![ajrgd's tweet photo. BREAKING: Something really bad has just happened with the BBC 5 Live Sport account on here. Looks to be compromised.
Two scam accounts are now affiliated with BBC 5 Live Sport:
[@]FNSNVencicne
[@]MngmntTrade
[@]FNSNVencicne is NOT Venice AI but purports to be
[@]MngmntTrade is a crypto and investment scam vehicle
@bbc @bbc5live @5liveSport please remediate and investigate immediately
Meanwhile, do not click any links from the 5 Live Sport account as it may be compromised. Investment scams may soon appear from the account and the affiliates.](https://pbs.twimg.com/media/HKuyFi8XYAAISGf.jpg)
![ajrgd's tweet photo. BREAKING: Something really bad has just happened with the BBC 5 Live Sport account on here. Looks to be compromised.
Two scam accounts are now affiliated with BBC 5 Live Sport:
[@]FNSNVencicne
[@]MngmntTrade
[@]FNSNVencicne is NOT Venice AI but purports to be
[@]MngmntTrade is a crypto and investment scam vehicle
@bbc @bbc5live @5liveSport please remediate and investigate immediately
Meanwhile, do not click any links from the 5 Live Sport account as it may be compromised. Investment scams may soon appear from the account and the affiliates.](https://pbs.twimg.com/media/HKuyFiyX0AAbSSf.jpg)
![ajrgd's tweet photo. BREAKING: Something really bad has just happened with the BBC 5 Live Sport account on here. Looks to be compromised.
Two scam accounts are now affiliated with BBC 5 Live Sport:
[@]FNSNVencicne
[@]MngmntTrade
[@]FNSNVencicne is NOT Venice AI but purports to be
[@]MngmntTrade is a crypto and investment scam vehicle
@bbc @bbc5live @5liveSport please remediate and investigate immediately
Meanwhile, do not click any links from the 5 Live Sport account as it may be compromised. Investment scams may soon appear from the account and the affiliates.](https://pbs.twimg.com/media/HKuyFiwWYAAlyIa.jpg)
![ajrgd's tweet photo. PUBLIC ADVISORY: The X account for Alcatel USA [@]alcatelmobileus (21.8k followers) has been compromised and is currently pushing scam ads.
This is the biggest account I've seen taken over so far — a major brand with 21.8k followers. The account last posted in 2019.
Don't trust this account or the links it posts at this time.
Please share widely and tag the people to remediate this across X Trust and Safety @Safety
There is a broader issue. Scam ads on X are rife and getting worse. Epi and I stand ready, as always, to help all that we can with our internet intel and services, which block these sites by default. No opportunism; just public service.](https://pbs.twimg.com/media/HJRopg6XIAAHR-2.jpg)
Olivia
Online
Epi Security
@episecurity
contrarian cybersecurity, internet intelligence and sanboxing from @epiapp
London, England
Joined December 2025
7 Following
12 Followers
19 Posts
The X account of BBC 5 Live Sport @5liveSport looks to be compromised, with scam affiliates listed under the account
BREAKING: Something really bad has just happened with the BBC 5 Live Sport account on here. Looks to be compromised.
Two scam accounts are now affiliated with BBC 5 Live Sport:
[@]FNSNVencicne
[@]MngmntTrade
[@]FNSNVencicne is NOT Venice AI but purports to be
[@]MngmntTrade is a crypto and investment scam vehicle
@bbc @bbc5live @5liveSport please remediate and investigate immediately
Meanwhile, do not click any links from the 5 Live Sport account as it may be compromised. Investment scams may soon appear from the account and the affiliates.
![ajrgd's tweet photo. BREAKING: Something really bad has just happened with the BBC 5 Live Sport account on here. Looks to be compromised.
Two scam accounts are now affiliated with BBC 5 Live Sport:
[@]FNSNVencicne
[@]MngmntTrade
[@]FNSNVencicne is NOT Venice AI but purports to be
[@]MngmntTrade is a crypto and investment scam vehicle
@bbc @bbc5live @5liveSport please remediate and investigate immediately
Meanwhile, do not click any links from the 5 Live Sport account as it may be compromised. Investment scams may soon appear from the account and the affiliates.](https://pbs.twimg.com/media/HKuyFi-XsAEotFt.jpg)
In Lisbon for Global Anti-Scam Summit!
jk, hello Lisbon! 🇵🇹 I'm here for the Global Anti-Scam Summit this week. Hit me up if you're around. I also now have a spare ticket
16:55 UK time. Ad still live. Now 1.7 million impressions for this phishing campaign
IOCs:
alcatelmobileus[.]shop
[@]alcatelmobileus
PUBLIC ADVISORY from @episecurity: The X account for Alcatel USA [@]alcatelmobileus (21.8k followers) has been compromised and is currently pushing scam ads.
