A hacking group known as the "Belsen Group" has leaked configuration files, IP addresses, and VPN credentials for over 15,000 FortiGate devices. This data was leaked on the dark web, making it readily available to other cybercriminals. The leak is believed to be related to a 2022 zero-day vulnerability known as CVE-2022–40684, which was exploited before a fix was available. The leaked configuration files contain sensitive information such as private keys and firewall rules. In a separate incident, researchers discovered six vulnerabilities in the Rsync file-synchronizing tool, some of which could lead to remote code execution (RCE) and data leakage. The vulnerabilities were patched in Rsync version 3.4.0, and a list of affected operating systems and products is available on the CERT/CC website. Researchers have also linked a recent North Korean IT worker scam to a 2016 crowdfunding scheme. This discovery suggests that North Korea has been involved in cyber-financial operations for nearly a decade. Both the IT worker scam and the crowdfunding scheme used a shared pool of fake personas and overlapping technical registration data. This finding indicates that the same threat actors were behind both operations.