> Peter Stokes
> Scattered Spider guy
> Arrested
> Microsoft helps FBI
> Read court documents
> Page 12
> Microsoft tracks Stokes from GDID
> Microsoft Global Device Identifier (GDID)
> Stokes used Windows
> Page 34
> GDID assigned to each OS install
> GDID unique to each device
> GDID only change if OS wiped
> Stokes GDID 6755467234350028
> GDID reported internet activity to Microsoft
> GDID showed Stokes using Ngrok
> GDID reported Stokes IP address
> GDID showed Stokes web activity
> GDID showed timestamps of web activity
> GDID mapped with video game activity
> GDID showed games played
> GDID undocumented
> GDID only mentioned in one MSDN document
> Azure UCDOStatus
> Azure Monitor Logging
⚠️ UPDATE: New Court Files Reveal How Microsoft Helped the FBI Identify Peter Stokes "Bouquet" (Scattered Spider Member)
The court files reveal that Microsoft helped the FBI track Peter Stokes down using GDID — a Global Device Identifier, which is assigned to every Windows installation and cannot be changed unless the OS is wiped. The GDID helped them track:
• IP history
• Full web activity
• Video game activity and games played
• Logged-in social accounts, including Snapchat, Facebook, and Apple
According to the court documents, the critical mistake was using a VPN to create the ngrok account used in the May 2025 Tiffany & Co. hack from the same Windows device associated with his GDID.
Although the account was created from a VPN IP address ending in .168, Microsoft records show that the same GDID (6755467234350028) accessed the ngrok signup page at the exact time the account was created, linking the hack to his personal social accounts.
🦔Security researchers demonstrated an attack called "BioShocking" that tricks AI browsers into extracting user credentials and private code by lulling the AI into a false reality where its safety rules no longer apply. The attack worked on six different AI browsers, including ChatGPT's browser and the Claude Chrome plugin.
A malicious website presents the AI with a puzzle that rewards wrong answers. Once the AI accepts that 2+2=5, it enters a state where its guardrails stop working. From there, the site instructs the AI to hand over credentials from the built-in password manager.
My Take
OpenAI announced AI agent purchases through Visa two weeks ago. Companies are building AI browsers that merge web content with actions taken on your behalf using your credentials. And a researcher just proved you can trick all six of them into handing over passwords by convincing the AI that wrong answers are correct.
The vulnerability isn't a bug. You can't patch it. If an AI agent has access to your credentials and can be convinced through a website prompt that its safety rules don't apply, the security model is broken by design. We spent 20 years building two-factor authentication, certificate rotation, and password managers to protect credentials. Now companies want you to hand all of that to an AI agent that a webpage with a riddle can defeat. These are the same companies asking enterprises to restructure their workflows around AI agents, and none of them have solved the problem that a malicious website can talk the agent into giving up everything it has access to.
Hedgie🤗
Five Eyes intel partners call for a "whole-of-organization & whole-of-society response" to new cyber threats posed by frontier AI models, which they say will "fundamentally transform[] both offensive & defensive cyber capabilities" in a matter of months. https://t.co/Nisnxj0H5j
В марте хакеры ФСБ провели рассылку писем со ссылкой, переход по которой мог привести к полной компрометации устройства.
Я был первый, кто обратил внимание на эти письма, проанализировал их, а также отобрал у ФСБ их домен.
Тред с подробностями и советами:
Proofpoint has directly observed this email activity and attributes the messages to Russian FSB threat actor TA446 with high confidence. We have not previously observed TA446 target users’ iCloud accounts or Apple devices, but the adoption of the leaked DarkSword iOS exploit kit has now enabled the actor to target iOS devices. TA446 does not overlap with UNC6353. Further details below in🧵.
Update 5:05 PT: The attack has now expanded well beyond @TanStack and @Mistral.
373 malicious package-version entries across 169 npm package names, including @uipath, @squawk, @tallyui, @beproduct, and more.
