Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
The Anonymous hacktivist collective has breached and deleted data from Leshem Shaham & Partners, a prominent Israeli accounting firm, in a cyber operation targeting financial entities.
@TheGhostITM
@TheGhostITM
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
The Killsec (ransomware) attack group publishes the Israeli insurance company "Shlomo Insurance" as a victim, setting an 8-day deadline for ransom payment.
@TheGhostITM
@TheGhostITM
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
Handala defaced the Hebrew Language Academy's website and wrote on it: "There's no need to learn the language anymore".
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
Planet Labs extends restrictions on satellite imagery across West Asia amid Iran’s relentless strikes on US bases
Amid the escalating US-Israeli war on Iran and Iran's subsequent retaliatory strikes on US bases in the region, commercial satellite company Planet Labs has extended the delay on releasing satellite imagery of West Asia from four days to two weeks, citing concerns that the data could be used to target US, NATO, or allied military personnel and infrastructure, according to Bloomberg.
The San Francisco–based firm said it has also expanded the geographic scope of restricted imagery to include all of Iran, nearby allied bases, Gulf states, and other active conflict zones.
Planet Labs claimed the decision was taken independently and was not ordered by any government, describing it as a proactive measure to prevent its high-resolution satellite imagery from being tactically exploited by adversarial actors during the ongoing conflict.
The company previously held back images of Gulf states struck by Iranian drone attacks for 96 hours, but the intensifying war prompted stricter controls.
Many observers view the restrictions as a form of censorship rather than a security measure, arguing that delaying imagery limits independent verification of battlefield developments and damage assessments.
The move highlights the growing strategic role of commercial satellite imagery in modern warfare, where near–real-time data can reveal missile strikes, damage to sensitive infrastructure, and troop movements.
Once tightly controlled by governments, Earth observation has become a multi-billion-dollar industry providing intelligence to military clients, governments, media outlets, and financial markets, raising new questions about information control during active conflicts.
@TheGhostITM
Amid the escalating US-Israeli war on Iran and Iran's subsequent retaliatory strikes on US bases in the region, commercial satellite company Planet Labs has extended the delay on releasing satellite imagery of West Asia from four days to two weeks, citing concerns that the data could be used to target US, NATO, or allied military personnel and infrastructure, according to Bloomberg.
The San Francisco–based firm said it has also expanded the geographic scope of restricted imagery to include all of Iran, nearby allied bases, Gulf states, and other active conflict zones.
Planet Labs claimed the decision was taken independently and was not ordered by any government, describing it as a proactive measure to prevent its high-resolution satellite imagery from being tactically exploited by adversarial actors during the ongoing conflict.
The company previously held back images of Gulf states struck by Iranian drone attacks for 96 hours, but the intensifying war prompted stricter controls.
Many observers view the restrictions as a form of censorship rather than a security measure, arguing that delaying imagery limits independent verification of battlefield developments and damage assessments.
The move highlights the growing strategic role of commercial satellite imagery in modern warfare, where near–real-time data can reveal missile strikes, damage to sensitive infrastructure, and troop movements.
Once tightly controlled by governments, Earth observation has become a multi-billion-dollar industry providing intelligence to military clients, governments, media outlets, and financial markets, raising new questions about information control during active conflicts.
@TheGhostITM
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
Planet Labs extends restrictions on satellite imagery across West Asia amid Iran’s relentless strikes on US bases Amid the escalating US-Israeli war on Iran and Iran's subsequent retaliatory strikes on US bases in the region, commercial satellite company…
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
Hacktivist Group “Handala” Conducts Cyberattack on U.S. Medical Device Company Stryker
The hacktivist group Handala carried out a large-scale cyber operation targeting Stryker, a U.S.-based medical equipment manufacturer. The attack was described by the group as a response to the attack on a school in Minab and ongoing cyber operations targeting infrastructure associated with the “Resistance Axis.”
In a statement released online, Handala said it successfully executed a major intrusion into Stryker’s digital infrastructure, compromising more than 200,000 systems, servers, and mobile devices.
The operation resulted in the exfiltration of approximately 50 terabytes of data, while Stryker offices in 79 countries were reportedly disrupted or forced offline during the incident.
Handala also accused Stryker of having ties to what it described as Zionist interests and global lobbying networks, presenting these allegations as justification for the cyberattack.
In its statement, the group warned that organizations involved in cyber operations targeting the Resistance Axis Infrastructure should expect further retaliation, declaring that the “era of hit‑and‑run is over.”
@TheGhostITM
The hacktivist group Handala carried out a large-scale cyber operation targeting Stryker, a U.S.-based medical equipment manufacturer. The attack was described by the group as a response to the attack on a school in Minab and ongoing cyber operations targeting infrastructure associated with the “Resistance Axis.”
