Forwarded from The Islander
Schroedinger's Bebo. Look at Bebo begging reporter Stephanie Baker not to link him to "Russian disinformation" and if she does it'll be fake news. Also Bebo parroting fake news from Canada's CTV News about me
Bebo keeps revealing exactly what he is, likely MI6/BND. Why are you anonymous Bebo?
And what happened to the "Bebo and Friends" account? Apart from your fellow western agencies CIA/BND I suppose you have no more "friends" notwithstanding your Ukranian/MI6 bots — so seems appropriate that account no longer exists.
I hope once the dust settles you find this was all worth it. (I have a couple more replies to you then I'll get back to the news. But there will be a no-suprise dump coming on exactly who and what you are (don't worry about timing, best you let that simmer at the agency). Everything you will see happening are all natural and predictable consequences to your actions.
Bebo keeps revealing exactly what he is, likely MI6/BND. Why are you anonymous Bebo?
And what happened to the "Bebo and Friends" account? Apart from your fellow western agencies CIA/BND I suppose you have no more "friends" notwithstanding your Ukranian/MI6 bots — so seems appropriate that account no longer exists.
I hope once the dust settles you find this was all worth it. (I have a couple more replies to you then I'll get back to the news. But there will be a no-suprise dump coming on exactly who and what you are (don't worry about timing, best you let that simmer at the agency). Everything you will see happening are all natural and predictable consequences to your actions.
Forwarded from The Islander
Lord Bebo & Friends
The drama is over. Don’t make it worse. Gerry literally tried to delete messages of his pedophile case. Was busted and plead guilty. He was not framed. 🔗 Join us | @MyLordBebo
Curious what are the "5 sources" more mainstream media fake news you claim is fake news in your communications with reporter Stephanie Baker yet rely on Canadian state media when it's about my bullshit political charges "case"?
On the one hand you parrot their line in past posts about it being a surprise arrest at my place of work as other officers went to my house (that part is true) and yet I had time to delete message history? Your cognitive dissonance is off the charts.
Don't worry I have full confidence folks will help you find your courage in revealing exactly what and who you are. It's about 60% complete. You should know from your agency training the value of patience.
On the one hand you parrot their line in past posts about it being a surprise arrest at my place of work as other officers went to my house (that part is true) and yet I had time to delete message history? Your cognitive dissonance is off the charts.
Don't worry I have full confidence folks will help you find your courage in revealing exactly what and who you are. It's about 60% complete. You should know from your agency training the value of patience.
Forwarded from The Islander
I have 120 of these in my DMs. I'm grateful Bebo outed himself as an MI6 botted operation. Might want to take the "Friends" part out of the "Lord Bebo & Friends" though in honoring your lifestyle choice I guess you can argue bots are friends...
We'll see in the coming weeks how wise it was to come after me unprovoked. I truly did not care about you nor judged you.
Small correction Bebo has many NAFO fella friends supporting this thread of his. Credit where credit is due!
We'll see in the coming weeks how wise it was to come after me unprovoked. I truly did not care about you nor judged you.
Small correction Bebo has many NAFO fella friends supporting this thread of his. Credit where credit is due!
🔫 Over 6,000 Apache ActiveMQ Instances Exposed to Critical RCE Vulnerability
The Shadowserver Foundation has identified 6,364 internet-facing Apache ActiveMQ installations vulnerable to CVE-2026-34197, a critical input validation flaw enabling remote code execution. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog, confirming active exploitation by APT groups targeting unpatched systems accessible from the public internet.
The vulnerability allows attackers to bypass validation mechanisms and execute arbitrary commands on affected message broker systems. Organizations must immediately patch to the latest version, restrict network access to ActiveMQ services, and conduct threat hunting for indicators of compromise. Shadowserver provides continuous monitoring through its free dashboard to track exposed assets.
🛰️ Open sources - closed narratives
@sitreports
The Shadowserver Foundation has identified 6,364 internet-facing Apache ActiveMQ installations vulnerable to CVE-2026-34197, a critical input validation flaw enabling remote code execution. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog, confirming active exploitation by APT groups targeting unpatched systems accessible from the public internet.
The vulnerability allows attackers to bypass validation mechanisms and execute arbitrary commands on affected message broker systems. Organizations must immediately patch to the latest version, restrict network access to ActiveMQ services, and conduct threat hunting for indicators of compromise. Shadowserver provides continuous monitoring through its free dashboard to track exposed assets.
🛰️ Open sources - closed narratives
@sitreports
🔫 Axios npm Package Compromised in Supply Chain Attack
CISA issued an urgent alert after attackers injected malicious code into Axios versions 1.14.1 and 0.30.4 on March 31, 2026. The compromised JavaScript library, widely used for HTTP requests in Node.js environments, installed a hidden dependency (plain-crypto-js 4.2.1) that functions as a malware loader, downloading a remote access trojan to steal credentials, API keys, and source code.
Organizations must immediately downgrade to safe versions (1.14.0 or 0.30.3), remove the malicious node_modules/plain-crypto-js/ directory, and rotate all exposed secrets. CISA's advisory recommends implementing npm security controls including ignore-scripts=true and min-release-age=7 to prevent automatic execution of untrusted packages.
🛰️ Open sources - closed narratives
@sitreports
CISA issued an urgent alert after attackers injected malicious code into Axios versions 1.14.1 and 0.30.4 on March 31, 2026. The compromised JavaScript library, widely used for HTTP requests in Node.js environments, installed a hidden dependency (plain-crypto-js 4.2.1) that functions as a malware loader, downloading a remote access trojan to steal credentials, API keys, and source code.
Organizations must immediately downgrade to safe versions (1.14.0 or 0.30.3), remove the malicious node_modules/plain-crypto-js/ directory, and rotate all exposed secrets. CISA's advisory recommends implementing npm security controls including ignore-scripts=true and min-release-age=7 to prevent automatic execution of untrusted packages.
🛰️ Open sources - closed narratives
@sitreports
🤖 Critical RCE Vulnerability in SGLang AI Framework Enables Model Poisoning Attacks
CVE-2026-5760 exposes a Server-Side Template Injection flaw in SGLang 0.5.9 that allows remote code execution through malicious GGUF model files. The vulnerability stems from insecure Jinja2 template processing in the reranking endpoint, enabling attackers to execute arbitrary commands when security researchers demonstrated that compromised models from repositories like Hugging Face are loaded.
The flaw highlights critical supply chain risks in AI infrastructure, mirroring previous vulnerabilities in llama-cpp-python and vLLM frameworks. Administrators are advised to avoid untrusted GGUF models and implement sandboxed template rendering until patches are released.
🛰️ Open sources - closed narratives
@sitreports
CVE-2026-5760 exposes a Server-Side Template Injection flaw in SGLang 0.5.9 that allows remote code execution through malicious GGUF model files. The vulnerability stems from insecure Jinja2 template processing in the reranking endpoint, enabling attackers to execute arbitrary commands when security researchers demonstrated that compromised models from repositories like Hugging Face are loaded.
The flaw highlights critical supply chain risks in AI infrastructure, mirroring previous vulnerabilities in llama-cpp-python and vLLM frameworks. Administrators are advised to avoid untrusted GGUF models and implement sandboxed template rendering until patches are released.
🛰️ Open sources - closed narratives
@sitreports
🎭 Iran Claims US Exploited Vendor Backdoors to Disable Network Equipment
Iranian state media reports networking hardware from Cisco, Juniper, Fortinet, and MikroTik experienced simultaneous reboots during recent strikes. Tehran alleges pre-positioned firmware backdoors or satellite-triggered exploits enabled US forces to disable critical infrastructure, according to reporting noting the regime cannot explain outages while disconnected from global networks.
China's state apparatus has amplified these allegations to reinforce its narrative that Washington conducts offensive cyber operations while falsely accusing Beijing. NetBlocks confirms Iran's 52-day internet blackout continues, though selective access through "Internet Pro" services suggests layered control rather than total shutdown.
🛰️ Open sources - closed narratives
@sitreports
Iranian state media reports networking hardware from Cisco, Juniper, Fortinet, and MikroTik experienced simultaneous reboots during recent strikes. Tehran alleges pre-positioned firmware backdoors or satellite-triggered exploits enabled US forces to disable critical infrastructure, according to reporting noting the regime cannot explain outages while disconnected from global networks.
China's state apparatus has amplified these allegations to reinforce its narrative that Washington conducts offensive cyber operations while falsely accusing Beijing. NetBlocks confirms Iran's 52-day internet blackout continues, though selective access through "Internet Pro" services suggests layered control rather than total shutdown.
🛰️ Open sources - closed narratives
@sitreports
🎭 North Korean UNC1069 Targets Crypto Sector via Fake VC Meetings
North Korean threat actor UNC1069, overlapping with Bluenoroff, is conducting social engineering campaigns against cryptocurrency and Web3 professionals. Attackers create fabricated venture capital firms like "WallEye Capital" and use compromised LinkedIn/Telegram accounts to arrange meetings. Victims are redirected to fake conferencing platforms hosting ClickFix payloads that deploy customized RATs—CageyChameleon for Windows, NukeSped for macOS, and Cabbage RAT for Linux—designed to exfiltrate crypto wallets and system data.
The campaign demonstrates advanced cross-platform capability and infrastructure mimicry, according to Google Cloud and Mandiant.
🛰️ Open sources - closed narratives
@sitreports
North Korean threat actor UNC1069, overlapping with Bluenoroff, is conducting social engineering campaigns against cryptocurrency and Web3 professionals. Attackers create fabricated venture capital firms like "WallEye Capital" and use compromised LinkedIn/Telegram accounts to arrange meetings. Victims are redirected to fake conferencing platforms hosting ClickFix payloads that deploy customized RATs—CageyChameleon for Windows, NukeSped for macOS, and Cabbage RAT for Linux—designed to exfiltrate crypto wallets and system data.
The campaign demonstrates advanced cross-platform capability and infrastructure mimicry, according to Google Cloud and Mandiant.
🛰️ Open sources - closed narratives
@sitreports
🎭 SideWinder Deploys Zimbra Clone Against South Asian Government Targets
APT group SideWinder is running a credential harvesting operation against Bangladesh Navy and Pakistan Ministry of Foreign Affairs using a phishing kit on Cloudflare Workers. The attack uses a fake Chrome PDF viewer showing blurred diplomatic documents, then redirects to a pixel-perfect Zimbra login clone that dynamically fetches legitimate CSS and assets via reverse proxy.
The campaign was exposed after researchers triggered a server error revealing the developer's Linux username and project structure. The kit employs session management with rotating CSRF tokens and pre-fills usernames after failed logins to trick victims into re-entering credentials.
🛰️ Open sources - closed narratives
@sitreports
APT group SideWinder is running a credential harvesting operation against Bangladesh Navy and Pakistan Ministry of Foreign Affairs using a phishing kit on Cloudflare Workers. The attack uses a fake Chrome PDF viewer showing blurred diplomatic documents, then redirects to a pixel-perfect Zimbra login clone that dynamically fetches legitimate CSS and assets via reverse proxy.
The campaign was exposed after researchers triggered a server error revealing the developer's Linux username and project structure. The kit employs session management with rotating CSRF tokens and pre-fills usernames after failed logins to trick victims into re-entering credentials.
🛰️ Open sources - closed narratives
@sitreports
🔫 KelpDAO Loses $290M in Lazarus-Linked Crypto Heist
DeFi protocol KelpDAO suffered a $290 million theft on April 18 after attackers compromised RPC nodes in its cross-chain verification layer, feeding falsified blockchain data to validators while DDoS-ing legitimate nodes. The breach affected 116,500 rsETH tokens, with LayerZero attributing the attack to North Korea's Lazarus Group.
The infrastructure compromise marks Lazarus's second major DeFi heist in 2025, following a $280 million Drift Protocol theft. The methodology—poisoning verification infrastructure rather than exploiting smart contracts—signals evolving state-sponsored crypto targeting beyond traditional phishing or code vulnerabilities.
🛰️ Open sources - closed narratives
@sitreports
DeFi protocol KelpDAO suffered a $290 million theft on April 18 after attackers compromised RPC nodes in its cross-chain verification layer, feeding falsified blockchain data to validators while DDoS-ing legitimate nodes. The breach affected 116,500 rsETH tokens, with LayerZero attributing the attack to North Korea's Lazarus Group.
The infrastructure compromise marks Lazarus's second major DeFi heist in 2025, following a $280 million Drift Protocol theft. The methodology—poisoning verification infrastructure rather than exploiting smart contracts—signals evolving state-sponsored crypto targeting beyond traditional phishing or code vulnerabilities.
🛰️ Open sources - closed narratives
@sitreports
🔫 PureRAT Campaign Embeds Fileless Payloads in PNG Files
Trellix Advanced Research Center has identified a sophisticated PureRAT operation that conceals malicious PE files within PNG images using steganography. The multi-stage attack chain begins with a malicious .LNK file triggering obfuscated VBScript, which establishes persistence via Windows Task Scheduler and downloads weaponized PNG files from crixup[.]com.
The campaign demonstrates advanced evasion through UAC bypass via cmstp.exe, anti-VM checks, and process hollowing into legitimate msbuild.exe. According to Trellix researchers, the fileless execution technique combined with living-off-the-land binaries renders traditional endpoint defenses largely ineffective.
🛰️ Open sources - closed narratives
@sitreports
Trellix Advanced Research Center has identified a sophisticated PureRAT operation that conceals malicious PE files within PNG images using steganography. The multi-stage attack chain begins with a malicious .LNK file triggering obfuscated VBScript, which establishes persistence via Windows Task Scheduler and downloads weaponized PNG files from crixup[.]com.
The campaign demonstrates advanced evasion through UAC bypass via cmstp.exe, anti-VM checks, and process hollowing into legitimate msbuild.exe. According to Trellix researchers, the fileless execution technique combined with living-off-the-land binaries renders traditional endpoint defenses largely ineffective.
🛰️ Open sources - closed narratives
@sitreports
🤖 Frontier AI Models Collapse Vulnerability Patching Timeline
Unit 42 testing reveals frontier AI models now function as autonomous security researchers capable of zero-day discovery and complex exploit chaining. Open-source software faces immediate risk as attackers download source code and use AI to identify vulnerabilities offline, hidden from defenders. The transparent nature of OSS enables AI-assisted threat actors to systematically test libraries that underpin commercial applications.
The critical shift is speed. According to Palo Alto Networks analysis, AI agents autonomously scan networks, generate custom exploits on-the-fly, and laterally move without human intervention. Adversaries will soon exploit vulnerabilities within hours rather than days, fundamentally outpacing manual monitoring and traditional patch cycles.
🛰️ Open sources - closed narratives
@sitreports
Unit 42 testing reveals frontier AI models now function as autonomous security researchers capable of zero-day discovery and complex exploit chaining. Open-source software faces immediate risk as attackers download source code and use AI to identify vulnerabilities offline, hidden from defenders. The transparent nature of OSS enables AI-assisted threat actors to systematically test libraries that underpin commercial applications.
The critical shift is speed. According to Palo Alto Networks analysis, AI agents autonomously scan networks, generate custom exploits on-the-fly, and laterally move without human intervention. Adversaries will soon exploit vulnerabilities within hours rather than days, fundamentally outpacing manual monitoring and traditional patch cycles.
🛰️ Open sources - closed narratives
@sitreports
🤖 USMC Pilots AI-Driven Aviation Maintenance System
The U.S. Marine Corps is prototyping AI tools to inventory aviation supplies and forecast maintenance needs, shifting from reactive repairs to predictive sustainment. A "Maintenance Assessment Tool" leveraging historical performance data will deploy to MCAS Yuma this summer, targeting 90% probability thresholds for part failure prediction.
The initiative addresses chronic readiness gaps—current mission capability rates average 62-64%—by consolidating previously siloed maintenance data. According to Marine Corps officials, the effort now falls under Project Eagle with dedicated funding. F-35 cataloging is complete, with KC-130J data integration underway.
🛰️ Open sources - closed narratives
@sitreports
The U.S. Marine Corps is prototyping AI tools to inventory aviation supplies and forecast maintenance needs, shifting from reactive repairs to predictive sustainment. A "Maintenance Assessment Tool" leveraging historical performance data will deploy to MCAS Yuma this summer, targeting 90% probability thresholds for part failure prediction.
The initiative addresses chronic readiness gaps—current mission capability rates average 62-64%—by consolidating previously siloed maintenance data. According to Marine Corps officials, the effort now falls under Project Eagle with dedicated funding. F-35 cataloging is complete, with KC-130J data integration underway.
🛰️ Open sources - closed narratives
@sitreports
🔫 Coast Guard Deploys Mobile Counter-Drone Teams for Domestic High-Security Events
The U.S. Coast Guard is establishing mobile counter-UAS teams to protect FIFA World Cup and America 250 celebrations, using $150 million in reconciliation funding. Traditional enlisted rates including yeoman, engineers, and boatswain mates are being cross-trained on drone defense systems as officials described the initiative at the Sea-Air-Space conference.
The service plans to expand by 15,000 personnel over two years, with 2,000-3,000 designated as robotic mission specialists. Mobile teams will rotate between event sites rather than providing continuous coverage, reflecting resource constraints as the Coast Guard adapts to what officials called "a whole new mission set" for domestic security operations.
🛰️ Open sources - closed narratives
@sitreports
The U.S. Coast Guard is establishing mobile counter-UAS teams to protect FIFA World Cup and America 250 celebrations, using $150 million in reconciliation funding. Traditional enlisted rates including yeoman, engineers, and boatswain mates are being cross-trained on drone defense systems as officials described the initiative at the Sea-Air-Space conference.
The service plans to expand by 15,000 personnel over two years, with 2,000-3,000 designated as robotic mission specialists. Mobile teams will rotate between event sites rather than providing continuous coverage, reflecting resource constraints as the Coast Guard adapts to what officials called "a whole new mission set" for domestic security operations.
🛰️ Open sources - closed narratives
@sitreports
🔫 Pentagon Requests $70 Billion for Drone Systems in FY2027
The Defense Department's fiscal 2027 budget seeks $70 billion for military drones and counter-drone technologies, marking a 300% increase from FY2026 allocations. According to Pentagon officials, the request includes $53.6 billion for autonomy and drone platforms, plus $21 billion for munitions and counter-drone systems. The Defense Autonomous Warfare Group budget surges from $225.9 million to $54.6 billion.
The investment reflects operational lessons from Ukraine and Middle East conflicts, where drone-on-drone warfare and swarm tactics now evolve in weeks rather than years. Officials emphasize manned-unmanned teaming as central to future combat operations, with focus on rapidly integrating commercial drone technologies at scale.
🛰️ Open sources - closed narratives
@sitreports
The Defense Department's fiscal 2027 budget seeks $70 billion for military drones and counter-drone technologies, marking a 300% increase from FY2026 allocations. According to Pentagon officials, the request includes $53.6 billion for autonomy and drone platforms, plus $21 billion for munitions and counter-drone systems. The Defense Autonomous Warfare Group budget surges from $225.9 million to $54.6 billion.
The investment reflects operational lessons from Ukraine and Middle East conflicts, where drone-on-drone warfare and swarm tactics now evolve in weeks rather than years. Officials emphasize manned-unmanned teaming as central to future combat operations, with focus on rapidly integrating commercial drone technologies at scale.
🛰️ Open sources - closed narratives
@sitreports
🔫 UK Cyber Chief Elevates China to Peer Competitor Status
UK National Cyber Security Centre CEO Richard Horne is set to announce at CYBERUK 2026 that China now represents a "peer competitor in cyberspace" rather than merely a capable threat. According to his prepared remarks, state-sponsored Chinese attacks display "eye-watering sophistication." The NCSC handled an average of four nationally significant cyberattacks weekly over the past year, with state threats from China, Russia, Iran, and North Korea leading concerns.
Horne will warn that nation-state actors seek infrastructure and leverage, not ransoms—damage that cannot be reversed with payment. He calls for organizations to end reliance on lowest-bid contractors for cyber defense and embed security as a strategic investment, not a cost center.
🛰️ Open sources - closed narratives
@sitreports
UK National Cyber Security Centre CEO Richard Horne is set to announce at CYBERUK 2026 that China now represents a "peer competitor in cyberspace" rather than merely a capable threat. According to his prepared remarks, state-sponsored Chinese attacks display "eye-watering sophistication." The NCSC handled an average of four nationally significant cyberattacks weekly over the past year, with state threats from China, Russia, Iran, and North Korea leading concerns.
Horne will warn that nation-state actors seek infrastructure and leverage, not ransoms—damage that cannot be reversed with payment. He calls for organizations to end reliance on lowest-bid contractors for cyber defense and embed security as a strategic investment, not a cost center.
🛰️ Open sources - closed narratives
@sitreports
🔍 French ID Agency Breached, 19M Records Offered for Sale
France's Agence nationale des titres sécurisés (ANTS), the government body managing national ID cards, passports, and driver's licenses, confirmed a security incident on April 15 after detecting unauthorized data access. The agency disclosed that exposed data may include names, email addresses, birth dates, postal addresses, and account identifiers for an undisclosed number of citizens, though ANTS stated the data cannot be used to access electronic portals.
A threat actor using the alias 'breach3d' claimed responsibility on April 16, alleging theft of 19 million records and offering the dataset for sale on underground forums. ANTS has notified France's data protection authority and cybersecurity agency while warning citizens of heightened phishing risk.
🛰️ Open sources - closed narratives
@sitreports
France's Agence nationale des titres sécurisés (ANTS), the government body managing national ID cards, passports, and driver's licenses, confirmed a security incident on April 15 after detecting unauthorized data access. The agency disclosed that exposed data may include names, email addresses, birth dates, postal addresses, and account identifiers for an undisclosed number of citizens, though ANTS stated the data cannot be used to access electronic portals.
A threat actor using the alias 'breach3d' claimed responsibility on April 16, alleging theft of 19 million records and offering the dataset for sale on underground forums. ANTS has notified France's data protection authority and cybersecurity agency while warning citizens of heightened phishing risk.
🛰️ Open sources - closed narratives
@sitreports
🔫 Lotus Wiper Targets Venezuelan Critical Infrastructure
A previously undocumented data-wiping malware named Lotus was deployed against Venezuelan energy and utility organizations in late 2025. The malware operates in stages, using batch scripts to disable security features before deploying a payload that overwrites physical drives, clears recovery points, and systematically destroys files to render systems unrecoverable.
The attacks coincide with a mid-December cyberattack on state oil company PDVSA that disrupted delivery systems. Kaspersky researchers note that Lotus's low-level disk operations and multiple overwrite cycles indicate sophisticated design aimed at permanent data destruction in critical infrastructure.
🛰️ Open sources - closed narratives
@sitreports
A previously undocumented data-wiping malware named Lotus was deployed against Venezuelan energy and utility organizations in late 2025. The malware operates in stages, using batch scripts to disable security features before deploying a payload that overwrites physical drives, clears recovery points, and systematically destroys files to render systems unrecoverable.
The attacks coincide with a mid-December cyberattack on state oil company PDVSA that disrupted delivery systems. Kaspersky researchers note that Lotus's low-level disk operations and multiple overwrite cycles indicate sophisticated design aimed at permanent data destruction in critical infrastructure.
🛰️ Open sources - closed narratives
@sitreports
🎭 Ransomware Negotiator Pleads Guilty to BlackCat Collusion
Angelo Martino, 41, a Florida-based ransomware negotiator, admitted to secretly aiding BlackCat operators between April and November 2023. According to court documents, Martino shared sensitive client data—including insurance limits and negotiation strategies—from at least five victim cases, enabling attackers to maximize ransom demands. One victim paid approximately $1.2M in Bitcoin.
Martino conspired with two other cybersecurity professionals who previously pleaded guilty. Law enforcement seized over $10M in assets, including cryptocurrency, vehicles, and a luxury fishing boat. He faces up to 20 years in prison, with sentencing scheduled for July 9.
🛰️ Open sources - closed narratives
@sitreports
Angelo Martino, 41, a Florida-based ransomware negotiator, admitted to secretly aiding BlackCat operators between April and November 2023. According to court documents, Martino shared sensitive client data—including insurance limits and negotiation strategies—from at least five victim cases, enabling attackers to maximize ransom demands. One victim paid approximately $1.2M in Bitcoin.
Martino conspired with two other cybersecurity professionals who previously pleaded guilty. Law enforcement seized over $10M in assets, including cryptocurrency, vehicles, and a luxury fishing boat. He faces up to 20 years in prison, with sentencing scheduled for July 9.
🛰️ Open sources - closed narratives
@sitreports