| ~7 MIN READ |
|
This week the theme is autonomy: attackers who keep getting away with it, and AI agents that no longer need a human in the loop to do damage. Neither trend is slowing down.
PS: Was this forwarded to you? Subscribe free at exzeccyber.com/subscribe → |
|
In this edition
|
Repeat Breach
Accenture's Third Strike
Intro
Some companies get breached once and learn their lesson. Accenture is on breach number three, and the lesson still hasn't landed.
What Happened
A threat actor known as "888" claims to have stolen 35GB of Accenture data, including source code, RSA and SSH keys, and Azure access tokens, and put it up for sale on a cybercrime forum this week. Accenture confirmed the breach but called it "isolated" and declined to detail what was actually taken. The same actor previously sold Accenture employee data after a 2024 incident, and the company was hit by LockBit ransomware back in 2021.
Why It Matters
Accenture doesn't just run its own systems, it runs pieces of infrastructure for governments and Fortune 500 clients, so a repeat intruder with three confirmed footholds in five years is a supply chain problem wearing a consulting badge.
The Other Side
Accenture says there's no impact to operations or service delivery, and BleepingComputer couldn't independently verify the full scope of what "888" claims to have.
TL;DR: Accenture confirms its third breach since 2021 after a repeat attacker sells 35GB of source code and access keys.
Further reading: BleepingComputer
|
|
CollabED's founder built 10 web platforms, 2 mobile apps, and 27 automations in 75 days with Viktor. No developers, no designers, no IT team. One founder, 46 volunteers. Get Started for Free.
|
|
|
Try the AI that knows your customers. No commitment.
Most platform evaluations start with a demo request and end three weeks later in a conference room. This one takes 15 minutes and puts you directly inside Gladly's interface — navigating it on your own terms.
See how AI surfaces real-time customer context before a conversation starts. Watch how a single conversation thread pulls in purchase history, channel history, and account details without a handoff.
No installation. No commitment. Start the interactive demo and see the platform for yourself.
Strange but real
Two Convicted Fraudsters Just Started a Cybersecurity Company
Intro
Jack Burkman and Jacob Wohl, the duo behind a 2020 robocall scheme to suppress Black voters and fabricated sexual assault claims against Robert Mueller and Pete Buttigieg, now run a company that says it buys zero-day exploits for up to $7 million each.
What Happened
The company, IRIS C2, operates out of an Arlington, Virginia address tied to Burkman's lobbying firm, and Wohl fronts its recruiting on social media, chasing vulnerability researchers with promises of huge payouts and vague talk of "federal contracts" he won't specify. Wohl admits he has no formal security training. Both men have felony fraud convictions and a $5.1 million FCC fine between them.
Why It Matters
The exploit brokerage market already has plenty of shady players, but one run by people with a documented history of fabricating claims and hiding behind fake identities is a specific kind of risk for any researcher who sells them a working exploit.
The Other Side
Wohl insists IRIS C2 is a legitimate offensive security shop with real government interest, though he offers no verifiable details, and the company is a registered federal contractor without any listed direct contracts.
TL;DR: Convicted fraudsters Burkman and Wohl now broker zero-day exploits for up to $7 million, no security background required.
Further reading: Krebs on Security
|
Wall Street is shifting billions into a select group of stocks, and MarketBeat’s updated 10 Best Stocks to Own in 2026 report reveals exactly which ones. Get the 10 names attracting fresh capital before the crowd catches on. Send My Free Report

