Forwarded from 𓂆 Palestine
مجموعة "حنظلة" تخترق مواقع 27 شركة إسرائيلية وتغيّر واجهاتها وتضع صوراً عن مجزرة مدرسة ميناب في إيران.
The “Handala ” hacker group targeted 27 Israeli company websites, the operation as retaliation for the killing of children in Minab and a message against silencing civilians through violence.
“Handala: The blood of the children of Minab will not be forgotten; although they were small, their revenge is great.”
#TGITM @TheGhostITM
“Handala: The blood of the children of Minab will not be forgotten; although they were small, their revenge is great.”
#TGITM @TheGhostITM
Kuwait’s Ministry of Interior breached by hacktivist group “Nasir.”
In a statement, the group said it gained access to government and intelligence systems, sensitive data on officials, and alleged documents on Kuwait–US cooperation.
The group warned of further disruptive operations targeting national infrastructure.
In a statement, the group said it gained access to government and intelligence systems, sensitive data on officials, and alleged documents on Kuwait–US cooperation.
The group warned of further disruptive operations targeting national infrastructure.
Arabsat satellite network disrupted in cyberattack claimed by "Mabir" hackers over alleged Israel/US ties & hosting Iran International.
#TGITM @TheGhostITM
#TGITM @TheGhostITM
LEAK: Handala hacks & dumps unredacted WhatsApp/X chats of Raz Zimet, Israel's INSS Iran desk chief. Ignores exit warnings—ops intel, privos exposed.
Clear msg: "Nothing hidden from us." IOCs? TTPs point to prior Palestinian opsec breaches. Monitoring exploits.
#Cyberwar #Handala #InfoSec #TGITM @TheGhostITM
Clear msg: "Nothing hidden from us." IOCs? TTPs point to prior Palestinian opsec breaches. Monitoring exploits.
#Cyberwar #Handala #InfoSec #TGITM @TheGhostITM
Mass Exploitation of React2Shell Vulnerability; Automated Data Theft
Attackers exploiting React2Shell in Next.js apps have launched automated attacks, infecting hundreds of servers. Stolen data includes database credentials, AWS keys, and SSH keys.
NEXUS Listener tool collects & exfiltrates data to attacker C2 servers—enabling cloud account takeovers and deeper compromises.
Attackers exploiting React2Shell in Next.js apps have launched automated attacks, infecting hundreds of servers. Stolen data includes database credentials, AWS keys, and SSH keys.
NEXUS Listener tool collects & exfiltrates data to attacker C2 servers—enabling cloud account takeovers and deeper compromises.
Forwarded from Anonymous
URGENT SECURITY NOTICE: OpSec Violation on X Platform
CLASSIFICATION: CRITICAL — TOTAL EXODUS REQUIRED IMMEDIATELY
To the hacktivist collective, operators conducting #OpIsrael, #OpUSA, and affiliated operations
What you are witnessing is not random. It is not coincidence. It is a coordinated purge. This is not speculation — this is confirmed, observable reality.
The Current Situation
As of this moment, approximately 95% of #OpIsrael hacktivist accounts on X (formerly Twitter) have been systematically suspended within weeks. This includes elite operators — individuals whose technical capabilities are unquestionable and battle-tested.
Confirmed suspended / eliminated from the platform:
Ghost Squad Hackers (GSH) — Hacktivist collective responsible for the April 7, 2016 #OpIsrael breach, exposing Israeli Defense Force (IDF) personnel records, including thousands of soldiers and Israeli Air Force members. Also executed operations against the U.S. Armed Forces, Bank of England, CNN, and Fox News.
Wikipedia: https://en.wikipedia.org/wiki/Ghost_Squad_Hackers
Official presence on X — terminated.
#GSH #AG #Anonymous (ANAS AS OpIsrael) operational accounts — wiped.
This is systematic removal — consistent with the ~95% purge of real #OpIsrael infrastructure operators from the platform.
· Lorian Synaro — Known within Anonymous. Conducted real-world infrastructure breaches and botnet-driven DDoS operations against Israeli systems. Eliminated from X.
· ANAS AS OpIsrael — suspended.
· GhostSec3301 — Founder-level operator within Ghost Security (GhostSec), historically aligned with OpIsrael. Suspended.
· AnonGhost Media X — Suspended.
The pattern is absolute. Search any real operator tied to actual infrastructure breaches — they are gone.
The OpSec Reality
X is not neutral ground. It is an Israeli-American operational environment.
Its verification infrastructure is tied to AU10Tix, an Israeli intelligence-linked firm.
Its data systems are opaque by design.
Its transparency is selective — shielding aligned entities while exposing adversaries.
This is not a platform. It is a monitored battlespace.
If you are conducting operations while remaining on X, you are not practicing OpSec. You are violating it at the most fundamental level.
Brief OpSec Primer
Operational Security (OpSec) is not optional. It is survival.
