🔫 Over 6,000 Apache ActiveMQ Instances Exposed to Critical RCE Vulnerability
The Shadowserver Foundation has identified 6,364 internet-facing Apache ActiveMQ installations vulnerable to CVE-2026-34197, a critical input validation flaw enabling remote code execution. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog, confirming active exploitation by APT groups targeting unpatched systems accessible from the public internet.
The vulnerability allows attackers to bypass validation mechanisms and execute arbitrary commands on affected message broker systems. Organizations must immediately patch to the latest version, restrict network access to ActiveMQ services, and conduct threat hunting for indicators of compromise. Shadowserver provides continuous monitoring through its free dashboard to track exposed assets.
🛰️ Open sources - closed narratives
@sitreports
The Shadowserver Foundation has identified 6,364 internet-facing Apache ActiveMQ installations vulnerable to CVE-2026-34197, a critical input validation flaw enabling remote code execution. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog, confirming active exploitation by APT groups targeting unpatched systems accessible from the public internet.
The vulnerability allows attackers to bypass validation mechanisms and execute arbitrary commands on affected message broker systems. Organizations must immediately patch to the latest version, restrict network access to ActiveMQ services, and conduct threat hunting for indicators of compromise. Shadowserver provides continuous monitoring through its free dashboard to track exposed assets.
🛰️ Open sources - closed narratives
@sitreports
🔫 Axios npm Package Compromised in Supply Chain Attack
CISA issued an urgent alert after attackers injected malicious code into Axios versions 1.14.1 and 0.30.4 on March 31, 2026. The compromised JavaScript library, widely used for HTTP requests in Node.js environments, installed a hidden dependency (plain-crypto-js 4.2.1) that functions as a malware loader, downloading a remote access trojan to steal credentials, API keys, and source code.
Organizations must immediately downgrade to safe versions (1.14.0 or 0.30.3), remove the malicious node_modules/plain-crypto-js/ directory, and rotate all exposed secrets. CISA's advisory recommends implementing npm security controls including ignore-scripts=true and min-release-age=7 to prevent automatic execution of untrusted packages.
🛰️ Open sources - closed narratives
@sitreports
CISA issued an urgent alert after attackers injected malicious code into Axios versions 1.14.1 and 0.30.4 on March 31, 2026. The compromised JavaScript library, widely used for HTTP requests in Node.js environments, installed a hidden dependency (plain-crypto-js 4.2.1) that functions as a malware loader, downloading a remote access trojan to steal credentials, API keys, and source code.
Organizations must immediately downgrade to safe versions (1.14.0 or 0.30.3), remove the malicious node_modules/plain-crypto-js/ directory, and rotate all exposed secrets. CISA's advisory recommends implementing npm security controls including ignore-scripts=true and min-release-age=7 to prevent automatic execution of untrusted packages.
🛰️ Open sources - closed narratives
@sitreports
🤖 Critical RCE Vulnerability in SGLang AI Framework Enables Model Poisoning Attacks
CVE-2026-5760 exposes a Server-Side Template Injection flaw in SGLang 0.5.9 that allows remote code execution through malicious GGUF model files. The vulnerability stems from insecure Jinja2 template processing in the reranking endpoint, enabling attackers to execute arbitrary commands when security researchers demonstrated that compromised models from repositories like Hugging Face are loaded.
The flaw highlights critical supply chain risks in AI infrastructure, mirroring previous vulnerabilities in llama-cpp-python and vLLM frameworks. Administrators are advised to avoid untrusted GGUF models and implement sandboxed template rendering until patches are released.
🛰️ Open sources - closed narratives
@sitreports
CVE-2026-5760 exposes a Server-Side Template Injection flaw in SGLang 0.5.9 that allows remote code execution through malicious GGUF model files. The vulnerability stems from insecure Jinja2 template processing in the reranking endpoint, enabling attackers to execute arbitrary commands when security researchers demonstrated that compromised models from repositories like Hugging Face are loaded.
