Recommending COMBATE | Uphold Reality for anyone following geopolitics beyond the CNN lens.
Unfiltered and ahead of the curve. The Iran war, West Asia, Latin America, and the broader geopolitical shift — with footage and analysis you're not getting from legacy media.
Subscribe
👉 t.me/uphold_reality
👉 x.com/upholdreality
Unfiltered and ahead of the curve. The Iran war, West Asia, Latin America, and the broader geopolitical shift — with footage and analysis you're not getting from legacy media.
Subscribe
👉 t.me/uphold_reality
👉 x.com/upholdreality
🔍 ShinyHunters Claims Commission Breach
ShinyHunters has claimed responsibility for a breach of the European Commission, with reported data dumps said to include content extracted from internal mail servers. The claim has not been independently verified by the Commission.
ShinyHunters is a persistent threat actor with a documented record of large-scale credential and data exfiltration operations across multiple sectors. Targeting institutional mail infrastructure indicates an intent to acquire correspondence, credentials, or metadata useful for follow-on operations rather than simple data resale.
🛰 Open sources - closed narratives
@sitreports
ShinyHunters has claimed responsibility for a breach of the European Commission, with reported data dumps said to include content extracted from internal mail servers. The claim has not been independently verified by the Commission.
ShinyHunters is a persistent threat actor with a documented record of large-scale credential and data exfiltration operations across multiple sectors. Targeting institutional mail infrastructure indicates an intent to acquire correspondence, credentials, or metadata useful for follow-on operations rather than simple data resale.
🛰 Open sources - closed narratives
@sitreports
🔍 Handala Breaches FBI Director's Email
Iran-linked Handala Hack group breached the personal email of the FBI Director and conducted a wiper attack against defense contractor Stryker, according to reporting on the intrusions. The operations occurred alongside U.S. seizures of Ministry of Intelligence and Security-linked domains.
The combination of personal account compromise and destructive payload deployment against a defense-sector target reflects a dual-track approach: intelligence collection paired with disruptive action. Wiper deployment against Stryker indicates escalation beyond reconnaissance into operational degradation.
Handala has previously targeted Israeli and Western entities with leak-and-destroy operations. The timing relative to the MOIS domain seizures suggests the intrusions function partly as retaliatory signaling at the infrastructure level.
🛰️ Open sources - closed narratives
@sitreports
Iran-linked Handala Hack group breached the personal email of the FBI Director and conducted a wiper attack against defense contractor Stryker, according to reporting on the intrusions. The operations occurred alongside U.S. seizures of Ministry of Intelligence and Security-linked domains.
The combination of personal account compromise and destructive payload deployment against a defense-sector target reflects a dual-track approach: intelligence collection paired with disruptive action. Wiper deployment against Stryker indicates escalation beyond reconnaissance into operational degradation.
Handala has previously targeted Israeli and Western entities with leak-and-destroy operations. The timing relative to the MOIS domain seizures suggests the intrusions function partly as retaliatory signaling at the infrastructure level.
🛰️ Open sources - closed narratives
@sitreports
🔍 Apple Pushes Lock Screen Exploit Alerts
Apple has begun delivering lock screen warnings to users of unpatched iPhones and iPads, directing them to install software updates in response to active web-based exploits. The lock screen warnings represent a shift in Apple's patch-urgency signaling — moving notification from settings menus to the device's primary interface layer.
Delivering security alerts at the lock screen level maximizes exposure to users who may not monitor system notifications or update prompts through standard channels. The method indicates Apple is treating the unpatched population as an active attack surface requiring direct intervention rather than passive update availability.
Apple has begun delivering lock screen warnings to users of unpatched iPhones and iPads, directing them to install software updates in response to active web-based exploits. The lock screen warnings represent a shift in Apple's patch-urgency signaling — moving notification from settings menus to the device's primary interface layer.
Delivering security alerts at the lock screen level maximizes exposure to users who may not monitor system notifications or update prompts through standard channels. The method indicates Apple is treating the unpatched population as an active attack surface requiring direct intervention rather than passive update availability.
📧 FBI Director's Email Compromised
The FBI has confirmed that the personal email account of Director Kash Patel was breached by Handala, a hacker group linked to Iran. The attackers published extracted photos and documents from the inbox.
