“NoVoice” malware spreads via 50+ Google Play apps, ~2.3M devices impacted
Exploits older Android flaws to gain root-level access — no suspicious permissions required.
Persistence is severe; even factory reset may not remove it.
Enables data theft, account takeover, and continuous C2 communication.
Update devices. Audit apps. Stay vigilant.
Exploits older Android flaws to gain root-level access — no suspicious permissions required.
Persistence is severe; even factory reset may not remove it.
Enables data theft, account takeover, and continuous C2 communication.
Update devices. Audit apps. Stay vigilant.
“Kourosh Shield” claims breach targeting Komala-linked individuals in Europe
Group alleges access to infrastructure and sensitive datasets, including identities, communications, and network metadata of 52 individuals.
Partial data reportedly released; further disclosures expected.
Claims remain unverified — potential leak monitoring ongoing.
Group alleges access to infrastructure and sensitive datasets, including identities, communications, and network metadata of 52 individuals.
Partial data reportedly released; further disclosures expected.
Claims remain unverified — potential leak monitoring ongoing.
LinkedIn under scrutiny for hidden extension scanning
Reports reveal use of browser fingerprinting scripts to detect installed Chrome extensions and gather device signals.
LinkedIn confirms the practice, citing security and abuse prevention.
Raises fresh concerns over user privacy vs platform defense.
Reports reveal use of browser fingerprinting scripts to detect installed Chrome extensions and gather device signals.
LinkedIn confirms the practice, citing security and abuse prevention.
Raises fresh concerns over user privacy vs platform defense.
Qilin ransomware claims cyberattack on Germany’s Die Linke party.
Group threatens data leak.
Group threatens data leak.
CENTCOM heavy silence.
The 24-hour silence of this official account has attracted media attention.
The 24-hour silence of this official account has attracted media attention.
Fortinet is warning of active exploitation of CVE-2026-35616 (CVSS 9.1) in FortiClient EMS.
The flaw lets unauthenticated attackers bypass API controls and run code. This is the second critical EMS flaw exploited in weeks.
The flaw lets unauthenticated attackers bypass API controls and run code. This is the second critical EMS flaw exploited in weeks.
36 npm packages posing as Strapi plugins were used to deliver malware that runs on install.
They exploited Redis and PostgreSQL, stole credentials, and deployed backdoors via postinstall scripts with full user or CI/CD access.
They exploited Redis and PostgreSQL, stole credentials, and deployed backdoors via postinstall scripts with full user or CI/CD access.
Forwarded from 𓂆 Palestine
The American satellite company Planet Labs announced that it will stop publishing images of Iran and conflict areas in the Middle East indefinitely, in response to a request from the administration of US President Trump.
The measure aims to prevent adversaries from using these images against the United States and its allies.
Initially, the publication of the images was postponed for just 14 days, but the company later decided to extend the measure to include a complete suspension of images related to the ongoing conflict since March 9, 2026.
The company now uses a review system for each image, publishing them only when absolutely necessary or for a specific public interest.
The measure aims to prevent adversaries from using these images against the United States and its allies.
Initially, the publication of the images was postponed for just 14 days, but the company later decided to extend the measure to include a complete suspension of images related to the ongoing conflict since March 9, 2026.
The company now uses a review system for each image, publishing them only when absolutely necessary or for a specific public interest.
The "Handala" group hacked into the websites of 27 Israeli companies, altered their interfaces, and posted images of the Minab school massacre in Iran.
#TGITM @TheGhostITM
#TGITM @TheGhostITM
Forwarded from 𓂆 Palestine
مجموعة "حنظلة" تخترق مواقع 27 شركة إسرائيلية وتغيّر واجهاتها وتضع صوراً عن مجزرة مدرسة ميناب في إيران.
The “Handala ” hacker group targeted 27 Israeli company websites, the operation as retaliation for the killing of children in Minab and a message against silencing civilians through violence.
“Handala: The blood of the children of Minab will not be forgotten; although they were small, their revenge is great.”
