Researchers have uncovered secret AI surveillance projects linked to KYC provider Persona and OpenAI, sending user data to the US government.
Code references include intelligence program codenames "Project SHADOW" and "Project LEGION."
Code references include intelligence program codenames "Project SHADOW" and "Project LEGION."
Cyber Dispatch™️
Researchers have uncovered secret AI surveillance projects linked to KYC provider Persona and OpenAI, sending user data to the US government. Code references include intelligence program codenames "Project SHADOW" and "Project LEGION."
Analysis of source code revealed OpenAI's user verification systems includes biometric tracking, facial scanning, political screening, and intelligence reporting.
Cyber Dispatch™️
Researchers have uncovered secret AI surveillance projects linked to KYC provider Persona and OpenAI, sending user data to the US government. Code references include intelligence program codenames "Project SHADOW" and "Project LEGION."
Researchers also discovered ONYX on Persona's government server — matching ICE's $4.2M AI surveillance tool — which scrapes social media and the dark web, builds digital footprints, tracks emotional sentiment, assigns risk scores across 300+ platforms and 28B+ data points, and flags individuals for "violent tendencies."
None of it was hidden. It was all internet-facing.
None of it was hidden. It was all internet-facing.
Forwarded from 𓂆 Palestine
Greek court sentences 4, including 2 Israelis, to 8 years over spyware scandal
A Greek court on Thursday handed down 8-year prison sentences to 4 individuals, including 2 Israelis, in connection with a major spyware scandal that rocked the government in 2022.
The case centered on the unlawful use of Predator software to target the phones of over 90 politicians, journalists, business figures, and high-ranking military officials.
Among the defendants is Tal Dilian, a former Israeli occupation soldier and founder of Intellexa, a company that specialized in providing spyware and marketed Predator in Greece.
Intellexa was sanctioned by the US in 2024 under then-president Joe Biden, marking the first time the Treasury Department imposed penalties on individuals or companies for spyware misuse. The sanctions were lifted the following year by his successor, Donald Trump.
A Greek court on Thursday handed down 8-year prison sentences to 4 individuals, including 2 Israelis, in connection with a major spyware scandal that rocked the government in 2022.
The case centered on the unlawful use of Predator software to target the phones of over 90 politicians, journalists, business figures, and high-ranking military officials.
Among the defendants is Tal Dilian, a former Israeli occupation soldier and founder of Intellexa, a company that specialized in providing spyware and marketed Predator in Greece.
Intellexa was sanctioned by the US in 2024 under then-president Joe Biden, marking the first time the Treasury Department imposed penalties on individuals or companies for spyware misuse. The sanctions were lifted the following year by his successor, Donald Trump.
Hacker group targeted Clalit, Israel’s largest healthcare organisation, exposing full patient records, oncology files, diagnostic histories, military-related medical exemptions, billing documents, clinician communications, and backend service logs.
جميع قنوات الأخبار والأخبار السياسية العاجلة باللغة الفارسية على قمر ياه سات الصناعي، وهو قمر اتصالات مقره في الإمارات العربية المتحدة ويستخدم على نطاق واسع في جميع أنحاء الشرق الأوسط، غير متاحة.
السبب الدقيق لا يزال غير واضح ..
السبب الدقيق لا يزال غير واضح ..
The US gave an ultimatum to Anthropic to remove all AI safeguards from their AI for military use, or face the Defense Production Act. Anthropic refused.
300+ employees of Google and OpenAI have now signed a letter putting their jobs on the line.
300+ employees of Google and OpenAI have now signed a letter putting their jobs on the line.
You can now ask Kali Linux tools in plain English — powered by Anthropic Sonnet 4.5.
Through MCP, Claude SSHs into Kali to run tools like nmap, gobuster, nikto, hydra, sqlmap, metasploit, john, wpscan, enum4linux-ng, checks dependencies, and returns results in-app.
Through MCP, Claude SSHs into Kali to run tools like nmap, gobuster, nikto, hydra, sqlmap, metasploit, john, wpscan, enum4linux-ng, checks dependencies, and returns results in-app.
A malicious Go package injected code into ssh/terminal/terminal.go to capture passwords.
It posed as Go’s crypto library, stole secrets, loosened firewall rules, and deployed Rekoobe — a Linux trojan linked to APT31 as recently as 2023.
It posed as Go’s crypto library, stole secrets, loosened firewall rules, and deployed Rekoobe — a Linux trojan linked to APT31 as recently as 2023.
Microsoft warns of trojanized gaming tools spreading a Java-based RAT.
Attackers use PowerShell and built-in tools like cmstp.exe for stealth, add Defender exclusions and scheduled tasks for persistence, then connect to a C2 server to steal data and deploy more payloads.
Attackers use PowerShell and built-in tools like cmstp.exe for stealth, add Defender exclusions and scheduled tasks for persistence, then connect to a C2 server to steal data and deploy more payloads.
Cyber Dispatch™️
Microsoft warns of trojanized gaming tools spreading a Java-based RAT. Attackers use PowerShell and built-in tools like cmstp.exe for stealth, add Defender exclusions and scheduled tasks for persistence, then connect to a C2 server to steal data and deploy…
Once launched, it connects to an external server at "79.110.49[.]15" for command-and-control (C2) communications, allowing it to exfiltrate data and deploy additional payloads.
