Notices by Dissent Doe :cupofcoffee: (pogowasright@infosec.exchange)

NEW by me:

One threat actor demanded $50 million from Novo Nordisk. Another one demanded $25 million. Neither got paid.

Two different groups tried to extort Novo Nordisk at around the same time. Novo Nordisk strung them both along, and then went dark.

Data leaks followed.

https://databreaches.net/2026/06/16/one-threat-actor-demanded-50-million-from-novo-nordisk-another-one-demanded-25-million-neither-got-paid/

#NovoNordisk #FulcrumSec #TheUSERS007 #hackandleak #extortion #AI #databreach #infosec #cybersecurity

@campuscodi @euroinfosec @jgreig @lorenzofb @ajvicens @amvinfe

#Microsoft walks back its threat to pursue those who don't disclose responsibly as criminals. They don't apologize, but merely "clarify" their position in a post on X.com today. Since their statement doesn't seem to be on their blog, I am linking to x.com:

https://x.com/msftsecresponse/status/2061293718942908925

This is the type of threat to researchers that @zackwhittaker and I had been looking at in our survey on threats to journalists and researchers. It was impressive to see all of the experts like @GossiTheDog speaking up to slam Microsoft for their blog post of May 27.

Confronted with overwhelming criticism by the security community, Microsoft stepped back.

#responsibledisclosure #Microsoft

RE: https://infosec.exchange/@amvinfe/116592954548436698

I seem to be making even more enemies than usual for my refusal to simply parrot or repeat what is being claimed by experts who aren't willing to back up their assertions or claims with any actual data, when asked.

I hope even more journalists do what we are supposed to do -- dig in, investigate, and report, noting critical gaps in evidence when experts aren't citing evidence in making claims.

We do not have a well-informed public when journalists just repeat what experts say. They may give us good quotes or "exclusives," about criminal gangs or cybercrime, but where is the data to support their claims?

Smearing me -- or trying to -- because I keep asking for evidence is its own attempt at censoring a free press.

#cybercrime #journalism #ShinyHunters #pressfreedom #defamation

@euroinfosec @politico @zackwhittaker @L0renz_H @guardian @PierluigiPaganini @jgreig @aj_vicens
@pressfreedom

@funnymonkey Thanks for the kind words.

Someone commented on my Instructure post with a comment as "Sysadmin." They wrote:

"Are you effin kidding me! We got an Email from Instructure saying we were impacted and now we have to inform all the students and families in our district.

Why do these ShinyHunters keep attacking the edtech sector?? PowerSchool, infinite campus and now this.

It’s only a Sunday night and law enforcement has still done nothing about these hackers. Regulators really need to hold these companies accountable for poor security practices."

They raise valid points.

#edtech #EduSec #cybersecurity #vendor #supplychain #databreach #hackandleak

NEW: My post on the student/k-12 tips exposed in "BlueLeaks 2.0" is now up.

P3 Campus and its partner programs like Safe2Say Something PA, Safe2Tell, and Sandy Hook Promise were supposed to provide secure and anonymous ability to report tips.

Promises of security and anonymity do not appear to have been kept. A hacker claims it was easy to gain access and repeatedly access the database to acquire more than 8 million tips.

There is not much anonymous about what I reviewed in the dataset.

Many of the school-related tips I reviewed reported concerns over named students with suicidal ideation or cutting, students being bullied or bullying others, and drugs (mostly vaping) in school. Some students reported cybercriminal activity.

Navigate360, the parent company of P3, still hasn't publicly acknowledged that it was breached and that sensitive information was involved. Their lack of transparency was noted by @douglevin

The dataset has not been leaked publicly, but the "Internet Yiff Machine" who provided it to #ddosecrets and https://infosec.exchange/@mikaelthalen@mastodon.social -- and then to me -- has listed it for sale.

My focus in this post was on the student/school -related tips, but the 93.51 GB dataset has millions of tips that include adult issues and crimes, including drugs, homicide, assaults, etc. I provide one or two examples from the non-student tips to illustrate how sensitive the tips are in this dataset.

This may be the worst breach I've ever seen involving sensitive student information, and I've seen many student-related data breaches over the past two decades.

Read: "P3 Advertised 20+ Years and 0 Security Breaches. You Can Guess What Happened Next.'" at https://databreaches.net/2026/04/16/p3-advertised-20-years-and-0-security-breaches-you-can-guess-what-happened-next/

#BlueLeaks2 #DDoSecrets #databreach #P3Campus #P3Tips #Navigate360 #CrimeStoppers #Safety #Safe2tell #InternetYiffMachine

@zackwhittaker @campuscodi @jgreig @euroinfosec @funnymonkey @mkeierleber @JayeLTee

If you were or are a federal employee or are a family member of one, you might want to read this and share it with others who might be concerned:

Trump’s Personnel Agency Is Asking for Federal Workers’ Medical Records

https://kffhealthnews.org/news/article/trump-opm-federal-workers-medical-records-privacy/view/republish/

#privacy #healthsec #workplace #infosec

Cyberattack leaves drivers with required breathalyzer test systems in 46 states unable to start their vehicles:

https://wgme.com/news/local/cyberattack-leaves-maine-drivers-with-breathalyzer-test-systems-unable-to-start-vehicles-oui-intoxalock

#intoxalock #cyberattack #DDoS

@ryanc If you felt you were on the receiving end of a suggested "or else," I would treat that as a threat. Let's see if Zack agrees.

@zackwhittaker

When I get mad at #USPol stuff, I try to remind myself of all the good people in this country.

A woman who is a dog-sitter mentioned to her clients that she was collecting donations for the local shelter. Within days, here's what her living room looked like.

