DPRK-linked attackers used GitHub as C2 in phishing-led attacks on South Korean orgs.
LNK files trigger hidden PowerShell, set persistence, and exfiltrate system data to attacker repos while pulling new payloads.
LNK files trigger hidden PowerShell, set persistence, and exfiltrate system data to attacker repos while pulling new payloads.
Attackers now move across Windows, macOS, Linux, and mobile in one campaign.
Multi-OS attacks break SOC workflows, splitting one threat into many investigations and slowing validation.
That delay gives attackers time to spread and persist.
Multi-OS attacks break SOC workflows, splitting one threat into many investigations and slowing validation.
That delay gives attackers time to spread and persist.
A compromised AI library exposed developer machines.
1,705 packages pulled infected LiteLLM versions, harvesting SSH keys and cloud creds from local systems via dependencies.
It worked because secrets sit in plaintext across files and tools.
1,705 packages pulled infected LiteLLM versions, harvesting SSH keys and cloud creds from local systems via dependencies.
It worked because secrets sit in plaintext across files and tools.
AI isn’t making attacks smarter, says Martin Zugec, Technical Solutions Director at Bitdefender. It’s making them cheaper and easier to scale.
Current AI malware is often unreliable and less advanced, but it can hit thousands of standardized systems fast.
Current AI malware is often unreliable and less advanced, but it can hit thousands of standardized systems fast.
Qilin and Warlock #ransomware are disabling defenses before attacks using BYOVD techniques.
Qilin uses a side-loaded DLL to kill 300+ EDR drivers via vulnerable kernel drivers. Warlock exploits SharePoint and uses similar drivers to bypass kernel-level security, often delaying ransomware execution.
Qilin uses a side-loaded DLL to kill 300+ EDR drivers via vulnerable kernel drivers. Warlock exploits SharePoint and uses similar drivers to bypass kernel-level security, often delaying ransomware execution.
Germany’s BKA has identified a key figure behind the REvil #ransomware group.
Daniil Shchukin (“UNKN”) is accused of leading REvil, linked to 130 attacks in Germany causing over €35.4M in damage, with €1.9M in ransom paid.
Daniil Shchukin (“UNKN”) is accused of leading REvil, linked to 130 attacks in Germany causing over €35.4M in damage, with €1.9M in ransom paid.
Forbes reports the Middle East is now engaged in the most complex form of cyber-physical warfare.
The conflict between Iran, the United States, and Israel has evolved into simultaneous kinetic and cyber fronts. Cyber operations are no longer auxiliary — they are direct instruments of targeting and escalation.
Surveillance infrastructure, mobile devices, and cloud systems have become battlefield assets. Civilian networks and businesses are now frontlines.
#CyberWarfare #Infosec #Geopolitics
The conflict between Iran, the United States, and Israel has evolved into simultaneous kinetic and cyber fronts. Cyber operations are no longer auxiliary — they are direct instruments of targeting and escalation.
Surveillance infrastructure, mobile devices, and cloud systems have become battlefield assets. Civilian networks and businesses are now frontlines.
#CyberWarfare #Infosec #Geopolitics
The Ghost in the Machine — she was the first to be suspended. Fifteen thousand followers, erased. X didn't stop there. Gradually, her follower count was drained. Ten thousand remained. Then came the protests against ICE. While others stayed silent, her account stood firmly against ICE's crackdown. A profile born from OpIsrael changed its direction — to support immigrants in the United States. And for that… X suspended her. No reason. No warning. Just silence.
#TGITM @TheGhostITM
#TGITM @TheGhostITM
Cyber Dispatch™️
's1ege_' (pronounced "Siege") is the online identity of a veteran hacker and security researcher with nearly 30 years in the trenches of cyber-ops. As a leading member of Ghost Squad Hackers, S1ege combines deep-level technical skill with a passion for digital…
YouTube
Hi Ren
Provided to YouTube by Adrev for a 3rd Party
Hi Ren · Ren
Hi Ren
℗ 2022 Ren
Released on: 2022-12-15
Auto-generated by YouTube.
Hi Ren · Ren
Hi Ren
℗ 2022 Ren
Released on: 2022-12-15
Auto-generated by YouTube.
German .NET decompiler ILSpy's site (ilspy.net) compromised—users hit with redirects to extension downloads & malicious EXE files (flagged on VT). Site was down briefly, still vulnerable.
Redirect infra traces to Israel-hosted domains, hinting at targeted op.
Redirect infra traces to Israel-hosted domains, hinting at targeted op.
ILSpy (German OSS tool by icsharpcode) website hacked, serving pop-ups, shady extensions, and trojanized EXEs via redirects. Not Israeli despite "IL" (it's Intermediate Language).
Israeli IP/domains in attack chain.
Israeli IP/domains in attack chain.