The flaw highlights critical supply chain risks in AI infrastructure, mirroring previous vulnerabilities in llama-cpp-python and vLLM frameworks. Administrators are advised to avoid untrusted GGUF models and implement sandboxed template rendering until patches are released.
🛰️ Open sources - closed narratives
@sitreports
🎭 Iran Claims US Exploited Vendor Backdoors to Disable Network Equipment
Iranian state media reports networking hardware from Cisco, Juniper, Fortinet, and MikroTik experienced simultaneous reboots during recent strikes. Tehran alleges pre-positioned firmware backdoors or satellite-triggered exploits enabled US forces to disable critical infrastructure, according to reporting noting the regime cannot explain outages while disconnected from global networks.
China's state apparatus has amplified these allegations to reinforce its narrative that Washington conducts offensive cyber operations while falsely accusing Beijing. NetBlocks confirms Iran's 52-day internet blackout continues, though selective access through "Internet Pro" services suggests layered control rather than total shutdown.
🛰️ Open sources - closed narratives
@sitreports
Iranian state media reports networking hardware from Cisco, Juniper, Fortinet, and MikroTik experienced simultaneous reboots during recent strikes. Tehran alleges pre-positioned firmware backdoors or satellite-triggered exploits enabled US forces to disable critical infrastructure, according to reporting noting the regime cannot explain outages while disconnected from global networks.
China's state apparatus has amplified these allegations to reinforce its narrative that Washington conducts offensive cyber operations while falsely accusing Beijing. NetBlocks confirms Iran's 52-day internet blackout continues, though selective access through "Internet Pro" services suggests layered control rather than total shutdown.
🛰️ Open sources - closed narratives
@sitreports
🎭 North Korean UNC1069 Targets Crypto Sector via Fake VC Meetings
North Korean threat actor UNC1069, overlapping with Bluenoroff, is conducting social engineering campaigns against cryptocurrency and Web3 professionals. Attackers create fabricated venture capital firms like "WallEye Capital" and use compromised LinkedIn/Telegram accounts to arrange meetings. Victims are redirected to fake conferencing platforms hosting ClickFix payloads that deploy customized RATs—CageyChameleon for Windows, NukeSped for macOS, and Cabbage RAT for Linux—designed to exfiltrate crypto wallets and system data.
The campaign demonstrates advanced cross-platform capability and infrastructure mimicry, according to Google Cloud and Mandiant.
🛰️ Open sources - closed narratives
@sitreports
North Korean threat actor UNC1069, overlapping with Bluenoroff, is conducting social engineering campaigns against cryptocurrency and Web3 professionals. Attackers create fabricated venture capital firms like "WallEye Capital" and use compromised LinkedIn/Telegram accounts to arrange meetings. Victims are redirected to fake conferencing platforms hosting ClickFix payloads that deploy customized RATs—CageyChameleon for Windows, NukeSped for macOS, and Cabbage RAT for Linux—designed to exfiltrate crypto wallets and system data.
The campaign demonstrates advanced cross-platform capability and infrastructure mimicry, according to Google Cloud and Mandiant.
🛰️ Open sources - closed narratives
@sitreports
🎭 SideWinder Deploys Zimbra Clone Against South Asian Government Targets
APT group SideWinder is running a credential harvesting operation against Bangladesh Navy and Pakistan Ministry of Foreign Affairs using a phishing kit on Cloudflare Workers. The attack uses a fake Chrome PDF viewer showing blurred diplomatic documents, then redirects to a pixel-perfect Zimbra login clone that dynamically fetches legitimate CSS and assets via reverse proxy.
The campaign was exposed after researchers triggered a server error revealing the developer's Linux username and project structure. The kit employs session management with rotating CSRF tokens and pre-fills usernames after failed logins to trick victims into re-entering credentials.
