Bombshell Report: CIA Used Pegasus in US Pilot Rescue Op
London Times claims CIA deployed NSO's Pegasus spyware in a deception op to locate downed American pilot—hijacking WhatsApp/Signal with fake msgs from "Iranian officials" luring IRGC to reveal position.
Pegasus excels at spoofing comms as victim's device for intel grabs.
Note: Dubious fit for Iran ops—WhatsApp rarely used for sensitive IRGC work.
London Times claims CIA deployed NSO's Pegasus spyware in a deception op to locate downed American pilot—hijacking WhatsApp/Signal with fake msgs from "Iranian officials" luring IRGC to reveal position.
Pegasus excels at spoofing comms as victim's device for intel grabs.
Note: Dubious fit for Iran ops—WhatsApp rarely used for sensitive IRGC work.
AI Cyber Arms Race Kicks Off
New AI model "Mythos" rivals state-level cyber tools—now limited to elite firms & experts for security fixes.
But access won't stay exclusive. Tech corps are igniting a fierce cyberattack rivalry, bypassing govs.
Dawn of AI-fueled cyberwar: Future versions will be deadlier. Game on.
New AI model "Mythos" rivals state-level cyber tools—now limited to elite firms & experts for security fixes.
But access won't stay exclusive. Tech corps are igniting a fierce cyberattack rivalry, bypassing govs.
Dawn of AI-fueled cyberwar: Future versions will be deadlier. Game on.
Android trojan Mirax is spreading via Meta ads, hitting 220K+ accounts with fake streaming apps.
It gives attackers full device control and turns phones into proxy nodes to mask fraud using real IPs.
It gives attackers full device control and turns phones into proxy nodes to mask fraud using real IPs.
108 Chrome extensions with 20,000 installs were tied to one backend stealing user data.
They captured Google accounts, hijacked Telegram sessions, and injected scripts into every page—while posing as games and utilities.
They captured Google accounts, hijacked Telegram sessions, and injected scripts into every page—while posing as games and utilities.
A ShowDoc flaw (CVSS 9.4) is now under active exploitation.
CVE-2025-0520 lets attackers upload web shells via unauthenticated file upload → full server control. First attacks seen via a U.S. honeypot; ~2,000 instances remain exposed, mostly in China.
CVE-2025-0520 lets attackers upload web shells via unauthenticated file upload → full server control. First attacks seen via a U.S. honeypot; ~2,000 instances remain exposed, mostly in China.
CISA added 6 flaws to its KEV list after active exploitation.
A Fortinet bug (9.1) allows unauthenticated remote code execution, while an Exchange flaw is being used to deploy Medusa ransomware.
Federal agencies must patch by April 27.
A Fortinet bug (9.1) allows unauthenticated remote code execution, while an Exchange flaw is being used to deploy Medusa ransomware.
Federal agencies must patch by April 27.
FBI and Indonesian police dismantled W3LL, a phishing platform behind $20M+ fraud attempts.
Used by 500+ actors, it sold tools to steal credentials, bypass MFA, and resell access to 25,000+ accounts.
Used by 500+ actors, it sold tools to steal credentials, bypass MFA, and resell access to 25,000+ accounts.
🆒1
APT37 used Facebook to run a targeted malware campaign.
Fake profiles built trust, moved chats to Telegram, then pushed a trojanized PDF app that installs RokRAT via a JPG payload, using compromised sites and Zoho WorkDrive for control.
Fake profiles built trust, moved chats to Telegram, then pushed a trojanized PDF app that installs RokRAT via a JPG payload, using compromised sites and Zoho WorkDrive for control.
Hacktivist group Handala claims responsibility for taking down Foulat (Bahrain) & SULB (Saudi Arabia), calling it retaliation for "crimes against resistance axis" & slain hackers during "Ramadan War."
Both firms reportedly knocked offline—$5B+ annual revenue, 2M tons steel capacity, 2K+ staff. Group warns: "No point of enemy geography is out of reach."
#TGITM @TheGhostITM
Both firms reportedly knocked offline—$5B+ annual revenue, 2M tons steel capacity, 2K+ staff. Group warns: "No point of enemy geography is out of reach."
#TGITM @TheGhostITM
👏1
Hacker group Handala has announced that it will release, for the first time, footage of reconnaissance and intelligence operations carried out by its operatives in the occupied territories within the coming hours.
#TGITM @TheGhostITM
#TGITM @TheGhostITM
Handala hackers deep penetration of Mossad and Shin Bet facilities as unprecedented footage surfaces of spy chiefs’ homes.
#TGITM @TheGhostITM
#TGITM @TheGhostITM
Handala has obtained and released aerial surveillance of sensitive Israeli sites, including what it describes as Mossad facilities, residences of air force pilots, and homes of senior intelligence officials. A public statement from the group claims the material was gathered over months through operations conducted with the assistance of local collaborators inside the occupied territories:
#TGITM @TheGhostITM
#TGITM @TheGhostITM
Handala hackers captured aerial footage on operatives of top-secret Mossad headquarters, the homes of Israeli Air Force pilots, residences of senior Iran Desk officials within Mossad, homes of Shin Bet counter-terrorism managers, as well as the travel routes and daily movements of senior Zionist security and military officials,
#TGITM @TheGhostITM
#TGITM @TheGhostITM
Handala: the footage maps not only locations but also movement patterns and daily routes of senior military and security figures, presenting it as evidence of sustained intelligence access and operational reach. It frames the release as a glimpse into capabilities behind recent undisclosed actions, suggesting a broader campaign that has so far remained largely in the shadows.
#TGITM @TheGhostITM
#TGITM @TheGhostITM
Composer disclosed two command injection flaws (CVE-2026-40176 and CVE-2026-40261) with up to CVSS 8.8 severity.
Malicious composer.json or crafted source refs can execute arbitrary commands—even without Perforce installed. Affects multiple 2.x versions; patches released and metadata disabled as a precaution.
Malicious composer.json or crafted source refs can execute arbitrary commands—even without Perforce installed. Affects multiple 2.x versions; patches released and metadata disabled as a precaution.
Booking.com Issues Data Breach Alert: Customer Info Potentially Compromised
Booking.com has notified select users via email that unauthorized actors may have accessed reservation-related data, including names, email addresses, phone numbers, postal addresses, and details shared with properties.
Booking.com has notified select users via email that unauthorized actors may have accessed reservation-related data, including names, email addresses, phone numbers, postal addresses, and details shared with properties.