600+ FortiGate devices breached in an AI-assisted campaign.
Team Cymru traced it to #CyberStrikeAI, an open-source Go tool bundling 100+ security utilities, run from 21 IPs across Asia and beyond.
The maintainer shows ties to #China’s vulnerability ecosystem.
Team Cymru traced it to #CyberStrikeAI, an open-source Go tool bundling 100+ security utilities, run from 21 IPs across Asia and beyond.
The maintainer shows ties to #China’s vulnerability ecosystem.
A new phishing suite called "Starkiller" proxies real login pages to bypass MFA.
It runs headless Chrome in Docker, loads the legitimate site, and relays everything live. Keystrokes and session tokens pass through attacker infrastructure, enabling account takeover.
It runs headless Chrome in Docker, loads the legitimate site, and relays everything live. Keystrokes and session tokens pass through attacker infrastructure, enabling account takeover.
Attacker source AS12975 (PALTEL Autonomous System) 🇵🇸
Various fabric endpoints are being exploited similar to CVE-2025-25257 (supplying malicious SQL code through authorization headers)
Various fabric endpoints are being exploited similar to CVE-2025-25257 (supplying malicious SQL code through authorization headers)
Hackers from DefacePeru & NulledPeru have leaked credentials for ArcGIS, the mapping program used by the National Intelligence Directorate, which is used to monitor territory, illegal mining, streets, satellite images, and blueprints. Ultra-sensitive data!
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
A total power outage in most areas of Baghdad following a Israeli cyberattack on the central power station in Baghdad.
Multiple infostealers — Arkanix, NovaStealer, DarkCloud, MawaStealer and others — are active in the wild.
Researchers say Arkanix was likely built with LLM assistance, speeding malware development. Stolen logs are filtered and sold to brokers seeking corporate network access.
Researchers say Arkanix was likely built with LLM assistance, speeding malware development. Stolen logs are filtered and sold to brokers seeking corporate network access.
Google uncovered an #iPhone exploit kit called Coruna containing 23 iOS exploits targeting versions 13–17.2.1.
The framework fingerprints devices and automatically loads the matching WebKit exploit chain. Researchers say it moved from #surveillance vendors to nation-state operators and later cybercrime groups.
The framework fingerprints devices and automatically loads the matching WebKit exploit chain. Researchers say it moved from #surveillance vendors to nation-state operators and later cybercrime groups.
A wave of cyberattacks followed the U.S.-Israel strikes on Iran, with researchers documenting over 1,000 DDoS attacks on 500+ organizations in 16 countries.
A coalition of cybersecurity firms—including Radware, Orange Cyberdefense, Flashpoint, Palo Alto Networks Unit 42, and CloudSEK—has reported a wave of hacktivist attacks following the U.S.-Israel campaign against Iran.
The Statistics:
Between February 28 and March 4, researchers documented 1,000 DDoS attack claims targeting organizations across 16 countries. While the total number of claims may appear high, Radware notes that the activity is "highly lopsided." Just three groups drove the volume: Keymous+ and DieNet (together accounting for nearly 15% of activity), alongside NoName057(16), which alone accounted for 25% of the total.
Geographic Distribution:
The Middle East was the primary theater, absorbing over 1,000 attacks, which accounted for 77.2% of global activity. Within the region, the concentration was as follows:
· Israel: 49%
· Kuwait: 25%
· Jordan: 20%
· Other Middle Eastern countries: 6%
Europe was the next most targeted region, receiving 22.8% of the global activity.
Attack Methods and Notable Groups:
Attack methods included DDoS, website defacements, and hack-and-leak operations. The initial attack was launched by Hider Nex (Tunisian Maskers Cyber Force). Other active groups mentioned in the reports include Nation of Saviors (NOS), Conquerors Electronic Army (CEA), Sylhet Gang, 313 Team, Handala Hack, APT Iran, Cyber Islamic Resistance, Dark Storm Team, FAD Team, Evil Markhors, and PalachPro. Pro-Russian groups such as Cardinal and Russian Legion also claimed breaches against Israeli networks.
A coalition of cybersecurity firms—including Radware, Orange Cyberdefense, Flashpoint, Palo Alto Networks Unit 42, and CloudSEK—has reported a wave of hacktivist attacks following the U.S.-Israel campaign against Iran.
The Statistics:
Between February 28 and March 4, researchers documented 1,000 DDoS attack claims targeting organizations across 16 countries. While the total number of claims may appear high, Radware notes that the activity is "highly lopsided." Just three groups drove the volume: Keymous+ and DieNet (together accounting for nearly 15% of activity), alongside NoName057(16), which alone accounted for 25% of the total.
Geographic Distribution:
The Middle East was the primary theater, absorbing over 1,000 attacks, which accounted for 77.2% of global activity. Within the region, the concentration was as follows:
· Israel: 49%
· Kuwait: 25%
· Jordan: 20%
· Other Middle Eastern countries: 6%
Europe was the next most targeted region, receiving 22.8% of the global activity.
