Nationwide power outage in Cuba; speculation of a cyberattack by US on the power plant.
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
Handala Team claims it has mapped and archived precise coordinates of Israeli water and power infrastructure, warning of escalation if Iranian facilities are targeted. #cyberwarfare
@TheGhostITM
@TheGhostITM
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
Hacktivist group "Handala" issues threat: any strike on Iran’s energy sector will trigger a response "far beyond" parity, citing pre-collected infrastructure intelligence on Israel.
@TheGhostITM
@TheGhostITM
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
New statement from "Handala" suggests coordinated cyber-intelligence effort tied to geopolitical tensions, highlighting critical infrastructure as a primary target set in potential escalation.
@TheGhostITM
@TheGhostITM
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
Hacktivists reportedly targeted Israel’s public transportation infrastructure, disrupting the Ravkav ticketing platform and online bus services, causing widespread service outages across multiple cities.
@TheGhostITM
@TheGhostITM
FBI: Iranian cyber actors are using Telegram as command-and-control (C2) infrastructure.
AnythingLLM Desktop XSS-to-RCE via insecure Electron config. Poisoned RAG documents or compromised LLM endpoints can achieve full host compromise. CVE-2026-32626, CVSS 9.6. Patch available.
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager.
Lapsus group lists AstraZeneca (UK/Sweden) as a victim, publishing alleged breach evidence pointing to a potential compromise of internal systems.
Microsoft says tax-season phishing now deploys RMM tools like ScreenConnect, moving beyond credential theft.
A Feb. 10 campaign hit 29,000+ users across 10,000 orgs, using IRS lures to gain persistent system access.
A Feb. 10 campaign hit 29,000+ users across 10,000 orgs, using IRS lures to gain persistent system access.
Attackers are exploiting a CVSS 10.0 auth bypass in Quest KACE SMA to hijack admin accounts.
Arctic Wolf observed attacks on unpatched, internet-exposed systems, with payloads delivered via curl and persistence set through registry changes.
Arctic Wolf observed attacks on unpatched, internet-exposed systems, with payloads delivered via curl and persistence set through registry changes.
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
An APT group has reportedly conducted a cyberattack against Lockheed Martin, targeting its defense and aerospace networks.
@TheGhostITM
@TheGhostITM
Citrix patched a critical NetScaler flaw (CVSS 9.3) enabling unauthenticated memory leaks.
The issue exposes sensitive appliance data when SAML IDP is enabled, alongside a second bug that can mix user sessions in gateway or AAA setups.
The issue exposes sensitive appliance data when SAML IDP is enabled, alongside a second bug that can mix user sessions in gateway or AAA setups.
North Korea’s Contagious Interview campaign now uses malicious VS Code projects to deploy StoatWaffle.
Opening the folder can auto-run tasks.json, install Node.js if missing, and fetch stealer or RAT payloads on developer systems.
Opening the folder can auto-run tasks.json, install Node.js if missing, and fetch stealer or RAT payloads on developer systems.
Keir Starmer is set to ban cryptocurrency donations after a review concluded they risk foreign interference in UK democracy — The Times.
More than 875 million Android phones (~25% of the market) are at risk due to a serious vulnerability in MediaTek chips.
Discovered by Ledger Donjon, this flaw lets an attacker with physical access extract sensitive data—like lock PINs, encrypted storage, and crypto‑wallet recovery phrases—in under a minute, even when the device is powered off and connected via USB.
Discovered by Ledger Donjon, this flaw lets an attacker with physical access extract sensitive data—like lock PINs, encrypted storage, and crypto‑wallet recovery phrases—in under a minute, even when the device is powered off and connected via USB.