🛰️ Open sources - closed narratives
@sitreports
APT group SideWinder is running a credential harvesting operation against Bangladesh Navy and Pakistan Ministry of Foreign Affairs using a phishing kit on Cloudflare Workers. The attack uses a fake Chrome PDF viewer showing blurred diplomatic documents, then redirects to a pixel-perfect Zimbra login clone that dynamically fetches legitimate CSS and assets via reverse proxy.
The campaign was exposed after researchers triggered a server error revealing the developer's Linux username and project structure. The kit employs session management with rotating CSRF tokens and pre-fills usernames after failed logins to trick victims into re-entering credentials.
🛰️ Open sources - closed narratives
@sitreports
🔫 KelpDAO Loses $290M in Lazarus-Linked Crypto Heist
DeFi protocol KelpDAO suffered a $290 million theft on April 18 after attackers compromised RPC nodes in its cross-chain verification layer, feeding falsified blockchain data to validators while DDoS-ing legitimate nodes. The breach affected 116,500 rsETH tokens, with LayerZero attributing the attack to North Korea's Lazarus Group.
The infrastructure compromise marks Lazarus's second major DeFi heist in 2025, following a $280 million Drift Protocol theft. The methodology—poisoning verification infrastructure rather than exploiting smart contracts—signals evolving state-sponsored crypto targeting beyond traditional phishing or code vulnerabilities.
🛰️ Open sources - closed narratives
@sitreports
DeFi protocol KelpDAO suffered a $290 million theft on April 18 after attackers compromised RPC nodes in its cross-chain verification layer, feeding falsified blockchain data to validators while DDoS-ing legitimate nodes. The breach affected 116,500 rsETH tokens, with LayerZero attributing the attack to North Korea's Lazarus Group.
The infrastructure compromise marks Lazarus's second major DeFi heist in 2025, following a $280 million Drift Protocol theft. The methodology—poisoning verification infrastructure rather than exploiting smart contracts—signals evolving state-sponsored crypto targeting beyond traditional phishing or code vulnerabilities.
🛰️ Open sources - closed narratives
@sitreports
🔫 PureRAT Campaign Embeds Fileless Payloads in PNG Files
Trellix Advanced Research Center has identified a sophisticated PureRAT operation that conceals malicious PE files within PNG images using steganography. The multi-stage attack chain begins with a malicious .LNK file triggering obfuscated VBScript, which establishes persistence via Windows Task Scheduler and downloads weaponized PNG files from crixup[.]com.
The campaign demonstrates advanced evasion through UAC bypass via cmstp.exe, anti-VM checks, and process hollowing into legitimate msbuild.exe. According to Trellix researchers, the fileless execution technique combined with living-off-the-land binaries renders traditional endpoint defenses largely ineffective.
🛰️ Open sources - closed narratives
@sitreports
Trellix Advanced Research Center has identified a sophisticated PureRAT operation that conceals malicious PE files within PNG images using steganography. The multi-stage attack chain begins with a malicious .LNK file triggering obfuscated VBScript, which establishes persistence via Windows Task Scheduler and downloads weaponized PNG files from crixup[.]com.
The campaign demonstrates advanced evasion through UAC bypass via cmstp.exe, anti-VM checks, and process hollowing into legitimate msbuild.exe. According to Trellix researchers, the fileless execution technique combined with living-off-the-land binaries renders traditional endpoint defenses largely ineffective.
🛰️ Open sources - closed narratives
@sitreports
🤖 Frontier AI Models Collapse Vulnerability Patching Timeline
Unit 42 testing reveals frontier AI models now function as autonomous security researchers capable of zero-day discovery and complex exploit chaining. Open-source software faces immediate risk as attackers download source code and use AI to identify vulnerabilities offline, hidden from defenders. The transparent nature of OSS enables AI-assisted threat actors to systematically test libraries that underpin commercial applications.
The critical shift is speed. According to Palo Alto Networks analysis, AI agents autonomously scan networks, generate custom exploits on-the-fly, and laterally move without human intervention. Adversaries will soon exploit vulnerabilities within hours rather than days, fundamentally outpacing manual monitoring and traditional patch cycles.