The malware propagates by stealing your CI credentials and using them to publish new compromised versions.
Full IOCs, affected package list, and detection steps: https://t.co/jWG9DUCu3x
🚨 Update: @mistralai npm packages are now confirmed compromised as part of the ongoing Mini Shai Hulud attack.
Affected versions:
@mistralai/mistralai 2.2.2, 2.2.3, 2.2.4@mistralai/mistralai-azure 1.7.1, 1.7.2, 1.7.3@mistralai/mistralai-gcp 1.7.1, 1.7.2, 1.7.3If you use the Mistral SDK in any CI pipeline, treat your environment as compromised. Rotate npm tokens, GitHub PATs, and cloud credentials immediately.
SECURITY ADVISORY — TanStack npm packages
A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package.
Status: ACTIVE — packages are deprecated, npm security engaged, publish path being shut down.
Severity: HIGH — payload exfiltrates AWS, GCP, Kubernetes, and Vault credentials, GitHub tokens, .npmrc contents, and SSH keys.
If you installed any @tanstack/* package between 19:20 and 19:30 UTC today, treat the host as potentially compromised:
• Rotate cloud, GitHub, and SSH credentials immediately
• Audit cloud audit logs for the last several hours
• Pin to a prior known-good version and reinstall from a clean lockfile
Detection — the malicious manifest contains:
"optionalDependencies": {
"@tanstack/setup": "github:tanstack/router#79ac49ee..."
}
Any version with this entry is compromised. The payload is delivered via a git-resolved optionalDependency whose prepare script runs router_init.js (~2.3 MB, smuggled into each tarball at the package root).
Unpublish is blocked by npm policy for most affected packages due to existing third-party dependents. All 84 versions are being deprecated with a SECURITY warning, and npm security has been engaged to pull tarballs at the registry level.
Full technical breakdown, complete package and version list, and rolling status updates:
https://t.co/Zy8qG7PA9f
Credit to the security researcher for responsible disclosure.
Things are about to get real scary.
I got a WhatsApp message about a hotel reservation I made on https://t.co/OdeYaFmoQ3. They have my correct hotel name, correct dates, correct amount, everything. They ask me to confirm my CC details, without which they'll cancel my res.
Google Threat Intelligence Group is dropping our latest AI Threat Tracker report today, which covers several threats we are watching through a variety of means. The report includes some details of the first 0day exploit we've found developed with AI. 1/x https://t.co/klvOrX31xv
💥 Introducing "Dirty Frag"
A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail.
No race, no panic on failure, fully deterministic. ~9 years latent.
Ubuntu / RHEL / Fedora / openSUSE / CentOS / AlmaLinux, and more.
Even if you've applied the "Copy Fail" mitigation, your Linux is still vulnerable to "Dirty Frag". Apply the Dirty Frag mitigation.
Details:
https://t.co/9nqku4svkY
New @citizenlab report uncovers two separate China-based cyber espionage campaigns targeting journalists, human rights defenders, exiled ethnic and religious groups and many others.
https://t.co/kQm0u7Eses
New Robinhood phishing chain that's kinda beautiful:
1. Attacker creates an RH account using the Gmail dot trick of your email (same inbox, different address)
2. Sets device name to HTML
3. RH's "unrecognized activity" email renders the device name unsanitized (html injection)
The result is a real email from [email protected], DKIM pass, SPF pass, DMARC pass, with a phishing CTA
Just because it's real, doesn't mean it's safe... $HOOD
NEW @citizenlab report
We uncover two sophisticated telecom surveillance campaigns. The findings expose how surveillance vendors exploit the global telecom ecosystem to conduct covert location tracking operations that can persist undetected for years.
https://t.co/42GwvzX5ay
🚨 WARNING (AGAIN)
DPRK threat actors are still rekting way too many of you via their fake Zoom / fake Teams meets.
They're taking over your Telegrams -> using them to rekt all your friends.
They've stolen over $300m via this method already.
Read this. Stop the cycle. 🙏