In a statement released online, Handala said it successfully executed a major intrusion into Stryker’s digital infrastructure, compromising more than 200,000 systems, servers, and mobile devices.
The operation resulted in the exfiltration of approximately 50 terabytes of data, while Stryker offices in 79 countries were reportedly disrupted or forced offline during the incident.
Handala also accused Stryker of having ties to what it described as Zionist interests and global lobbying networks, presenting these allegations as justification for the cyberattack.
In its statement, the group warned that organizations involved in cyber operations targeting the Resistance Axis Infrastructure should expect further retaliation, declaring that the “era of hit‑and‑run is over.”
@TheGhostITM
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
Stryker Corporation
Hacked
2026-03-11
We announce to the world that, in retaliation for the brutal attack on the Minab school and in response to ongoing cyber assaults against the infrastructure of the Axis of Resistance, our major cyber operation has been executed with complete success.
The Zionist-rooted corporation, Stryker, one of the key arms of the global Zionist lobby and a central ring in the ‘New Epstein’ chain, has been struck with an unprecedented blow. In this operation, over 200,000 systems, servers, and mobile devices have been wiped and 50 terabytes of critical data have been extracted.
Stryker's offices in 79 countries have been forced to shut down. All the acquired data is now in the hands of the free people of the world, ready to be used for the true advancement of humanity and the exposure of injustice and corruption.
A clear warning to all Zionist leaders and their lobbies who hide behind concrete walls and closed windows:
The era of the ‘Epstein’ rings and the demons of our time is over. ‘Nimrod of this era,’ even if you close your windows, we will build our nests everywhere. For all those designing attacks on the Resistance Axis infrastructure: the era of hit-and-run is over! ~ Handala
Hacked
2026-03-11
We announce to the world that, in retaliation for the brutal attack on the Minab school and in response to ongoing cyber assaults against the infrastructure of the Axis of Resistance, our major cyber operation has been executed with complete success.
The Zionist-rooted corporation, Stryker, one of the key arms of the global Zionist lobby and a central ring in the ‘New Epstein’ chain, has been struck with an unprecedented blow. In this operation, over 200,000 systems, servers, and mobile devices have been wiped and 50 terabytes of critical data have been extracted.
Stryker's offices in 79 countries have been forced to shut down. All the acquired data is now in the hands of the free people of the world, ready to be used for the true advancement of humanity and the exposure of injustice and corruption.
A clear warning to all Zionist leaders and their lobbies who hide behind concrete walls and closed windows:
The era of the ‘Epstein’ rings and the demons of our time is over. ‘Nimrod of this era,’ even if you close your windows, we will build our nests everywhere. For all those designing attacks on the Resistance Axis infrastructure: the era of hit-and-run is over! ~ Handala
Apple backports CVE-2023-43010 fix after the WebKit flaw was used in the Coruna #iPhone exploit kit.
It allows memory corruption via malicious web content. Fix now covers iOS 15.8.7 & 16.7.15 devices, including iPhone 6s, 7, 8 & X.
It allows memory corruption via malicious web content. Fix now covers iOS 15.8.7 & 16.7.15 devices, including iPhone 6s, 7, 8 & X.
CISA confirms active exploitation of CVE-2025-68613 in the #n8n automation platform.
The expression-injection flaw allows authenticated attackers to run code with n8n process privileges—exposing data, altering workflows, or taking full control of the instance.
The expression-injection flaw allows authenticated attackers to run code with n8n process privileges—exposing data, altering workflows, or taking full control of the instance.
A new Wi-Fi attack called AirSnitch shows client isolation may not protect users on shared networks.
Researchers found every tested router vulnerable to at least one technique that lets attackers intercept traffic from nearby devices connected to the same Wi-Fi.
Researchers found every tested router vulnerable to at least one technique that lets attackers intercept traffic from nearby devices connected to the same Wi-Fi.
New vulnerabilities show up every week, and the window between disclosure and exploitation keeps getting shorter. The flaws below are this week's most critical — high-severity, widely used software, or already drawing attention from the security community.
