Disney’s Internal Slack stealer is back

None other than @cnn serving malware through the ads on its site...

A .org TLD usually stands for a charitable non-profit which is often abused but usually not by a ransomware group. New DragonForce clearnet /dragongo[.]org btw how dumb are you guys setting up a clearnet to only point to your onion, duh

Don't trust the Host header in HTTP, firstly - check DNS 🧐 Here #ACRStealer mimics Bitdefender (indicates the official website in this POST request, but the real IP is different) 🦎 C2: 87.120.219[.]223 tria.ge/251014-qd8j9aa… virustotal.com/gui/file/83b63… #stealer

The University of Texas Health, Austin has been breached by Qilin Ransomware 37 other posts today including hospitals and local governments and still going: UT Health Austin PQCNC Hospitals Gittens Healthcare The City of Addis, Louisiana The City of Riviera Beach, Florida

Volkswagen Group France post no. 52

Unimed do Brazil, the largest health insurance and healthcare coop in Brazil and the world has allegedly been breached by Sarcoma Ransomware. Unimed was also breached in May, 2025

Scattered Lapsus Hunters just went all down including the new Shiny clearnet Channel is not seized but I can’t seem to find any server anywhere…

New Scattered Lapsus Shiny message Live on the Shiny clearnet :) “Hello James from Scattered…” DragonBall Z starting again vx-underground

The Spanish Tax Administration Agency has allegedly been breached by Qilin Ransomware. Agencia Tributaria is the Kingdom of Spain’s government tax revenue agency. I don’t think they have any personal id of any citizens because groups flout them and there isn’t one posted.

American Airlines has again been breached by Clop Ransomware. americanair

NEW: 🇰🇵DPRK has begun hiding malware on blockchain. Result, decentralized, immutable malware. Nearly impossible to remove. Research by Mandiant (part of Google Cloud)

🚨Cybercrime-as-a-service takedown: 7 arrested Operation SIMCARTEL (October 10, 2025) dismantled a major cybercrime-as-a-service network. Seven suspects were arrested, 1,200 SIM-boxes, 40,000 active SIMs, and five servers seized. The group enabled over 3,200 cyber frauds

Kraken subsidiary issue (day4) Kraken Kraken Support

Hey Scattered Ones Please notice the DNS update on Wednesday changing the nameservers from DDoS Guard to Cloudflare right before the clearnet “hack”

NEW Sh1nySp1d3r Ransomware and a new leak site or Shiny clearnet, onion seizures and arrests tomorrow? README_SH1NYSP1D3R.txt PS - I’d bet on seizures and arrests