Bless her and the donors.

#DogsofMastodon #AdoptDontShop

OT. I really shouldn't laugh, but I can't stop laughing over this one:

"Donald Trump wax statue pulled from museum after being punched too many times"

https://dangerousminds.net/weird-news/donald-trump-wax-statue-pulled-museum-punched/

Alleged Scattered Spider members Thalha Jubair and Owen Flowers who are both charged with the TransportForLondon cyberattack, pleaded not guilty in Southwark Crown Court in London today. The judge has set a trial date of June 8, 2026 for them, and they continue to be detained on remand.

Flowers is also charged with conspiring to damage the network of SSM Health Care Corporation and attempting to do the same to Sutter Health, both U.S. healthcare entities. He pleaded not guilty to those charges, too.

Jubair also faces an additional charge of not providing his password to investigators when they seized his devices.

#ScatteredSpider #databreach #ransom #cybersecurity

Remember that frustrating situation where some of us couldn't get a vendor to respond to notifications that court-sealed records and sensitive files were exposed? One entity eventually reached the vendor by phone and was so angry at their response that they wound up canceling their account with them.

Yesterday, I finally reached the second court entity. They, too, wound up telling the vendor to take the share down.

How many other clients may still have exposed data because the vendor tells clients that everything's fine when it isn't? I don't know. If you know any entity using Software Unlimited Corp software (not Software Unlimited Inc, but Software Unlimited CORP), you may want to point them to my coverage:

Original Report:
https://databreaches.net/2025/10/13/months-after-being-notified-a-software-vendor-is-still-exposing-confidential-and-sealed-court-records/

Today's Update:
https://databreaches.net/2025/10/31/how-many-courts-have-had-sealed-and-sensitive-files-exposed-by-one-vendors-error/

#dataleak #vendor #incidentresponse #cybersecurity #SoftwareUnlimitedCorp #FTC #govsec

@zackwhittaker @euroinfosec @campuscodi @JayeLTee

It's #Halloween, so it's time for my annual tradition of posting the picture of my front porch after my daughter surprised me by decorating it for me while I was away.

Hope everyone gets to enjoy some candy today!

NEW, by me, the one some of you have been asking about:

Months After Being Notified, a Software Vendor is Still Exposing Confidential and Sealed Court Records

https://databreaches.net/2025/10/13/months-after-being-notified-a-software-vendor-is-still-exposing-confidential-and-sealed-court-records/

I don't usually ask for boosts, but if you are in a position to help spread the word about this vendor and that its clients need to check their security, that would be great.

#dataleak, #incidentresponse, #infosecurity, #cybersecurity, #SoftwareUnlimitedCorp #FBI #CISA

@zackwhittaker @euroinfosec @campuscodi @therecord_media @GossiTheDog @briankrebs

According to a new state auditor's report, nearly a third of Mississippi's state agencies fail cybersecurity requirements

Media coverage: https://vicksburgnews.com/shad-whites-office-finds-nearly-a-third-of-state-agencies-fail-cybersecurity-requirements/

Direct link to state report: https://www.osa.ms.gov/sites/default/files/osa/files/reports/252025%20Review%20of%20Mississippi%20Enterprise%20Security%20Program%20Compliance%20%28Cybersecurity%29.pdf

#Audit #cybersecurity #govsec #Mississippi #ComplianceTech

NEW: Just days before its data might be leaked, Qantas Airways obtained a permanent injunction

https://databreaches.net/2025/10/04/just-days-before-its-data-might-be-leaked-qantas-airways-obtained-a-permanent-injunction/

#injunction #censorship #pressfreedom #Qantas #Salesforce #databreach

Two teens have been arrested by Dutch authorities on espionage-related charges. They were allegedly recruited --and paid -- by pro-Russian hackers on Telegram to carry a wi-fi sniffer near areas that included embassies near the Hague, Europol, and Eurojust.

As part of their coverage of the story, the NL Times reports:

The father (of one of the boys) said his son is a diligent student, plays hockey, and works part-time in a supermarket. “He doesn’t go out, and shows no inclination to explore the world. We raise our children to handle everyday risks, but nothing like this. Who could have anticipated it?”

#espionage #recruitment #Telegram

NEW: When “Goodbye” isn’t the end: Scattered LAPSUS$ Hunters hack on

Others seem to have interpreted their "goodbye" message differently than I had. Were they lying or did people just not understand a significant statement in their message?

And while headlines focus on them hitting a bank, I think we need to take a closer look at their attacks on the aviation sector.

https://databreaches.net/2025/09/21/when-goodbye-isnt-the-end-scattered-lapsus-hunters-hack-on/

#databreach #ScatteredSpider #ShinyHunters #LAPSUS$ #CollinsAerospace #airlines #airports

@GossiTheDog Was he ever in a juvie facility or did they just send him home each time because he was a minor?

IntelBroker got into a diversion program at one point. It didn't stick, obviously, but do you know if either of these teens was ever in any kind of diversion program or getting any supervision?

"The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens.

[...]

In March, one of the threat actors breached Salesloft's GitHub repository, which contained the private source code for the company.

ShinyHunters told BleepingComputer that the threat actors used the TruffleHog security tool to scan the source code for secrets, which resulted in the finding of OAuth tokens for the Salesloft Drift and the Drift Email platforms."

Read more of Lawrence Abrams' great reporting on Bleeping Computer:
https://www.bleepingcomputer.com/news/security/shinyhunters-claims-15-billion-salesforce-records-stolen-in-drift-hacks/

#Salesforce #Salesloft #Oauth #Drift #databreach #ransom #ShinyyHunters #ScatteredSpider #LAPSUS$ #UNC6040 #UNC6395