Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
More than 150 different hacker groups and lone-wolf operatives are active in the cyber space against Israel. The main and most significant attacks are carried out by pro-Palestinian hacktivist groups and their affiliates, as well as pro-Iranian groups.
The government and financial sectors are the most targeted sectors, primarily through DDoS attacks and similar methods.
@TheGhostITM
The government and financial sectors are the most targeted sectors, primarily through DDoS attacks and similar methods.
@TheGhostITM
❤1
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
יותר מ-150 קבוצות האקרים שונות ופועלים בודדים פועלים במרחב הסייבר נגד ישראל. המתקפות המרכזיות והמשמעותיות ביותר מבוצעות על ידי קבוצות האקטיביסטיות פרו-פלסטיניות ושותפיהן, וכן קבוצות פרו-איראניות.
המגזר הממשלתי והמגזר הפיננסי הם המגזרים המותקפים ביותר, בעיקר באמצעות מתקפות DDoS ושיטות דומות.
@TheGhostITM
המגזר הממשלתי והמגזר הפיננסי הם המגזרים המותקפים ביותר, בעיקר באמצעות מתקפות DDoS ושיטות דומות.
@TheGhostITM
CERT/CC warns a ZIP flaw tracked as CVE-2026-0866 lets attackers hide malware using malformed archive headers.
Security tools trust the header and miss the payload, while it can still be extracted and executed with the right method.
Security tools trust the header and miss the payload, while it can still be extracted and executed with the right method.
A Magecart skimmer hid its payload in a favicon’s EXIF metadata, never entering the codebase.
A fake CDN script fetched the image, decoded a hidden URL, and executed it in the browser.
No repo changes. No scan alerts. Payment data was exfiltrated at checkout.
A fake CDN script fetched the image, decoded a hidden URL, and executed it in the browser.
No repo changes. No scan alerts. Payment data was exfiltrated at checkout.
Low-cost IP KVM devices expose a direct path to full system takeover.
Researchers found 9 flaws across 4 devices, including unauthenticated root access and remote code execution. Operating below the OS, they let attackers bypass security tools and maintain silent, persistent control.
Researchers found 9 flaws across 4 devices, including unauthenticated root access and remote code execution. Operating below the OS, they let attackers bypass security tools and maintain silent, persistent control.
A new flaw in Ubuntu 24.04+ lets attackers gain full root access from low privileges.
By timing system cleanup, they replace a snap directory and execute code as root—no user action required.
By timing system cleanup, they replace a snap directory and execute code as root—no user action required.
Apple patched a WebKit flaw that lets crafted pages bypass browser isolation.
CVE-2026-20643 impacts iOS, iPadOS, and macOS. Fixes now ship via background updates, outside full OS releases.
CVE-2026-20643 impacts iOS, iPadOS, and macOS. Fixes now ship via background updates, outside full OS releases.
An unpatched critical telnetd bug (CVE-2026-32746) lets attackers gain full system access with no credentials.
One connection to port 23 is enough to trigger memory corruption and execute code as root.
No patch yet. Prior telnet flaw is already exploited in the wild.
One connection to port 23 is enough to trigger memory corruption and execute code as root.
No patch yet. Prior telnet flaw is already exploited in the wild.
Amazon Bedrock, LangSmith, and SGLang flaws expose data leaks, token theft, and RCE risks across AI platforms.
Bedrock allows DNS-based exfiltration, LangSmith had account takeover, and SGLang remains vulnerable—showing weak isolation in real-world AI systems.
Bedrock allows DNS-based exfiltration, LangSmith had account takeover, and SGLang remains vulnerable—showing weak isolation in real-world AI systems.
A full Roundcube exploit kit tied to APT28 was found on a live server, targeting Ukrainian government email.
It enables XSS takeover, mailbox exfiltration, hidden forwarding, and even 2FA secret theft. Includes a new CSS-based data exfiltration method.
It enables XSS takeover, mailbox exfiltration, hidden forwarding, and even 2FA secret theft. Includes a new CSS-based data exfiltration method.
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
A hacktivist group has targeted the employee portal (MyTeva) of Israeli pharmaceutical company Teva.
@TheGhostITM
@TheGhostITM
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
Akamai reports a 245% surge in cyberattacks on U.S. targets since the war with Iran began. About 40% of these attacks have hit American banks and tech firms.
