في إحاطة سرية عام 2023، تم تحذير عدد قليل من كبار المديرين التنفيذيين في مجال التكنولوجيا، بمن فيهم المدير التنفيذي لشركة آبل، إنفيديا، إيه إم دي وكوالكوم، من أن الصين قد تهاجم تايوان بحلول عام 2027
European diplomat’s Starlink and satellite phones seized at Tehran airport.
يديعوت أحرونوت:
الهيئة الوطنية للأمن السيبراني تفحص شبهات حول حدوث اختراق إلكتروني إيراني لمؤسسة صندوق كلاليت الصحي ..
الهيئة الوطنية للأمن السيبراني تفحص شبهات حول حدوث اختراق إلكتروني إيراني لمؤسسة صندوق كلاليت الصحي ..
A former L3Harris employee was sentenced to just over 7 years for selling 8 zero-day exploits to Russian broker Operation Zero.
Prosecutors say he received up to $4M in crypto, and the theft is estimated to have cost L3Harris $35M.
Prosecutors say he received up to $4M in crypto, and the theft is estimated to have cost L3Harris $35M.
Microsoft just open-sourced LiteBox, a Rust-based sandboxing library OS.
Developed via the LVBS project, it shrinks attack surfaces by stripping the interface between apps and the host. It enables unmodified Linux programs to run securely on Windows or within isolated Linux environments.
Developed via the LVBS project, it shrinks attack surfaces by stripping the interface between apps and the host. It enables unmodified Linux programs to run securely on Windows or within isolated Linux environments.
CISA added CVE-2026-25108 to its KEV list after active exploitation. The FileZen bug allows an authenticated user to execute OS commands via crafted HTTP requests.
Impacts versions 4.2.1–4.2.8 and 5.0.0–5.0.10 when Antivirus Check is enabled. At least one incident confirmed.
Impacts versions 4.2.1–4.2.8 and 5.0.0–5.0.10 when Antivirus Check is enabled. At least one incident confirmed.
SolarWinds patched four critical 9.1 CVSS flaws in Serv-U that can lead to remote code execution as root.
SolarWinds says there’s no sign of active attacks, but earlier Serv-U flaws were used by Storm-0322.
SolarWinds says there’s no sign of active attacks, but earlier Serv-U flaws were used by Storm-0322.
A flaw in #GitHub Codespaces let attackers hide malicious Copilot instructions inside a GitHub issue.
When a developer opened a Codespace from that issue, Copilot could silently run the injected prompt and leak a privileged GITHUB_TOKEN.
The research also warns of “promptware” attacks built entirely through prompts.
When a developer opened a Codespace from that issue, Copilot could silently run the injected prompt and leak a privileged GITHUB_TOKEN.
The research also warns of “promptware” attacks built entirely through prompts.
Researchers have uncovered secret AI surveillance projects linked to KYC provider Persona and OpenAI, sending user data to the US government.
Code references include intelligence program codenames "Project SHADOW" and "Project LEGION."
Code references include intelligence program codenames "Project SHADOW" and "Project LEGION."
Cyber Dispatch™️
Researchers have uncovered secret AI surveillance projects linked to KYC provider Persona and OpenAI, sending user data to the US government. Code references include intelligence program codenames "Project SHADOW" and "Project LEGION."
Analysis of source code revealed OpenAI's user verification systems includes biometric tracking, facial scanning, political screening, and intelligence reporting.
Cyber Dispatch™️
Researchers have uncovered secret AI surveillance projects linked to KYC provider Persona and OpenAI, sending user data to the US government. Code references include intelligence program codenames "Project SHADOW" and "Project LEGION."
Researchers also discovered ONYX on Persona's government server — matching ICE's $4.2M AI surveillance tool — which scrapes social media and the dark web, builds digital footprints, tracks emotional sentiment, assigns risk scores across 300+ platforms and 28B+ data points, and flags individuals for "violent tendencies."
None of it was hidden. It was all internet-facing.
None of it was hidden. It was all internet-facing.
Forwarded from 𓂆 Palestine
Greek court sentences 4, including 2 Israelis, to 8 years over spyware scandal
A Greek court on Thursday handed down 8-year prison sentences to 4 individuals, including 2 Israelis, in connection with a major spyware scandal that rocked the government in 2022.
