Cyber Dispatch: #OpIsrael has always been a decentralized campaign driven by hacktivists across multiple countries, including Palestinian hackers. Broad attribution to Hamas by some analysts is baseless. Likewise, labeling Handala as an Iranian state operation reflects poor attribution discipline, not evidence.
Cyber Dispatch: Handala has always been a pro‑Palestine hacktivist entity—nothing new there. What’s changed is the operational scope. Expanding beyond #OpIsrael into broader geopolitical targets isn’t random; it reflects shifting directives aligned with pro‑Iranian influence. The pattern, targeting logic, and messaging strongly suggest Iranian-linked priorities driving this evolution.
The FBI built its power on spying on others—today, it got doxed itself.
Turns out, even the watchers aren’t immune to being watched.
Turns out, even the watchers aren’t immune to being watched.
The hacker group Handala has posted a direct warning to former Israeli Chief of General Staff Herzi Halevi, claiming that the group is “sitting at the chokepoint” and that Israeli occupation military figures are under their surveillance. The message also threatened that exposure of their intelligence will occur at a time of Handala’s choosing.
#TGITM @TheGhostITM
#TGITM @TheGhostITM
Anthropic’s new Claude Mythos model has found thousands of high-severity zero-days across major OS, browsers, and software — showing capabilities that can surpass top human experts.
Project Glasswing deploys it to secure critical systems ahead of potential misuse.
Project Glasswing deploys it to secure critical systems ahead of potential misuse.
Hackers are targeting U.S. critical infrastructure with direct PLC disruption.
They access internet exposed devices using legitimate tools, then alter system data and operations, disrupting water, energy, and government services and causing financial loss.
They access internet exposed devices using legitimate tools, then alter system data and operations, disrupting water, energy, and government services and causing financial loss.
APT28 ran a global router hijack to steal credentials.
The group compromised MikroTik and TP-Link devices, rewrote DNS settings, and redirected traffic for credential theft at scale -- impacting 18,000+ IPs across 120 countries, including government and cloud targets.
The group compromised MikroTik and TP-Link devices, rewrote DNS settings, and redirected traffic for credential theft at scale -- impacting 18,000+ IPs across 120 countries, including government and cloud targets.
Docker fixed a flaw letting attackers bypass AuthZ plugins with a padded API request (1MB).
The plugin sees no body and allows it, while Docker executes it—creating a privileged container with host access and exposed credentials.
The plugin sees no body and allows it, while Docker executes it—creating a privileged container with host access and exposed credentials.
Attackers are hijacking exposed ComfyUI servers into crypto mining and proxy botnets.
Scanners exploit unauthenticated setups via custom nodes, run code, and install persistent malware. Infected systems mine crypto and resist removal.
Scanners exploit unauthenticated setups via custom nodes, run code, and install persistent malware. Infected systems mine crypto and resist removal.
Flowise has a CVSS 10.0 RCE flaw (CVE-2025-59528) now under active attack.
A bug in MCP config lets attackers run JavaScript with full system access using just an API token. Over 12,000 exposed instances raise risk.
A bug in MCP config lets attackers run JavaScript with full system access using just an API token. Over 12,000 exposed instances raise risk.
US agencies warn of cyber intrusions targeting industrial systems
According to Politico, hackers are exploiting vulnerabilities in industrial control systems—particularly PLCs—impacting critical infrastructure like water and energy. Rockwell Automation devices are among those targeted.
According to Politico, hackers are exploiting vulnerabilities in industrial control systems—particularly PLCs—impacting critical infrastructure like water and energy. Rockwell Automation devices are among those targeted.
German authorities report increased activity by APT28, exploiting vulnerable TP-Link routers to spy on military, government, and critical infrastructure targets. The group has previously targeted German institutions.
Surge in AI-driven cyberattacks targeting the UAE
The United Arab Emirates has reported a significant rise in cyberattacks, escalating alongside regional tensions. A large portion of these attacks are carried out using AI-powered tools.
The attacks include phishing campaigns, vulnerability reconnaissance, and malware development, with hundreds of thousands of incidents recorded daily.
The United Arab Emirates has reported a significant rise in cyberattacks, escalating alongside regional tensions. A large portion of these attacks are carried out using AI-powered tools.
The attacks include phishing campaigns, vulnerability reconnaissance, and malware development, with hundreds of thousands of incidents recorded daily.
APT28 is targeting Ukraine and allied supply chains using a confirmed zero-day (CVE-2026-21513) and PRISMEX malware.
It also exploits CVE-2026-21509, with LNK delivery possibly chaining both flaws to enable theft and file-wiping.
It also exploits CVE-2026-21509, with LNK delivery possibly chaining both flaws to enable theft and file-wiping.
Docker fixes AuthZ bypass bug that created containers with excessive privileges.
The Russian military is once again hacking home and small office routers in widespread operations that send unwitting users to sites that harvest passwords and credential tokens for use in espionage campaigns.
An estimated 18,000 to 40,000 consumer routers, mostly those made by MikroTik and TP-Link, located in 120 countries, were wrangled into infrastructure belonging to APT28, an advanced threat group that’s part of Russia’s military intelligence agency known as the GRU.
An estimated 18,000 to 40,000 consumer routers, mostly those made by MikroTik and TP-Link, located in 120 countries, were wrangled into infrastructure belonging to APT28, an advanced threat group that’s part of Russia’s military intelligence agency known as the GRU.
N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust.