Sycek Official

3 days ago

Meanwhile the allegation relies primarily on: ❌ X location metadata ❌ An unverified LinkedIn photo match ❌ Repeated assertions without corroboration The lesson? A viral claim is not evidence. #OSINT #ThreatIntel #FactCheck #OpenSourceIntelligence

Sycek_osint's tweet photo. Meanwhile the allegation relies primarily on:
❌ X location metadata
❌ An unverified LinkedIn photo match
❌ Repeated assertions without corroboration

The lesson?

A viral claim is not evidence.

#OSINT #ThreatIntel #FactCheck #OpenSourceIntelligence https://t.co/TCIsvRmxcY

3 days ago

🚨 1.17 MILLION VIEWS. That's how far the claim "Tarun Gautam is actually Fawad Shaikh from Karachi" spread. So I checked the evidence. ✅ Delhi University footprint ✅ Instagram history dating back to 2015 ✅ Consistent long-term social presence

Sycek_osint's tweet photo. 🚨 1.17 MILLION VIEWS.

That's how far the claim "Tarun Gautam is actually Fawad Shaikh from Karachi" spread.

So I checked the evidence.

✅ Delhi University footprint
✅ Instagram history dating back to 2015
✅ Consistent long-term social presence https://t.co/7ABlGqKFkW

254

8 days ago

Investigation Credits for initial leads: @AgniVesa_07 FACT: these "poopworldOrderr / Sadiqqq" ramped up around mid-2025 when @nikitabier became X Head of Product. @nikitabier @Cloudwatch199 @X #TF2990 #CIB #sycek #osint

8 days ago

🚨 Why & How TF-2990 Works: Alleged Pakistan DGISPR/ISI-backed anti-India CIB psyop by Toronto’s Sadiq Ali ("Sadiqqqq", @PooWorldOrderr — suspended).

Sycek_osint's tweet photo. 🚨 Why & How TF-2990 Works: Alleged Pakistan DGISPR/ISI-backed anti-India CIB psyop by Toronto’s Sadiq Ali ("Sadiqqqq", @PooWorldOrderr — suspended). https://t.co/20gOGm8TM7

723

8 days ago

WHY: Post-Operation Sindoor, goal = flood platforms to make anti-India hate appear organic & normalise violence ("beat them or even k!ll them occasionally" — direct Telegram incitement). 280M-view Korean video proves scale.

9 days ago

• https://t.co/cKTWOoPz13 analytics show synchronized spikes + bot-like behavior • One coordinated video reached 280M views Full 27-page OSINT report available upon request. Serious researchers, journalists, or platforms DM us to reach out. #TF2990 #OSINT #DisinfoNetwork

478

9 days ago

🚨 TF-2990 Exposed: Pakistan-linked DGISPR/ISI disinformation network targeting Indians & Indian diaspora. Operated by Sadiq Ali (Toronto-based, @PooWorldOrderr suspended). Coordinated psyop using fake LARP accounts, 40+ Telegram channels, and heavy algorithm gaming.

Sycek_osint's tweet photo. 🚨 TF-2990 Exposed: Pakistan-linked DGISPR/ISI disinformation network targeting Indians & Indian diaspora.
Operated by Sadiq Ali (Toronto-based, @PooWorldOrderr suspended). Coordinated psyop using fake LARP accounts, 40+ Telegram channels, and heavy algorithm gaming. https://t.co/2RfBQcR29Y

471

213

9 days ago

Critical findings: • Direct incitement to violence in private Telegram: “normalise... hate enough that ppl dont hesitate to beat them or even k!ll them occasionally” • Primary amplification hub @garbagehuman24 followed by 6/11 core accounts

538

15 days ago

So many disclosures on govt sites redirecting to betting sites! But nobody reported "How & why it happened?" @FalconFeedsio has a detailed report on this! Try it , thank us later, google: "(rummy OR gambling OR bet) site:https://t.co/cudDCGi4am" #osint #CTI

