Interference with the Global Positioning System (GPS) in and around Haifa.
Cyber Dispatch™️
US used Claude AI during Maduro kidnapping operation.
The US military actively used Anthropic’s Claude AI model during January's operation to kidnap Venezuelan President Nicolás Maduro.
Cyber Dispatch™️
US used Claude AI during Maduro kidnapping operation.
Claude was employed during the operation itself, not only in the planning stages, although the exact nature of its role has not been fully disclosed.
Newly launched social media app “UpScrolled”, has been removed from the Google Play Store.
Social media app “UpScrolled” is back online after previously being removed from the Google Play Store, with access now restored for users.
Security firms uncovered coordinated abuse of Chrome extensions across business, social, and AI tools.
From Meta ad accounts to Gmail inboxes, attackers used add-ons to scrape data, inject payloads, and persist inside sessions.
From Meta ad accounts to Gmail inboxes, attackers used add-ons to scrape data, inject payloads, and persist inside sessions.
One bulletproof-hosted IP drove 346 of 417 Ivanti EPMM exploit attempts.
Activity targeted CVSS 9.8 RCE flaws, rotating 300+ user agents while scanning other enterprise platforms in parallel. Signals automated initial-access reconnaissance.
Activity targeted CVSS 9.8 RCE flaws, rotating 300+ user agents while scanning other enterprise platforms in parallel. Signals automated initial-access reconnaissance.
Apple shipped emergency updates after confirming exploitation of a zero-day in dyld.
The bug (CVE-2026-20700) could allow attackers to execute arbitrary code on vulnerable Apple devices.
The bug (CVE-2026-20700) could allow attackers to execute arbitrary code on vulnerable Apple devices.
North Korea-linked UNC1069 used deepfake Zoom calls to hack crypto firms.
Posing via Telegram, attackers lured victims into fake meetings, triggering ClickFix commands that deployed multi-stage malware on macOS & Windows to steal wallets and credentials.
Posing via Telegram, attackers lured victims into fake meetings, triggering ClickFix commands that deployed multi-stage malware on macOS & Windows to steal wallets and credentials.
North Korean operatives are using real LinkedIn accounts to land remote IT jobs in Western firms.
With impersonated profiles and verified emails, DPRK actors secure roles to fund weapons programs and conduct espionage—some gain admin access, steal data, and maintain persistence.
With impersonated profiles and verified emails, DPRK actors secure roles to fund weapons programs and conduct espionage—some gain admin access, steal data, and maintain persistence.
Reynolds ransomware embeds its own BYOVD evasion, bundling a vulnerable driver to disable EDR before encryption.
It drops the NSecKrnl driver (CVE-2025-68947) to kill security tools, reducing detection and affiliate effort.
It drops the NSecKrnl driver (CVE-2025-68947) to kill security tools, reducing detection and affiliate effort.
Ransomware Persists — But Encryption Is No Longer the Main Signal of Attack!
Picus reviewed 1.1M malware samples and found a shift toward stealth access over disruption. Encryption attacks fell 38% YoY as extortion moves to data theft and credential abuse.
Picus reviewed 1.1M malware samples and found a shift toward stealth access over disruption. Encryption attacks fell 38% YoY as extortion moves to data theft and credential abuse.
Warlock ransomware breached SmarterTools via unpatched SmarterMail VM.
Attackers entered Jan 29, moved laterally, seized Active Directory, and staged Velociraptor pre-encryption. ~12 servers and a QC data center were hit; core apps and customer data stayed unaffected.
Attackers entered Jan 29, moved laterally, seized Active Directory, and staged Velociraptor pre-encryption. ~12 servers and a QC data center were hit; core apps and customer data stayed unaffected.
BeyondTrust patched pre-auth RCE (CVE-2026-1731) in Remote Support and PRA.
Attackers could run OS commands via crafted requests.~11K exposed instances found. Patches released.
Attackers could run OS commands via crafted requests.~11K exposed instances found. Patches released.
Cloud worm malware campaign is systematically taking over cloud infrastructure.
TeamPCP exploits exposed Docker, Kubernetes, Redis, and React2Shell to mass-deploy proxies, scanners, crypto miners & ransomware across compromised clusters.
TeamPCP exploits exposed Docker, Kubernetes, Redis, and React2Shell to mass-deploy proxies, scanners, crypto miners & ransomware across compromised clusters.
Microsoft traced a multi-stage intrusion to exposed SolarWinds Web Help Desk servers.
Attackers used unauthenticated RCE, moved laterally, and abused legit RMM tools for persistence — plus credential dumping and DCSync.
Attackers used unauthenticated RCE, moved laterally, and abused legit RMM tools for persistence — plus credential dumping and DCSync.
Singapore’s cyber agency says China-linked UNC3886 targeted all four national telecom operators.
Attackers used a firewall zero-day and rootkits to access parts of critical systems. Espionage activity was contained. No service disruption or customer data theft found.
Attackers used a firewall zero-day and rootkits to access parts of critical systems. Espionage activity was contained. No service disruption or customer data theft found.
Fortinet Fixes Critical FortiClientEMS RCE (CVE-2026-21643, CVSS 9.1).
SQL injection flaw enables unauthenticated remote command execution via crafted requests. Affects EMS 7.4.4 (patch available).
Separate FortiCloud SSO bug is actively exploited for admin persistence and firewall config theft.
SQL injection flaw enables unauthenticated remote command execution via crafted requests. Affects EMS 7.4.4 (patch available).
Separate FortiCloud SSO bug is actively exploited for admin persistence and firewall config theft.
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
أعلنت شركة الأمن السيبراني الإسرائيلية CyberArk المتخصصة في أمن الهوية الرقمية أن السعودية أصبحت "محرك النمو" الرئيسي لها بعد 7 أكتوبر.
وأكد أحد كبار مسؤولي الشركة التي تتخذ من بتاح تكفا وبئر السبع مقراً لها، أنها تحقق نمواً سنوياً يقارب 25% في المنطقة فيما تمثل السوق السعودية نحو 40% من إجمالي أعمالها في الشرق الأوسط.
@TheGhostsITM
وأكد أحد كبار مسؤولي الشركة التي تتخذ من بتاح تكفا وبئر السبع مقراً لها، أنها تحقق نمواً سنوياً يقارب 25% في المنطقة فيما تمثل السوق السعودية نحو 40% من إجمالي أعمالها في الشرق الأوسط.
@TheGhostsITM