Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
Amazon AWS disrupted by war in West Asia again
Amazon announced that its Amazon Web Services (AWS) region in Bahrain has been "disrupted" due to war in West Asia, marking the second disruption to its operations in the past month linked to the war.
@TheGhostITM
Amazon announced that its Amazon Web Services (AWS) region in Bahrain has been "disrupted" due to war in West Asia, marking the second disruption to its operations in the past month linked to the war.
@TheGhostITM
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
More than 200 Israeli civilian entities and organizations have been hacked and digitally wiped in cyberattacks since the outbreak of the Iran–Israel–U.S. war. These figures do not include Israeli government infrastructure.
@TheGhostITM
@TheGhostITM
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
יותר מ־200 גופים וארגונים אזרחיים בישראל נפרצו ונמחקו דיגיטלית במתקפות סייבר מאז פרוץ המלחמה בין איראן, ישראל וארצות הברית. נתונים אלו אינם כוללים תשתיות ממשלתיות ישראליות.
@TheGhostITM
@TheGhostITM
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
The attack group TeamPCP has planted malicious code in Israeli-founded cybersecurity giant Checkmarx’s GitHub Actions pipeline.
@TheGhostITM
@TheGhostITM
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
Attackers have succeeded in planting malicious code in the popular open‑source library LiteLLM, a U.S.-based AI‑infrastructure project that helps developers unify access to 100+ large language models.
@TheGhostITM
@TheGhostITM
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
The Handala hacker group announced that 14 gigabytes of highly confidential personal documents belonging to Tamir Pardo have been released as a proof of concept (PoC). These documents not only reveal Mossad secrets but also expose details of assassination programs and covert operations.
@TheGhostITM
@TheGhostITM
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
The security company HackerOne, which usually helps companies identify their vulnerabilities, has itself fallen victim to a cyberattack.
The leaked information includes full names, national ID numbers, addresses, phone numbers, email addresses, dates of birth, insurance information, and registration dates of employees and their dependents.
@TheGhostITM
The leaked information includes full names, national ID numbers, addresses, phone numbers, email addresses, dates of birth, insurance information, and registration dates of employees and their dependents.
@TheGhostITM
Hezbollah hack into surveillance cameras in bid to target Israeli officials
A report from Haaretz alleges that Hezbollah-linked hackers have attempted to infiltrate Israeli surveillance camera systems in an effort to monitor and potentially target senior Israeli officials. Israel’s National Cyber Directorate said the activity formed part of a wider campaign to exploit existing surveillance infrastructure for intelligence purposes, focusing on accessing live feeds from both private and public cameras.
A report from Haaretz alleges that Hezbollah-linked hackers have attempted to infiltrate Israeli surveillance camera systems in an effort to monitor and potentially target senior Israeli officials. Israel’s National Cyber Directorate said the activity formed part of a wider campaign to exploit existing surveillance infrastructure for intelligence purposes, focusing on accessing live feeds from both private and public cameras.
Jury finds Instagram and YouTube liable in landmark social media addiction trial — AP
Grok and X (Twitter), which were down in several regions, are now coming back online and service is gradually being restored.
According to the Financial Times, conflict with Iran may, unlike recent wars, lead to widespread and decentralized cyber attacks.
Financial Times: An attack on Iran has triggered a cyber storm. In the early days of the Ukraine war, hackers were mostly motivated by financial gain, and cyberattacks decreased after a short period. In contrast, the Iran war involves hackers with high technical capabilities.
Pavel Durov: Iranian accounts will not be deleted
The owner of Telegram said that due to the outbreak of war and widespread internet outages in Iran, the deletion of accounts after a certain period of inactivity will not apply to Iranian users.
The owner of Telegram said that due to the outbreak of war and widespread internet outages in Iran, the deletion of accounts after a certain period of inactivity will not apply to Iranian users.
Malicious LiteLLM versions 1.82.7–1.82.8 deploy credential theft, Kubernetes lateral movement, and a persistent backdoor.
Linked to the Trivy CI/CD compromise, the payload runs on import or via .pth at Python startup, spreads across nodes, and installs a systemd service.
Linked to the Trivy CI/CD compromise, the payload runs on import or via .pth at Python startup, spreads across nodes, and installs a systemd service.
GlassWorm now delivers a multi-stage malware chain via malicious packages and hijacked accounts.
It hides C2 in Solana memos, installs a fake Google Docs Chrome extension, and steals cookies, sessions, and crypto wallet data, with added hardware wallet phishing.
It hides C2 in Solana memos, installs a fake Google Docs Chrome extension, and steals cookies, sessions, and crypto wallet data, with added hardware wallet phishing.
A hacker used an AI agent to run cyber ops, with 80–90% handled autonomously.
Compromise an AI agent already inside your environment, and the kill chain disappears. It already has access, permissions, and normal data flows—so activity looks legitimate.
Compromise an AI agent already inside your environment, and the kill chain disappears. It already has access, permissions, and normal data flows—so activity looks legitimate.
A new Magento skimmer uses WebRTC data channels instead of HTTP to steal payment data.
It pulls payloads and exfiltrates card details over encrypted UDP, bypassing CSP and staying invisible to most monitoring tools.
Attacks are exploiting the PolyShell RCE flaw at scale.
It pulls payloads and exfiltrates card details over encrypted UDP, bypassing CSP and staying invisible to most monitoring tools.
Attacks are exploiting the PolyShell RCE flaw at scale.
Coruna turns a 2023 #iOS espionage exploit into a broader attack kit.
Kaspersky confirms it reuses and evolves the Triangulation kernel exploit, now updated for newer chips and iOS versions and still actively maintained.
Now bundled into 23 exploits across 5 chains and used beyond targeted ops, it shows #iPhone exploitation is scaling.
Kaspersky confirms it reuses and evolves the Triangulation kernel exploit, now updated for newer chips and iOS versions and still actively maintained.
Now bundled into 23 exploits across 5 chains and used beyond targeted ops, it shows #iPhone exploitation is scaling.
🔥1
Security Manager Warning: Critical Infrastructures Are Direct Targets of Cyber Attacks
According to Izum magazine, Dave Dault, former CEO of FireEye and McAfee, warned that attackers' use of artificial intelligence has greatly widened the gap between offensive and defensive cyber capabilities, and the world has entered a "dark age" of cybersecurity.
According to Izum magazine, Dave Dault, former CEO of FireEye and McAfee, warned that attackers' use of artificial intelligence has greatly widened the gap between offensive and defensive cyber capabilities, and the world has entered a "dark age" of cybersecurity.
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