Google links the Axios npm compromise to North Korean group UNC1069.
Attackers hijacked the maintainer account and pushed malicious versions that executed during install via a hidden dependency, deploying a cross-platform backdoor (Windows, macOS, Linux) and then removing traces.
Attackers hijacked the maintainer account and pushed malicious versions that executed during install via a hidden dependency, deploying a cross-platform backdoor (Windows, macOS, Linux) and then removing traces.
Google’s emergency Chrome patch for a zero-day (v146.0.7680.177/178) is a reminder: client-side exploitation remains one of the most reliable entry points. If patching isn’t immediate, assume exposure.
Cisco’s internal dev environment breach on AWS—reportedly exposing ~300 repositories—raises serious supply chain concerns. With code tied to banks and US government agencies, the downstream risk isn’t just data loss, it’s potential systemic exposure.
ShinyHunters claims responsibility for the Cisco breach, alleging theft of 3M Salesforce records, GitHub source code, and sensitive AWS data. A 72-hour deadline has been issued.
TeamPCP is working alongside ShinyHunters and the Vect ransomware group—highlighting the industrialization of cybercrime.
Israeli data firm Bright Data confirms a breach and is forcing password resets for users.
#TGITM @TheGhostITM
#TGITM @TheGhostITM
CERT-UA warned of a phishing campaign impersonating the agency to spread AGEWHEEZE malware.
The malware enables full system control, but confirmed infections were limited despite wide targeting.
The malware enables full system control, but confirmed infections were limited despite wide targeting.
Forwarded from 𓂆 Palestine
Last night’s attacks in Bahrain reportedly targeted Batelco’s main headquarters — a critical telecom hub providing mobile and internet services. Notably, a significant portion of Amazon’s servers was also housed in the building.
Russia is tightening its grip on cyberspace: widespread disruptions hit Telegram, affecting messaging, media uploads, and connectivity.
Authorities are restricting VPNs and pushing state-backed messengers, while WhatsApp may be next. Telegram isn’t fully blocked—yet—but access is increasingly unstable.
Authorities are restricting VPNs and pushing state-backed messengers, while WhatsApp may be next. Telegram isn’t fully blocked—yet—but access is increasingly unstable.
Forwarded from 𓂆 Palestine
Erdogan: Recent regional conflicts underscore cybersecurity as a core pillar of national power.
Citing wars in Gaza, Lebanon, and Iran, he stressed that data security now intersects with political stability, economic independence, and military deterrence.
Turkey is set to roll out new measures to harden government data infrastructure.
Citing wars in Gaza, Lebanon, and Iran, he stressed that data security now intersects with political stability, economic independence, and military deterrence.
Turkey is set to roll out new measures to harden government data infrastructure.
Chinese-linked cyber espionage resurges, targeting Europe amid rising geopolitical tensions.
Since mid-2025, attackers have focused on EU, NATO, and embassy networks using spear-phishing lures (fake interviews, collaboration requests) to deploy malware and exfiltrate data.
Recent activity also extends into the Middle East.
Since mid-2025, attackers have focused on EU, NATO, and embassy networks using spear-phishing lures (fake interviews, collaboration requests) to deploy malware and exfiltrate data.
Recent activity also extends into the Middle East.
Forwarded from 𓂆 Palestine
War fallout is hitting tech now.
Helium shortages—triggered by disrupted Qatari gas exports—are impacting AI chip production. Qatar supplies ~1/3 of the world’s helium.
This isn’t just geopolitics anymore. It’s a direct hit on the future of AI.
Helium shortages—triggered by disrupted Qatari gas exports—are impacting AI chip production. Qatar supplies ~1/3 of the world’s helium.
This isn’t just geopolitics anymore. It’s a direct hit on the future of AI.
Handala breached PSK WIND Technologies, a firm tied to Israeli air defense C2 systems. Exfiltration includes sensitive data on command centers, communications, and infrastructure. This signals a significant supply-chain level compromise.