16 days ago

How illegal gambling operators are hijacking government websites Illegal gambling operators have quietly hijacked 100+ Indian government & public-sector websites (.gov.in / .nic.in / .ac.in / .edu.in) to rank betting, rummy & satta content on Google — weaponising the trust of official domains to funnel mobile users into offshore casinos. A large, active campaign is abusing Indian government trust to run illegal gambling. Operators have compromised 100+ government & public-sector domains — central ministries, a High Court, a constitutional audit body, a land-registration system, police and tax portals, a diplomatic mission, and top academic institutions — and turned them into SEO machines for betting, rummy/teen patti, satta/matka and Aviator-style crash games. The trick is server-side cloaking. One URL, three audiences: Googlebot is fed a keyword-stuffed gambling page (sometimes rendered in Thai to dodge detection); a mobile user clicking from Google search gets redirected into an offshore betting/casino app; and an administrator or desktop visitor sees the normal page or a 404. That selective delivery is why it survives for months — routine browsing never reveals it. The damage is threefold: citizens get funnelled into illegal apps and surrender personal/payment data at sign-up; the authority of "https://t.co/pUsEjtdTXn" gets laundered to legitimise illegal gambling; and where attackers inject Search Console tokens, they effectively claim ownership of the government domain inside Google. Write access this deep also means the server should be assumed fully compromised — cloaking may not be the worst payload it could carry. At least five distinct injection toolkits are in play, so this isn't one actor — it's multiple operators sharing the same pool of poorly-maintained, high-authority targets. Fix list for affected estates: rebuild from a known-good baseline (don't just delete files), audit rewrite rules, purge rogue Search Console owners + request de-indexing, reset admin creds + enforce MFA, patch CMS/plugins/server software, and report to CERT-In. Verification needs a differential check (Googlebot vs mobile-from-search vs direct) from an Indian IP — a single clean request proves nothing.

247

Sycek_osint retweeted

17 days ago

https://t.co/xvhO8a4UL8 has investigated an AI "nudify" operation disguised as a photo-enhancement tool — a synthetic NCII service targeting real individuals via telegram and operated from Turkey. Verified media: reach out at [email protected] for the report.

FalconFeedsio's tweet photo. https://t.co/xvhO8a4UL8 has investigated an AI "nudify" operation disguised as a photo-enhancement tool — a synthetic NCII service targeting real individuals via telegram and operated from Turkey.

Verified media: reach out at media@falconfeeds.io for the report. https://t.co/vmlJJMsDHQ

Sycek_osint retweeted

17 days ago

While India's cyber posture and government vulnerabilities dominate the conversation, https://t.co/MG5DMBfAMn looked at the evidence — 1,104 confirmed incidents (May 2025–May 2026) across three categories: ransomware, data leaks, and data breaches. Here's what the data shows. India Threat Landscape — May 2025→May 2026 (dataset: 1,104 confirmed public-disclosure incidents) Breakdown: 736 data breaches, 239 data leaks, 129 ransomware events. Sources skew to open web (635) and Telegram (263), with 206 surfacing on Tor leak sites — i.e. most exposure is happening in plain sight, not deep in the dark web. The single most-targeted sector isn't finance or IT. It's Education — ~200 incidents.Of ~200 education incidents, 175 were data breaches spanning universities, technical & medical institutes, schools (including a defense-run school), and e-learning / edtech platforms. A handful escalated to ransomware against academic institutions. Why this sector keeps getting hit: limited security budgets paired with sensitive data holdings. The data at stake is uniquely toxic - institutions collect Aadhaar, photos and birth certificates, so a breach feeds dark-web sale of transcripts, personal records and forged certificates. An independent pilot concluded Indian educational institutions are likely five times more vulnerable to data breaches than counterparts with stronger cyber practices, with risks including faculty impersonation, deepfakes, research-data theft and exam-paper leakage ~89 incidents across government administration, public-sector bodies, law enforcement, paramilitary, and defense-adjacent industry. The pattern is telling: 67 breaches, 21 leaks, only 1 ransomware — adversaries aren't extorting, they're exfiltrating and publishing. What surfaced in the dataset (by function, not name): leaked source code for a national emergency-response platform, exposure tied to defense-procurement and national-standards bodies, dumps attributed to federal audit, investigative, and central armed-police functions, plus municipal and state-department databases. This is the systemic risk: UPI payments, cloud adoption, and e-governance platforms have significantly expanded India's digital attack surface, and government data carries citizen PII, biometrics, and law-enforcement records that can't be reset like a password. Regionally the picture is worse — government and law-enforcement organizations accounted for 427 incidents, about 27 percent of APAC data breaches in 2025, and were the most frequently listed sector for initial-access sales. @IndianCERT @digitaldutta @internetfreedom

FalconFeedsio's tweet photo. While India's cyber posture and government vulnerabilities dominate the conversation, https://t.co/MG5DMBfAMn looked at the evidence — 1,104 confirmed incidents (May 2025–May 2026) across three categories: ransomware, data leaks, and data breaches. Here's what the data shows.

