![ajrgd's tweet photo. BREAKING: Something really bad has just happened with the BBC 5 Live Sport account on here. Looks to be compromised.
Two scam accounts are now affiliated with BBC 5 Live Sport:
[@]FNSNVencicne
[@]MngmntTrade
[@]FNSNVencicne is NOT Venice AI but purports to be
[@]MngmntTrade is a crypto and investment scam vehicle
@bbc @bbc5live @5liveSport please remediate and investigate immediately
Meanwhile, do not click any links from the 5 Live Sport account as it may be compromised. Investment scams may soon appear from the account and the affiliates.](https://pbs.twimg.com/media/HKuyFi8XYAAISGf.jpg)
![ajrgd's tweet photo. BREAKING: Something really bad has just happened with the BBC 5 Live Sport account on here. Looks to be compromised.
Two scam accounts are now affiliated with BBC 5 Live Sport:
[@]FNSNVencicne
[@]MngmntTrade
[@]FNSNVencicne is NOT Venice AI but purports to be
[@]MngmntTrade is a crypto and investment scam vehicle
@bbc @bbc5live @5liveSport please remediate and investigate immediately
Meanwhile, do not click any links from the 5 Live Sport account as it may be compromised. Investment scams may soon appear from the account and the affiliates.](https://pbs.twimg.com/media/HKuyFiyX0AAbSSf.jpg)
![ajrgd's tweet photo. BREAKING: Something really bad has just happened with the BBC 5 Live Sport account on here. Looks to be compromised.
Two scam accounts are now affiliated with BBC 5 Live Sport:
[@]FNSNVencicne
[@]MngmntTrade
[@]FNSNVencicne is NOT Venice AI but purports to be
[@]MngmntTrade is a crypto and investment scam vehicle
@bbc @bbc5live @5liveSport please remediate and investigate immediately
Meanwhile, do not click any links from the 5 Live Sport account as it may be compromised. Investment scams may soon appear from the account and the affiliates.](https://pbs.twimg.com/media/HKuyFiwWYAAlyIa.jpg)
![ajrgd's tweet photo. PUBLIC ADVISORY: The X account for Alcatel USA [@]alcatelmobileus (21.8k followers) has been compromised and is currently pushing scam ads.
This is the biggest account I've seen taken over so far — a major brand with 21.8k followers. The account last posted in 2019.
Don't trust this account or the links it posts at this time.
Please share widely and tag the people to remediate this across X Trust and Safety @Safety
There is a broader issue. Scam ads on X are rife and getting worse. Epi and I stand ready, as always, to help all that we can with our internet intel and services, which block these sites by default. No opportunism; just public service.](https://pbs.twimg.com/media/HJRopg6XIAAHR-2.jpg)
Olivia
Online
Epi
@epiapp
contrarian cybersecurity, internet intel, sandboxing, web search and AI • @episecurity • • runs on the @epiarc
London, England
Joined December 2015
23 Following
56 Followers
41 Posts
The X account of BBC 5 Live Sport @5liveSport looks to be compromised, with scam affiliates listed under the account
BREAKING: Something really bad has just happened with the BBC 5 Live Sport account on here. Looks to be compromised.
Two scam accounts are now affiliated with BBC 5 Live Sport:
[@]FNSNVencicne
[@]MngmntTrade
[@]FNSNVencicne is NOT Venice AI but purports to be
[@]MngmntTrade is a crypto and investment scam vehicle
@bbc @bbc5live @5liveSport please remediate and investigate immediately
Meanwhile, do not click any links from the 5 Live Sport account as it may be compromised. Investment scams may soon appear from the account and the affiliates.
![ajrgd's tweet photo. BREAKING: Something really bad has just happened with the BBC 5 Live Sport account on here. Looks to be compromised.
Two scam accounts are now affiliated with BBC 5 Live Sport:
[@]FNSNVencicne
[@]MngmntTrade
[@]FNSNVencicne is NOT Venice AI but purports to be
[@]MngmntTrade is a crypto and investment scam vehicle
@bbc @bbc5live @5liveSport please remediate and investigate immediately
Meanwhile, do not click any links from the 5 Live Sport account as it may be compromised. Investment scams may soon appear from the account and the affiliates.](https://pbs.twimg.com/media/HKuyFi-XsAEotFt.jpg)
Hello Lisbon! We're at the Global Anti-Scam Summit this week
@ScamAlliance
jk, hello Lisbon! 🇵🇹 I'm here for the Global Anti-Scam Summit this week. Hit me up if you're around. I also now have a spare ticket
16:55 UK time. Ad still live. Now 1.7 million impressions for this phishing campaign
Who to follow
Epiarc
@epiarc
the archetypal name system • open source consensus network for human friendly website and org names • layer of abstraction over domains and handles
Voilà
@voilaai
AI assistant that seamlessly blends into the way you work to help you create, write, brainstorm, and research.