PUBLIC ADVISORY: The X account for Alcatel USA [@]alcatelmobileus (21.8k followers) has been compromised and is currently pushing scam ads.
This is the biggest account I've seen taken over so far — a major brand with 21.8k followers. The account last posted in 2019.
Don't trust this account or the links it posts at this time.
Please share widely and tag the people to remediate this across X Trust and Safety @Safety
There is a broader issue. Scam ads on X are rife and getting worse. Epi and I stand ready, as always, to help all that we can with our internet intel and services, which block these sites by default. No opportunism; just public service.
![ajrgd's tweet photo. PUBLIC ADVISORY: The X account for Alcatel USA [@]alcatelmobileus (21.8k followers) has been compromised and is currently pushing scam ads.
This is the biggest account I've seen taken over so far — a major brand with 21.8k followers. The account last posted in 2019.
Don't trust this account or the links it posts at this time.
Please share widely and tag the people to remediate this across X Trust and Safety @Safety
There is a broader issue. Scam ads on X are rife and getting worse. Epi and I stand ready, as always, to help all that we can with our internet intel and services, which block these sites by default. No opportunism; just public service.](https://pbs.twimg.com/media/HJRophLWcAAhAcn.jpg)
PUBLIC ADVISORY: The X account for Alcatel USA [@]alcatelmobileus (21.8k followers) has been compromised and is currently pushing scam ads.
This is the biggest account I've seen taken over so far — a major brand with 21.8k followers. The account last posted in 2019.
Don't trust this account or the links it posts at this time.
Please share widely and tag the people to remediate this across X Trust and Safety @Safety
There is a broader issue. Scam ads on X are rife and getting worse. Epi and I stand ready, as always, to help all that we can with our internet intel and services, which block these sites by default. No opportunism; just public service.
PUBLIC ADVISORY for Instagram users from @epiapp: We have responsibly disclosed a critical security vulnerability to Meta about Instagram. We are not detailing the vulnerability here, but it impacts the Instagram in-app web browser.
We are issuing this redacted public advisory in the public interest.
We advise Instagram users to be especially cautious and vigilant when using the Instagram browser, and to refrain from using the in-app browser to log in to third-party sites and services at this time.
It is in the public interest for users to be aware and act accordingly, because the vulnerability is one of web trust as much as an exploitable technical failure. It affects all Instagram users worldwide right now, and we are concerned of active exploitation.
Don't log in to sites in the Instagram web browser at this time.
We stand ready to work closely with Meta on fixing this vulnerability and improving the security of the in-app browser.
Happy Phish Friday! Thank you for checking your links and catching the phish this week
@ajrgd lol. lmao even
Made a script to check our org and help others detect if they're affected by the Axios NPM library compromise.
Axios is a hugely popular HTTP request library, installed over 100 million times every week, and is used in hundreds of thousands of software projects.
This script checks a batch of Node repos in one go. Run it on your dev machines, CI and environments.
https://t.co/QrO0nQlqhy
Want to stop getting phished? Use a good link checker!
The Epi link checker cares about your privacy and security. It doesn't log or record input URLs, doesn't track you, uses no third-party scripts, is free and requires no login. It resolves all redirects for you in its sandbox, so you get the right trust verdict — for the final destination.
No star ratings. No subjective scores. We simply tell you whether a site is trusted, legitimate, malicious or unsafe.
https://t.co/issNAWFdiY
This is really bad @Bitly. A targeted scam ad hosted on your security check redirect page.
The new bit•ly redirect interstitial is ostensibly about keeping users safe with site scanning and transparency.
You ask the user to "use the site preview above to make sure the link takes you where you expect", but there's a big scammy ad taking up the most of the page at the top, asking the user to "click to verify", which will mislead a good many people. The bad actor has crafted this ad placement especially for Bitly, to fool as many as they can to inadvertently click through. It's also not obvious it's an ad; there is no labelling.
The "security check" interstitial achieves the exact opposite and makes users less safe. It reminds me of the days of popup spam, and deceptive and intrusive advertising which plagued major sites in the 2000s and 2010s.
People will be defrauded with these ads. Ideally, you wouldn't run ads, but you certainly mustn't host bad ads, placing all the safety responsibility with the end user. Don't rely on Google or the ad network; approve all ads you're hosting on security-critical pages like this.
Big news: Apple just quietly published (1 Jan) a webpage describing the training data used for their gen AI
This legal document is for compliance with the California Generative Artificial Intelligence Training Data Transparency Act.
