Cyber Dispatch™️
380 subscribers
21 photos
1 video
50 links
The definitive source for critical cybersecurity news. When a major threat breaks, we dispatch.

#CyberDispatch #CyberSecurity #InfoSec #ThreatIntelligence #ZeroDay #DataBreach #SecurityNews
Download Telegram
A Hackers claim they have videos of President Trump with minors, threatening to release them if the U.S. attacks Iran — now going viral on social media.
Facebook and TikTok have been suspended in Gabon “until further notice” after the Central African nation’s media regulator accused social media platforms of publishing content that stokes conflict and divisions in society.
Researchers found a stack overflow in Grandstream GXP1600 phones (CVE-2026-2329, 9.3 CVSS).

A crafted API request can overwrite memory and run code remotely—no login required. Post-exploitation includes credential theft and VoIP call interception via rogue SIP proxy.
China-linked UNC6201 exploited a CVSS 10.0 (CVE-2026-22769) Dell RecoverPoint zero-day since 2024 using hard-coded credentials.

Access led to Tomcat web shells, BRICKSTORM installs, and newer GRIMBOLT backdoors built to evade detection.
Crims hit a $20M jackpot via malware-stuffed ATMs.
Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center.
French Government Says 1.2 Million Bank Accounts Exposed in Breach.
The Immutable Illusion: Pwning Your Kernel with Cloud Files.
China-Linked Hackers Use Dell RecoverPoint Flaw to Drop GrimBolt Malware.
Android malware taps Gemini to navigate infected devices.
MIMICRAT, a new RAT, is spreading via compromised legitimate sites.

Hijacked services displayed fake Cloudflare checks, pushing a PowerShell command that disables logging and AV, then connects over HTTPS masked as analytics traffic.
Three former tech employees were indicted for allegedly stealing Google trade secrets and transferring them to Iran.

Prosecutors say the data involved Pixel Tensor processor security and cryptography. Files were copied, photographed, and concealed.
651 arrests across 16 African nations after an INTERPOL crackdown on online scams.

Operation Red Card 2.0 hit investment fraud, mobile loan apps, and telecom breaches. Investigators linked cases to $45M in victim losses and seized thousands of devices.
Microsoft patched a Windows Admin Center flaw enabling privilege escalation across managed systems.

CVE-2026-26119 (CVSS 8.8) stems from improper authentication and could grant rights equal to the running user.
Hackers just leaked the address of Israeli weapons manufacturers in the UAE.
Russia’s FSB accuses Telegram of enabling Ukraine to access military information, claiming the app endangered Russian troops, while authorities briefly restricted the platform.
US grand jury charges Silicon Valley engineers over alleged trade secret theft involving Google & Iran.

A federal grand jury in the US has indicted three engineers based in Silicon Valley on allegations that they stole proprietary technology from major tech firms, including Google, and sent the data to Iran, the Justice Department announced on Thursday.
Hacker breached 600+ FortiGate devices across 55 countries using commercial AI.

No zero-days. They scanned exposed management ports, brute-forced weak logins, accessed VPNs, ran DCSync in AD, and targeted Veeam backups.
Generative AI traffic is up 890%, and 87% of organizations report AI-driven attacks.

EC-Council has launched four AI certifications plus Certified CISO v4 to help teams handle adoption, security, and governance as AI risk grows.
CISA on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

CVE-2025-49113 (CVSS score: 9.9) - A deserialization of untrusted data vulnerability that allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php. (Fixed in June 2025)