Larry Ludwig
@lludwig
Father, capitalist, tech, AI, affiliate marketing, & digital marketing expert. Purveyor of logic and reason. Sold Investor Junkie in 2018, now @LudwigsTravels
PUBLIC ADVISORY from Epi Security: The X (Twitter) account for Alcatel USA [@]alcatelmobileus (21.8k followers) has been compromised and is currently pushing scam ads to tens of thousands of users.
Don't trust the links from this account at this time, and continue checking all links in posts and ads.
We have reported this compromise and the ongoing campaigns of malicious ads to X, and we stand ready to offer our assistance and internet intel to stop bad ads and links.
IOCs:
alcatelmobileus[.]shop
[@]alcatelmobileus
PUBLIC ADVISORY: The X account for Alcatel USA [@]alcatelmobileus (21.8k followers) has been compromised and is currently pushing scam ads.
This is the biggest account I've seen taken over so far — a major brand with 21.8k followers. The account last posted in 2019.
Don't trust this account or the links it posts at this time.
Please share widely and tag the people to remediate this across X Trust and Safety @Safety
There is a broader issue. Scam ads on X are rife and getting worse. Epi and I stand ready, as always, to help all that we can with our internet intel and services, which block these sites by default. No opportunism; just public service.
![ajrgd's tweet photo. PUBLIC ADVISORY: The X account for Alcatel USA [@]alcatelmobileus (21.8k followers) has been compromised and is currently pushing scam ads.
This is the biggest account I've seen taken over so far — a major brand with 21.8k followers. The account last posted in 2019.
Don't trust this account or the links it posts at this time.
Please share widely and tag the people to remediate this across X Trust and Safety @Safety
There is a broader issue. Scam ads on X are rife and getting worse. Epi and I stand ready, as always, to help all that we can with our internet intel and services, which block these sites by default. No opportunism; just public service.](https://pbs.twimg.com/media/HJRophLWcAAhAcn.jpg)
PUBLIC ADVISORY from @episecurity: The X account for Alcatel USA [@]alcatelmobileus (21.8k followers) has been compromised and is currently pushing scam ads.
PUBLIC ADVISORY: The X account for Alcatel USA [@]alcatelmobileus (21.8k followers) has been compromised and is currently pushing scam ads.
This is the biggest account I've seen taken over so far — a major brand with 21.8k followers. The account last posted in 2019.
Don't trust this account or the links it posts at this time.
Please share widely and tag the people to remediate this across X Trust and Safety @Safety
There is a broader issue. Scam ads on X are rife and getting worse. Epi and I stand ready, as always, to help all that we can with our internet intel and services, which block these sites by default. No opportunism; just public service.
PUBLIC ADVISORY for Instagram users from @epiapp: We have responsibly disclosed a critical security vulnerability to Meta about Instagram. We are not detailing the vulnerability here, but it impacts the Instagram in-app web browser.
We are issuing this redacted public advisory in the public interest.
We advise Instagram users to be especially cautious and vigilant when using the Instagram browser, and to refrain from using the in-app browser to log in to third-party sites and services at this time.
It is in the public interest for users to be aware and act accordingly, because the vulnerability is one of web trust as much as an exploitable technical failure. It affects all Instagram users worldwide right now, and we are concerned of active exploitation.
Don't log in to sites in the Instagram web browser at this time.
We stand ready to work closely with Meta on fixing this vulnerability and improving the security of the in-app browser.
PUBLIC ADVISORY for Instagram users from @epiapp: We have responsibly disclosed a critical security vulnerability to Meta about Instagram. We are not detailing the vulnerability here, but it impacts the Instagram in-app web browser.
We are issuing this redacted public advisory in the public interest.
We advise Instagram users to be especially cautious and vigilant when using the Instagram browser, and to refrain from using the in-app browser to log in to third-party sites and services at this time.
It is in the public interest for users to be aware and act accordingly, because the vulnerability is one of web trust as much as an exploitable technical failure. It affects all Instagram users worldwide right now, and we are concerned of active exploitation.
Don't log in to sites in the Instagram web browser at this time.