#TGITM @TheGhostITM
“Handala: The blood of the children of Minab will not be forgotten; although they were small, their revenge is great.”
#TGITM @TheGhostITM
Kuwait’s Ministry of Interior breached by hacktivist group “Nasir.”
In a statement, the group said it gained access to government and intelligence systems, sensitive data on officials, and alleged documents on Kuwait–US cooperation.
The group warned of further disruptive operations targeting national infrastructure.
In a statement, the group said it gained access to government and intelligence systems, sensitive data on officials, and alleged documents on Kuwait–US cooperation.
The group warned of further disruptive operations targeting national infrastructure.
Arabsat satellite network disrupted in cyberattack claimed by "Mabir" hackers over alleged Israel/US ties & hosting Iran International.
#TGITM @TheGhostITM
#TGITM @TheGhostITM
LEAK: Handala hacks & dumps unredacted WhatsApp/X chats of Raz Zimet, Israel's INSS Iran desk chief. Ignores exit warnings—ops intel, privos exposed.
Clear msg: "Nothing hidden from us." IOCs? TTPs point to prior Palestinian opsec breaches. Monitoring exploits.
#Cyberwar #Handala #InfoSec #TGITM @TheGhostITM
Clear msg: "Nothing hidden from us." IOCs? TTPs point to prior Palestinian opsec breaches. Monitoring exploits.
#Cyberwar #Handala #InfoSec #TGITM @TheGhostITM
Mass Exploitation of React2Shell Vulnerability; Automated Data Theft
Attackers exploiting React2Shell in Next.js apps have launched automated attacks, infecting hundreds of servers. Stolen data includes database credentials, AWS keys, and SSH keys.
NEXUS Listener tool collects & exfiltrates data to attacker C2 servers—enabling cloud account takeovers and deeper compromises.
Attackers exploiting React2Shell in Next.js apps have launched automated attacks, infecting hundreds of servers. Stolen data includes database credentials, AWS keys, and SSH keys.
NEXUS Listener tool collects & exfiltrates data to attacker C2 servers—enabling cloud account takeovers and deeper compromises.
Forwarded from Anonymous
URGENT SECURITY NOTICE: OpSec Violation on X Platform
CLASSIFICATION: CRITICAL — TOTAL EXODUS REQUIRED IMMEDIATELY
To the hacktivist collective, operators conducting #OpIsrael, #OpUSA, and affiliated operations
What you are witnessing is not random. It is not coincidence. It is a coordinated purge. This is not speculation — this is confirmed, observable reality.
The Current Situation
As of this moment, approximately 95% of #OpIsrael hacktivist accounts on X (formerly Twitter) have been systematically suspended within weeks. This includes elite operators — individuals whose technical capabilities are unquestionable and battle-tested.
Confirmed suspended / eliminated from the platform:
Ghost Squad Hackers (GSH) — Hacktivist collective responsible for the April 7, 2016 #OpIsrael breach, exposing Israeli Defense Force (IDF) personnel records, including thousands of soldiers and Israeli Air Force members. Also executed operations against the U.S. Armed Forces, Bank of England, CNN, and Fox News.
Wikipedia: https://en.wikipedia.org/wiki/Ghost_Squad_Hackers
Official presence on X — terminated.
#GSH #AG #Anonymous (ANAS AS OpIsrael) operational accounts — wiped.
This is systematic removal — consistent with the ~95% purge of real #OpIsrael infrastructure operators from the platform.
· Lorian Synaro — Known within Anonymous. Conducted real-world infrastructure breaches and botnet-driven DDoS operations against Israeli systems. Eliminated from X.
· ANAS AS OpIsrael — suspended.
· GhostSec3301 — Founder-level operator within Ghost Security (GhostSec), historically aligned with OpIsrael. Suspended.
· AnonGhost Media X — Suspended.
The pattern is absolute. Search any real operator tied to actual infrastructure breaches — they are gone.
The OpSec Reality
X is not neutral ground. It is an Israeli-American operational environment.
