🇮🇩 🚨 Indonesia BIMA (Dikti Saintek) Data Leak — Lecturer & National ID Data Exposed
A dark web post claims a fresh leak from Indonesia’s BIMA system (Ditjen Saintek), exposing sensitive academic and personal data.
📊 Key Details:
• Target: BIMA – Indonesian research & higher education system
• Data types exposed:
NIDN (lecturer ID)
NIK (national ID number)
Full names
Email addresses
Phone numbers
Academic details (rank, institution, program)
Address and personal metadata
• Sample shows:
Structured JSON data
Real institutional references (e.g., universities, faculties)
🧠 Threat Intelligence Insight:
• This appears to be API/database extraction, not a simple dump:
Structured response format → likely backend/API access
Combination of:
NIK (national ID) + academic identity
→ highly valuable for:
Identity fraud
Targeted phishing against academia/government
• Education sector breaches often lead to:
Long-term credential abuse
Government-linked targeting
⚠️ Assessment:
• Moderate-to-high credibility
Clean structured sample
Specific schema and identifiers
“FRESH” claim cannot be fully verified, but:
Data does not look recycled or generic
⚠️ Risk Implications:
• Identity theft using national ID (NIK)
• Targeted phishing against lecturers and institutions
• Potential pivot into government/research networks
• Academic fraud and impersonation
📊 Status: Unverified — but credible leak pattern with high sensitivity data
⸻
💬 When academic systems leak national IDs, the impact extends far beyond the campus.
#CyberSecurity #DataBreach #Indonesia #BIMA #ThreatIntel #DDW
🚨 CATASTROPHIC BREACH: 240 Million Indonesian Records Exposed 🚨
Victim: National Population Database (Indonesia) 🇮🇩
Threat Actor: YUKA
Timestamp: February 25, 2026
Sector: N/A (Government / National Registry)
Volume: 240 Million Records
The threat actor known as YUKA has reported the exfiltration of a database containing records for 240 million individuals in Indonesia. This represents nearly the entire population of the country, indicating a compromise of a central government registry or a massive national service provider.
Monitor:
https://t.co/wk9bZJ2Nli
#CyberSecurity #DataBreach #Indonesia #YUKA #NationalSecurity #PII #IdentityTheft #ThreatIntel #InfoSec #OSINT
PERKENALKAN, INILAH PETA MEGATHRUST INDONESIA.
Peta sumber gempa megathrust ini terbagi oleh banyak segmen dengan potensi magnitudo maksimumnya masing-masing.
3 segmen dengan potensi magnitudo maksimum terkuat :
1. Segmen Aceh - Andaman Mw 9.2
2. Segmen Enggano Mw 9.2
3. Segmen Jawa (large rupture) Mw 9.1
Domisilimu dekat dengan segmen megathrust mana ?
Another variation of the classic #XSS#CloudFlare#WAF bypass.
Instead of:
1"><Svg/OnLoad=alert(1)>
Use:
1"Onxx=><Svg/Onload=alert(1)//
#hack2learn
Tip To Bypass WAFs
1st: Identifiy Favicon Files on The Website ig example[.]com/favicon.ico
2nd: Go To https://favicon-hash.kmsec[.]uk/
3rd: Paste The Favicon URL And Click On Shodan Search
If IP Appeared its Likely Real IP
start ms-cxh:localonly has been recently removed in the recent Windows 11 Beta Update, BypassNRO still works! 🎉
⚠️ DISCONNECT from the internet first! ⚠️
Shift + F10
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE /v BypassNRO /t REG_DWORD /d 1 /f
shutdown /r /t 0
We triggered WhatsApp 0-click on iOS/macOS/iPadOS.
CVE-2025-55177 arises from missing validation that the [Redacted] message originates from a linked device, enabling specially crafted DNG parsing that triggers CVE-2025-43300.
Analysis of Samsung CVE-2025-21043 is also ongoing.
This @bishopfox tool is next level! 🚀
Eyeballer uses AI to analyze screenshots and sorts them into categories based on appearance, including:
👀 Old-looking pages,
👀 Login pages,
👀 404 responses
👀 Web apps
👀 Parked domains
Get your eyeballs around this👇
Just built an MCP for Ghidra.
Now basically any LLM (Claude, Gemini, local...) can Reverse Engineer malware for you. With the right prompting, it automates a *ton* of tedious tasks.
One-shot markups of entire binaries with just a click.
Open source, on Github now.
The 9.1 CVSS CVE-2025-29927 authentication bypass vulnerability in Next.js middleware -- covered in a rambling video and teeny tiny demo showcase,
✨ V I B E C O D I N G✨ a vulnerable proof-of-concept app. https://t.co/DUUxBFDAJc