Check these first, patch what applies, and don't wait on the ones marked urgent — CVE-2026-2796 (Mozilla Firefox), CVE-2026-21385 (Qualcomm), CVE-2026-2256 (MS-Agent), CVE-2026-26198 (Ormar), CVE-2026-27966 (langflow), CVE-2025–64712 (Unstructured.io), CVE-2026-24009 (Docling), CVE-2026-23600 (HPE AutoPass License Server), CVE-2026-27636, CVE-2026-28289 (aka Mail2Shell) (FreeScout), CVE-2025-67736 (FreePBX), CVE-2025-34288 (Nagios XI), CVE-2025-14500 (IceWarp), CVE-2026-20079 (Cisco Secure Firewall Management Center), CVE-2025-13476 (Viber app for Android), CVE-2026-3336, CVE-2026-3337, CVE-2026-3338 (Amazon AWS-LC), CVE-2026-25611 (MongoDB), CVE-2026-3536, CVE-2026-3537, CVE-2026-3538 (Google Chrome), CVE-2026-27970 (Angular), CVE-2026-29058 (AVideo) a privilege escalation flaw in IPVanish VPN for macOS (no CVE), and and a remote code execution vulnerability in Ghost CMS (no CVE).
Check these first, patch what applies, and don't wait on the ones marked urgent — CVE-2026-2796 (Mozilla Firefox), CVE-2026-21385 (Qualcomm), CVE-2026-2256 (MS-Agent), CVE-2026-26198 (Ormar), CVE-2026-27966 (langflow), CVE-2025–64712 (Unstructured.io), CVE-2026-24009 (Docling), CVE-2026-23600 (HPE AutoPass License Server), CVE-2026-27636, CVE-2026-28289 (aka Mail2Shell) (FreeScout), CVE-2025-67736 (FreePBX), CVE-2025-34288 (Nagios XI), CVE-2025-14500 (IceWarp), CVE-2026-20079 (Cisco Secure Firewall Management Center), CVE-2025-13476 (Viber app for Android), CVE-2026-3336, CVE-2026-3337, CVE-2026-3338 (Amazon AWS-LC), CVE-2026-25611 (MongoDB), CVE-2026-3536, CVE-2026-3537, CVE-2026-3538 (Google Chrome), CVE-2026-27970 (Angular), CVE-2026-29058 (AVideo) a privilege escalation flaw in IPVanish VPN for macOS (no CVE), and and a remote code execution vulnerability in Ghost CMS (no CVE).
Two critical flaws in #n8n enable remote code execution.
One bug lets attackers inject shell commands via public form inputs. Another escapes the expression sandbox.
Chained together, attackers could decrypt stored credentials including API keys, tokens, and passwords.
One bug lets attackers inject shell commands via public form inputs. Another escapes the expression sandbox.
Chained together, attackers could decrypt stored credentials including API keys, tokens, and passwords.
Meta disabled 150,000+ scam accounts tied to fraud compounds across Southeast Asia.
The coordinated action with authorities in 11 countries led to 21 arrests by Thai police. Meta also added scam warnings on Facebook and AI chat-review tools on Messenger and WhatsApp.
The coordinated action with authorities in 11 countries led to 21 arrests by Thai police. Meta also added scam warnings on Facebook and AI chat-review tools on Messenger and WhatsApp.
Security patches rolled out across 50+ vendors this cycle.
SAP fixed critical Log4j and NetWeaver flaws. Microsoft patched 84 bugs. Adobe resolved 80. HPE closed a CVSS 9.8 Aruba authentication bypass.
Cisco, GitLab, Linux distros, and many others also issued fixes.
SAP fixed critical Log4j and NetWeaver flaws. Microsoft patched 84 bugs. Adobe resolved 80. HPE closed a CVSS 9.8 Aruba authentication bypass.
Cisco, GitLab, Linux distros, and many others also issued fixes.
Microsoft patched 84 vulnerabilities in March Patch Tuesday, including 8 critical flaws and two publicly known zero-days in .NET and SQL Server.
Researchers say 55% are privilege-escalation bugs. Fixes also address Azure MCP token-theft risk and an Excel flaw that could enable data exfiltration.
Researchers say 55% are privilege-escalation bugs. Fixes also address Azure MCP token-theft risk and an Excel flaw that could enable data exfiltration.
Attackers turned the nx npm supply-chain compromise into full AWS admin access in under 72 hours.
Google says UNC6426 stole a developer’s GitHub token via QUIETVAULT, abused GitHub-to-AWS OIDC trust, created a new admin role, then accessed S3 data and destroyed production systems.
Google says UNC6426 stole a developer’s GitHub token via QUIETVAULT, abused GitHub-to-AWS OIDC trust, created a new admin role, then accessed S3 data and destroyed production systems.
DeepSeek AI is now accessible without the need for a VPN (tested with Irancell internet)
https://www.deepseek.com
https://www.deepseek.com
The Israeli company Hudson Rock analyzed infostealer logs from a computer infected with malware since August 2024.
Hacker infiltrated as a senior employee into the American crypto exchange Gate.us. Also, what is the connection to the mass infection through the open-source code library Polyfill.