Doge Worker’s Old Creds Found Exposed In Infostealer Malware Dumps
Infosec in brief Good cybersecurity habits don’t appear to qualify anyone to work at DOGE, as one Musk minion seemingly fell victim to infostealer malware.
Developer and journalist Micah Lee reported last Thursday that he found a whopping 51 data breach records and four infostealer log dumps associated with DOGE employee Kyle Schutt on data breach tracking service Have I Been Pwned (HIBP) – which is unnerving as Schutt has access to sensitive government data at the Federal Emergency Management Agency.
As Lee pointed out, 51 breach records on HIBP is a lot, but excusable because while Schutt’s info was found in records associated with a 2013 Adobe breach, the 2016 LinkedIn breach, and Gravatar’s 2020 breach, none of those incidents involved Schutt’s personal machines.
What is attributable to a lapse of security hygiene, however, are the four infostealer logs that link to Schutt. Such logs contain usernames and passwords stolen by infostealer malware, suggesting one or more of Schutt’s computers were compromised at some point.
According to Lee, account credentials linked to Schutt were found in the 100GB Naz.API dump that contained 71 million unique email addresses and password combinations, the ALIEN TXTBASE stealer dump containing 284 million unique accounts, an un-named July 2024 dump collated from malicious Telegram channels, and another massive stealer log added to HIBP in January 2025.
“I have no way of knowing exactly when Schutt’s computer was hacked, or how many times,” Lee pointed out, adding that evidence of infostealers means he fervently hopes DOGE staff are not using personal machines to access government records.
We asked Schutt for comment at his DOGE email address, which someone leaked online not long ago, but didn’t hear back.
Critical vulnerabilities of the week: A Cisco perfect 10
Cisco patched a CVSS 10.0 vulnerability in the image download feature of Cisco IOS XE for WLCs last week. The flaw allows an unauthenticated remote attacker to upload arbitrary files to target systems, but only when particular settings are enabled.
The vulnerability, CVE-2025-20188 is found in the out-of-band access point image download feature. If that’s not enabled, the CVE goes from 10.0 to zero. Can’t install this patch now? Then just disable that feature until you can.
Elsewhere:
- CVSS 9.8 – CVE-2024-6047: Several EoL GeoVision devices are vulnerable to OS command injection due to failing to filter user input. Check the link for affected models.
- CVSS 9.8 – CVE-2024-11120: More EoL GeoVision command injection vulns, and these are under active exploit. Again, check the link for affected models. \
- CVSS 9.8 – CVE-2025-3248: Langflow versions prior to 1.3.0 are vulnerable to code injection via crafted HTTP requests from remote unauthenticated users.
- CVSS 8.8 – CVE-2025-32819: SonicWall SMA100 devices allow remote authenticated users with SSLVPN user privileges to delete files. One result of that deletion can be a reboot to factory default settings.
- CVSS 8.3 – CVE-2025-32820: SonicWall SMA100 devices allow remote authenticated users with SSLVPN user privileges to inject path traversal sequences that make any directory on a targeted device writable.
- CVSS 8.1 – CVE-2025-27363: FreeType versions 2.13.0 and below are vulnerable to an out of bounds write allowing arbitrary code execution. This is under active exploitation.
Director of hacked-to-death UK business warns eternal cyber vigilance essential
Paul Abbott wants everyone to know that cybersecurity never reaches a level at which you can relax. He ought to know – the 160-year old haulage firm he led went into administration in 2023 on his watch for that very reason.
Per the BBC, Kettering-based business Knights of Old was hit by a ransomware attack two years ago that corrupted internal data so much that the company was unable to meet reporting deadlines set by its lenders. That left the firm, which founded in 1865 with just a single horse and cart before growing into one of the largest privately owned logistics firms in the UK, with no option but to enter administration.
“We felt we were in a very good place in terms of our security, our protocols, the measures we’d gone to protect the business,” Abbott told the BBC. He was wrong, and the company closed and let go of some 730 staff.
“Whatever you think you’ve done, seriously get it checked by experts,” Abbott added. “People don’t think it’s going to happen to them.”
LockBit pwned again
The LockBit ransomware gang is nothing if not persistent but appears unable to protect its own infrastructure as unknown attackers have apparently broken into the group and spilled a whole bunch of internal data online.
After barely surviving an international takedown attempt, Russia-linked LockBit has soldiered on, but its online admin panel disappeared last week – replaced by a message stating “Crime is bad” and link to a MySQL data dump full info about the ransomware crew’s operations.
In the dump were 59,975 unique bitcoin addresses, a table listing custom builds created by affiliates, configuration tables for those builds, a list of targets on which those builds were used, public keys (but no private ones), and chat records containing 4,442 negotiation discussions between LockBit operators and ransomware victims.
LockBitSupp, the crew’s suspected boss, confirmed the breach in a discussion with the threat actor who first reported the matter on X.
Celsius ponzi kingpin jailed for a dozen years
Following his guilty plea in December 2024, the CEO of collapsed crypto firm Celsius has been sentenced to 12 years in prison, ordered to pay a $50k fine, and forced to forfeit more than $48 million in misappropriated funds.
Alex Mashinsky was jailed for commodities fraud and securities fraud. The US Department of Justice described his activities as “a yearslong scheme to mislead customers” about Celsius’ proprietary token, CEL, which he and other company leaders manipulated.
Mashinsky made repeated false public statements about Celsius’ market activity, the DoJ said, while he and other company leaders kept buying more CEL to pump its value while simultaneously selling it to others. ®
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