1. Identification of sensitive information — What can identify or expose you?
2. Threat analysis — Who is hunting you? (Platform operators + state intelligence agencies)
3. Weakness analysis — Where does your operational chain break?
4. Risk assessment — What happens when — not if — you are exposed?
5. Countermeasure application — Eliminate vulnerabilities or be eliminated
Operating from X fails at Step 1. Immediately. Completely.
X possesses:
Your registration IP
Login histories
Device fingerprints
Behavioral patterns
Association graphs
Direct message metadata
All of it is accessible — and shareable — with cooperating intelligence entities.
Operating from X is not hacking.
It is broadcasting your intent from inside enemy-controlled infrastructure.
Directives
For #OpIsrael operators:
· Exit X immediately. No delay. No hesitation. No exceptions.
· Do not reduce usage. Do not archive. Do not linger. Leave.
· Transition to hardened, decentralized, encrypted channels: Matrix (self-hosted), Session, SimpleX, XMPP with OMEMO, Telegram, UpScrolled.
· Assume all past activity is logged, indexed, correlated, and permanently stored.
For #OpUSA operators:
· Launching operations against U.S. targets from within X is operational suicide.
· You are operating inside U.S. jurisdiction with direct exposure to Israeli intelligence collaboration.
· You are announcing your presence to the Five Eyes intelligence network in real time.
For all hacktivists:
CLASSIFICATION: CRITICAL — TOTAL EXODUS REQUIRED IMMEDIATELY
To the hacktivist collective, operators conducting #OpIsrael, #OpUSA, and affiliated operations
What you are witnessing is not random. It is not coincidence. It is a coordinated purge. This is not speculation — this is confirmed, observable reality.
The Current Situation
As of this moment, approximately 95% of #OpIsrael hacktivist accounts on X (formerly Twitter) have been systematically suspended within weeks. This includes elite operators — individuals whose technical capabilities are unquestionable and battle-tested.
Confirmed suspended / eliminated from the platform:
Ghost Squad Hackers (GSH) — Hacktivist collective responsible for the April 7, 2016 #OpIsrael breach, exposing Israeli Defense Force (IDF) personnel records, including thousands of soldiers and Israeli Air Force members. Also executed operations against the U.S. Armed Forces, Bank of England, CNN, and Fox News.
Wikipedia: https://en.wikipedia.org/wiki/Ghost_Squad_Hackers
Official presence on X — terminated.
#GSH #AG #Anonymous (ANAS AS OpIsrael) operational accounts — wiped.
This is systematic removal — consistent with the ~95% purge of real #OpIsrael infrastructure operators from the platform.
· Lorian Synaro — Known within Anonymous. Conducted real-world infrastructure breaches and botnet-driven DDoS operations against Israeli systems. Eliminated from X.
· ANAS AS OpIsrael — suspended.
· GhostSec3301 — Founder-level operator within Ghost Security (GhostSec), historically aligned with OpIsrael. Suspended.
· AnonGhost Media X — Suspended.
The pattern is absolute. Search any real operator tied to actual infrastructure breaches — they are gone.
The OpSec Reality
X is not neutral ground. It is an Israeli-American operational environment.
Its verification infrastructure is tied to AU10Tix, an Israeli intelligence-linked firm.
Its data systems are opaque by design.
Its transparency is selective — shielding aligned entities while exposing adversaries.
This is not a platform. It is a monitored battlespace.
If you are conducting operations while remaining on X, you are not practicing OpSec. You are violating it at the most fundamental level.
Brief OpSec Primer
Operational Security (OpSec) is not optional. It is survival.
1. Identification of sensitive information — What can identify or expose you?
2. Threat analysis — Who is hunting you? (Platform operators + state intelligence agencies)
3. Weakness analysis — Where does your operational chain break?
4. Risk assessment — What happens when — not if — you are exposed?
5. Countermeasure application — Eliminate vulnerabilities or be eliminated
Operating from X fails at Step 1. Immediately. Completely.
X possesses:
Your registration IP
Login histories
Device fingerprints
Behavioral patterns
Association graphs
Direct message metadata
All of it is accessible — and shareable — with cooperating intelligence entities.
Operating from X is not hacking.
It is broadcasting your intent from inside enemy-controlled infrastructure.
Directives
For #OpIsrael operators:
· Exit X immediately. No delay. No hesitation. No exceptions.
· Do not reduce usage. Do not archive. Do not linger. Leave.
· Transition to hardened, decentralized, encrypted channels: Matrix (self-hosted), Session, SimpleX, XMPP with OMEMO, Telegram, UpScrolled.
· Assume all past activity is logged, indexed, correlated, and permanently stored.
For #OpUSA operators:
· Launching operations against U.S. targets from within X is operational suicide.
· You are operating inside U.S. jurisdiction with direct exposure to Israeli intelligence collaboration.
· You are announcing your presence to the Five Eyes intelligence network in real time.
For all hacktivists:
Forwarded from Anonymous
· If you remain on X after this warning, then one of the following is true:
· You do not understand OpSec
· You are not conducting real operations
· No serious operator makes this mistake
· Time is already against you
Reference Documentation
Final Statement
Anonymous sees the pattern. The list is known.
These are not random accounts — these are high-value operators. Individuals who executed real breaches against Israeli infrastructure — not symbolic actors changing profile images.
They are gone.
The #OpIsrael presence on X is no longer operational. It has been dismantled.
The purge is complete.
The signal is clear: X is hostile territory.
Remain, and you will be mapped, tracked, and removed.
Leave now — before you are next.
U.S.-Based Activists: IMMEDIATE PLATFORM EXODUS ORDER
Green card holders and immigrants — X is a monitored killzone.
Federal surveillance systems (ICE + FBI coordination) actively scan political activity for deportation triggers.
Your posts, metadata, and networks are being profiled RIGHT NOW.
Directive: Delete accounts. Go dark. Zero public exposure.
Non-compliance = detention risk.
— Operational Security Dispatch | Anonymous Collective
Message To Elon Mask:
We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.
To Hacktivists:
We are Anonymous.
And we do not operate from compromised ground.
· You do not understand OpSec
· You are not conducting real operations
· No serious operator makes this mistake
· Time is already against you
Reference Documentation
Final Statement
Anonymous sees the pattern. The list is known.
These are not random accounts — these are high-value operators. Individuals who executed real breaches against Israeli infrastructure — not symbolic actors changing profile images.
They are gone.
The #OpIsrael presence on X is no longer operational. It has been dismantled.
The purge is complete.
The signal is clear: X is hostile territory.
Remain, and you will be mapped, tracked, and removed.
Leave now — before you are next.
U.S.-Based Activists: IMMEDIATE PLATFORM EXODUS ORDER
Green card holders and immigrants — X is a monitored killzone.
Federal surveillance systems (ICE + FBI coordination) actively scan political activity for deportation triggers.
Your posts, metadata, and networks are being profiled RIGHT NOW.
Directive: Delete accounts. Go dark. Zero public exposure.
Non-compliance = detention risk.
— Operational Security Dispatch | Anonymous Collective
Message To Elon Mask:
We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.
To Hacktivists:
We are Anonymous.
And we do not operate from compromised ground.
's1ege_' (pronounced "Siege") is the online identity of a veteran hacker and security researcher with nearly 30 years in the trenches of cyber-ops. As a leading member of Ghost Squad Hackers, S1ege combines deep-level technical skill with a passion for digital freedom, exposing corruption and protecting the vulnerable.
Anas As is an expert in frequency hacking and creates his own botnets for attacks. Yet, to this day, he has never claimed a single attack. If you're a good hacker, everyone knows you. But if you're a great hacker… no one knows you.
Loran Synaro — the legend of Anonymous collective. Many followed his footsteps. After LulzSec, he brought Anonymous hacktivism back to the spotlight. One could say… resurrected.
Twitter suspended his account. Some say he was one of the founders of the game — Cicada 3301. Also a founder of Ghost Sec. An OpIsrael hacktivist account. Gone. The game remains. No one knows who really runs it. No one ever will.
OpIsrael hacktivists are being targeted on X by the U.S. government due to fears that they may join the Iranian cyber war against America. Fundamentally, the U.S. has gotten it wrong. Furthermore, Elon Musk poses a danger to activists and hacktivists alike. He should be held accountable.
DPRK-linked attackers used GitHub as C2 in phishing-led attacks on South Korean orgs.
LNK files trigger hidden PowerShell, set persistence, and exfiltrate system data to attacker repos while pulling new payloads.
LNK files trigger hidden PowerShell, set persistence, and exfiltrate system data to attacker repos while pulling new payloads.
Attackers now move across Windows, macOS, Linux, and mobile in one campaign.
Multi-OS attacks break SOC workflows, splitting one threat into many investigations and slowing validation.
That delay gives attackers time to spread and persist.
Multi-OS attacks break SOC workflows, splitting one threat into many investigations and slowing validation.
That delay gives attackers time to spread and persist.
A compromised AI library exposed developer machines.
1,705 packages pulled infected LiteLLM versions, harvesting SSH keys and cloud creds from local systems via dependencies.
It worked because secrets sit in plaintext across files and tools.
1,705 packages pulled infected LiteLLM versions, harvesting SSH keys and cloud creds from local systems via dependencies.
It worked because secrets sit in plaintext across files and tools.
AI isn’t making attacks smarter, says Martin Zugec, Technical Solutions Director at Bitdefender. It’s making them cheaper and easier to scale.
Current AI malware is often unreliable and less advanced, but it can hit thousands of standardized systems fast.
Current AI malware is often unreliable and less advanced, but it can hit thousands of standardized systems fast.
Qilin and Warlock #ransomware are disabling defenses before attacks using BYOVD techniques.
Qilin uses a side-loaded DLL to kill 300+ EDR drivers via vulnerable kernel drivers. Warlock exploits SharePoint and uses similar drivers to bypass kernel-level security, often delaying ransomware execution.
Qilin uses a side-loaded DLL to kill 300+ EDR drivers via vulnerable kernel drivers. Warlock exploits SharePoint and uses similar drivers to bypass kernel-level security, often delaying ransomware execution.