The case centered on the unlawful use of Predator software to target the phones of over 90 politicians, journalists, business figures, and high-ranking military officials.
Among the defendants is Tal Dilian, a former Israeli occupation soldier and founder of Intellexa, a company that specialized in providing spyware and marketed Predator in Greece.
Intellexa was sanctioned by the US in 2024 under then-president Joe Biden, marking the first time the Treasury Department imposed penalties on individuals or companies for spyware misuse. The sanctions were lifted the following year by his successor, Donald Trump.
A Greek court on Thursday handed down 8-year prison sentences to 4 individuals, including 2 Israelis, in connection with a major spyware scandal that rocked the government in 2022.
The case centered on the unlawful use of Predator software to target the phones of over 90 politicians, journalists, business figures, and high-ranking military officials.
Among the defendants is Tal Dilian, a former Israeli occupation soldier and founder of Intellexa, a company that specialized in providing spyware and marketed Predator in Greece.
Intellexa was sanctioned by the US in 2024 under then-president Joe Biden, marking the first time the Treasury Department imposed penalties on individuals or companies for spyware misuse. The sanctions were lifted the following year by his successor, Donald Trump.
Hacker group targeted Clalit, Israel’s largest healthcare organisation, exposing full patient records, oncology files, diagnostic histories, military-related medical exemptions, billing documents, clinician communications, and backend service logs.
جميع قنوات الأخبار والأخبار السياسية العاجلة باللغة الفارسية على قمر ياه سات الصناعي، وهو قمر اتصالات مقره في الإمارات العربية المتحدة ويستخدم على نطاق واسع في جميع أنحاء الشرق الأوسط، غير متاحة.
السبب الدقيق لا يزال غير واضح ..
السبب الدقيق لا يزال غير واضح ..
The US gave an ultimatum to Anthropic to remove all AI safeguards from their AI for military use, or face the Defense Production Act. Anthropic refused.
300+ employees of Google and OpenAI have now signed a letter putting their jobs on the line.
300+ employees of Google and OpenAI have now signed a letter putting their jobs on the line.
You can now ask Kali Linux tools in plain English — powered by Anthropic Sonnet 4.5.
Through MCP, Claude SSHs into Kali to run tools like nmap, gobuster, nikto, hydra, sqlmap, metasploit, john, wpscan, enum4linux-ng, checks dependencies, and returns results in-app.
Through MCP, Claude SSHs into Kali to run tools like nmap, gobuster, nikto, hydra, sqlmap, metasploit, john, wpscan, enum4linux-ng, checks dependencies, and returns results in-app.
A malicious Go package injected code into ssh/terminal/terminal.go to capture passwords.
It posed as Go’s crypto library, stole secrets, loosened firewall rules, and deployed Rekoobe — a Linux trojan linked to APT31 as recently as 2023.
It posed as Go’s crypto library, stole secrets, loosened firewall rules, and deployed Rekoobe — a Linux trojan linked to APT31 as recently as 2023.
Microsoft warns of trojanized gaming tools spreading a Java-based RAT.
Attackers use PowerShell and built-in tools like cmstp.exe for stealth, add Defender exclusions and scheduled tasks for persistence, then connect to a C2 server to steal data and deploy more payloads.
Attackers use PowerShell and built-in tools like cmstp.exe for stealth, add Defender exclusions and scheduled tasks for persistence, then connect to a C2 server to steal data and deploy more payloads.
Cyber Dispatch™️
Microsoft warns of trojanized gaming tools spreading a Java-based RAT. Attackers use PowerShell and built-in tools like cmstp.exe for stealth, add Defender exclusions and scheduled tasks for persistence, then connect to a C2 server to steal data and deploy…
Once launched, it connects to an external server at "79.110.49[.]15" for command-and-control (C2) communications, allowing it to exfiltrate data and deploy additional payloads.
Microsoft warns of trojanized gaming tools spreading a Java-based RAT.
Attackers use PowerShell and built-in tools like cmstp.exe for stealth, add Defender exclusions and scheduled tasks for persistence, then connect to a C2 server to steal data and deploy more payloads.
Attackers use PowerShell and built-in tools like cmstp.exe for stealth, add Defender exclusions and scheduled tasks for persistence, then connect to a C2 server to steal data and deploy more payloads.