🛰️ Open sources - closed narratives
@sitreports
Unit 42 testing reveals frontier AI models now function as autonomous security researchers capable of zero-day discovery and complex exploit chaining. Open-source software faces immediate risk as attackers download source code and use AI to identify vulnerabilities offline, hidden from defenders. The transparent nature of OSS enables AI-assisted threat actors to systematically test libraries that underpin commercial applications.
The critical shift is speed. According to Palo Alto Networks analysis, AI agents autonomously scan networks, generate custom exploits on-the-fly, and laterally move without human intervention. Adversaries will soon exploit vulnerabilities within hours rather than days, fundamentally outpacing manual monitoring and traditional patch cycles.
🛰️ Open sources - closed narratives
@sitreports
🤖 USMC Pilots AI-Driven Aviation Maintenance System
The U.S. Marine Corps is prototyping AI tools to inventory aviation supplies and forecast maintenance needs, shifting from reactive repairs to predictive sustainment. A "Maintenance Assessment Tool" leveraging historical performance data will deploy to MCAS Yuma this summer, targeting 90% probability thresholds for part failure prediction.
The initiative addresses chronic readiness gaps—current mission capability rates average 62-64%—by consolidating previously siloed maintenance data. According to Marine Corps officials, the effort now falls under Project Eagle with dedicated funding. F-35 cataloging is complete, with KC-130J data integration underway.
🛰️ Open sources - closed narratives
@sitreports
The U.S. Marine Corps is prototyping AI tools to inventory aviation supplies and forecast maintenance needs, shifting from reactive repairs to predictive sustainment. A "Maintenance Assessment Tool" leveraging historical performance data will deploy to MCAS Yuma this summer, targeting 90% probability thresholds for part failure prediction.
The initiative addresses chronic readiness gaps—current mission capability rates average 62-64%—by consolidating previously siloed maintenance data. According to Marine Corps officials, the effort now falls under Project Eagle with dedicated funding. F-35 cataloging is complete, with KC-130J data integration underway.
🛰️ Open sources - closed narratives
@sitreports
🔫 Coast Guard Deploys Mobile Counter-Drone Teams for Domestic High-Security Events
The U.S. Coast Guard is establishing mobile counter-UAS teams to protect FIFA World Cup and America 250 celebrations, using $150 million in reconciliation funding. Traditional enlisted rates including yeoman, engineers, and boatswain mates are being cross-trained on drone defense systems as officials described the initiative at the Sea-Air-Space conference.
The service plans to expand by 15,000 personnel over two years, with 2,000-3,000 designated as robotic mission specialists. Mobile teams will rotate between event sites rather than providing continuous coverage, reflecting resource constraints as the Coast Guard adapts to what officials called "a whole new mission set" for domestic security operations.
🛰️ Open sources - closed narratives
@sitreports
The U.S. Coast Guard is establishing mobile counter-UAS teams to protect FIFA World Cup and America 250 celebrations, using $150 million in reconciliation funding. Traditional enlisted rates including yeoman, engineers, and boatswain mates are being cross-trained on drone defense systems as officials described the initiative at the Sea-Air-Space conference.
The service plans to expand by 15,000 personnel over two years, with 2,000-3,000 designated as robotic mission specialists. Mobile teams will rotate between event sites rather than providing continuous coverage, reflecting resource constraints as the Coast Guard adapts to what officials called "a whole new mission set" for domestic security operations.
🛰️ Open sources - closed narratives
@sitreports
🔫 Pentagon Requests $70 Billion for Drone Systems in FY2027
The Defense Department's fiscal 2027 budget seeks $70 billion for military drones and counter-drone technologies, marking a 300% increase from FY2026 allocations. According to Pentagon officials, the request includes $53.6 billion for autonomy and drone platforms, plus $21 billion for munitions and counter-drone systems. The Defense Autonomous Warfare Group budget surges from $225.9 million to $54.6 billion.
