I may have to add Moldova to my list of countries I may not be able to visit. I just posted a two-fer involving two of their government portals:

https://databreaches.net/2026/02/19/data-protection-failures-on-moldovan-portals-exposed-citizens-to-risk/ is about a long-time IDOR incident that exposed the personal info of everyone who ever used the govt portal to apply for a job. The vulnerability was brought to my attention by a student who was frustrated with his government's lack of response to his attempts to get them to address it.

and

https://databreaches.net/2026/02/19/leaked-data-raises-questions-about-hackers-claims-and-moldovas-prior-denial/ discusses an alleged hack by Bashe Team of another portal used by Moldovan residents to apply for energy compensation.

In May 2025, the government had denied claims that access to the compensation portal had been sold. "No evidence.... smoke and mirrors... " they claimed.

Fast forward to January 2026, and data from that portal and timeframe was leaked after Bashe Team claimed to have hacked it. But while the data appear to be real, Bashe Team's claims about how and when they acquired it didn't check out.

Bashe Team seems to be allergic to telling the truth about their listings. @cloudsek noted their less-than-honest claims in 2025; DataBreaches.net notes it now, and @amvinfe has also noted it in his new reporting on #SuspectFile.

#databreach #leak #vulnerability #cariere #compensatii #govsec #cybersecurity #Bashe #APT73 #Eraleign

@campuscodi @euroinfosec @lawrenceabrams

And it's out!

Zack Whittaker and I have released our report on the pilot survey we conducted to increase awareness about threats security researchers and journalists who report on cybersecurity and cybercrime experience.

We are grateful to all those who responded to the survey and shared a bit of their experiences. Based on what we found in a pilot survey with a non-random sample, I really think we need to do a bigger study that can also do a deeper dive into some questions.

You can read the report in html or download the .pdf version:

html: https://databreaches.net/2026/02/02/under-pressure-exploring-the-effect-of-legal-and-criminal-threats-on-security-researchers-and-journalists/

pdf: https://databreaches.net/wp-content/uploads/security-researcher-journalist-threats-survey-2026.pdf

In conjunction with the release of the report, I've also added a new "Threats" category to DataBreaches.net.

You can also read some overview comments from Zack at
https://this.weekinsecurity.com/new-survey-reveals-how-security-researchers-and-journalists-experience-legal-and-criminal-threats/

My post explaining how this all started is at https://databreaches.net/2026/02/02/threats-results-of-a-pilot-survey-on-threats-and-a-new-category-on-databreaches-net/

#cybersecurity #securityresearch #legalthreats #threats #criminals #databreach #vulernabilities #malware #lawsuit #survey

@zackwhittaker @campuscodi @amvinfe @jgreig @dangoodin @GossiTheDog @lawrenceabrams @euroinfosec

Walnuts producer affected by Qilin ransomware in Chile

https://www.security-chu.com/2026/01/Valbifruit-productora-nueces-con-ataque-de-ransomware-qilin.html

#Chile #ransomware #qilin #cyberattack

Chile's National Cybersecurity Agency launches ciberlupa to search for leaks of citizen data.

Personal Opinion:

I find ANCI's Ciberlupa incredibly useful: a Chilean "Have I Been Pwned" tool that helps people find out if their email/RUT (Chilean tax ID) has been leaked, with good privacy (strong authentication, anonymized database). But there's a critical point that can't be ignored: the risk that, in order to keep it updated and "complete," the line might be crossed at some point, and they might start buying dumps on the dark web or black markets (as has happened in other countries with law enforcement). That would be counterproductive: it would finance more data theft and lose all legitimacy. A concrete proposal: ANCI should publicly commit to strict limits—only open/published sources (Telegram, hacker forums that upload for free, CERT collaborations, reports from victims/companies). No purchases, not even for "specific investigations," in this citizen-led tool.

https://www.security-chu.com/2026/01/ciberlupa-buscador-filtraciones-de-datos-de-ciudadanos.html

#privacy #hacking #dataprotection #Chile

@PogoWasRight @campuscodi @amvinfe @zackwhittaker @jgreig @lawrenceabrams