CERT/CC warns a ZIP flaw tracked as CVE-2026-0866 lets attackers hide malware using malformed archive headers.

Security tools trust the header and miss the payload, while it can still be extracted and executed with the right method.

It breaks how AV and EDR validate files.

Attention to the vulnerability (CVE-2026-20131) in Cisco's Secure Firewall Management Center (FMC) actively exploited by ransomware groups worldwide.

عيد مبارك لجميع المحتفلين!

A critical Magento flaw lets attackers upload files without login and take over stores.

The issue, PolyShell, uses the REST API to upload hidden malicious files as images. This can lead to remote code execution or stored XSS.

No fix for current versions yet.

Google adding a 24-hour delay for installing #Android apps from unverified developers.

Users must enable developer mode, reboot, and confirm again after a day. This is meant to stop #malware and scams that trick users into disabling Play Protect or giving access.

3M+ IoT devices hijacked into botnets launching record 31.4 Tbps DDoS attacks.

Command-and-Control (C2) infrastructure = the hidden servers attackers use to control infected devices (botnets) remotely.

These IoT botnets (AISURU, Kimwolf, JackSkid, Mossad) used C2 servers to coordinate global DDoS attacks, including targets in the U.S.

Attack type: hyper-volumetric DDoS (up to 31.4 Tbps) — capable of crippling ISPs, cloud services, and core internet infrastructure.

Quick explanation:Botnet: A network of hacked devices (routers, cameras, smart TVs) controlled by attackers.

C2 (Command-and-Control): The “brain” server sending instructions to those infected devices.

DDoS attack: Flooding a target with massive traffic to knock services offline.

Speagle malware is abusing Cobra DocGuard to quietly steal data. It sends exfiltration through a legitimate DocGuard server, blending into normal traffic and avoiding detection.

It only runs on systems with DocGuard installed, signaling targeted espionage activity.

The open-source vulnerability scanner Trivy—maintained by Israel's Aqua Security—has been hit by a supply chain attack, with hackers injecting malicious code into its repositories.

@TheGhostITM

הסורק לפגיעות בקוד הפתוח Trivy — שמפותח על ידי חברת Aqua Security הישראלית — הותקף בהתקפת שרשרת אספקה, כאשר האקרים הזריקו קוד זדוני למאגרי הקוד שלו.

@TheGhostITM

Intoxalock Breathalyzer Systems Hit by Prolonged DDoS Attack

A cyberattack targeted Intoxalock, a provider of ignition interlock breathalyzer systems used to detect blood alcohol levels in vehicles of DUI offenders. Drivers must blow into the device to start their cars.

Post-attack, company servers went offline, blocking thousands of drivers across 45 US states from starting their vehicles.

The DDoS assault—ongoing since Saturday—marks an unusually extended disruption to critical infrastructure tied to public safety and compliance.[

@TheGhostITM

Israeli Military Secure Comms Codes Leaked

Hacktivists cracked IDF encrypted VoIP systems (Italy/Germany/Austria/France hardware), exposing battlefield C2 channels. Israel acknowledges breach, plans switch—but that's no quick fix.

@TheGhostITM

IDF Comms Leak Exposes European Suppliers

Post-breach of Israeli military secure VoIP infra, 3 firms enabling IDF C2:

- NA-NET COMMUNICATION GmbH (Germany/Austria): Military telecom, VoIP, network infra
- Orange S.A. (France): Data centers, high-sec networks
- Enegan S.p.A. (Italy): Telecom disguised as "energy efficiency" services

@TheGhostITM

IDF Comms Breach—European Suppliers Named

Leak exposes vendors powering cracked IDF secure VoIP/C2 systems:

- NA-NET COMMUNICATION GmbH (DE/AT): Telecom, internet, VoIP, digital comms for military
- Orange S.A. (FR, ex-France Télécom): Telecom, internet/data, network infra, data centers
- Enegan S.p.A. (IT): Telecom services hidden behind "energy efficiency" facade

@TheGhostITM

Pro-Palestinian hacktivists Handala just dropped their new op hub: http://www.handala-team.to

@TheGhostITM

Apple warns outdated iPhones are now exposed to mass-scale exploit kits like Coruna and DarkSword.

Compromised websites can silently trigger infections and steal sensitive data from unpatched devices.

Trivy, a popular open-source vulnerability scanner, was compromised after attackers hijacked 75 version tags in #GitHub Actions to deliver an infostealer.

It ran in CI pipelines, stealing creds and tokens, then exfiltrating data or staging it via stolen GitHub PATs.

Nationwide power outage in Cuba; speculation of a cyberattack by US on the power plant.

Handala Team claims it has mapped and archived precise coordinates of Israeli water and power infrastructure, warning of escalation if Iranian facilities are targeted. #cyberwarfare

@TheGhostITM

Hacktivist group "Handala" issues threat: any strike on Iran’s energy sector will trigger a response "far beyond" parity, citing pre-collected infrastructure intelligence on Israel.

@TheGhostITM

New statement from "Handala" suggests coordinated cyber-intelligence effort tied to geopolitical tensions, highlighting critical infrastructure as a primary target set in potential escalation.

@TheGhostITM