The operation follows Handala's established pattern of targeting senior U.S. officials through personal rather than government infrastructure, where institutional security controls are absent. Personal accounts of high-value targets consistently represent the lowest-resistance vector for state-affiliated actors.
🛰️ Open sources - closed narratives
@sitreports
The FBI has confirmed that the personal email account of Director Kash Patel was breached by Handala, a hacker group linked to Iran. The attackers published extracted photos and documents from the inbox.
The operation follows Handala's established pattern of targeting senior U.S. officials through personal rather than government infrastructure, where institutional security controls are absent. Personal accounts of high-value targets consistently represent the lowest-resistance vector for state-affiliated actors.
🛰️ Open sources - closed narratives
@sitreports
Forwarded from Rybar in English
It seems time for British press releases, as another one of their intelligence officers has been exposed on Russian territory.
He worked in Russia under cover of a position as Second Secretary of the British Embassy in Moscow, deliberately providing false information when obtaining entry permission.
The Briton conducted intelligence and sabotage activities and attempted to obtain sensitive information during unofficial meetings with Russian economic experts.
Now the spy has been stripped of diplomatic accreditation and must leave Russian territory within two weeks, and Britain's Chargé d'Affaires Deyni Dolakia has already been summoned to the Russian Foreign Ministry building.
Given current trends in relations between the countries, intelligence services have much work ahead on this front. However, it is important to remember that amid mounting pressure specifically on British spies and diplomats, British representatives will seek ways to exert influence through intermediaries, such as diplomatic missions of other NATO countries or residencies in the CIS.
#Britain #Russia
Please open Telegram to view this post
VIEW IN TELEGRAM
📱 TA446 Deploys iOS Exploit Kit
Russia-linked APT TA446 is running targeted phishing campaigns against iPhone users using the DarkSword iOS exploit kit, according to reporting by Security Affairs. The operation combines a platform-specific exploitation framework with social engineering delivery — a pairing that indicates deliberate targeting rather than opportunistic access.
TA446's use of a dedicated iOS toolkit marks a shift from generic credential phishing toward device-level compromise. Deploying platform-specific exploit infrastructure against mobile targets reflects resource investment consistent with state-sponsored collection priorities.
🛰️ Open sources - closed narratives
@sitreports
Russia-linked APT TA446 is running targeted phishing campaigns against iPhone users using the DarkSword iOS exploit kit, according to reporting by Security Affairs. The operation combines a platform-specific exploitation framework with social engineering delivery — a pairing that indicates deliberate targeting rather than opportunistic access.
TA446's use of a dedicated iOS toolkit marks a shift from generic credential phishing toward device-level compromise. Deploying platform-specific exploit infrastructure against mobile targets reflects resource investment consistent with state-sponsored collection priorities.
🛰️ Open sources - closed narratives
@sitreports
🔍 Three Chinese Clusters Hit SEA Government
Three China-linked threat clusters conducted a coordinated 2025 cyber campaign against a Southeast Asian government, deploying multiple malware families to establish and maintain persistent access across targeted networks.
The simultaneous involvement of three distinct clusters points to a compartmentalized operational structure rather than a single actor — a pattern consistent with tasked collection efforts against a priority government target, where parallel intrusion teams reduce single-point-of-failure risk and expand access surface.
🛰️ Open sources - closed narratives
@sitreports
Three China-linked threat clusters conducted a coordinated 2025 cyber campaign against a Southeast Asian government, deploying multiple malware families to establish and maintain persistent access across targeted networks.
The simultaneous involvement of three distinct clusters points to a compartmentalized operational structure rather than a single actor — a pattern consistent with tasked collection efforts against a priority government target, where parallel intrusion teams reduce single-point-of-failure risk and expand access surface.
🛰️ Open sources - closed narratives
@sitreports
🔍 European Commission Confirms Europa.eu Breach
The European Commission has confirmed a data breach affecting its Europa.eu web platform following a cyberattack claimed by the ShinyHunters extortion group. The Commission acknowledged the incident after the threat actor publicly asserted responsibility.
ShinyHunters has a documented history of high-volume credential and database exfiltration across commercial and institutional targets. A confirmed breach of an EU Commission-linked platform indicates successful external access to infrastructure operated by a primary executive body of the European Union.
