Cyber Dispatch™️
380 subscribers
21 photos
1 video
50 links
The definitive source for critical cybersecurity news. When a major threat breaks, we dispatch.

#CyberDispatch #CyberSecurity #InfoSec #ThreatIntelligence #ZeroDay #DataBreach #SecurityNews
Download Telegram
French Government Says 1.2 Million Bank Accounts Exposed in Breach.
The Immutable Illusion: Pwning Your Kernel with Cloud Files.
China-Linked Hackers Use Dell RecoverPoint Flaw to Drop GrimBolt Malware.
Android malware taps Gemini to navigate infected devices.
MIMICRAT, a new RAT, is spreading via compromised legitimate sites.

Hijacked services displayed fake Cloudflare checks, pushing a PowerShell command that disables logging and AV, then connects over HTTPS masked as analytics traffic.
Three former tech employees were indicted for allegedly stealing Google trade secrets and transferring them to Iran.

Prosecutors say the data involved Pixel Tensor processor security and cryptography. Files were copied, photographed, and concealed.
651 arrests across 16 African nations after an INTERPOL crackdown on online scams.

Operation Red Card 2.0 hit investment fraud, mobile loan apps, and telecom breaches. Investigators linked cases to $45M in victim losses and seized thousands of devices.
Microsoft patched a Windows Admin Center flaw enabling privilege escalation across managed systems.

CVE-2026-26119 (CVSS 8.8) stems from improper authentication and could grant rights equal to the running user.
Hackers just leaked the address of Israeli weapons manufacturers in the UAE.
Russia’s FSB accuses Telegram of enabling Ukraine to access military information, claiming the app endangered Russian troops, while authorities briefly restricted the platform.
US grand jury charges Silicon Valley engineers over alleged trade secret theft involving Google & Iran.

A federal grand jury in the US has indicted three engineers based in Silicon Valley on allegations that they stole proprietary technology from major tech firms, including Google, and sent the data to Iran, the Justice Department announced on Thursday.
Hacker breached 600+ FortiGate devices across 55 countries using commercial AI.

No zero-days. They scanned exposed management ports, brute-forced weak logins, accessed VPNs, ran DCSync in AD, and targeted Veeam backups.
Generative AI traffic is up 890%, and 87% of organizations report AI-driven attacks.

EC-Council has launched four AI certifications plus Certified CISO v4 to help teams handle adoption, security, and governance as AI risk grows.
CISA on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

CVE-2025-49113 (CVSS score: 9.9) - A deserialization of untrusted data vulnerability that allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php. (Fixed in June 2025)
هجمات إلكترونية شديدة على بنى تحتية في الإمارات ..
Yesterday, Hackers leaked the names of the 10 core members serving in the "C4I unit" in Israel.
Researchers found 19 malicious npm packages spreading SANDWORM_MODE.

The worm steals npm/GitHub tokens, SSH keys, API secrets, and crypto keys, then propagates using stolen identities. It also injects into AI coding tools to harvest LLM API keys.
Microsoft says a Copilot bug (CW1226324) let Microsoft 365 Copilot summarize confidential emails, bypassing DLP policies.

Since Jan 21, 2026, emails in Sent Items and Drafts with sensitivity labels were processed in Copilot Chat without permission.
MuddyWater Team launched Operation Olalampo on Jan 26, 2026, targeting organizations across MENA.

Group-IB says phishing Office macros drop new malware—GhostFetch, GhostBackDoor, HTTP_VIP, and the Rust backdoor CHAR.

Some variants use Telegram for control, with signs of AI-assisted development.