@TheGhostITM
@TheGhostITM
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
Cyber infiltration targeting the information infrastructure of the Zionist regime has intensified, with a new wave of malicious SMS messages sent to settlers in recent hours.
In these messages, hackers impersonate the Israeli military’s Home Front Command, urging recipients to download a purported “shelter safety” application via an embedded link.
The link is malicious, and interacting with it may expose users’ personal and identity data to theft, while also potentially compromising their devices. Initial reports indicate that multiple settlers have already fallen victim to the campaign.
@TheGhostITM
In these messages, hackers impersonate the Israeli military’s Home Front Command, urging recipients to download a purported “shelter safety” application via an embedded link.
The link is malicious, and interacting with it may expose users’ personal and identity data to theft, while also potentially compromising their devices. Initial reports indicate that multiple settlers have already fallen victim to the campaign.
@TheGhostITM
Forwarded from ᴛʜᴇ ɢʜᴏꜱᴛ ɪɴ ᴛʜᴇ ᴍᴀᴄʜɪɴᴇ
Cyber operations linked to the ongoing conflict have, so far, remained geographically and strategically contained, with no large-scale or coordinated campaign targeting U.S. critical infrastructure emerging. Despite early concerns, hacktivist groups have not mobilized efforts into a broad cyber confrontation against the United States.
Current activity remains largely concentrated between the Israeli regime and hacktivist groups, and pro-Iranian collectives on the other side, where operations continue at high intensity. While attacks have been carried out targeting the United States and Gulf Cooperation Council (GCC) countries, these incidents have not reached the scale of a full cyber war. However, the situation appears to be approaching the threshold of a broader regional cyber conflict, with the potential for a coordinated campaign against the United States. These activities have yet to demonstrate the scale, coordination, or persistence observed in the core theater of cyber engagement.
As the conflict endures, the trajectory of cyber operations remains uncertain. The potential for expansion into a wider, more coordinated cyber campaign targeting additional regions—including Western and Gulf infrastructure—may occur, particularly if geopolitical tensions escalate further.
"245% surge in cyberattacks on U.S. targets since the war with Iran began. About 40% of these attacks have hit American banks and tech firms."
@TheGhostITM
Current activity remains largely concentrated between the Israeli regime and hacktivist groups, and pro-Iranian collectives on the other side, where operations continue at high intensity. While attacks have been carried out targeting the United States and Gulf Cooperation Council (GCC) countries, these incidents have not reached the scale of a full cyber war. However, the situation appears to be approaching the threshold of a broader regional cyber conflict, with the potential for a coordinated campaign against the United States. These activities have yet to demonstrate the scale, coordination, or persistence observed in the core theater of cyber engagement.
As the conflict endures, the trajectory of cyber operations remains uncertain. The potential for expansion into a wider, more coordinated cyber campaign targeting additional regions—including Western and Gulf infrastructure—may occur, particularly if geopolitical tensions escalate further.
"245% surge in cyberattacks on U.S. targets since the war with Iran began. About 40% of these attacks have hit American banks and tech firms."
@TheGhostITM
Perseus, a new #Android malware, enables full device takeover via Accessibility abuse. It runs live remote sessions, steals banking credentials, and scans notes apps for sensitive data.
It spreads through IPTV-style apps delivered via phishing and sideloading.
It spreads through IPTV-style apps delivered via phishing and sideloading.
CERT/CC warns a ZIP flaw tracked as CVE-2026-0866 lets attackers hide malware using malformed archive headers.
Security tools trust the header and miss the payload, while it can still be extracted and executed with the right method.
It breaks how AV and EDR validate files.
Security tools trust the header and miss the payload, while it can still be extracted and executed with the right method.
It breaks how AV and EDR validate files.
Attention to the vulnerability (CVE-2026-20131) in Cisco's Secure Firewall Management Center (FMC) actively exploited by ransomware groups worldwide.
A critical Magento flaw lets attackers upload files without login and take over stores.
The issue, PolyShell, uses the REST API to upload hidden malicious files as images. This can lead to remote code execution or stored XSS.
No fix for current versions yet.
The issue, PolyShell, uses the REST API to upload hidden malicious files as images. This can lead to remote code execution or stored XSS.
No fix for current versions yet.