Needle crypto-stealer C2 analysis: API key embedded in plain text inside the Rust malware unlocked 1,932 victims and the operator's withdrawal config.

Handala hacking collective 'compromised' secure US navy phones, updated target bank for Resistance Axis

The most recent breach comes after leaks involving US military personnel, high-ranking authorities, and Israeli regime officials.

#TGITM @TheGhostITM

TCLBANKER, a previously undocumented Brazilian banking trojan, is targeting 59 banking, fintech, and #cryptocurrency platforms.

The malware spreads through #WhatsApp Web and Microsoft Outlook, using DLL side-loading, keylogging, and fake credential overlays to evade detection and steal banking credentials.

28 fraudulent apps on the Google Play Store racked up over 7.3 million downloads before removal.

They promised call, SMS, and #WhatsApp histories for any phone number — but delivered only fake data after users paid up to $80.

The CallPhantom scam mainly hit #Android users in India and Asia-Pacific.

A new Linux backdoor “PamDOORa” is being sold on the cybercrime forum after its price dropped from $1,600 to $900.

The PAM-based malware enables persistent SSH access, steals credentials, and tampers with authentication logs on compromised systems.

QLNX, a previously undocumented #Linux RAT, is targeting developers and DevOps systems to steal npm, PyPI, AWS, Kubernetes, Docker, and CI/CD credentials.

The malware uses fileless execution, PAM backdoors, eBPF rootkits, and 58 remote commands to maintain covert access and hijack software supply chains.

The Iraqi Communications and Media Commission announced that Telegram's activity has officially resumed after the platform committed to complying with the country's laws and regulations.

Zara data breach exposed personal information of 197,000 people.

Cyberattack by “Children Of Gaza” on Ari Cohen Urban Development Company in occupied Jerusalem

The hacker group “Children Of Gaza” has carried out a cyberattack targeting Ari Cohen, a company active in architecture and urban planning in occupied Jerusalem. The group described Ari Cohen as one of the key firms involved in construction projects in the occupied territories.

#TGITM @TheGhostITM

CVE-2025-68670: discovering an RCE vulnerability in xrdp.

Bypassing Bitlocker under 5 min using downgrade attack on CVE-2025-48804.

Denmark’s top young hackers crowned at Copenhagen’s National Cybersecurity Challenge 🇩🇰

100 participants tackled web vulnerabilities & security tasks in an intense 11-hour competition.

Polish officials report a 144% increase in cyberattacks

Poland has announced that cyberattacks on the country's critical infrastructure have significantly increased in 2025.

According to a report by cybersecurity company Kaspersky, children's use of the internet and digital tools has significantly increased, and their interest in artificial intelligence tools has grown remarkably.

According to parental control tool data, a significant portion of children's searches are related to artificial intelligence tools. Alongside this, the use of social networks, messaging apps, and video platforms remains very high.

Starlink has made user authentication mandatory

The company has asked users with active service to complete the authentication process to continue using it.

According to reports, users must provide information such as full name, nationality, date of birth, passport number, a photo of the passport's first page, and a selfie. It has also been stated that the account name must match the name on the passport.