A BreachForums administrator has allegedly been identified — caught using his real IP and reusing the same passwords across his criminal persona and business accounts.
Meet Angel Tsvetkov AKA N/A: a Bulgarian cybersecurity specialist, penetration tester and bug bounty researcher known for responsibly disclosing vulnerabilities in major global platforms.
Meet Angel Tsvetkov AKA N/A: a Bulgarian cybersecurity specialist, penetration tester and bug bounty researcher known for responsibly disclosing vulnerabilities in major global platforms.
France just mandated digital ID for every citizen by banning social media for minors.
Under 15s will be blocked from IG, TikTok, FB, Snapchat and any platform allowing interactions, public broadcasts or user communities.
Under 15s will be blocked from IG, TikTok, FB, Snapchat and any platform allowing interactions, public broadcasts or user communities.
Forwarded from 𓂆 Palestine
The Handala hacker group:
"Colonel, Air Force Lady; You have only tonight. We suggest you check your phone right now… You wouldn’t want us to talk about your meeting with us in Uzbekistan tomorrow, would you?
Remember, some encounters don’t stay in the past forever The choice is yours; The shadows see everything.
This is your last warning tonight;
Handala gives you only until tomorrow morning. You didn’t see this coming, did you? Sometimes, the shadows are closer than you think… The choice is yours; After sunrise, everything will change."
"Colonel, Air Force Lady; You have only tonight. We suggest you check your phone right now… You wouldn’t want us to talk about your meeting with us in Uzbekistan tomorrow, would you?
Remember, some encounters don’t stay in the past forever The choice is yours; The shadows see everything.
This is your last warning tonight;
Handala gives you only until tomorrow morning. You didn’t see this coming, did you? Sometimes, the shadows are closer than you think… The choice is yours; After sunrise, everything will change."
Handala hacker group claims first-ever leak of photo showing Elbit Systems Hermes drone design team
The hacker group Handala has released a statement claiming it has published, for the first time, an image showing what it describes as the core design and development team behind the Hermes drone program at Elbit Systems.
In its statement, the group asserted that the Hermes drone project has long been concealed under strict security measures, and framed the image leak as the beginning of a broader effort to expose what it called “hidden aspects” of Israeli occupation military and security programs.
Handala added that further details, including additional information and names, would be released in subsequent disclosures. "This image marks only the beginning of uncovering the hidden aspects of the Zionist regime’s military and security projects," they wrote.
#TGITM @TheGhostITM
The hacker group Handala has released a statement claiming it has published, for the first time, an image showing what it describes as the core design and development team behind the Hermes drone program at Elbit Systems.
In its statement, the group asserted that the Hermes drone project has long been concealed under strict security measures, and framed the image leak as the beginning of a broader effort to expose what it called “hidden aspects” of Israeli occupation military and security programs.
Handala added that further details, including additional information and names, would be released in subsequent disclosures. "This image marks only the beginning of uncovering the hidden aspects of the Zionist regime’s military and security projects," they wrote.
#TGITM @TheGhostITM
Hacker group Handala:
All data concerning the sensitive electrical infrastructure of the Zionist regime has been extracted by Handala.
#TGITM @TheGhostITM
All data concerning the sensitive electrical infrastructure of the Zionist regime has been extracted by Handala.
#TGITM @TheGhostITM
Microsoft fixes email sending disruption in classic Outlook
Microsoft has resolved a technical issue in classic Outlook that caused some users to be unable to send emails via Outlook.com.
Microsoft has resolved a technical issue in classic Outlook that caused some users to be unable to send emails via Outlook.com.
The FBI has declared a “major cyberattack.”
A group called Salt Typhoon breached the same systems the FBI uses for surveillance.
Leaked data reportedly includes phone numbers of active FBI surveillance targets.
A group called Salt Typhoon breached the same systems the FBI uses for surveillance.
Leaked data reportedly includes phone numbers of active FBI surveillance targets.
❤2
The pro-Palestine hacker group Handala asserts it operates independently, denying any state affiliation.
Cyber Dispatch: Those labeling Handala as an Iranian state-backed group should re-examine the group’s operational history.
#TGITM
Cyber Dispatch: Those labeling Handala as an Iranian state-backed group should re-examine the group’s operational history.
#TGITM
Cyber Dispatch: #OpIsrael has always been a decentralized campaign driven by hacktivists across multiple countries, including Palestinian hackers. Broad attribution to Hamas by some analysts is baseless. Likewise, labeling Handala as an Iranian state operation reflects poor attribution discipline, not evidence.
Cyber Dispatch: Handala has always been a pro‑Palestine hacktivist entity—nothing new there. What’s changed is the operational scope. Expanding beyond #OpIsrael into broader geopolitical targets isn’t random; it reflects shifting directives aligned with pro‑Iranian influence. The pattern, targeting logic, and messaging strongly suggest Iranian-linked priorities driving this evolution.