Cyber Dispatch™️
378 subscribers
21 photos
1 video
49 links
The definitive source for critical cybersecurity news. When a major threat breaks, we dispatch.

#CyberDispatch #CyberSecurity #InfoSec #ThreatIntelligence #ZeroDay #DataBreach #SecurityNews
Download Telegram
Void Manticore (aka Storm-0842), an APT specializing in destructive wiper attacks (BiBi wiper), data exfiltration, and RDP lateral movement, is active again.

@TheGhostITM
Iran just struck Microsoft data centers in the Gulf. Microsoft — whose Azure platform runs the operational backbone of NATO, the US Department of Defense, and every major Western financial institution that has expanded into the Gulf over the last five years.

This is categorically different from the AWS strikes earlier in the war.

Microsoft Azure is not simply a commercial cloud product. It is a defense-grade infrastructure platform operating under FedRAMP High and DoD Impact Level 5 and 6 authorizations, the highest security classifications available to a commercial provider. Azure GovCloud runs classified US government workloads. Azure for Operators runs 5G military communications infrastructure. The Gulf Azure availability zones, built under billions of dollars of sovereign cloud commitments to UAE, Saudi Arabia, and Qatar, sit at the intersection of commercial enterprise and military-adjacent operations in a way no other cloud platform does. When Iran fires missiles at Microsoft data centers in the Gulf, it is not attacking a commercial storage facility. It is attacking the digital connective tissue between American defense architecture and Gulf sovereign AI ambitions.

The mechanism Iran is applying across every domain of this war is now operating at the infrastructure layer of the global digital economy. Hormuz for maritime insurance. BAPCO and Ras Tanura for oil infrastructure insurance. Manama hotels for corporate presence insurance. AWS for basic cloud insurability. Microsoft for the tier of cloud infrastructure that carries defense-adjacent and government workloads. Each successive target has moved one layer deeper into the critical infrastructure stack.

Microsoft has not yet confirmed the extent of damage or the impact on service continuity. That silence is itself data. When AWS facilities were struck earlier in the war, the company posted status updates within hours. The Microsoft situation is being handled with a different communication posture, which is consistent with facilities that carry sovereign and defense-adjacent contractual obligations that restrict what can be publicly disclosed about operational status.

The Gulf was supposed to be the proving ground for the sovereign AI thesis. Every major hyperscaler made the bet simultaneously: Gulf governments want their data onshore, under their own regulatory frameworks, close to their own populations, contributing to their own AI capability development. Microsoft, Google, AWS, Oracle, all committed multi-billion dollar buildouts to that thesis in the last three years. The thesis assumed physical security. The thesis assumed the Gulf was a stable operating environment for long-term digital infrastructure. That assumption was always geopolitically contingent. It is now empirically falsified.

Every CTO and every procurement officer running a sovereign cloud negotiation anywhere in the world is looking at the Microsoft strike footage right now and running the same calculation: if the Gulf is a ballistic missile target range, where does the sovereign AI buildout go instead?

The American-aligned economic order made about the Gulf as a safe jurisdiction for permanent infrastructure.

The missiles hitting Microsoft data centers today are not attacking cloud storage. They are attacking the confidence interval on a decade of digital infrastructure investment.

@TheGhostITM
Getting a Shell on the Tapo C260 Webcam (CVE-2026-0651, CVE-2026-0652, CVE-2026-0653).
China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks.
Hackers are using fake Claude Code download pages to deploy a fileless infostealer via mshta.exe.
Hackers hit Israel's Shefa Berkat Hashem supermarket chain overnight, remotely triggering fridge defrosts. The supermarket chain "Shefa Berkat Hashem" is an Israeli kosher chain with branches in cities like Tel Aviv and other Israeli localities.

@TheGhostITM
Bitdefender says Pakistan-aligned Transparent Tribe (APT36) is targeting Indian government entities with AI-generated malware.

The campaign spreads polyglot implants in Nim, Zig, and Crystal and hides C2 inside Slack, Supabase, and Google Sheets.
Hackers targeted Beersheba's cyber/tech sites in Israel—home to CyberSpark (tech park with IBM, Microsoft), IDF cyber units, and Ben-Gurion University's innovation hub.

@TheGhostITM
Kuwaiti Cyber Security Center:

We are currently dealing with cyber attacks targeting digital systems in the country.
NATO has cleared iPhone and iPad to handle classified information.

The approval relies on built-in iOS and iPadOS security—no custom hardening or special software required.

Germany’s BSI had already cleared the devices for classified government use.
Anthropic says its Claude model found 22 Firefox vulnerabilities while scanning ~6,000 C++ files with Mozilla.

14 were high-severity. Turning bugs into exploits proved harder: after hundreds of attempts, the AI succeeded only twice.
TriZetto, a company providing IT services to healthcare organizations, reports a data leak of about 3.4 million patients.
A hacker compromised the mobile device of the individual managing the IDF's Persian-language social media accounts.
OpenAI CEO Sam Altman revealed that his company does not control how the US Department of Defense uses its artificial intelligence technologies in military operations.

Altman explained during a meeting with company employees that any operational decisions by the Pentagon regarding artificial intelligence fall entirely under the responsibility of the US Department of Defense, and the company has no role in determining them.

This statement comes as artificial intelligence companies expand partnerships with government and security institutions.

OpenAI signed an official agreement with the US Department of Defense to deploy advanced artificial intelligence models within classified and secure cloud networks for the US military.

@TheGhostITM
EU court adviser says banks must immediately refund phishing victims.
Massive GitHub malware operation spreads BoryptGrab stealer.
Hackers abuse .arpa DNS and ipv6 to evade phishing defenses.
AI agents now help attackers, including North Korea, manage their drudge work.
Microsoft: Hackers abusing AI at every stage of cyberattacks.
Hackers target IP cameras across Israel and Gulf states for military intelligence.
ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
Hackers target IP cameras across Israel and Gulf states for military intelligence.
A surge in attacks targeting IP cameras across Israel and Gulf countries, including the UAE, Qatar, Bahrain, and Kuwait, as well as Lebanon and Cyprus. The activity, attributed to hacktivists, relied on VPN and VPS infrastructure to scan devices.

@TheGhostITM