Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
Handala cyber unit claims breach of ex-Mossad deputy Laura Gillinsky: 100K+ secret emails seized from INSS. Reveals $149M Mossad budget (2012-2026) on anti-Iran ops. INSS exposed as Mossad cover for sabotage. Full docs dumping soon; agents now targets.
@TheGhostITM
@TheGhostITM
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
Israeli AppsFlyer SDK hijacked: Malicious JS swapped crypto wallet addresses mid-tx, draining BTC/ETH/Solana.
@TheGhostITM
@TheGhostITM
Researchers found 72 malicious extensions in the Open VSX registry.
Attackers publish a harmless VS Code extension, gain trust, then update it to pull a GlassWorm dependency.
The payload steals tokens, credentials, and crypto wallets from developer systems.
Attackers publish a harmless VS Code extension, gain trust, then update it to pull a GlassWorm dependency.
The payload steals tokens, credentials, and crypto wallets from developer systems.
China denies cyber espionage allegations against Costa Rica's electricity company
Costa Rican authorities reported a cyber intrusion into the state electricity company (ICE) and the extraction of 9 gigabytes of data, attributing the possible source to China.
Costa Rican authorities reported a cyber intrusion into the state electricity company (ICE) and the extraction of 9 gigabytes of data, attributing the possible source to China.
Microsoft to Block Windows 11 & Server 2025 Automated Installation After RCE Vulnerability .
A set of nine novel cross-tenant vulnerabilities in Google Looker Studio, collectively dubbed "LeakyLooker," that could have allowed attackers to run arbitrary SQL queries, exfiltrate sensitive data, and even modify or delete records across Google Cloud environments, all without victims granting explicit permission.
Metasploit Pro 5.0.0 Released With Powerful New Modules & Critical Enhancements.
A fake job notice triggered full compromise in a Konni campaign.
The attack drops EndRAT, enabling remote control, persistence, and silent data theft, then spreads via KakaoTalk messages from the victim’s account.
Trusted contacts become the attack path.
The attack drops EndRAT, enabling remote control, persistence, and silent data theft, then spreads via KakaoTalk messages from the victim’s account.
Trusted contacts become the attack path.
Firewalls still see encrypted port 443 traffic, not what users actually do inside SaaS apps or AI tools.
As Dedi Shindler (Red Access) notes, that blinds teams to prompts, data leaks, and session activity. The fix isn’t replacing firewalls—it’s adding session-level visibility.
As Dedi Shindler (Red Access) notes, that blinds teams to prompts, data leaks, and session activity. The fix isn’t replacing firewalls—it’s adding session-level visibility.
CISA flags CVE-2025-47813 in Wing FTP as actively exploited.
It leaks server paths via cookie errors—low severity, high value. Attackers can pair it with a known RCE flaw already used to deploy malware.
It leaks server paths via cookie errors—low severity, high value. Attackers can pair it with a known RCE flaw already used to deploy malware.
Attackers are hijacking GitHub accounts and silently planting malware in Python repos.
ForceMemo uses stolen tokens to force-push malicious code while preserving the original commit author and message—rewriting Git history with no visible trace in the UI.
ForceMemo uses stolen tokens to force-push malicious code while preserving the original commit author and message—rewriting Git history with no visible trace in the UI.
ClickFix campaigns are spreading macOS infostealer MacSync.
Victims paste a Terminal command from fake install pages or ChatGPT threads, installing malware that steals credentials, files, Keychain data, and crypto wallet seeds.
Victims paste a Terminal command from fake install pages or ChatGPT threads, installing malware that steals credentials, files, Keychain data, and crypto wallet seeds.
A new ClickFix variant abuses Win+R to mount a remote WebDAV drive and run malware.
It launches a trojanized WorkFlowy Electron app that beacons to C2 every 2 seconds. Atos says it bypassed Microsoft Defender and surfaced only through threat hunting.
It launches a trojanized WorkFlowy Electron app that beacons to C2 every 2 seconds. Atos says it bypassed Microsoft Defender and surfaced only through threat hunting.
Russian hackers targeted Ukrainian entities with DRILLAPP, a JavaScript backdoor executed through Microsoft Edge.
It abuses Chromium debugging flags to access files, record audio, capture webcam images, and grab screen data.
Lures referenced Starlink installs and a Ukrainian charity.
It abuses Chromium debugging flags to access files, record audio, capture webcam images, and grab screen data.
Lures referenced Starlink installs and a Ukrainian charity.
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
Hackers have compromised over 100 CCTV cameras across multiple locations in Israel, obtaining sensitive footage in the latest CCTV breach.
@TheGhostITM
@TheGhostITM
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
Cyber Attacks During "Operation Israel" (Feb 23 – Mar 17)
The trend continues into the 18th day of the operation, with a significant increase in the number of attacks.
Most of the attacks are DDoS attacks and significant data leaks.
@TheGhostITM
The trend continues into the 18th day of the operation, with a significant increase in the number of attacks.
Most of the attacks are DDoS attacks and significant data leaks.
@TheGhostITM
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
מתקפות סייבר במהלך "מבצע ישראל" (23 בפברואר – 17 במרץ)
המגמה נמשכת גם ביום ה-18 למבצע, עם עלייה משמעותית במספר המתקפות.
רוב המתקפות הן מתקפות DDoS ודליפות מידע משמעותיות.
@TheGhostITM
המגמה נמשכת גם ביום ה-18 למבצע, עם עלייה משמעותית במספר המתקפות.
רוב המתקפות הן מתקפות DDoS ודליפות מידע משמעותיות.
@TheGhostITM
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
More than 150 different hacker groups and lone-wolf operatives are active in the cyber space against Israel. The main and most significant attacks are carried out by pro-Palestinian hacktivist groups and their affiliates, as well as pro-Iranian groups.
The government and financial sectors are the most targeted sectors, primarily through DDoS attacks and similar methods.
@TheGhostITM
The government and financial sectors are the most targeted sectors, primarily through DDoS attacks and similar methods.
@TheGhostITM
❤1
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
יותר מ-150 קבוצות האקרים שונות ופועלים בודדים פועלים במרחב הסייבר נגד ישראל. המתקפות המרכזיות והמשמעותיות ביותר מבוצעות על ידי קבוצות האקטיביסטיות פרו-פלסטיניות ושותפיהן, וכן קבוצות פרו-איראניות.
המגזר הממשלתי והמגזר הפיננסי הם המגזרים המותקפים ביותר, בעיקר באמצעות מתקפות DDoS ושיטות דומות.
@TheGhostITM
המגזר הממשלתי והמגזר הפיננסי הם המגזרים המותקפים ביותר, בעיקר באמצעות מתקפות DDoS ושיטות דומות.
@TheGhostITM
CERT/CC warns a ZIP flaw tracked as CVE-2026-0866 lets attackers hide malware using malformed archive headers.
Security tools trust the header and miss the payload, while it can still be extracted and executed with the right method.
Security tools trust the header and miss the payload, while it can still be extracted and executed with the right method.
A Magecart skimmer hid its payload in a favicon’s EXIF metadata, never entering the codebase.
A fake CDN script fetched the image, decoded a hidden URL, and executed it in the browser.
No repo changes. No scan alerts. Payment data was exfiltrated at checkout.
A fake CDN script fetched the image, decoded a hidden URL, and executed it in the browser.
No repo changes. No scan alerts. Payment data was exfiltrated at checkout.