Cloud worm malware campaign is systematically taking over cloud infrastructure.
TeamPCP exploits exposed Docker, Kubernetes, Redis, and React2Shell to mass-deploy proxies, scanners, crypto miners & ransomware across compromised clusters.
TeamPCP exploits exposed Docker, Kubernetes, Redis, and React2Shell to mass-deploy proxies, scanners, crypto miners & ransomware across compromised clusters.
Microsoft traced a multi-stage intrusion to exposed SolarWinds Web Help Desk servers.
Attackers used unauthenticated RCE, moved laterally, and abused legit RMM tools for persistence — plus credential dumping and DCSync.
Attackers used unauthenticated RCE, moved laterally, and abused legit RMM tools for persistence — plus credential dumping and DCSync.
Singapore’s cyber agency says China-linked UNC3886 targeted all four national telecom operators.
Attackers used a firewall zero-day and rootkits to access parts of critical systems. Espionage activity was contained. No service disruption or customer data theft found.
Attackers used a firewall zero-day and rootkits to access parts of critical systems. Espionage activity was contained. No service disruption or customer data theft found.
Fortinet Fixes Critical FortiClientEMS RCE (CVE-2026-21643, CVSS 9.1).
SQL injection flaw enables unauthenticated remote command execution via crafted requests. Affects EMS 7.4.4 (patch available).
Separate FortiCloud SSO bug is actively exploited for admin persistence and firewall config theft.
SQL injection flaw enables unauthenticated remote command execution via crafted requests. Affects EMS 7.4.4 (patch available).
Separate FortiCloud SSO bug is actively exploited for admin persistence and firewall config theft.
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
أعلنت شركة الأمن السيبراني الإسرائيلية CyberArk المتخصصة في أمن الهوية الرقمية أن السعودية أصبحت "محرك النمو" الرئيسي لها بعد 7 أكتوبر.
وأكد أحد كبار مسؤولي الشركة التي تتخذ من بتاح تكفا وبئر السبع مقراً لها، أنها تحقق نمواً سنوياً يقارب 25% في المنطقة فيما تمثل السوق السعودية نحو 40% من إجمالي أعمالها في الشرق الأوسط.
@TheGhostsITM
وأكد أحد كبار مسؤولي الشركة التي تتخذ من بتاح تكفا وبئر السبع مقراً لها، أنها تحقق نمواً سنوياً يقارب 25% في المنطقة فيما تمثل السوق السعودية نحو 40% من إجمالي أعمالها في الشرق الأوسط.
@TheGhostsITM
Lithuania is investing €24.1M to harden its digital society against AI-era cybercrime.
The national mission links universities, industry, and government to build fraud detection, disinformation tracking, and critical infrastructure defenses as GenAI reshapes attack tactics.
The national mission links universities, industry, and government to build fraud detection, disinformation tracking, and critical infrastructure defenses as GenAI reshapes attack tactics.
Researchers uncovered ZeroDayRAT, a commercial mobile spyware sold on Telegram targeting Android and iOS.
It enables live camera/mic feeds, GPS tracking, SMS and OTP theft, and wallet hijacking via a self-hosted panel — turning phones into full surveillance nodes.
It enables live camera/mic feeds, GPS tracking, SMS and OTP theft, and wallet hijacking via a self-hosted panel — turning phones into full surveillance nodes.
Google patched Chrome zero-day CVE-2026-2441, a CVSS 8.8 bug already exploited in attacks.
The CSS use-after-free flaw allows sandboxed remote code execution via malicious pages.
The CSS use-after-free flaw allows sandboxed remote code execution via malicious pages.
A firmware-level Android backdoor called Keenadu is being shipped inside signed tablet builds.
Telemetry shows 13,715 users globally encountered its modules. It injects into every app via core system libraries, enabling remote control, data theft, and ad fraud.
Telemetry shows 13,715 users globally encountered its modules. It injects into every app via core system libraries, enabling remote control, data theft, and ad fraud.
A trojanized Oura AI connector is being used to spread SmartLoader malware.
Attackers cloned the MCP server, staged fake GitHub contributors, and planted it in trusted registries. The payload drops StealC to steal credentials, wallets, and cloud access.
Attackers cloned the MCP server, staged fake GitHub contributors, and planted it in trusted registries. The payload drops StealC to steal credentials, wallets, and cloud access.
Israeli technology companies have developed advanced tools to turn modern cars into espionage and intelligence-gathering devices.
Cyber Dispatch™️
Israeli technology companies have developed advanced tools to turn modern cars into espionage and intelligence-gathering devices.
This technology relies on smart car systems connected to the internet, including cameras, microphones, navigation systems, and communication networks, allowing the collection of information about the owner, their movements, and even conversations inside the vehicle.
Cyber Dispatch™️
Israeli technology companies have developed advanced tools to turn modern cars into espionage and intelligence-gathering devices.
Among the prominent Israeli companies in this field are Toka, which develops software to hack vehicle cameras and microphones, Raizon, which enables vehicle tracking and data analysis, and Ateros, specializing in license plate recognition and linking plates to vehicles.
A Hackers claim they have videos of President Trump with minors, threatening to release them if the U.S. attacks Iran — now going viral on social media.
Facebook and TikTok have been suspended in Gabon “until further notice” after the Central African nation’s media regulator accused social media platforms of publishing content that stokes conflict and divisions in society.
Researchers found a stack overflow in Grandstream GXP1600 phones (CVE-2026-2329, 9.3 CVSS).
A crafted API request can overwrite memory and run code remotely—no login required. Post-exploitation includes credential theft and VoIP call interception via rogue SIP proxy.
A crafted API request can overwrite memory and run code remotely—no login required. Post-exploitation includes credential theft and VoIP call interception via rogue SIP proxy.
China-linked UNC6201 exploited a CVSS 10.0 (CVE-2026-22769) Dell RecoverPoint zero-day since 2024 using hard-coded credentials.
Access led to Tomcat web shells, BRICKSTORM installs, and newer GRIMBOLT backdoors built to evade detection.
Access led to Tomcat web shells, BRICKSTORM installs, and newer GRIMBOLT backdoors built to evade detection.
Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center.