The investment reflects operational lessons from Ukraine and Middle East conflicts, where drone-on-drone warfare and swarm tactics now evolve in weeks rather than years. Officials emphasize manned-unmanned teaming as central to future combat operations, with focus on rapidly integrating commercial drone technologies at scale.
🛰️ Open sources - closed narratives
@sitreports
The Defense Department's fiscal 2027 budget seeks $70 billion for military drones and counter-drone technologies, marking a 300% increase from FY2026 allocations. According to Pentagon officials, the request includes $53.6 billion for autonomy and drone platforms, plus $21 billion for munitions and counter-drone systems. The Defense Autonomous Warfare Group budget surges from $225.9 million to $54.6 billion.
The investment reflects operational lessons from Ukraine and Middle East conflicts, where drone-on-drone warfare and swarm tactics now evolve in weeks rather than years. Officials emphasize manned-unmanned teaming as central to future combat operations, with focus on rapidly integrating commercial drone technologies at scale.
🛰️ Open sources - closed narratives
@sitreports
🔫 UK Cyber Chief Elevates China to Peer Competitor Status
UK National Cyber Security Centre CEO Richard Horne is set to announce at CYBERUK 2026 that China now represents a "peer competitor in cyberspace" rather than merely a capable threat. According to his prepared remarks, state-sponsored Chinese attacks display "eye-watering sophistication." The NCSC handled an average of four nationally significant cyberattacks weekly over the past year, with state threats from China, Russia, Iran, and North Korea leading concerns.
Horne will warn that nation-state actors seek infrastructure and leverage, not ransoms—damage that cannot be reversed with payment. He calls for organizations to end reliance on lowest-bid contractors for cyber defense and embed security as a strategic investment, not a cost center.
🛰️ Open sources - closed narratives
@sitreports
UK National Cyber Security Centre CEO Richard Horne is set to announce at CYBERUK 2026 that China now represents a "peer competitor in cyberspace" rather than merely a capable threat. According to his prepared remarks, state-sponsored Chinese attacks display "eye-watering sophistication." The NCSC handled an average of four nationally significant cyberattacks weekly over the past year, with state threats from China, Russia, Iran, and North Korea leading concerns.
Horne will warn that nation-state actors seek infrastructure and leverage, not ransoms—damage that cannot be reversed with payment. He calls for organizations to end reliance on lowest-bid contractors for cyber defense and embed security as a strategic investment, not a cost center.
🛰️ Open sources - closed narratives
@sitreports
🔍 French ID Agency Breached, 19M Records Offered for Sale
France's Agence nationale des titres sécurisés (ANTS), the government body managing national ID cards, passports, and driver's licenses, confirmed a security incident on April 15 after detecting unauthorized data access. The agency disclosed that exposed data may include names, email addresses, birth dates, postal addresses, and account identifiers for an undisclosed number of citizens, though ANTS stated the data cannot be used to access electronic portals.
A threat actor using the alias 'breach3d' claimed responsibility on April 16, alleging theft of 19 million records and offering the dataset for sale on underground forums. ANTS has notified France's data protection authority and cybersecurity agency while warning citizens of heightened phishing risk.
🛰️ Open sources - closed narratives
@sitreports
France's Agence nationale des titres sécurisés (ANTS), the government body managing national ID cards, passports, and driver's licenses, confirmed a security incident on April 15 after detecting unauthorized data access. The agency disclosed that exposed data may include names, email addresses, birth dates, postal addresses, and account identifiers for an undisclosed number of citizens, though ANTS stated the data cannot be used to access electronic portals.
A threat actor using the alias 'breach3d' claimed responsibility on April 16, alleging theft of 19 million records and offering the dataset for sale on underground forums. ANTS has notified France's data protection authority and cybersecurity agency while warning citizens of heightened phishing risk.
