agnousse

The FSB has announced it uncovered a "large-scale operation by foreign intelligence services" to plant spyware on the mobile devices of senior Russian officials. What Spyware Are We Talking About? The tools in question are no secret. Pegasus from NSO Group, Predator from Intellexa, Paragon Solutions — and dozens of other commercial spyware platforms — have been sold openly for years and purchased by intelligence agencies worldwide. Worth noting: the most popular tools on the market are Israeli. Zero-day exploits targeting iOS and Android, messenger-based compromise, phishing via work email — all of it is documented across hundreds of public investigations. Disrupting an operation that apparently put many people at risk is a real achievement. But stopping the flow entirely isn't realistic. As long as OS vulnerabilities exist and intelligence agencies have budgets, the attacks continue — they just change vector. The Deeper Problem Many Russian officials would still be using WhatsApp if it hadn't been banned — despite a long string of documented messenger-based leak incidents. Digital hygiene in the state apparatus is a chronic problem that only gets attention after something extraordinary happens — like the elimination of Iran's entire senior leadership and Ayatollah Khamenei. So it's worth repeating: the smartphone in your pocket is a potential surveillance device, regardless of whether anything has been installed on it. Any modern phone with network access tracks location, records audio via microphone, stores correspondence, syncs documents. All of it is a potential entry point for those with the capability and motivation to use it. The takeaway is simple: confidentiality and information security require continuous effort, not one-off measures. Especially for those handling classified material, where a data leak isn't just an inconvenience — it's a threat to human lives.

🚨🇫🇷 Air Austral allegedly targeted in database leak A threat actor on an underground forum is claiming to have leaked a database allegedly originating from Air Austral, a French airline specializing in flights between the Indian Ocean, metropolitan France, southern Africa, and certain Asian destinations. The actor is releasing the data for free. The actor claims the leak contains roughly 1K records in JSON format (~125 KB), appearing to be employee/staff data. 𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱: • First and last names • Email addresses • Job titles (fonction) • Department/service • Location (localisation) 𝗗𝗲𝘁𝗮𝗶𝗹𝘀: 𝗧𝗮𝗿𝗴𝗲𝘁: Air Austral 𝗖𝗼𝘂𝗻𝘁𝗿𝘆: France 🇫🇷 𝗦𝗲𝗰𝘁𝗼𝗿: Aviation / Airline 𝗔𝗰𝘁𝗼𝗿: ChimeraZ 𝗖𝗹𝗮𝗶𝗺: Leaked database 𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: ~1K records (~125 KB) 𝗣𝗿𝗶𝗰𝗲: Free 𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 31, 2026 💥 Stop guessing what's redacted. Paid subscribers see everything: https://t.co/281Qjc6p2J

🌍 Free tools for monitoring global events, cyber activity, conflicts, aviation, OSINT, and geopolitical developments. Here are some of the platforms we use daily for situational awareness, GEOINT, threat intelligence, and real-time monitoring: • Glint Terminal — https://t.co/ZiKbGZ232i • SitDeck — https://t.co/4bEvZNXXeL • WorldWatch — https://t.co/4nj5ZHPzk8 • OSIRIS — https://t.co/MvtnZeqpnI • WatchBoard — https://t.co/Uwuew6OklA • Intelligence X — https://t.co/bxBhHELhNQ • MilitaryLand — https://t.co/dV4mvHFb4v • FlightRadar24 — https://t.co/TzUBmorKBc • USGS Earthquake Map — https://t.co/10cBr0nvWv • SOCRadar Free Labs — https://t.co/KiCLBP3EfM Whether you are tracking cyber threats, military movements, protests, natural disasters, or breaking geopolitical developments, these tools are extremely valuable for analysts, researchers, journalists, and security professionals. Use responsibly. #OSINT #GEOINT #ThreatIntelligence #CyberSecurity #DDW #Intelligence

🇫🇷 Threat actors are claiming a breach involving the French public finance and treasury ecosystem, referencing alleged exposure tied to financial administration and banking registry data. According to the listing, the targeted environment allegedly relates to the French public treasury and tax administration infrastructure, with references to: • DGFiP-related financial systems • FICOBA banking registry data • taxpayer information • bank account details / IBANs • names and addresses • and financial administration records The post claims approximately 70GB of data was exposed. At this stage, the claims remain unverified. If authentic, the compromise of financial administration or banking registry-related systems could represent a significant national-level data exposure due to the sensitivity of: • taxpayer identities • financial records • banking relationships • payment infrastructure • and government financial operations Government financial systems remain highly attractive targets for threat actors because they can provide: • large-scale identity intelligence • financial profiling opportunities • fraud-enablement data • state-level intelligence value • and leverage for extortion or influence operations Exposure of banking registry information could increase risks including: • financial fraud • identity theft • targeted phishing • business email compromise (BEC) • tax fraud campaigns • and social engineering against public sector employees and citizens Organizations and agencies should: • investigate anomalous access activity • review authentication logs and privileged account activity • assess possible lateral movement • validate integrity of financial systems • monitor for underground redistribution of datasets • and coordinate with national cyber authorities where appropriate Individuals potentially affected should remain alert for: • banking-related phishing • suspicious financial communications • tax-themed scams • and unauthorized account activity Daily Dark Web is continuing to monitor the situation. #France #CyberSecurity #DataBreach #ThreatIntelligence #FinancialSecurity #DDW #Intelligence

🇫🇷 An underground platform called “ARGUS LOOKUP/SPYWARE” is being advertised as a French doxxing, geolocation, and surveillance-style intelligence tool allegedly aggregating data from multiple sources in real time. The interface shown in the underground advertisement appears to include capabilities such as: • identity lookup • phone and email correlation • geolocation tracking • facial recognition • dossier creation • IP intelligence • historical activity analysis • social and financial correlation mapping The post also references alleged access to multiple French-related data sources and administrative-style datasets. At this stage, the legitimacy, functionality, and actual access level of the platform remain unverified. However, platforms marketed as “lookup” or “spyware” ecosystems often combine: • leaked databases • scraped information • OSINT aggregation • credential dumps • telecom metadata • social engineering tools • and doxxing-focused analytics Even when exaggerated, these types of services can significantly increase risks related to: • privacy violations • stalking and harassment • doxxing campaigns • identity theft • extortion • targeted surveillance • and criminal intelligence gathering The commercialization of real-time identity correlation and geolocation tooling continues to blur the line between cybercrime, spyware ecosystems, and underground intelligence-as-a-service operations. Daily Dark Web is continuing to monitor the situation. #France #French #CyberSecurity #Spyware #Doxxing #ThreatIntelligence #DDW #Intelligence

🚨 CYBER INTELLIGENCE ALERT: POSSIBLE COMPROMISE OF THE FRENCH NATIONAL POLICE 🇫🇷 ⚠️ RISK OF DOXING [STATUS: UNDER INVESTIGATION / POSSIBLE REPOST] The threat actor Xyph0rix has published a link that allegedly contains the database of the French National Police. 🎯 Affected Entity: French National Police 👤 Threat Actor: Xyph0rix 📂 Assets Exposed: Institutional database (possibly agent data or operational logs). 📅 Publication Date: May 15, 2026 📊 SITUATION ANALYSIS There are elements that suggest caution in classifying this incident: Doxing Campaign: It is suspected that the information could be used for doxing (disclosure of private information) of specific officials, which is a common tactic to intimidate law enforcement. Possible Repost: The message structure and hosting platform suggest that this could be an old leak that has been reposted to gain reputation on the forum or as part of a larger influence operation. 🔍 ADDITIONAL INTELLIGENCE NOTE The file is identified as #POLICE-NATIONALE.txt. It is common for these types of files to contain leaked names, ranks, institutional email addresses, and, in more serious cases, the home addresses of officers. 🛡️ MITIGATION AND RECOMMENDATIONS 🛑 Integrity Verification: French authorities must cross-reference the sample with their historical records to determine if the breach is new or persistent. ⚠️ Personnel Protection: If it is confirmed that the data contains personal information of officers, it is critical to activate physical and digital protection protocols to prevent retaliation resulting from doxing. 🔒 Credential Monitoring: Preventive account blocking and access reset for any official appearing on the list. ⚡ MONITORING AND EVALUATION 🌐 Intelligence System: https://t.co/wk9bZJ2Nli 🛡️ Quickly assess your website's security with: https://t.co/YnDw1QjN9c #CyberSecurity #France #NationalPolice #DataBreach #Doxxing #Intelligence #VECERT #CyberAlert #InfosecFR