We stand ready to work closely with Meta on fixing this vulnerability and improving the security of the in-app browser.
is this how you do it?
guess who has the URL checker APIs you're looking for 👀
and this is why you shouldn't rely on looking at the sender to avoid scams
the call-to-action link is the only thing that matters
this email is legitimate
Thanks for all the phish
Happy Phish Friday! Thank you for checking your links and catching the phish this week
@ajrgd lol. lmao even
Made a script to check our org and help others detect if they're affected by the Axios NPM library compromise.
Axios is a hugely popular HTTP request library, installed over 100 million times every week, and is used in hundreds of thousands of software projects.
This script checks a batch of Node repos in one go. Run it on your dev machines, CI and environments.
https://t.co/QrO0nQlqhy
Want to stop getting phished? Use a good link checker!
The Epi link checker cares about your privacy and security. It doesn't log or record input URLs, doesn't track you, uses no third-party scripts, is free and requires no login. It resolves all redirects for you in its sandbox, so you get the right trust verdict — for the final destination.
No star ratings. No subjective scores. We simply tell you whether a site is trusted, legitimate, malicious or unsafe.
https://t.co/issNAWFdiY
Big news: Apple just quietly published (1 Jan) a webpage describing the training data used for their gen AI
This legal document is for compliance with the California Generative Artificial Intelligence Training Data Transparency Act.
🍿 Fascinating insights. Highlights:
"Apple trains generative AI models using a mixture of data that includes publicly available data, including publicly available information crawled by Apple’s web crawler Applebot, data licensed or purchased from third parties, open-sourced data, data obtained through user studies, and synthetic data."
"Applebot does not crawl data from websites that require login credentials or that are protected by a paywall. Applebot respects standard robots.txt directives"
"Data sets for model training include both data from the public domain and data subject to intellectual property rights. For example, data used to train generative AI models includes data that has been directly licensed to Apple and data made available pursuant to licenses, such as common open-source licenses, that permit use of the data in the development of generative AI systems."
"Apple does not use our users’ private personal data or user interactions when training our foundation models. Additionally, for content publicly available on the internet that has been crawled by Applebot, Apple takes steps to apply filters to remove certain categories of personally identifiable information, such as social security and credit card numbers, from training data."
"Apple filters web-crawled data and publicly available datasets both at the time the data is crawled or imported and also as a part of post-acquisition processing prior to training. The data is managed both to limit the use of low-quality data and to remove content that is undesirable or unsafe. For example, Apple performs quality filtering and plain-text extraction on data crawled by Applebot, including safety, profanity, inappropriate content, spam, financial data, and quality filtering using heuristics and model-based classifiers, global fuzzy de-duplication using locality-sensitive n-gram hashing, decontamination against common pre-training benchmarks, and filtering against benchmark datasets. Different techniques are used to filter datasets, including manual and algorithmic ranking of content, use of heuristics, and use of machine learning models."
"Apple has been collecting textual data for training since 2018 and image data for training since 2020. Data collection remains ongoing."
"Apple uses generated text, images, audio, and other content to supplement datasets containing real-world data. This category of data is used to enhance the other corpora, including synthetic image caption data, question-answer pairs, and language data. Apple also uses synthetic data generation for post-training, including supervised fine-tuning."
I wonder what happens with respect to the Google-trained Apple LLM model.
This document was discovered by Epi Internet Intelligence (@epiapp).
Why Trusted Publishing and OIDC is dangerous for CI, your deployments and source code, and GitHub overall.
My recommendation to machine-to-machine OIDC flow developers: always require a secret to be supplied as well.
Introducing Epi Security, the new brand for cybersecurity from Epi @epiapp
Here to help devs with reviews, audits and pentests for RSC, servers and client apps.
In the wake of the significant and widespread attacks on NPM libraries and React2Shell exploits, security must no longer be an afterthought or bolt-on.
I've been building secure apps and servers for 15 years, and running a cybersec startup for 6 years. Security works when it is at the foundation, with secure code practices followed religiously by devs, and platform safeguards built in.
Reach out if you want me to look at your source and apps.
Happy to take a deep dive into your repos, and if you like my work, establish a working relationship.
Trying something: Making an official/ophishal account which will just post professional tweets and thought leadership posts around phishing, quishing, scams, fraud and cyber threats.
A SFW @ajrgd without the memes, humour and personality.
Welcome to the unfunny side.
Half of exposed React servers remain unpatched amid active exploitation https://t.co/fcketnfTF4
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.7M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers