Boulder Creek homicide victim named suspected killer before death
(KRON) — A Boulder Creek man was charged with first-degree murder in connection to a double homicide in the Santa Cruz Mountains.
Two men were found deceased in the back of a pickup truck along Highway 35 near Castle Rock State Park in Santa Clara County on March 24. Both men had been shot to death, according to the California Highway Patrol. Family members identified the victims as Colter White, 53, and Sean Pfeffer, 45, Lookout Santa Cruz reported.
CHP detectives launched an investigation and identified 66-year-old James David Collier as the prime suspect.
Pfeffer named his suspected killer in a Facebook post the day before he was found dead. On March 23, Pfeffer wrote in his last Facebook post, 'If today isn't work out know that it was James Collier the piece of c**p that I invited to this mountain that still hasn't left it. I'm rolling down there right now Jimmy I hope you shoot me.'
Prosecutors believe that the two victims were murdered on March 23, court records show.
Pfeffer's post also said Collier was over-working his cousin, but he didn't include details about what the job was for. Pfeffer lived in a small cabin in the Santa Cruz Mountains, according to his Facebook profile. White and Pfeffer were close friends, family members told Lookout.
On April 9, a CHP SWAT team and the Golden Gate Division Multi-Disciplinary Accident Investigation Team served a search warrant at Collier's Boulder Creek home in Santa Cruz County. Investigators found enough evidence to arrest Collier Sunday morning.
Collier was booked into a Santa Clara County jail and charged with two counts of murder, according to a criminal complaint filed by the district attorney's office.
'This case highlights the strength of our law enforcement partnerships in protecting our community, especially in the rural areas of our county where jurisdictions overlap,' said Santa Clara County Sheriff Robert Jonsen. 'We are grateful for the collaboration that led to the capture of the suspect and for helping ensure the safety of our residents.'
CHP Golden Gate Division Chief Don Goodbrand said, 'I want to commend our detectives for their incredible dedication and exceptional investigative efforts in bringing a suspect into custody in this tragic case.'
Collier is scheduled to make his first court appearance in the Hall of Justice on Monday afternoon.
Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Forbes
an hour ago
- Forbes
Silent Breach Exposes 16 Billion Passwords: 5 Things You Must Do Now
A staggering 16 billion passwords were exposed in a silent, decentralized breach compiled from years ... More of malware activity — an unseen cyber threat now looming over governments and tech giants alike. picture alliance via Getty Images While the cybersecurity world was focused on usual suspects like ransomware gangs, nation-state espionage and zero-day exploits, something massive happened in the background. A credential leak of staggering proportions quietly spilled onto the open internet. No ransom note. No press release. No named corporate victim. Just a silent detonation of more than 16 billion individual records containing usernames and passwords for Apple, Google, Microsoft, Facebook and government accounts across 29 countries. Let that sink in. Sixteen billion login records. The scope of this breach eclipses almost every known hack to date. Yet most people have never heard about it. On June 26 2025, researchers at Cybernews revealed that they had discovered 30 unsecured datasets containing over 16 billion records. These were not theoretical vulnerabilities. These were usernames and passwords that provide real access to real systems. The data included everything from private citizen logins to accounts tied to government domains. Facebook, Telegram, Instagram, PayPal, Discord, Roblox — no platform seemed untouched. The data was formatted exactly as infostealing malware delivers it: a string of website URLs, usernames and passwords scraped from infected machines over time. And it was found online, publicly accessible for a period of time before being locked down. One of the earlier warnings came from cybersecurity researcher Jeremiah Fowler, who in May uncovered 47GB of data with 184 million records, sitting in the open on an Elasticsearch server. The server was hosted by World Host Group, a global web hosting provider. Once alerted, the company disabled access and confirmed the server had been spun up by a fraudulent user. But the damage had already been done. 'This is probably one of the weirdest ones I've found in many years,' Fowler told Wired . 'As far as the risk factor here, this is way bigger than most of the stuff I find, because this is direct access into individual accounts. This is a cybercriminal's dream working list.' It wasn't just tech companies that were implicated. Fowler found 220 government email addresses from more than two dozen countries, including the United States, United Kingdom, Canada, India, Israel and Australia. May 2025 : Fowler discovers 184 million exposed records, including government and enterprise credentials, and immediately notifies the hosting provider. : Fowler discovers 184 million exposed records, including government and enterprise credentials, and immediately notifies the hosting provider. Early June 2025 : World Host Group disables the server. No further public comment or disclosure from affected entities. : World Host Group disables the server. No further public comment or disclosure from affected entities. Mid-June 2025: Cybernews publishes a report about the larger aggregation of 30 databases, revealing the total exposure: 16 billion credentials. Unlike high-profile hacks with clear attribution and corporate response, this breach is fragmented. It is the byproduct of years of careless digital hygiene, cybercriminal harvesting and the steady drip of malware-infected machines feeding stolen credentials into dark web markets. How It Happened: Death By A Thousand Infostealers This was not a hack in the conventional sense. No firewalls were breached. No zero-day vulnerabilities were exploited. Instead, the records were compiled over years using infostealer malware. Infostealer malware is a class of malicious software that silently lifts login credentials from infected devices. Christiaan Beek of Rapid7 noted that the data showed 'a lot of overlap' and was 'a combination of old and new' credentials, adding that the aggregation itself posed a serious threat. 'It reflects around 30 separate breaches, stealer logs compiled over years,' he said. Much of the leaked content appears to come from previously compromised password dumps. But according to Cybernews, the presence of fresh infostealer logs makes this breach 'particularly dangerous for organizations lacking multi-factor authentication or credential hygiene practices.' Why This Leak Hasn't Made Headlines Despite its unprecedented scale, this breach has flown under the radar, unlike the United Natural Foods hack, which triggered widespread headlines. One reason is that no single company was directly compromised. There was no named victim, no regulatory filing and no incident response to point to. The data was quietly compiled over years through malware infections and older breaches, then briefly exposed on an unmanaged server. Without a clear villain or breach notification, traditional media had little to latch onto. They couldn't point to one actor or failure. In truth, we are all to blame. Many of the records were previously stolen which led some to dismiss the incident as old news. But that misses the point. The true threat lies in the scale, the recency and the way this data can now be weaponized by attackers against organizations that have not enforced basic security practices. Further, just because the records were previously stolen, a significant percentage were still active. The Bigger Picture: What We Are Doing Wrong This breach was not about a single company failing. It was about everyone failing. As security analyst Chester Wisniewski of Sophos put it, 'These massive dumps are typically just a recycled pile of credentials with a few new ones sprinkled in.' But even old passwords still work when users reuse them. When organizations fail to enforce password resets. When there is no MFA. And therein lies the danger. Infostealer malware is doing exactly what it was built to do: harvest credentials from unprotected machines. The real problem is how unprepared the world remains to stop it. What Needs To Happen Now This is a five-alarm fire for anyone not practicing basic cybersecurity hygiene. Sixteen billion records are now in circulation. Many are still active. Some are tied to government systems. And nearly all were exposed without any one company triggering the alarm. This should be a wake-up call not just for IT departments, but for every executive and individual who relies on digital tools to function. This is not the time to assume you're safe. This is the time to act. Five Immediate Actions For Individuals: Change your passwords across all platforms: Start with your primary email, banking and social media accounts. If you use the same password in multiple places, change every one of them. Password reuse is the single biggest vulnerability exploited in these kinds of leaks. Use unique passwords for every service: One password per account. No exceptions. This ensures that if one login is compromised, the rest remain safe. Use a password manager if you need help generating or storing them. Enable multi-factor authentication on every account that allows it: MFA is no longer optional. Even a simple text message code can stop an attacker with your password. Wherever possible, use app-based or hardware key MFA for stronger protection. Scan your devices for malware, especially infostealers: This data did not appear out of nowhere. It was harvested from infected machines. If you have not scanned your device recently, or if you have never run anti-malware software, now is the time. Infostealers run silently in the background, siphoning off your credentials without leaving a trace. Monitor account activity for unauthorized access: Watch for unfamiliar logins, password reset attempts, or new devices on your accounts. Most services provide tools to review recent activity. Use them. Set up alerts for suspicious behavior. If anything looks off, change your credentials immediately. Five Immediate Actions For Businesses And IT Leaders: Deploy Endpoint Detection and Response tools: Infostealer malware thrives on unmanaged or poorly protected endpoints. EDR tools allow your security team to detect, isolate and remediate these threats in real time before they cause widespread damage. Enforce password managers and centralized identity platforms: Encourage or even better, mandate the use of enterprise-grade password managers. Combine that with Single Sign-On and identity federation to reduce the number of credentials employees must manage and attackers can steal. Conduct ongoing employee security training: One-time training is not enough. Phishing and credential theft are constantly evolving. Organizations need to build a culture of cybersecurity awareness that reinforces good behavior, simulates attacks and rewards vigilance. Implement real-time credential leak monitoring and dark web scanning: Do not wait for a breach notification. Be proactive. Invest in services that scan known dark web marketplaces and data dumps for your domains, employee emails and customer credentials. When a match is found, move fast to rotate access and contain the risk. Apply Access Controls Based on Risk, Not Convenience: Implement role-based access and least privilege policies. Restrict administrative access to only those who absolutely need it. Too many organizations default to broad permissions, giving attackers more room to move once they are inside. Aligning access with actual job function reduces the blast radius when credentials are compromised. The playbook is not complicated. But it does require discipline and urgency. The organizations that act now will be the ones still standing when the next wave of credential-based attacks begins. Compliance Is the Starting Line, Not the Finish Too many organizations mistake compliance for security. Checking the box on a framework does not stop infostealer malware. But it does give you a baseline. Compliance is the first signal that your organization is taking security seriously. It offers structure, policy and governance. But it must be paired with continuous improvements, proactive monitoring and threat intelligence. Treating compliance as the finish line is like bolting your front door while leaving all the windows wide open. A Sobering Reminder This breach should be a sobering reminder that we are losing the war on credentials. Sixteen billion of them just got dumped onto the internet. Some old. Some new. All dangerous. And the biggest threat may not be the data itself, but how few people noticed. If this breach did not reach your radar, let it serve as a wake-up call. If your organization is still relying on usernames and passwords without MFA or threat monitoring, you are playing defense without a helmet. The calculous has now changed. Cybercriminals are not just breaking in. They are now logging in.
Bloomberg
6 hours ago
- Bloomberg
Turkish Opposition Faces Trial in Case That's Got Market on Edge
Investors in Turkey are nervously awaiting a verdict on the fate of the main opposition party as early as Monday, after the arrest of Istanbul's mayor in March led to an exodus of foreigners from the market. A court case questioning the party leadership's legitimacy will start at 10 a.m. local time in Ankara. Should the court reach a verdict in its third hearing against the leadership of the Republican People's Party, or CHP, market-watchers say it'll be a pivotal moment with market implications.
Yahoo
9 hours ago
- Yahoo
CHP searching for red pickup truck in deadly hit-and-run in Fresno County
Authorities need help in locating a vehicle believed to be involved in a deadly hit-and-run Saturday night in Fresno County. Officers responded at 9:30 p.m. to Adams and Cove avenues in Orange Cove after a bicyclist was struck. According to the California Highway Patrol, a woman on a bicycle was traveling westbound on Adams Avenue when she was struck from behind by a Chevrolet Silverado 1500 pickup truck, also traveling westbound. The truck dragged the bicycle 120 feet and the driver drove away from the scene without rendering aid or notifying emergency services, CHP said. The bicyclist was pronounced dead at the scene. CHP said the victim was not wearing a helmet but did have a handheld lighting device activated to increase her visibility. Investigators are seeking the public's help in locating the vehicle, believed to be a red Chevrolet Silverado 1500, model year early-to-mid 2000s. The vehicle should have noticeable damage to the right front and likely missing a headlight lens, and may also be missing a black Chevrolet 'bowtie' grille emblem. A smoked-out headlight lens and a black bow tie emblem were recovered at the scene, CHP said. Anyone with information is asked to call CHP at 559-262-0400 or call Valley Crime Stoppers at 559-498-7867. Callers may remain anonymous.
