Cyber Dispatch™️
379 subscribers
21 photos
1 video
50 links
The definitive source for critical cybersecurity news. When a major threat breaks, we dispatch.

#CyberDispatch #CyberSecurity #InfoSec #ThreatIntelligence #ZeroDay #DataBreach #SecurityNews
Download Telegram
CISA added CVE-2026-25108 to its KEV list after active exploitation. The FileZen bug allows an authenticated user to execute OS commands via crafted HTTP requests.

Impacts versions 4.2.1–4.2.8 and 5.0.0–5.0.10 when Antivirus Check is enabled. At least one incident confirmed.
SolarWinds patched four critical 9.1 CVSS flaws in Serv-U that can lead to remote code execution as root.

SolarWinds says there’s no sign of active attacks, but earlier Serv-U flaws were used by Storm-0322.
A flaw in #GitHub Codespaces let attackers hide malicious Copilot instructions inside a GitHub issue.

When a developer opened a Codespace from that issue, Copilot could silently run the injected prompt and leak a privileged GITHUB_TOKEN.

The research also warns of “promptware” attacks built entirely through prompts.
Researchers have uncovered secret AI surveillance projects linked to KYC provider Persona and OpenAI, sending user data to the US government.

Code references include intelligence program codenames "Project SHADOW" and "Project LEGION."
Cyber Dispatch™️
Researchers have uncovered secret AI surveillance projects linked to KYC provider Persona and OpenAI, sending user data to the US government. Code references include intelligence program codenames "Project SHADOW" and "Project LEGION."
Researchers also discovered ONYX on Persona's government server — matching ICE's $4.2M AI surveillance tool — which scrapes social media and the dark web, builds digital footprints, tracks emotional sentiment, assigns risk scores across 300+ platforms and 28B+ data points, and flags individuals for "violent tendencies."

None of it was hidden. It was all internet-facing.
Forwarded from 𓂆 Palestine
Greek court sentences 4, including 2 Israelis, to 8 years over spyware scandal

A Greek court on Thursday handed down 8-year prison sentences to 4 individuals, including 2 Israelis, in connection with a major spyware scandal that rocked the government in 2022.

The case centered on the unlawful use of Predator software to target the phones of over 90 politicians, journalists, business figures, and high-ranking military officials.

Among the defendants is Tal Dilian, a former Israeli occupation soldier and founder of Intellexa, a company that specialized in providing spyware and marketed Predator in Greece.

Intellexa was sanctioned by the US in 2024 under then-president Joe Biden, marking the first time the Treasury Department imposed penalties on individuals or companies for spyware misuse. The sanctions were lifted the following year by his successor, Donald Trump.
Hacker group targeted Clalit, Israel’s largest healthcare organisation, exposing full patient records, oncology files, diagnostic histories, military-related medical exemptions, billing documents, clinician communications, and backend service logs.
جميع قنوات الأخبار والأخبار السياسية العاجلة باللغة الفارسية على قمر ياه سات الصناعي، وهو قمر اتصالات مقره في الإمارات العربية المتحدة ويستخدم على نطاق واسع في جميع أنحاء الشرق الأوسط، غير متاحة.

السبب الدقيق لا يزال غير واضح ..
The US gave an ultimatum to Anthropic to remove all AI safeguards from their AI for military use, or face the Defense Production Act. Anthropic refused.

300+ employees of Google and OpenAI have now signed a letter putting their jobs on the line.
You can now ask Kali Linux tools in plain English — powered by Anthropic Sonnet 4.5.

Through MCP, Claude SSHs into Kali to run tools like nmap, gobuster, nikto, hydra, sqlmap, metasploit, john, wpscan, enum4linux-ng, checks dependencies, and returns results in-app.
A malicious Go package injected code into ssh/terminal/terminal.go to capture passwords.

It posed as Go’s crypto library, stole secrets, loosened firewall rules, and deployed Rekoobe — a Linux trojan linked to APT31 as recently as 2023.
Microsoft warns of trojanized gaming tools spreading a Java-based RAT.

Attackers use PowerShell and built-in tools like cmstp.exe for stealth, add Defender exclusions and scheduled tasks for persistence, then connect to a C2 server to steal data and deploy more payloads.
Elon Musk’s SpaceX blocks Russian access to Starlink.
Microsoft warns of trojanized gaming tools spreading a Java-based RAT.

Attackers use PowerShell and built-in tools like cmstp.exe for stealth, add Defender exclusions and scheduled tasks for persistence, then connect to a C2 server to steal data and deploy more payloads.
Meta is suing scam advertisers in Brazil, China, and Vietnam after uncovering celeb-bait and cloaking schemes on its platforms.

It says it now protects 500,000+ celebrity images from repeated abuse and has suspended payments, disabled accounts, and blocked domains.
New botnet loader Aeternum uses Polygon smart contracts as its C2 channel.

Commands go straight to the public blockchain—infected devices pull & execute them. No servers. No domains. No easy takedown.
A previously unseen backdoor called Dohdoor is being deployed against U.S. schools and healthcare orgs.

Tracked as UAT-10027, the campaign chains phishing → PowerShell loaders → DLL side-loading → DoH C2 (via Cloudflare) → final Cobalt Strike payload.
Israel is experiencing a major cyber attack.
The destruction of Israeli infrastructure has begun. This is a major cyber war against Israel since October 7th.