Its verification infrastructure is tied to AU10Tix, an Israeli intelligence-linked firm.
Its data systems are opaque by design.
Its transparency is selective — shielding aligned entities while exposing adversaries.
This is not a platform. It is a monitored battlespace.
If you are conducting operations while remaining on X, you are not practicing OpSec. You are violating it at the most fundamental level.
Brief OpSec Primer
Operational Security (OpSec) is not optional. It is survival.
1. Identification of sensitive information — What can identify or expose you?
2. Threat analysis — Who is hunting you? (Platform operators + state intelligence agencies)
3. Weakness analysis — Where does your operational chain break?
4. Risk assessment — What happens when — not if — you are exposed?
5. Countermeasure application — Eliminate vulnerabilities or be eliminated
Operating from X fails at Step 1. Immediately. Completely.
X possesses:
Your registration IP
Login histories
Device fingerprints
Behavioral patterns
Association graphs
Direct message metadata
All of it is accessible — and shareable — with cooperating intelligence entities.
Operating from X is not hacking.
It is broadcasting your intent from inside enemy-controlled infrastructure.
Directives
For #OpIsrael operators:
· Exit X immediately. No delay. No hesitation. No exceptions.
· Do not reduce usage. Do not archive. Do not linger. Leave.
· Transition to hardened, decentralized, encrypted channels: Matrix (self-hosted), Session, SimpleX, XMPP with OMEMO, Telegram, UpScrolled.
· Assume all past activity is logged, indexed, correlated, and permanently stored.
For #OpUSA operators:
· Launching operations against U.S. targets from within X is operational suicide.
· You are operating inside U.S. jurisdiction with direct exposure to Israeli intelligence collaboration.
· You are announcing your presence to the Five Eyes intelligence network in real time.
For all hacktivists:
CLASSIFICATION: CRITICAL — TOTAL EXODUS REQUIRED IMMEDIATELY
To the hacktivist collective, operators conducting #OpIsrael, #OpUSA, and affiliated operations
What you are witnessing is not random. It is not coincidence. It is a coordinated purge. This is not speculation — this is confirmed, observable reality.
The Current Situation
As of this moment, approximately 95% of #OpIsrael hacktivist accounts on X (formerly Twitter) have been systematically suspended within weeks. This includes elite operators — individuals whose technical capabilities are unquestionable and battle-tested.
Confirmed suspended / eliminated from the platform:
Ghost Squad Hackers (GSH) — Hacktivist collective responsible for the April 7, 2016 #OpIsrael breach, exposing Israeli Defense Force (IDF) personnel records, including thousands of soldiers and Israeli Air Force members. Also executed operations against the U.S. Armed Forces, Bank of England, CNN, and Fox News.
Wikipedia: https://en.wikipedia.org/wiki/Ghost_Squad_Hackers
Official presence on X — terminated.
#GSH #AG #Anonymous (ANAS AS OpIsrael) operational accounts — wiped.
This is systematic removal — consistent with the ~95% purge of real #OpIsrael infrastructure operators from the platform.
· Lorian Synaro — Known within Anonymous. Conducted real-world infrastructure breaches and botnet-driven DDoS operations against Israeli systems. Eliminated from X.
· ANAS AS OpIsrael — suspended.
· GhostSec3301 — Founder-level operator within Ghost Security (GhostSec), historically aligned with OpIsrael. Suspended.
· AnonGhost Media X — Suspended.
The pattern is absolute. Search any real operator tied to actual infrastructure breaches — they are gone.
The OpSec Reality
X is not neutral ground. It is an Israeli-American operational environment.
Its verification infrastructure is tied to AU10Tix, an Israeli intelligence-linked firm.
Its data systems are opaque by design.
Its transparency is selective — shielding aligned entities while exposing adversaries.
This is not a platform. It is a monitored battlespace.
If you are conducting operations while remaining on X, you are not practicing OpSec. You are violating it at the most fundamental level.
Brief OpSec Primer
Operational Security (OpSec) is not optional. It is survival.