Microsoft warns of trojanized gaming tools spreading a Java-based RAT.
Attackers use PowerShell and built-in tools like cmstp.exe for stealth, add Defender exclusions and scheduled tasks for persistence, then connect to a C2 server to steal data and deploy more payloads.
Attackers use PowerShell and built-in tools like cmstp.exe for stealth, add Defender exclusions and scheduled tasks for persistence, then connect to a C2 server to steal data and deploy more payloads.
Meta is suing scam advertisers in Brazil, China, and Vietnam after uncovering celeb-bait and cloaking schemes on its platforms.
It says it now protects 500,000+ celebrity images from repeated abuse and has suspended payments, disabled accounts, and blocked domains.
It says it now protects 500,000+ celebrity images from repeated abuse and has suspended payments, disabled accounts, and blocked domains.
New botnet loader Aeternum uses Polygon smart contracts as its C2 channel.
Commands go straight to the public blockchain—infected devices pull & execute them. No servers. No domains. No easy takedown.
Commands go straight to the public blockchain—infected devices pull & execute them. No servers. No domains. No easy takedown.
A previously unseen backdoor called Dohdoor is being deployed against U.S. schools and healthcare orgs.
Tracked as UAT-10027, the campaign chains phishing → PowerShell loaders → DLL side-loading → DoH C2 (via Cloudflare) → final Cobalt Strike payload.
Tracked as UAT-10027, the campaign chains phishing → PowerShell loaders → DLL side-loading → DoH C2 (via Cloudflare) → final Cobalt Strike payload.
The destruction of Israeli infrastructure has begun. This is a major cyber war against Israel since October 7th.
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
We Condemn False Claims Amid Ongoing #OpIsrael Cyber Campaign
"Israel is experiencing a major cyber attack." @CyberDispatch
"The destruction of Israeli infrastructure has begun. This is a major cyber war against Israel since October 7th." @CyberDispatch
As journalists covering the escalating cyber conflict targeting Israeli infrastructure, we are compelled to address a growing concern within the hacktivist community: the proliferation of false claims of responsibility.
Since October 7th, a sustained and significant cyber offensive has targeted Israeli digital infrastructure. Our verification processes confirm that thousands of Israeli sites have been rendered inaccessible, with military and government domains suffering particularly heavy disruption. The damage is real, and the coordinated effort behind it is substantial.
However, we are observing an increasing number of individuals and groups fraudulently claiming credit for attacks they did not execute. This behavior undermines the integrity of authentic hacktivism. Taking credit for someone else's labor is not activism—it is opportunism. It disrespects the skilled operatives risking exposure to make genuine contributions.
To those participating in the #OpIsrael campaign: we urge you to engage authentically. If you possess the capability to contribute technically, do so for the cause, not for personal recognition or social media attention. If you cannot participate directly, support by amplifying verified information.
"We argue that genuine hacktivists do not falsely claim credit for operations in the cyber war against Israel. Many participants are merely conducting banner grabbing or host checks on target domains rather than executing actual attacks. While thousands of Israeli sites—particularly military and government domains—are reportedly down, taking undue credit undermines the legitimacy of hacktivist operations.
If you are joining the 'OpIsrael' campaign, participate with genuine intent rather than seeking personal recognition. As journalists and security researchers, we are prepared to highlight credible actions, but we will strictly expose and deconflict false claims as part of our operational security (OpSec) protocol."
@TheGhostsITM
"Israel is experiencing a major cyber attack." @CyberDispatch
"The destruction of Israeli infrastructure has begun. This is a major cyber war against Israel since October 7th." @CyberDispatch
As journalists covering the escalating cyber conflict targeting Israeli infrastructure, we are compelled to address a growing concern within the hacktivist community: the proliferation of false claims of responsibility.
Since October 7th, a sustained and significant cyber offensive has targeted Israeli digital infrastructure. Our verification processes confirm that thousands of Israeli sites have been rendered inaccessible, with military and government domains suffering particularly heavy disruption. The damage is real, and the coordinated effort behind it is substantial.
However, we are observing an increasing number of individuals and groups fraudulently claiming credit for attacks they did not execute. This behavior undermines the integrity of authentic hacktivism. Taking credit for someone else's labor is not activism—it is opportunism. It disrespects the skilled operatives risking exposure to make genuine contributions.
To those participating in the #OpIsrael campaign: we urge you to engage authentically. If you possess the capability to contribute technically, do so for the cause, not for personal recognition or social media attention. If you cannot participate directly, support by amplifying verified information.
"We argue that genuine hacktivists do not falsely claim credit for operations in the cyber war against Israel. Many participants are merely conducting banner grabbing or host checks on target domains rather than executing actual attacks. While thousands of Israeli sites—particularly military and government domains—are reportedly down, taking undue credit undermines the legitimacy of hacktivist operations.
If you are joining the 'OpIsrael' campaign, participate with genuine intent rather than seeking personal recognition. As journalists and security researchers, we are prepared to highlight credible actions, but we will strictly expose and deconflict false claims as part of our operational security (OpSec) protocol."
@TheGhostsITM
❤1
موقع والا العبري:
هجمات سيبرانية إيرانية تسببت بعطل في شبكات الاتصالات والانترنت الليلة في إسرائيل
هجمات سيبرانية إيرانية تسببت بعطل في شبكات الاتصالات والانترنت الليلة في إسرائيل
❤1