Uncle Magic

INDEPENDENT NATIONAL ELECTORAL COMMISSION PRESS STATEMENT RE: ALLEGED MISUSE OF AUTHORISED ACCESS CREDENTIALS AND UNAUTHORISED DISCLOSURE OF INFORMATION FROM THE COMMISSION’S CONTINUOUS VOTER REGISTRATION (CVR) DATABASE The attention of the Independent National Electoral Commission (INEC) has been drawn to allegations currently circulating on social media and in some sections of the media regarding the alleged unauthorised access to the Commission's Continuous Voter Registration (CVR) database and the subsequent publication of information on a candidate in the recent primaries of a political party in the Federal Capital Territory. The Commission takes this allegation seriously and has immediately commenced a thorough investigation to establish the facts surrounding the incident. As part of the ongoing Continuous Voter Registration (CVR) exercise nationwide, authorised INEC Registration Officers were granted controlled access to specific components of the CVR system to enable them register new applicants, process requests for transfer of registration and update voter records where necessary. Such access is restricted to official duties only and is withdrawn at the conclusion of the exercise. The audit trail from the preliminary investigation has enabled the Commission to identify the user account through which the information was accessed. Accordingly, relevant personnel have been questioned, and all units connected with the incident are cooperating fully with the investigation. The Commission is also examining all technical, administrative and operational factors associated with the matter in order to establish individual responsibility and determine the circumstances surrounding the use of those credentials and identify any breach of internal access-control protocols before taking appropriate action against anyone involved. Preliminary findings from the Commission's audit trail so far, however, indicate that there was no external breach of the CVR database, no hacking incident, and no unauthorised external access to the Commission's ICT infrastructure. Rather, the information in question was accessed through valid user credentials assigned to personnel participating in the ongoing CVR exercise but released without authority. The incident under investigation relates to the retrieval of a specific voter record and does not indicate any compromise of the Commission's broader voter registration infrastructure or the personal data of over 90 million registered voters. The Commission wishes to state categorically that it takes the security, confidentiality and integrity of voter data with the utmost seriousness and remains committed to transparency, institutional integrity, and the protection of voters' personal information. Furthermore, the Department of State Services (DSS), on its own accord, has commenced an independent investigation into the matter. The Commission will continue to cooperate fully with all relevant security agencies and will not hesitate to refer any person found culpable for appropriate legal action. Members of the public and the media are therefore urged to disregard unfounded speculations while investigations remain ongoing. The Commission will continue to keep the public informed of its final findings and any measures taken in response to the incident in due course. Mohammed Kudu Haruna National Commissioner and Chairman, Information and Voter Education Committee (IVEC) 2nd June, 2026

We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.

🚨🇳🇬 General Directorate of Public Accounting and Treasury of Nigeria allegedly breached: 70GB of government financial and employee data leaked A threat actor claims to have leaked data tied to the General Directorate of Public Accounting and Treasury of Nigeria (DGCPT) following an alleged ransomware-related cyberattack. ━━━━━━━━━━━━━━━━━━━━ Target: General Directorate of Public Accounting and Treasury of Nigeria Sector: Government / Public Finance / Treasury Incident: Data Breach / Ransomware Leak Exposure: 70GB+ Actor: 0xSec Country: Nigeria Date: 18/05/2026 ━━━━━━━━━━━━━━━━━━━━ What’s allegedly included: ▪ Government employee records allegedly linked to DGCPT systems ▪ Employee ID, first name, and last name fields ▪ Phone number and contact-related data ▪ Bank, branch, and account-related fields ▪ Additional financial identifiers referenced in SQL files ▪ Multiple SQL database files containing employee and treasury-related records Potential impact: The exposed data could be used for identity theft, payroll fraud, banking fraud, phishing, impersonation, and targeted social engineering against government employees and financial administration contacts. Status: Unverified underground forum claim. The actor states the archive contains more than 70GB of exfiltrated data and references multiple SQL files. Stop guessing what's redacted. Subscribers see everything → https://t.co/281Qjc6p2J

‼️🚨 BREAKING: Microsoft Exchange Server CVE-2026-42897 lets an attacker execute arbitrary JavaScript in a victim's browser just by getting them to open an email in Outlook Web Access. It is being exploited in the wild. Microsoft classified it as... "spoofing." 🤔 Affected: on-premises Exchange Server 2016, 2019 and SE. Exchange Online is not impacted.

