Petit test des outils de l'excellent @RedSecurityfr avec les gogoles qui ont déployé une énième banderole à Saint-Denis.

Hello dear Root-Me community, We're aware of claims circulating on a hacking forum about a Root-Me data leak. We've obtained and analysed the files in question, and here's what we found. No user data is affected. The files contain only challenge source code, no passwords, no emails, no personal information. This is an old leak. Several years ago (prior to 2018, so nearly a decade old), a vulnerability allowed challenge sources from a specific server of ours to be extracted, and someone did exactly that at the time. The material surfacing today appears to originate from that incident. We've since fixed the underlying issue by hardening challenges and ensuring they were all properly sandboxed. There's nothing for our community to action, but if you have questions, we're here to answer them. We thank you all for the responsible reports that brought this to our attention. The Root-Me Team

GitHub - redsecurityfr/ShopOSINT · GitHub github.com/redsecurityfr/Sho…

SHOPOSINT A tool for gathering additional information about accounts across various payment systems (Stripe, SumUp, Revolut, Lydia) github.com/redsecurityfr/Sho… Creator @RedSecurityfr #osint #python

TIPS OSINT — Liens de paiement Vous enquêtez sur une arnaque, une boutique frauduleuse ou un vendeur douteux qui vous a transmis un lien de paiement (Stripe, SumUp, Revolut, Lydia) ? Saviez-vous qu'un simple lien de paiement expose souvent l'identité réelle du bénéficiaire silencieusement, sans payer, sans carte, sans déclencher la moindre transaction, et sans aucune notification à la cible ? Ce que vous obtenez (selon le service) : → Stripe : site email téléphone de support du marchand → L'email du marchand (SumUp) → Le nom complet (cagnotte Lydia) → Prénom, pays, devise (profil Revolut) → Site web, produit, montant, revtag… Utile pour : ✔ Démasquer le vrai titulaire derrière une boutique ou un compte frauduleux ✔ Pivoter (email, téléphone, nom) vers le reste de l'empreinte numérique du suspect Outil mis en ligne gratuitement sur Roso.info : • Collez un lien Stripe, SumUp, Revolut ou une cagnotte Lydia → les informations reliées sont extraites en lecture seule À tester sur 👉 roso.info/shoposint/ #OSINT #SOCMINT #Cybersécurité #Investigation #Fraude #Arnaque #Finint

🛠 ShopOSINT CLI — Free & Open Source A powerful command-line tool to resolve payment links and profiles silently (Stripe, SumUp, Revolut, Lydia). → GitHub: github.com/redsecurityfr/Sho… What you can extract (depending on the service): Stripe → Merchant website, support email & phone SumUp → Merchant email Lydia (pot) → Full name of the organizer Revolut → First name, country, currency, revtag #OSINT #FININT #PaymentOSINT #Cybersecurity #FraudInvestigation #Scam

#OPSEC365 070/365 Most color printers embed invisible tracking codes on every page. These machine identification codes, also called printer dots, encode the printer's serial number and timestamp on every printout in a pattern invisible to the naked eye. The NSA leaker Reality Winner was caught partly because of these dots. If you're printing something sensitive, know that the printout itself may identify the printer used.

💡 OSINT TIPS Saviez-vous que l'API officielle de récupération de compte Instagram permet d'identifier silencieusement les comptes liés à un email ou un numéro de téléphone ? ➡️ Aucun SMS, email ou notification envoyé à la cible. 🧵👇

🔎 How OSINT Analysts Track Deleted Telegram Messages Most people see Telegram as a messaging app while OSINT investigators see it as a live intelligence stream. 🕵️‍♂️ From disinformation campaigns to scam networks and threat chatter, some of the earliest signals appear on Telegram long before they reach mainstream platforms. Manually monitoring hundreds of channels, groups, and messages is almost impossible at scale. That’s why tools like TraceOn are so valuable 👀 It transforms Telegram noise into searchable, actionable intelligence. With it, you can: 📩 Search and filter millions of Telegram messages in real time 📊 Monitor keywords, trends, and emerging threats instantly 🧩 Export structured data for deeper investigations and analysis ⚡ Reduce hours of manual monitoring into seconds of insight In a real OSINT investigation, this becomes incredibly powerful. Imagine tracking: • Disinformation narratives • Scam campaigns • Extremist or threat-related chatter • Emerging cybercrime trends Instead of endlessly scrolling through channels, you get structured intelligence you can actually act on 💡 Another thing I like: the platform is collaborative 🛠 Users can contribute additional sources and feedback, helping strengthen the intelligence ecosystem over time. For OSINT analysts, investigators, and threat researchers, this is one of the fastest ways to turn raw social chatter → operational intelligence 🧠 🔗 Explore it here: traceon.re

Great things are happening in the Netherlands. The owners of WorkTitans and MIRhosting were ARRESTED for violating sanctions and facilitating destabilizing activities directed against the EU.

On Friday the 15th of May, we became aware of a fingerprinting issue affecting Mullvad users. We have a method which changes this behaviour currently being tested, with plans to begin rolling it out to our VPN servers in the coming weeks. Read more here: mullvad.net/blog/exit-ip-fin…

neat trick with mediafire: you can reveal uploader names for single files using mediafire[.]com/api/1.5/file/get_info.php?quick_key=file_id_goes_here

We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.

Honored to have conducted training on behalf of @OSINTindustries during #OpPharos, an international operation targeting Live Distance Child Abuse (LDCA). 80 officers, 25 law enforcement organizations, 19 countries, working together to identify 303 offenders involved in the live-stream sexual abuse of children across 21 different countries. Huge respect to everyone involved and thank you to @ChildRescueCo, @HSI_HQ ,and @Europol for the trust and collaboration. #OSINT #LawEnforcement #ChildProtection #OperationPharos

Mullvad exit IPs are surprisingly identifying tmctmt.com/posts/mullvad-exi…