🛰️ Open sources - closed narratives
@sitreports
🔫 Lotus Wiper Targets Venezuelan Critical Infrastructure
A previously undocumented data-wiping malware named Lotus was deployed against Venezuelan energy and utility organizations in late 2025. The malware operates in stages, using batch scripts to disable security features before deploying a payload that overwrites physical drives, clears recovery points, and systematically destroys files to render systems unrecoverable.
The attacks coincide with a mid-December cyberattack on state oil company PDVSA that disrupted delivery systems. Kaspersky researchers note that Lotus's low-level disk operations and multiple overwrite cycles indicate sophisticated design aimed at permanent data destruction in critical infrastructure.
🛰️ Open sources - closed narratives
@sitreports
A previously undocumented data-wiping malware named Lotus was deployed against Venezuelan energy and utility organizations in late 2025. The malware operates in stages, using batch scripts to disable security features before deploying a payload that overwrites physical drives, clears recovery points, and systematically destroys files to render systems unrecoverable.
The attacks coincide with a mid-December cyberattack on state oil company PDVSA that disrupted delivery systems. Kaspersky researchers note that Lotus's low-level disk operations and multiple overwrite cycles indicate sophisticated design aimed at permanent data destruction in critical infrastructure.
🛰️ Open sources - closed narratives
@sitreports
🎭 Ransomware Negotiator Pleads Guilty to BlackCat Collusion
Angelo Martino, 41, a Florida-based ransomware negotiator, admitted to secretly aiding BlackCat operators between April and November 2023. According to court documents, Martino shared sensitive client data—including insurance limits and negotiation strategies—from at least five victim cases, enabling attackers to maximize ransom demands. One victim paid approximately $1.2M in Bitcoin.
Martino conspired with two other cybersecurity professionals who previously pleaded guilty. Law enforcement seized over $10M in assets, including cryptocurrency, vehicles, and a luxury fishing boat. He faces up to 20 years in prison, with sentencing scheduled for July 9.
🛰️ Open sources - closed narratives
@sitreports
Angelo Martino, 41, a Florida-based ransomware negotiator, admitted to secretly aiding BlackCat operators between April and November 2023. According to court documents, Martino shared sensitive client data—including insurance limits and negotiation strategies—from at least five victim cases, enabling attackers to maximize ransom demands. One victim paid approximately $1.2M in Bitcoin.
Martino conspired with two other cybersecurity professionals who previously pleaded guilty. Law enforcement seized over $10M in assets, including cryptocurrency, vehicles, and a luxury fishing boat. He faces up to 20 years in prison, with sentencing scheduled for July 9.
🛰️ Open sources - closed narratives
@sitreports
🔫 CISA Flags Active Exploitation of Cisco SD-WAN Vulnerabilities
CISA added three Cisco Catalyst SD-WAN Manager flaws to its Known Exploited Vulnerabilities catalog with a four-day federal patching deadline. CVE-2026-20128 and CVE-2026-20122 enable unauthenticated remote attackers to gain DCA privileges and overwrite files, while CVE-2026-20133 permits unauthorized information disclosure. Cisco patched all vulnerabilities in February but confirmed active exploitation of two CVEs in March.
Catalyst SD-WAN Manager controls up to 6,000 edge devices per cluster, making successful exploitation operationally significant for enterprise network infrastructure. This marks at least five Cisco SD-WAN CVEs on CISA's KEV list since February, indicating sustained adversary focus on the platform.
🛰️ Open sources - closed narratives
@sitreports
CISA added three Cisco Catalyst SD-WAN Manager flaws to its Known Exploited Vulnerabilities catalog with a four-day federal patching deadline. CVE-2026-20128 and CVE-2026-20122 enable unauthenticated remote attackers to gain DCA privileges and overwrite files, while CVE-2026-20133 permits unauthorized information disclosure. Cisco patched all vulnerabilities in February but confirmed active exploitation of two CVEs in March.
Catalyst SD-WAN Manager controls up to 6,000 edge devices per cluster, making successful exploitation operationally significant for enterprise network infrastructure. This marks at least five Cisco SD-WAN CVEs on CISA's KEV list since February, indicating sustained adversary focus on the platform.