1. Identification of sensitive information — What can identify or expose you?
2. Threat analysis — Who is hunting you? (Platform operators + state intelligence agencies)
3. Weakness analysis — Where does your operational chain break?
4. Risk assessment — What happens when — not if — you are exposed?
5. Countermeasure application — Eliminate vulnerabilities or be eliminated
Operating from X fails at Step 1. Immediately. Completely.
X possesses:
Your registration IP
Login histories
Device fingerprints
Behavioral patterns
Association graphs
Direct message metadata
All of it is accessible — and shareable — with cooperating intelligence entities.
Operating from X is not hacking.
It is broadcasting your intent from inside enemy-controlled infrastructure.
Directives
For #OpIsrael operators:
· Exit X immediately. No delay. No hesitation. No exceptions.
· Do not reduce usage. Do not archive. Do not linger. Leave.
· Transition to hardened, decentralized, encrypted channels: Matrix (self-hosted), Session, SimpleX, XMPP with OMEMO, Telegram, UpScrolled.
· Assume all past activity is logged, indexed, correlated, and permanently stored.
For #OpUSA operators:
· Launching operations against U.S. targets from within X is operational suicide.
· You are operating inside U.S. jurisdiction with direct exposure to Israeli intelligence collaboration.
· You are announcing your presence to the Five Eyes intelligence network in real time.
For all hacktivists:
Forwarded from Anonymous
· If you remain on X after this warning, then one of the following is true:
· You do not understand OpSec
· You are not conducting real operations
· No serious operator makes this mistake
· Time is already against you
Reference Documentation
Final Statement
Anonymous sees the pattern. The list is known.
These are not random accounts — these are high-value operators. Individuals who executed real breaches against Israeli infrastructure — not symbolic actors changing profile images.
They are gone.
The #OpIsrael presence on X is no longer operational. It has been dismantled.
The purge is complete.
The signal is clear: X is hostile territory.
Remain, and you will be mapped, tracked, and removed.
Leave now — before you are next.
U.S.-Based Activists: IMMEDIATE PLATFORM EXODUS ORDER
Green card holders and immigrants — X is a monitored killzone.
Federal surveillance systems (ICE + FBI coordination) actively scan political activity for deportation triggers.
Your posts, metadata, and networks are being profiled RIGHT NOW.
Directive: Delete accounts. Go dark. Zero public exposure.
Non-compliance = detention risk.
— Operational Security Dispatch | Anonymous Collective
Message To Elon Mask:
We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.
To Hacktivists:
We are Anonymous.
And we do not operate from compromised ground.
· You do not understand OpSec
· You are not conducting real operations
· No serious operator makes this mistake
· Time is already against you
Reference Documentation
Final Statement
Anonymous sees the pattern. The list is known.
These are not random accounts — these are high-value operators. Individuals who executed real breaches against Israeli infrastructure — not symbolic actors changing profile images.
They are gone.
The #OpIsrael presence on X is no longer operational. It has been dismantled.
The purge is complete.
The signal is clear: X is hostile territory.
Remain, and you will be mapped, tracked, and removed.
Leave now — before you are next.
U.S.-Based Activists: IMMEDIATE PLATFORM EXODUS ORDER
Green card holders and immigrants — X is a monitored killzone.
Federal surveillance systems (ICE + FBI coordination) actively scan political activity for deportation triggers.
Your posts, metadata, and networks are being profiled RIGHT NOW.
Directive: Delete accounts. Go dark. Zero public exposure.
Non-compliance = detention risk.
— Operational Security Dispatch | Anonymous Collective
Message To Elon Mask:
We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.
To Hacktivists:
We are Anonymous.
And we do not operate from compromised ground.
's1ege_' (pronounced "Siege") is the online identity of a veteran hacker and security researcher with nearly 30 years in the trenches of cyber-ops. As a leading member of Ghost Squad Hackers, S1ege combines deep-level technical skill with a passion for digital freedom, exposing corruption and protecting the vulnerable.