India Threat Landscape — May 2025→May 2026 (dataset: 1,104 confirmed public-disclosure incidents)
Breakdown: 736 data breaches, 239 data leaks, 129 ransomware events. Sources skew to open web (635) and Telegram (263), with 206 surfacing on Tor leak sites — i.e. most exposure is happening in plain sight, not deep in the dark web.

The single most-targeted sector isn't finance or IT. It's Education — ~200 incidents.Of ~200 education incidents, 175 were data breaches spanning universities, technical & medical institutes, schools (including a defense-run school), and e-learning / edtech platforms. A handful escalated to ransomware against academic institutions.

Why this sector keeps getting hit: limited security budgets paired with sensitive data holdings. The data at stake is uniquely toxic - institutions collect Aadhaar, photos and birth certificates, so a breach feeds dark-web sale of transcripts, personal records and forged certificates. An independent pilot concluded Indian educational institutions are likely five times more vulnerable to data breaches than counterparts with stronger cyber practices, with risks including faculty impersonation, deepfakes, research-data theft and exam-paper leakage

~89 incidents across government administration, public-sector bodies, law enforcement, paramilitary, and defense-adjacent industry. The pattern is telling: 67 breaches, 21 leaks, only 1 ransomware — adversaries aren't extorting, they're exfiltrating and publishing.
What surfaced in the dataset (by function, not name): leaked source code for a national emergency-response platform, exposure tied to defense-procurement and national-standards bodies, dumps attributed to federal audit, investigative, and central armed-police functions, plus municipal and state-department databases.
This is the systemic risk: UPI payments, cloud adoption, and e-governance platforms have significantly expanded India's digital attack surface, and government data carries citizen PII, biometrics, and law-enforcement records that can't be reset like a password. Regionally the picture is worse — government and law-enforcement organizations accounted for 427 incidents, about 27 percent of APAC data breaches in 2025, and were the most frequently listed sector for initial-access sales.

@IndianCERT
@digitaldutta
@internetfreedom

Sycek_osint retweeted

Sougat Chakraborty

@sougat18

24 days ago

OSINT can do incredible stuff

Sycek_osint retweeted

NetAskari

@NetAskari

30 days ago

EXCLUSIVE: How the track foreigners in China - We got rare access to demo system developed by the Ministry of Public Security in China for the prefecture of Zhangjiakou, to track and surveil foreigners visiting or being residents ( actually it applies to most nationals as well, but in this case it seems to be aimed at foreigners ). It is officially known as "Dynamic control platform for overseas personnel". 1/12

NetAskari's tweet photo. EXCLUSIVE: How the track foreigners in China - We got rare access to demo system developed by the Ministry of Public Security in China for the prefecture of Zhangjiakou, to track and surveil foreigners visiting or being residents ( actually it applies to most nationals as well, but in this case it seems to be aimed at foreigners ). It is officially known as "Dynamic control platform for overseas personnel". 1/12

625

978K

Sycek_osint retweeted

VICE News

@VICENews

29 days ago

Hackers hired by the Sinaloa Cartel in Mexico targeted and killed informants by breaching FBI phones and Mexico City’s CCTV system. Made by @ProtonPrivacy, Data War dives into the hidden battles shaping our digital world.

472

599

195K

Megha Rajagopalan @meghara

about 1 month ago

OSINT peeps lookout for this oppurtunity!

about 1 month ago

Come work with me! A really cool job just opened up on our international investigations team at The New York Times for a reporter specializing in OSINT, with lots of room for different skillsets https://t.co/gx8ZamNlMc

386

117

253

72K

Sycek_osint retweeted

about 2 months ago

Product Update We are soon relaunching @theTelescopeio with massive changes and massive number of groups and channels from telegram. Stay Tuned.

FalconFeedsio's tweet photo. Product Update

We are soon relaunching @theTelescopeio with massive changes and massive number of groups and channels from telegram. Stay Tuned. https://t.co/adcbCYDvyz

2 months ago

It is an active warzone for commercial shipping. TLP:AMBER | FalconFeeds Intelligence #MaritimeSecurity #Hormuz #OSINT #IRGC #ThreatIntelligence #sycekosint

2 months ago

🔴 1 of 6 vessels hit that single day 🔴 16+ UKMTO incidents since 28 Feb 2026 🔴 Neutral flag states are not immune 🔴 Old footage being recycled as "BREAKING" — active misinfo campaign detected The Strait of Hormuz is no longer a high-risk corridor.