Google has opened Android verification to all developers.

Developer verification is now live globally, letting devs confirm identity and register apps ahead of enforcement.

From Sept 30, 2026, only verified apps install in select markets, expanding globally in 2027.

A zero-day in TrueConf let attackers spread malware through its own update system.

CVE-2026-3502 (CVSS 7.8) was exploited by compromising on-prem servers, pushing tampered updates to all connected clients in government networks across Southeast Asia.

A flaw in Google Cloud Vertex AI could expose sensitive data across projects.

Default service agent permissions allow attackers to steal credentials from AI agents, access storage buckets, and move inside cloud environments.

Silver Fox is spreading AtlasCross RAT via fake Zoom, Signal, and Teams sites.

Signed installers from typo domains bypass checks, disable security tools, and run the RAT in memory for remote access and data theft across Asia.

Claude Code source reportedly leaked online.

If confirmed, this could expose internal architecture, safety mechanisms, and proprietary tooling behind one of the leading AI coding systems. The authenticity and scope of the leak are still under verification.

What does a Claude Code source leak mean?

Beyond IP theft, this could reveal how safety guardrails are implemented, expose potential vulnerabilities, and accelerate rival model development. For defenders, it’s insight. For attackers, it’s opportunity.

Hackers take down Israeli news outlet Globes.

#TGITM @TheGhostITM

The Anonymous collective has breached an Israeli company involved in mechanical assemblies and chip processing, publishing approximately 70GB of data.

#TGITM @TheGhostITM

A hacker group has launched a DDoS attack on the Radio Galei Israel website (radio broadcasts).

#TGITM @TheGhostITM

Axios, a widely used JavaScript library with ~100M weekly downloads, has reportedly been compromised, with attackers publishing a malicious version.

A potential supply chain attack that could impact countless apps depending on Axios. Developers should verify versions and monitor for suspicious activity.

Google links the Axios npm compromise to North Korean group UNC1069.

Attackers hijacked the maintainer account and pushed malicious versions that executed during install via a hidden dependency, deploying a cross-platform backdoor (Windows, macOS, Linux) and then removing traces.

Google’s emergency Chrome patch for a zero-day (v146.0.7680.177/178) is a reminder: client-side exploitation remains one of the most reliable entry points. If patching isn’t immediate, assume exposure.

Cisco’s internal dev environment breach on AWS—reportedly exposing ~300 repositories—raises serious supply chain concerns. With code tied to banks and US government agencies, the downstream risk isn’t just data loss, it’s potential systemic exposure.

ShinyHunters claims responsibility for the Cisco breach, alleging theft of 3M Salesforce records, GitHub source code, and sensitive AWS data. A 72-hour deadline has been issued.

TeamPCP is working alongside ShinyHunters and the Vect ransomware group—highlighting the industrialization of cybercrime.

Israeli data firm Bright Data confirms a breach and is forcing password resets for users.

#TGITM @TheGhostITM

CERT-UA warned of a phishing campaign impersonating the agency to spread AGEWHEEZE malware.

The malware enables full system control, but confirmed infections were limited despite wide targeting.

Russia is tightening its grip on cyberspace: widespread disruptions hit Telegram, affecting messaging, media uploads, and connectivity.

Authorities are restricting VPNs and pushing state-backed messengers, while WhatsApp may be next. Telegram isn’t fully blocked—yet—but access is increasingly unstable.