🛰️ Open sources - closed narratives
@sitreports
The European Commission has confirmed a data breach affecting its Europa.eu web platform following a cyberattack claimed by the ShinyHunters extortion group. The Commission acknowledged the incident after the threat actor publicly asserted responsibility.
ShinyHunters has a documented history of high-volume credential and database exfiltration across commercial and institutional targets. A confirmed breach of an EU Commission-linked platform indicates successful external access to infrastructure operated by a primary executive body of the European Union.
🛰️ Open sources - closed narratives
@sitreports
🔍 CISA Flags Exploited F5 BIG-IP Flaw
CISA has added CVE-2025-53521, an actively exploited vulnerability in F5 BIG-IP, to its Known Exploited Vulnerabilities catalog. According to the CISA advisory, threat actors are leveraging the flaw in confirmed real-world attacks against enterprise and government networks.
F5 BIG-IP appliances function as load balancers and application delivery controllers at network perimeters, making them high-value targets for initial access. Active exploitation of edge infrastructure vulnerabilities follows an established pattern of adversaries prioritizing network boundary devices over endpoint-level intrusion.
🛰️ Open sources - closed narratives
@sitreports
CISA has added CVE-2025-53521, an actively exploited vulnerability in F5 BIG-IP, to its Known Exploited Vulnerabilities catalog. According to the CISA advisory, threat actors are leveraging the flaw in confirmed real-world attacks against enterprise and government networks.
F5 BIG-IP appliances function as load balancers and application delivery controllers at network perimeters, making them high-value targets for initial access. Active exploitation of edge infrastructure vulnerabilities follows an established pattern of adversaries prioritizing network boundary devices over endpoint-level intrusion.
🛰️ Open sources - closed narratives
@sitreports
🔴 Fortinet EMS Flaw Actively Exploited
A critical vulnerability in Fortinet's FortiClient EMS platform is under active exploitation, per threat intelligence firm Defused. The FortiClient flaw affects endpoint management infrastructure, positioning it as a high-value target for initial access operations against enterprise networks.
FortiClient EMS manages endpoint security policies across organizations, meaning successful exploitation can yield broad lateral movement potential. The transition from disclosed vulnerability to active exploitation follows a compressed timeline increasingly common with high-severity Fortinet CVEs, several of which have been weaponized by state-linked and financially motivated actors in prior campaigns.
🛰️ Open sources - closed narratives
@sitreports
A critical vulnerability in Fortinet's FortiClient EMS platform is under active exploitation, per threat intelligence firm Defused. The FortiClient flaw affects endpoint management infrastructure, positioning it as a high-value target for initial access operations against enterprise networks.
FortiClient EMS manages endpoint security policies across organizations, meaning successful exploitation can yield broad lateral movement potential. The transition from disclosed vulnerability to active exploitation follows a compressed timeline increasingly common with high-severity Fortinet CVEs, several of which have been weaponized by state-linked and financially motivated actors in prior campaigns.
🛰️ Open sources - closed narratives
@sitreports
Forwarded from Rybar in English
Media is too big
VIEW IN TELEGRAM
all major events of the Iran war in 4 minutes
The American plan regarding Iran consisted of a rapid suppression of combat potential, as well as the elimination of the command system, which according to the logic of American and Israeli authorities should have led to the fall of the current state system.
However, the US did not account for planning errors in the strikes, nor for who would replace the killed commanders and leaders of the Islamic Republic, nor for how Iranian units would respond to the aggression unleashed by the US and Israel.
Instead of a small victorious war, the White House got a quagmire that is dragging in not only the United States, but the entire world. And there is no end to these events in sight.
To see what the Americans tried to achieve and how everything went wrong for them, watch our new video.
Please open Telegram to view this post
VIEW IN TELEGRAM
🔍 Russia Escalates VPN Suppression Campaign
Russia's digital minister announced plans to further restrict VPN access, tools currently used by millions of Russian citizens to bypass state internet controls and censorship filters.
The move extends an existing regulatory trajectory in which Roskomnadzor has progressively narrowed the technical circumvention options available to domestic users. Targeting VPN infrastructure at scale represents a structural tightening of sovereign internet controls rather than enforcement against individual users.