🚨 CYBER INTELLIGENCE ALERT: MASSIVE DATA LEAK CAMPAIGN IN FRANCE VECERT Intelligence has identified three critical security incidents detected on May 14, 2026, affecting major entities in France. These attacks, carried out by different threat actors, resulted in the exposure of millions of records belonging to French citizens. 📊 ANALYSIS OF THE AFFECTED ENTITIES 1. 🛒 Auchan (Retail Giant) Case: #6130 Threat Actor: Lagui Volume: 1.2 million database records Impact: Massive exposure of customer data from one of Europe's largest supermarket chains 2. 📚 https://t.co/Y9j3iWARLl (Education/Training Sector) Case: #6124 Threat Actor: ChimeraZ. Volume: 41 GB of exfiltrated information. Impact: The large size of the leak suggests the compromise of educational materials, student data, and detailed administrative records. 3. 🏍️ https://t.co/vfQxjMM93u (French Motorcycling Federation) Case: #6116. Threat Actor: lazasec123. Volume: 2.3 million records related to French motorcycling. Impact: Compromise of information on federation members, licenses, and contact data at the national level. 🛡️ MITIGATION AND RECOMMENDATIONS 🛑 Password Change: Users and employees of these three entities are advised to change their passwords immediately. ⚠️ Fraud Alert: French citizens should monitor their communications for potential scams that use Auchan or FFMOTO data to gain their trust. ⚡ MONITORING 🌐 Monitoring System: https://t.co/wk9bZJ3laQ #CyberSecurity #France #DataLeak #Auchan #FFMOTO #Efcformation #PII #VECERT #CyberAlert #BreachAlert

🔴🇫🇷 LOGIPOL 👮‍♂️ | L’outil développé par AGELID, utilisé par des polices municipales pour gérer leurs activités, interventions et procédures, interroge sur la sécurisation de ses accès. Selon la documentation publique d’AGELID, LogipolWeb est présenté comme une solution SaaS accessible via Internet avec un identifiant et un mot de passe personnel. 👉 Problème : des comptes liés à des policiers municipaux seraient déjà exposés, avec des identifiants potentiellement utilisables pour accéder à cet outil métier sensible. Dans un contexte de cyberattaques et de fuites de données en série en France, la double authentification et/ou un accès restreint via VPN devraient être activés rapidement pour limiter les risques d’intrusion, d’usurpation de comptes et d’accès non autorisé.

🇫🇷 A threat actor on an underground forum is claiming to be selling an alleged dataset associated with French motorcycle license records. According to the forum post, the actor claims: • approximately 2.3 million records • French motorcycle license-related data • sale price of 150€ payable in BTC/LTC/XMR • direct contact through Telegram At this time: • the authenticity of the dataset has NOT been independently verified • there is no official confirmation from affected entities or French authorities • the origin and acquisition method remain unknown • the scope and recency of the alleged records are unclear Motorcycle and driver-license-related datasets can present elevated risks because they may potentially contain: • personally identifiable information (PII) • names and addresses • contact information • identification numbers • registration-related data • licensing history • vehicle ownership details If authentic, such information could be abused for: • identity theft • insurance fraud • phishing campaigns • social engineering • account recovery attacks • SIM-swapping attempts • targeted scams against vehicle owners Transportation and licensing ecosystems remain attractive targets due to: • centralized citizen data • long-term record retention • broad third-party access • interconnected insurance and regulatory systems The relatively low sale price may indicate: • recycled or previously leaked data • partial datasets • low-confidence monetization attempts • reputation-building activity by newer threat actors • commoditized PII trading behavior common on underground forums Organizations handling transportation, insurance, registration, or citizen identity data should: • monitor for leaked credential reuse • review third-party exposure paths • validate access controls • assess insider and contractor access • strengthen anomaly detection around citizen-data repositories Individuals potentially affected should consider: • monitoring for phishing attempts • being cautious of unsolicited SMS/calls • reviewing account security and MFA settings • watching for identity fraud indicators DDW is continuing to monitor: • underground redistribution • sample validation efforts • potential mirrors • actor reputation signals • follow-on disclosures tied to French citizen datasets #France #CyberSecurity #DataBreach #DarkWeb #ThreatIntelligence #PII #IdentityTheft #Fraud #Infosec #DDW #Intelligence