🚨Cyber Alert ‼️ 🇳🇬Nigeria - 𝗜𝗸𝗲𝗷𝗮 𝗘𝗹𝗲𝗰𝘁𝗿𝗶𝗰 ByteToBreach claims to have breached Ikeja Electric, allegedly encrypting 50+ hosts, disrupting systems, and taking multiple subdomains offline. The actor also claims to have stolen customer, employee, and business databases, source code, Active Directory data with cracked passwords, and impacted metering platforms linked to several vendors. Threat actor: ByteToBreach Sector: Energy / Utilities Data exposure (claimed): Not specified Data type: Customer records, employee data, business databases, source code, Active Directory credentials Observed: Apr 28, 2026 Status: Pending verification ESIX©: 6.18 Full details and impact assessment on https://t.co/eB7qgxKFAa

1/2‼️🇳🇬 The Oyo State Ministry of Trade, Industry, Investment and Cooperatives (oyostatecommerce) has allegedly been breached, with 275,000 commerce identity card images leaked on a popular cybercrime forum for free. ⠀ ‣ Threat Actor: AckLine ‣ Category: Data Leak ‣ Victim: Oyo State Ministry of Trade, Industry, Investment and Cooperatives ‣ Industry: Government / Commerce ⠀ The actor states the data was scraped roughly a year ago and that duplicates were not removed. The leak consists of ID card images issued to traders, farmers, artisans, and other commerce-registered individuals across Oyo State. ⠀ What's in it: ⠀ ▪️ 275,000 ID card images ▪️ Size: 21.5 GB compressed, around 70 GB extracted ▪️ Type: image files (commerce ID cards) ⠀ Fields visible on each card: ⠀ ▪️ Surname and other name ▪️ Date of birth ▪️ Gender ▪️ Business address ▪️ Occupation (farmer, artisan, videographer, phone engineer, etc.) ▪️ ID number ▪️ Card validity date ▪️ Photograph of cardholder

🇳🇬 Nigeria: Federal Housing Authority (FHA) Data Allegedly Leaked A threat actor claims to have breached systems associated with Nigeria’s Federal Housing Authority (https://t.co/d7Aj669jTn) and released internal files online. 📊 Key Details: • Target: Federal Housing Authority (Nigeria) • Type: Internal system data • Claimed contents: Backend files Configuration files Source code Distribution: Public download link (compressed archives ~70MB & 100MB+) 🧠 Threat Intelligence Insight: • Exposure of source code + configs is highly critical: May reveal credentials, API keys, database connections Enables attackers to map internal architecture • High likelihood of: Further exploitation (if systems still active) Discovery of additional vulnerabilities Supply chain or lateral movement opportunities • Actor attribution claim: “Nullsec Philippines x Nullsec Nigeria” Likely hacktivist-style branding ⚠️ Assessment: • Medium–High credibility Structured leak description Public archive provided Actual depth of compromise not yet validated ⚠️ Potential Impact: • Full system compromise if credentials exposed • Risk to citizen housing data and internal operations • Long-term exploitation due to exposed codebase 📊 Status: Unverified — but highly sensitive technical exposure #CyberSecurity #DataBreach #Nigeria #GovSecurity #ThreatIntel #DDW

🚨 Microsoft Defender 0-Day Vulnerability “RedSun” Enables Full SYSTEM Access Source: https://t.co/s1vfh5GLcg A newly disclosed zero-day vulnerability in Microsoft Defender, dubbed "RedSun," allows an unprivileged user to escalate privileges to full SYSTEM-level access on fully patched Windows 10, Windows 11, and Windows Server 2019 and later systems, and as of now, remains unpatched. RedSun is the second zero-day exploit published within a two-week span in April 2026 by the security researcher known as "Chaotic Eclipse" (also referred to as Nightmare-Eclipse on GitHub). RedSun follows the same exploit tradition but introduces an entirely new and independent attack vector, suggesting that Defender's architectural weaknesses run far deeper than a single isolated flaw. #cybersecuritynews #Windowsdefender