MIMICRAT, a new RAT, is spreading via compromised legitimate sites.
Hijacked services displayed fake Cloudflare checks, pushing a PowerShell command that disables logging and AV, then connects over HTTPS masked as analytics traffic.
Hijacked services displayed fake Cloudflare checks, pushing a PowerShell command that disables logging and AV, then connects over HTTPS masked as analytics traffic.
Three former tech employees were indicted for allegedly stealing Google trade secrets and transferring them to Iran.
Prosecutors say the data involved Pixel Tensor processor security and cryptography. Files were copied, photographed, and concealed.
Prosecutors say the data involved Pixel Tensor processor security and cryptography. Files were copied, photographed, and concealed.
651 arrests across 16 African nations after an INTERPOL crackdown on online scams.
Operation Red Card 2.0 hit investment fraud, mobile loan apps, and telecom breaches. Investigators linked cases to $45M in victim losses and seized thousands of devices.
Operation Red Card 2.0 hit investment fraud, mobile loan apps, and telecom breaches. Investigators linked cases to $45M in victim losses and seized thousands of devices.
Microsoft patched a Windows Admin Center flaw enabling privilege escalation across managed systems.
CVE-2026-26119 (CVSS 8.8) stems from improper authentication and could grant rights equal to the running user.
CVE-2026-26119 (CVSS 8.8) stems from improper authentication and could grant rights equal to the running user.
Hackers just leaked the address of Israeli weapons manufacturers in the UAE.
Russia’s FSB accuses Telegram of enabling Ukraine to access military information, claiming the app endangered Russian troops, while authorities briefly restricted the platform.
US grand jury charges Silicon Valley engineers over alleged trade secret theft involving Google & Iran.
A federal grand jury in the US has indicted three engineers based in Silicon Valley on allegations that they stole proprietary technology from major tech firms, including Google, and sent the data to Iran, the Justice Department announced on Thursday.
A federal grand jury in the US has indicted three engineers based in Silicon Valley on allegations that they stole proprietary technology from major tech firms, including Google, and sent the data to Iran, the Justice Department announced on Thursday.
Hacker breached 600+ FortiGate devices across 55 countries using commercial AI.
No zero-days. They scanned exposed management ports, brute-forced weak logins, accessed VPNs, ran DCSync in AD, and targeted Veeam backups.
No zero-days. They scanned exposed management ports, brute-forced weak logins, accessed VPNs, ran DCSync in AD, and targeted Veeam backups.
Generative AI traffic is up 890%, and 87% of organizations report AI-driven attacks.
EC-Council has launched four AI certifications plus Certified CISO v4 to help teams handle adoption, security, and governance as AI risk grows.
EC-Council has launched four AI certifications plus Certified CISO v4 to help teams handle adoption, security, and governance as AI risk grows.
CISA on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
CVE-2025-49113 (CVSS score: 9.9) - A deserialization of untrusted data vulnerability that allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php. (Fixed in June 2025)
CVE-2025-49113 (CVSS score: 9.9) - A deserialization of untrusted data vulnerability that allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php. (Fixed in June 2025)
Cyber Dispatch™️
CISA on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. CVE-2025-49113 (CVSS score: 9.9) - A deserialization of untrusted data vulnerability…
CVE-2025-68461 (CVSS score: 7.2) - A cross-site scripting vulnerability via the animate tag in an SVG document. (Fixed in December 2025)
Cyber Dispatch™️
هجمات إلكترونية شديدة على بنى تحتية في الإمارات ..
Severe cyberattacks on infrastructure in the UAE.
Yesterday, Hackers leaked the names of the 10 core members serving in the "C4I unit" in Israel.
Researchers found 19 malicious npm packages spreading SANDWORM_MODE.
The worm steals npm/GitHub tokens, SSH keys, API secrets, and crypto keys, then propagates using stolen identities. It also injects into AI coding tools to harvest LLM API keys.
The worm steals npm/GitHub tokens, SSH keys, API secrets, and crypto keys, then propagates using stolen identities. It also injects into AI coding tools to harvest LLM API keys.
Microsoft says a Copilot bug (CW1226324) let Microsoft 365 Copilot summarize confidential emails, bypassing DLP policies.
Since Jan 21, 2026, emails in Sent Items and Drafts with sensitivity labels were processed in Copilot Chat without permission.
Since Jan 21, 2026, emails in Sent Items and Drafts with sensitivity labels were processed in Copilot Chat without permission.
MuddyWater Team launched Operation Olalampo on Jan 26, 2026, targeting organizations across MENA.
Group-IB says phishing Office macros drop new malware—GhostFetch, GhostBackDoor, HTTP_VIP, and the Rust backdoor CHAR.
Some variants use Telegram for control, with signs of AI-assisted development.
Group-IB says phishing Office macros drop new malware—GhostFetch, GhostBackDoor, HTTP_VIP, and the Rust backdoor CHAR.
Some variants use Telegram for control, with signs of AI-assisted development.
A new Go-based RAT, #Moonrise, evades AVs and escalates from one infected endpoint to network-wide compromise.
The impact includes credential theft and hidden audio/video surveillance.
The impact includes credential theft and hidden audio/video surveillance.
In the last year, there has been a 168% surge in DDoS attacks and an increase of more than 120% in application-layer attacks, with 12.2% of cyberattacks worldwide directed at Israel, according to Radware’s 2026 Global Cyber Threat report.
Operation Israel hacktivists have been running sustained distributed denial-of-service (DDoS) campaigns against Israeli government websites, critical infrastructure, and private-sector companies.
Operation Israel hacktivists have been running sustained distributed denial-of-service (DDoS) campaigns against Israeli government websites, critical infrastructure, and private-sector companies.
Forwarded from إعلام المقاومة الفلسطينية
Our team will bring you live, comprehensive coverage of the war between the United States and Israel on one side, and Iran, Hezbollah, and Yemen’s Ansarallah movement on the other.
@PsResistMedia
@PsResistMedia