Attack Methods and Notable Groups:
Attack methods included DDoS, website defacements, and hack-and-leak operations. The initial attack was launched by Hider Nex (Tunisian Maskers Cyber Force). Other active groups mentioned in the reports include Nation of Saviors (NOS), Conquerors Electronic Army (CEA), Sylhet Gang, 313 Team, Handala Hack, APT Iran, Cyber Islamic Resistance, Dark Storm Team, FAD Team, Evil Markhors, and PalachPro. Pro-Russian groups such as Cardinal and Russian Legion also claimed breaches against Israeli networks.
❤3
An attack group hacked the company "Haled."
The company "Haled," an Israeli company, is engaged in the transportation and delivery of fuels.
The company "Haled," an Israeli company, is engaged in the transportation and delivery of fuels.
Europol, in cooperation with other law enforcement agencies, is shutting down the leak site Leakbase.
2,622 Valid Certificates Exposed: A Google-GitGuardian Study Maps Private Key Leaks to Real-World Risk.
APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine.
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
Hackers Exploit Israel Camera Vulnerabilities to Surveil
Multiple hacking groups have been targeting internet-connected surveillance cameras across Israel and other Middle Eastern countries since the war began on February 28.
The countries targeted in these digital intrusions—Israel, Qatar, Bahrain, Kuwait, the UAE, Cyprus, and Lebanon—are the same ones that have witnessed significant missile activity linked to hackers as part of an ongoing operation targeting Israel.
Compromised servers contained live CCTV feeds from Jerusalem, allowing the groups to surveil Tel Aviv, Haifa, and Jerusalem.
This recent camera targeting by several hackers serves as an early indicator of potential follow-on
The exploited vulnerabilities include:
· An improper authentication vulnerability in Hikvision IP camera firmware (CVE-2017-7921)
· A command injection vulnerability in the Hikvision web server component (CVE-2021-36260)
· An OS command injection vulnerability in the Hikvision Intercom Broadcasting System (CVE-2023-6895)
· An unauthenticated remote code execution vulnerability in the Hikvision Integrated Security Management Platform (CVE-2025-34067)
· An authentication bypass vulnerability in multiple Dahua products (CVE-2021-33044)
@TheGhostITM
Multiple hacking groups have been targeting internet-connected surveillance cameras across Israel and other Middle Eastern countries since the war began on February 28.
The countries targeted in these digital intrusions—Israel, Qatar, Bahrain, Kuwait, the UAE, Cyprus, and Lebanon—are the same ones that have witnessed significant missile activity linked to hackers as part of an ongoing operation targeting Israel.
Compromised servers contained live CCTV feeds from Jerusalem, allowing the groups to surveil Tel Aviv, Haifa, and Jerusalem.
This recent camera targeting by several hackers serves as an early indicator of potential follow-on
The exploited vulnerabilities include:
· An improper authentication vulnerability in Hikvision IP camera firmware (CVE-2017-7921)
· A command injection vulnerability in the Hikvision web server component (CVE-2021-36260)
· An OS command injection vulnerability in the Hikvision Intercom Broadcasting System (CVE-2023-6895)
· An unauthenticated remote code execution vulnerability in the Hikvision Integrated Security Management Platform (CVE-2025-34067)
· An authentication bypass vulnerability in multiple Dahua products (CVE-2021-33044)
@TheGhostITM
ClickFix has moved to Windows Terminal.
Microsoft says victims are told to open wt.exe and paste a command from fake CAPTCHA pages.
That launches PowerShell, pulls payloads, and injects Lumma Stealer into Chrome and Edge to steal saved credentials.
Microsoft says victims are told to open wt.exe and paste a command from fake CAPTCHA pages.
That launches PowerShell, pulls payloads, and injects Lumma Stealer into Chrome and Edge to steal saved credentials.
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
Forwarded from MAD GHOST
Israel ranks 1st among countries targeted by geopolitical cyberattacks in 2025 — report
Among the top three hacktivist groups targeting Israel in 2025 were the pro-Iran group Arabian Ghosts, followed by Black Ember, pro-Palestinian Mr Hamza, and pro-Russian group NoName057(16).
#OpIsraelTeam
Among the top three hacktivist groups targeting Israel in 2025 were the pro-Iran group Arabian Ghosts, followed by Black Ember, pro-Palestinian Mr Hamza, and pro-Russian group NoName057(16).
#OpIsraelTeam
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
The FBI reports that they are investigating a suspected cyber incident in the organization's networks.
According to the report, unauthorized access was detected to sensitive systems in the organization dealing with wiretapping and intelligence surveillance orders.
@TheGhostITM
According to the report, unauthorized access was detected to sensitive systems in the organization dealing with wiretapping and intelligence surveillance orders.
@TheGhostITM
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