#TGITM @TheGhostITM
#TGITM @TheGhostITM
🥰1
Handala hackers intrusion into PSK WIND Technologies, linked to integrated air defense command & control. Include full data exfiltration and transfer to external actors. Monitoring for indicators, validation, and potential downstream impact.
#TGITM @TheGhostITM
#TGITM @TheGhostITM
❤1
Handala group says it infiltrated PSK WIND Technologies, reportedly accessing classified air defense C2 data. This could represent a major breach of defense-related infrastructure networks.
#TGITM @TheGhostITM
#TGITM @TheGhostITM
❤1
Handala: 22 terabytes of data deleted from 14 Israeli companies / A cyber gift for Passover
On the occasion of Passover, this important holiday for our dear Israelis and beloved occupiers, we at Handala would like to extend our special congratulations.
As part of our ongoing commitment to support the oppressed and confront occupation and injustice, we have successfully carried out a large-scale and targeted cyber operation.
In this mission, data from 14 companies belonging to the Zionist regime was completely deleted. The total volume of data removed in this operation reached 22 terabytes, a small gift for Passover, as a reminder that occupation has a cost.
The targeted companies are as follows:
DanielBengioCPA
Fuse Stereo
Gavriel Weiss C.P.A
Hagai Namir
Kalus
Migvan 2002
Mouth or Foot Painting Artists Ltd
Opal Plastic
PoliPach
Rim Ishak Hagi
SITT
Toledano Architecture & Design
To-Mix
Yarok
We hereby declare that no database is beyond our reach and any continuation of occupation and crimes will face heavier costs.
Happy Passover, We hope the occupiers benefit from increased awareness in cybersecurity!
#Handala
On the occasion of Passover, this important holiday for our dear Israelis and beloved occupiers, we at Handala would like to extend our special congratulations.
As part of our ongoing commitment to support the oppressed and confront occupation and injustice, we have successfully carried out a large-scale and targeted cyber operation.
In this mission, data from 14 companies belonging to the Zionist regime was completely deleted. The total volume of data removed in this operation reached 22 terabytes, a small gift for Passover, as a reminder that occupation has a cost.
The targeted companies are as follows:
DanielBengioCPA
Fuse Stereo
Gavriel Weiss C.P.A
Hagai Namir
Kalus
Migvan 2002
Mouth or Foot Painting Artists Ltd
Opal Plastic
PoliPach
Rim Ishak Hagi
SITT
Toledano Architecture & Design
To-Mix
Yarok
We hereby declare that no database is beyond our reach and any continuation of occupation and crimes will face heavier costs.
Happy Passover, We hope the occupiers benefit from increased awareness in cybersecurity!
#Handala
❤1
Handala hackers infuriate into the companies designing the integrated command and control systems of Israeli air defense.
#TGITM @TheGhostITM
#TGITM @TheGhostITM
❤2
17% Growth of Ransomware in Japan in 2025
In 2025, ransomware attacks in Japan increased, reaching 134 cases. Among them, the "Qilin" ransomware was the most active and carried out a large portion of these attacks.
In 2025, ransomware attacks in Japan increased, reaching 134 cases. Among them, the "Qilin" ransomware was the most active and carried out a large portion of these attacks.
Forwarded from إعلام المقاومة الفلسطينية
عاجل || الحرس الثوري الإيراني يعلن استهداف مركز الحوسبة السحابية التابع لشركة أمازون في البحرين
Cisco fixed two critical flaws that allow full system takeover without login.
CVSS 9.8 vulnerabilities let attackers reset admin passwords (IMC) or run commands as root (SSM On-Prem) using crafted requests.
No workaround is available. Patching is required.
CVSS 9.8 vulnerabilities let attackers reset admin passwords (IMC) or run commands as root (SSM On-Prem) using crafted requests.
No workaround is available. Patching is required.
Apple expanded iOS 18.7.7 security updates to more iPhones and iPads to fix DarkSword exploits.
The fixes were released in 2025, and now also protect devices that are not on iOS 26—so users can stay on iOS 18 & still get security updates.
The fixes were released in 2025, and now also protect devices that are not on iOS 26—so users can stay on iOS 18 & still get security updates.