🛰️ Open sources - closed narratives
@sitreports
🔫 SystemBC C2 Server Exposes 1,570+ Victims of The Gentlemen Ransomware
A compromised SystemBC command-and-control server has revealed over 1,570 victim endpoints linked to The Gentlemen ransomware operation. SystemBC, a SOCKS5 proxy malware, enables operators to establish covert communication channels and facilitate lateral movement within compromised networks while masking malicious traffic.
The exposure of victim data according to reporting provides rare visibility into the operational scale of an active ransomware campaign. The use of SystemBC as infrastructure underscores the continued reliance on proxy-based persistence tools to evade detection and maintain access across targeted environments.
🛰️ Open sources - closed narratives
@sitreports
A compromised SystemBC command-and-control server has revealed over 1,570 victim endpoints linked to The Gentlemen ransomware operation. SystemBC, a SOCKS5 proxy malware, enables operators to establish covert communication channels and facilitate lateral movement within compromised networks while masking malicious traffic.
The exposure of victim data according to reporting provides rare visibility into the operational scale of an active ransomware campaign. The use of SystemBC as infrastructure underscores the continued reliance on proxy-based persistence tools to evade detection and maintain access across targeted environments.
🛰️ Open sources - closed narratives
@sitreports
🔫 22 Vulnerabilities Target Serial-to-IP Bridge Devices
Security researchers disclosed 22 vulnerabilities collectively named BRIDGE:BREAK affecting approximately 20,000 internet-exposed Lantronix and Silex serial-to-IP converters. The flaws enable remote code execution, authentication bypass, and denial-of-service attacks against devices widely deployed in industrial control systems, building automation, and medical infrastructure.
Thousands of vulnerable devices identified through OSINT scanning underscore systemic patching challenges in embedded industrial systems where firmware updates often require physical access or operational downtime.
🛰️ Open sources - closed narratives
@sitreports
Security researchers disclosed 22 vulnerabilities collectively named BRIDGE:BREAK affecting approximately 20,000 internet-exposed Lantronix and Silex serial-to-IP converters. The flaws enable remote code execution, authentication bypass, and denial-of-service attacks against devices widely deployed in industrial control systems, building automation, and medical infrastructure.
Thousands of vulnerable devices identified through OSINT scanning underscore systemic patching challenges in embedded industrial systems where firmware updates often require physical access or operational downtime.
🛰️ Open sources - closed narratives
@sitreports
📡 USAF deprioritizes sixth-gen tanker airframe, shifts to mission systems development
The U.S. Air Force is reallocating Next Generation Air-refueling System (NGAS) funds to a new Advanced Tanker Systems (ATS) initiative in FY27, requesting $13M for mission systems such as connectivity, electronic warfare, and defensive capabilities rather than immediate aircraft development. The service will continue NGAS analysis of alternatives while according to budget officials, focusing near-term efforts on resilient systems for contested environments.
The pivot reflects ongoing strategic uncertainty driven by budget constraints and fleet health assessments. A 75-aircraft KC-46 procurement extension serves as interim capacity while NGAS evolves toward a potential "family of systems" model mixing manned and unmanned platforms.
🛰️ Open sources - closed narratives
@sitreports
The U.S. Air Force is reallocating Next Generation Air-refueling System (NGAS) funds to a new Advanced Tanker Systems (ATS) initiative in FY27, requesting $13M for mission systems such as connectivity, electronic warfare, and defensive capabilities rather than immediate aircraft development. The service will continue NGAS analysis of alternatives while according to budget officials, focusing near-term efforts on resilient systems for contested environments.
The pivot reflects ongoing strategic uncertainty driven by budget constraints and fleet health assessments. A 75-aircraft KC-46 procurement extension serves as interim capacity while NGAS evolves toward a potential "family of systems" model mixing manned and unmanned platforms.
🛰️ Open sources - closed narratives
@sitreports