🛰️ Open sources - closed narratives
@sitreports
Russia's digital minister announced plans to further restrict VPN access, tools currently used by millions of Russian citizens to bypass state internet controls and censorship filters.
The move extends an existing regulatory trajectory in which Roskomnadzor has progressively narrowed the technical circumvention options available to domestic users. Targeting VPN infrastructure at scale represents a structural tightening of sovereign internet controls rather than enforcement against individual users.
🛰️ Open sources - closed narratives
@sitreports
Forwarded from DD Geopolitics
Media is too big
VIEW IN TELEGRAM
🇺🇦🇷🇺 BREAKING | Video evidence has emerged showing that Ukrainian interceptor drones cannot damage Russian Geran drones. The interceptors simply explode, while the Gerans continue flying.
🔴 @DDGeopolitics | Socials | Donate | Advertising
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from The Islander
Telegram
DD Geopolitics
🇺🇦🇷🇺 BREAKING | Video evidence has emerged showing that Ukrainian interceptor drones cannot damage Russian Geran drones. The interceptors simply explode, while the Gerans continue flying.
🔴@DDGeopolitics | Socials | Donate | Advertising
🔴@DDGeopolitics | Socials | Donate | Advertising
Videos have emerged showing Ukranian interceptor drones clashing with Russian Geran drones.
According to media reports, Zelenskyy is asking the UAE and Qatar for between $35 billion and $50 billion to help procure interceptor drones. The only thing is, he didn’t tell his clients that Ukrainian interceptor drones are practically useless.
🎙Subscribe @TheIslanderNews
Donate - Support Our Work
According to media reports, Zelenskyy is asking the UAE and Qatar for between $35 billion and $50 billion to help procure interceptor drones. The only thing is, he didn’t tell his clients that Ukrainian interceptor drones are practically useless.
🎙Subscribe @TheIslanderNews
Donate - Support Our Work
🔍 Dutch Finance Ministry Portal Breached
The Dutch Ministry of Finance took its treasury banking portal and associated systems offline following a confirmed breach detected two weeks prior to the shutdown. The delay between detection and public disclosure indicates the ministry conducted initial internal assessment before moving to containment.
The targeted system handled treasury banking functions — a segment of government financial infrastructure with direct access to state payment operations. Offline isolation of such portals is standard procedure when the scope of unauthorized access has not been fully determined.
The Dutch Ministry of Finance took its treasury banking portal and associated systems offline following a confirmed breach detected two weeks prior to the shutdown. The delay between detection and public disclosure indicates the ministry conducted initial internal assessment before moving to containment.
The targeted system handled treasury banking functions — a segment of government financial infrastructure with direct access to state payment operations. Offline isolation of such portals is standard procedure when the scope of unauthorized access has not been fully determined.
🔍 Claude AI Locates RCE Zero-Days
Anthropic's Claude model identified critical remote code execution vulnerabilities in Vim and Emacs after being issued a minimal prompt instructing it to locate a file-triggered zero-day. The model proceeded to analyze both editors' codebases and surfaced exploitable flaws without further human guidance.
The result demonstrates that LLM-assisted vulnerability discovery now operates at a functional level with minimal operator input. The ability to surface zero-days from an informal, unstructured prompt compresses the skill threshold required to conduct original security research against widely deployed software.
🛰️ Open sources - closed narratives
@sitreports
Anthropic's Claude model identified critical remote code execution vulnerabilities in Vim and Emacs after being issued a minimal prompt instructing it to locate a file-triggered zero-day. The model proceeded to analyze both editors' codebases and surfaced exploitable flaws without further human guidance.
The result demonstrates that LLM-assisted vulnerability discovery now operates at a functional level with minimal operator input. The ability to surface zero-days from an informal, unstructured prompt compresses the skill threshold required to conduct original security research against widely deployed software.
🛰️ Open sources - closed narratives
@sitreports
🔍 Axios npm Compromise Deploys Cross-Platform RAT
Axios versions 1.14.1 and 0.30.4 were trojanized following an npm account compromise on March 31, 2026. The malicious packages injected a dependency — plain-crypto-js@4.2.1 — which deployed a cross-platform RAT on affected systems.