🍿 Fascinating insights. Highlights:
"Apple trains generative AI models using a mixture of data that includes publicly available data, including publicly available information crawled by Apple’s web crawler Applebot, data licensed or purchased from third parties, open-sourced data, data obtained through user studies, and synthetic data."
"Applebot does not crawl data from websites that require login credentials or that are protected by a paywall. Applebot respects standard robots.txt directives"
"Data sets for model training include both data from the public domain and data subject to intellectual property rights. For example, data used to train generative AI models includes data that has been directly licensed to Apple and data made available pursuant to licenses, such as common open-source licenses, that permit use of the data in the development of generative AI systems."
"Apple does not use our users’ private personal data or user interactions when training our foundation models. Additionally, for content publicly available on the internet that has been crawled by Applebot, Apple takes steps to apply filters to remove certain categories of personally identifiable information, such as social security and credit card numbers, from training data."
"Apple filters web-crawled data and publicly available datasets both at the time the data is crawled or imported and also as a part of post-acquisition processing prior to training. The data is managed both to limit the use of low-quality data and to remove content that is undesirable or unsafe. For example, Apple performs quality filtering and plain-text extraction on data crawled by Applebot, including safety, profanity, inappropriate content, spam, financial data, and quality filtering using heuristics and model-based classifiers, global fuzzy de-duplication using locality-sensitive n-gram hashing, decontamination against common pre-training benchmarks, and filtering against benchmark datasets. Different techniques are used to filter datasets, including manual and algorithmic ranking of content, use of heuristics, and use of machine learning models."
"Apple has been collecting textual data for training since 2018 and image data for training since 2020. Data collection remains ongoing."
"Apple uses generated text, images, audio, and other content to supplement datasets containing real-world data. This category of data is used to enhance the other corpora, including synthetic image caption data, question-answer pairs, and language data. Apple also uses synthetic data generation for post-training, including supervised fine-tuning."
I wonder what happens with respect to the Google-trained Apple LLM model.
This document was discovered by Epi Internet Intelligence (@epiapp).
Why Trusted Publishing and OIDC is dangerous for CI, your deployments and source code, and GitHub overall.
My recommendation to machine-to-machine OIDC flow developers: always require a secret to be supplied as well.
Here to help devs with reviews, audits and pentests for RSC, servers and client apps.
In the wake of the significant and widespread attacks on NPM libraries and React2Shell exploits, security must no longer be an afterthought or bolt-on.
I've been building secure apps and servers for 15 years, and running a cybersec startup for 6 years. Security works when it is at the foundation, with secure code practices followed religiously by devs, and platform safeguards built in.
Reach out if you want me to look at your source and apps.
Happy to take a deep dive into your repos, and if you like my work, establish a working relationship.
Shai-Hulud Wave 2 Breaking: just updated our check tool, adding 190 new compromised npm deps since yesterday, including libs from Browserbase and Oku UI.
Go get checked:
https://t.co/cGNNbCcaKd
Shai-Hulud strikes again with Wave 2. Check your exposure to today's NPM cyberattack with an automated scan. We updated our detection script to scan repos and environments for today's compromise of 500+ NPM packages, including libraries from Zapier, Posthog and Postman.
This is the second major wave after the first wave in September. Shai-Hulud Wave 2 compromises your GitHub Actions CI workflows and captures all environment secrets, stealing AWS keys, NPM tokens and GitHub tokens. See if you're affected — run this DFIR script on dev machines, CI and deployed environments.
It deeply checks nested dependencies against known compromised packages for a bunch of repos in one go. It looks at libraries that are installed, needed by package.json and captured in the package lock.
Looking ahead, I would strongly recommend turning off NPM install scripts, using CODEOWNERS for GitHub Actions with PR approvals, pinning dependencies, and making use of a good local firewall like Little Snitch.
https://t.co/cGNNbCcaKd
Introducing Epi Security, the new brand for cybersecurity from Epi @epiapp
Last Seen Users on Sotwe
Sevgi Ateş 🔥
Seen from Turkey
Azmış erkek
Seen from Turkey
We love Uniforms
Seen from Germany
فحل مصر🦍
Seen from United States
슈 .•♡
Seen from United States
jarmansafr 
Seen from Philippines
Boy phố bị mẹ bắt ở nhà
Seen from Vietnam
bad boy cu to!
Seen from Vietnam
เด็กเหนือ..หน้าหล่อ หำหอม
Seen from Thailand
Looking for cuckold In Egypt
Seen from Jordan
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.7M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers