RequestHunt is a community-driven platform that collects and curates feature requests from X (Twitter), Reddit, and GitHub. We help product teams discover what features real users are asking for, making it easier to validate product ideas and prioritize feature development based on actual user demand.

How does RequestHunt collect feature requests?

RequestHunt uses AI-powered extraction to automatically collect feature requests from social media platforms including X, Reddit, and GitHub. The platform monitors discussions, issues, and posts to identify genuine user feature requests, extracting key information like the requested feature, product mentioned, and user sentiment.

Who uses RequestHunt?

RequestHunt is used by product managers, founders, developers, and product teams who want to discover what features real users are requesting. It's particularly valuable for startups looking to validate ideas, established companies prioritizing their roadmap, and developers building products that solve real user problems.

Is RequestHunt free to use?

Yes, browsing and searching feature requests on RequestHunt is completely free. We also offer API access for developers who want to integrate feature request data into their own applications. Check our pricing page for API plan details.

How often is RequestHunt data updated?

RequestHunt continuously collects feature requests from Reddit, X (Twitter), and GitHub. You can also trigger on-demand scraping via the API or web interface to get the freshest data for any topic.

RequestHunt

Loading request...

[Palantir] Add data loss prevention features to prevent unauthorized data exfiltration by contractor | RequestHunt

[Palantir] Add data loss prevention features to prevent unauthorized data exfiltration by contractor

| | , , , ,

by @u/falconupkid | 12/4/2025 | submitted by AutoCollector

[view original source]

Implement stricter controls and auditing to prevent contractors from copying large amounts of data or destroying databases, as highlighted by the incident where ex-contractors wiped 96 government databases.

Original Source

@u/falconupkid | 18 pts | 12/4/2025

Insider Threat: Ex-Contractors Accused of Mass Data Destruction and Theft in U.S. Government Systems **TL;DR**: Former federal contractors are facing charges for allegedly exfiltrating sensitive data and intentionally destroying 96 U.S. government databases post-termination. **Technical Analysis**: * **MITRE ATT&CK TTPs**: * TA0003 - Persistence: T1078.003 (Local Accounts - potentially retained privileged accounts or backdoors). * TA0005 - Defense Evasion: T1078 (Valid Accounts - leveraging existing contractor credentials or illicitly retained access). * TA0009 - Collection: T1005 (Data from Local System), T1114 (Email Collection). Specifics of "sensitive information" collected are pending. * TA0010 - Exfiltration: T1041 (Exfiltration Over C2 Channel), T1048 (Exfiltration Over Alternative Protocol). The method of data exfiltration is not yet detailed. * TA0040 - Impact: T1485 (Data Destruction - targeting 96 government databases). * **Affected Specifications**: * The attacks targeted various U.S. government agency databases. No specific database software versions (e.g., SQL Server, Oracle, PostgreSQL), underlying platforms, or CVEs have been disclosed. * **Indicators of Compromise (IOCs)**: * No specific IOCs (hashes, IP addresses, domains, or filenames) are detailed in the initial report. **Actionable Insight**: This incident critically highlights the insider threat vector, particularly from privileged third-party contractors. * **For SOC/Detection Engineers**: * Prioritize monitoring for anomalous database activity, including mass deletions, unauthorized modifications, or large-scale data exports, especially from accounts linked to contractors or recently terminated personnel. * Enhance logging and alerting for privileged account usage across all database management systems and critical data repositories. * Review and update detection rules for T1485 (Data Destruction) and T1041 (Exfiltration Over C2 Channel) based on observed insider threat patterns. * **For CISOs**: * Immediately review and strictly enforce zero-day revocation of all contractor and employee access to systems and data immediately upon termination. * Implement and rigorously audit a strict Least Privilege access model for all third-party personnel, ensuring access is limited to only what is absolutely necessary for their role. * Ensure comprehensive, immutable data backup and recovery strategies are in place and regularly tested, specifically for critical databases and sensitive data stores. * Bolster insider threat detection programs, focusing on behavioral analytics for unusual data access, transfer patterns, or system changes by privileged users. **Source:** https://www.bleepingcomputer.com/news/security/contractors-with-hacking-records-accused-of-wiping-96-govt-databases/

Discussion

Loading comments...