposure of the stolen data. #cybersecuritynews #databreach

⚠️ Windows RPC Vulnerability Lets Attackers Escalate Privileges Across All Windows Versions Source: https://t.co/luN3UDOucJ PhantomRPC, a newly identified architectural vulnerability in Windows Remote Procedure Call (RPC) that enables local privilege escalation to SYSTEM-level access, potentially affecting every version of Windows. PhantomRPC is not a classic memory corruption bug or a logic flaw in a single component. Instead, it exploits an architectural design weakness in how the Windows RPC runtime (rpcrt4.dll) handles connections to unavailable RPC servers. When a highly privileged process attempts an RPC call to a server that is offline or disabled, the RPC runtime does not verify whether the responding server is legitimate. #cybersecuritynews #Windows

🔐 Hackers Can Abuse Entra Agent ID Admin Role to Hijack Service Principals Source: https://t.co/ePEtkkkXAl A critical scope overreach vulnerability was recently identified in the Microsoft Entra Agent Identity Platform. The newly introduced Agent ID Administrator role allowed accounts to hijack arbitrary service principals and escalate privileges across the entire tenant. New research found that actions like updating agent identity owners allowed administrators to modify the ownership of any service principal in the tenant. A user with the Agent ID Administrator role could assign themselves as the owner of a completely unrelated, high-privileged service principal. #cybersecuritynews

🔥 OpenClaw now scans every ClawHub skill using 🛡️ VirusTotal threat intel. Uploads are hashed, analyzed via Code Insight, then auto-approved, flagged, or blocked. Daily rescans 🔍 check if clean skills turn malicious later. ⚠️ Hundreds of risky skills had slipped through earlier. 🔗 Read → https://t.co/Ieo8WEiwNQ

🛡️ OpenClaw Partners with VirusTotal to Secure AI Agent Skill Marketplace Source: https://t.co/nM74BPmwRZ OpenClaw announced today a partnership with VirusTotal, Google's threat intelligence platform, to implement automated security scanning for all skills published to ClawHub, its AI agent marketplace. All skills published to ClawHub will now undergo automatic scanning using VirusTotal's threat intelligence database and Code Insight capability, an LLM-powered security analysis tool. Skills flagged as malicious will be immediately blocked from download, while suspicious content receives warning labels. A compromised skill could exfiltrate sensitive information, execute unauthorized commands, or download external payloads. #cybersecuritynews

State-linked hackers breached 70+ government & critical infrastructure networks across 37 countries, Unit 42 reports. Targets include law enforcement, finance ministries, and border control. Initial access via phishing loaders, with payloads staged on GitHub. 🔗 Intrusion chain, malware design, targeting scope → https://t.co/QiYfpWwcMv

⚠️ Dutch Authorities Seized Servers of Windscribe VPN Provider Source: https://t.co/oFWSAnZvO4 Dutch authorities seized a Windscribe VPN server located in the Netherlands as part of an undisclosed investigation. The Canadian provider quickly highlighted how its privacy-focused design thwarted any data recovery efforts. Windscribe disclosed the incident via social media, sharing an image of an empty server rack slot and noting that Dutch officials executed a warrant without prior notice. The server, a standard VPN node, was physically removed by law enforcement seeking potential logs tied to criminal activity. #cybersecuritynews

Dutch police have reportedly seized one of Windscribe's VPN servers in the Netherlands without presenting a warrant. According to the company, authorities plan to retain the hardware until they complete a thorough examination. They say their real concern "is the unredacted Epstein files we had on there..."