The attack follows an established supply chain pattern: compromise a maintainer account, push a poisoned version of a widely-used package, and propagate malware through legitimate dependency resolution. Axios is a high-volume HTTP client library with substantial downstream reach across Node.js and browser environments, broadening the potential exposure surface.
🛰️ Open sources - closed narratives
@sitreports
Axios versions 1.14.1 and 0.30.4 were trojanized following an npm account compromise on March 31, 2026. The malicious packages injected a dependency — plain-crypto-js@4.2.1 — which deployed a cross-platform RAT on affected systems.
The attack follows an established supply chain pattern: compromise a maintainer account, push a poisoned version of a widely-used package, and propagate malware through legitimate dependency resolution. Axios is a high-volume HTTP client library with substantial downstream reach across Node.js and browser environments, broadening the potential exposure surface.
🛰️ Open sources - closed narratives
@sitreports
🔍 North Korea Poisons Axios npm Packages
Google has attributed a supply chain attack targeting the Axios npm library to North Korean threat cluster UNC1069. Trojanized versions 1.14.1 and 0.30.4 were used to distribute malware designated WAVESHAPER.V2 across multiple operating systems.
The operation follows an established DPRK pattern of embedding malicious code in widely-used open-source packages to achieve broad downstream compromise. Axios is a high-volume HTTP client library, making version-level tampering an efficient vector for reaching targets across disparate development environments.
🛰 Open sources - closed narratives
@sitreports
Google has attributed a supply chain attack targeting the Axios npm library to North Korean threat cluster UNC1069. Trojanized versions 1.14.1 and 0.30.4 were used to distribute malware designated WAVESHAPER.V2 across multiple operating systems.
The operation follows an established DPRK pattern of embedding malicious code in widely-used open-source packages to achieve broad downstream compromise. Axios is a high-volume HTTP client library, making version-level tampering an efficient vector for reaching targets across disparate development environments.
🛰 Open sources - closed narratives
@sitreports
🔍 TrueConf Zero-Day Hits Southeast Asia
A zero-day vulnerability in TrueConf, tracked as CVE-2026-3502 with a CVSS score of 7.8, has been exploited in targeted attacks against government entities across Southeast Asia. The campaign has been designated Operation TrueChaos by researchers tracking the activity.
The exploitation of video conferencing infrastructure against government targets follows a documented pattern of threat actors prioritizing communication platforms as initial access vectors. A CVSS score of 7.8 indicates high-severity local or network exploitability, consistent with post-authentication or adjacent-network attack chains typically used in targeted intrusion operations.
🛰️ Open sources - closed narratives
@sitreports
A zero-day vulnerability in TrueConf, tracked as CVE-2026-3502 with a CVSS score of 7.8, has been exploited in targeted attacks against government entities across Southeast Asia. The campaign has been designated Operation TrueChaos by researchers tracking the activity.
The exploitation of video conferencing infrastructure against government targets follows a documented pattern of threat actors prioritizing communication platforms as initial access vectors. A CVSS score of 7.8 indicates high-severity local or network exploitability, consistent with post-authentication or adjacent-network attack chains typically used in targeted intrusion operations.
🛰️ Open sources - closed narratives
@sitreports
🔍 Claude Code Source Exposes Data Collection
A source code leak of Anthropic's Claude Code tool has revealed the scope of system and user data the application collects during operation, according to The Register's analysis. The exposed code details telemetry collection covering local system environment, file paths, and session activity transmitted to Anthropic's infrastructure.
The disclosure fits a pattern of AI developer tooling accumulating substantially broader telemetry than disclosed in user-facing documentation. CLI-based coding assistants operate with elevated local permissions by design, creating a collection surface that extends beyond the interaction log into the host system environment.
🛰️ Open sources - closed narratives
@sitreports
A source code leak of Anthropic's Claude Code tool has revealed the scope of system and user data the application collects during operation, according to The Register's analysis. The exposed code details telemetry collection covering local system environment, file paths, and session activity transmitted to Anthropic's infrastructure.
The disclosure fits a pattern of AI developer tooling accumulating substantially broader telemetry than disclosed in user-facing documentation. CLI-based coding assistants operate with elevated local permissions by design, creating a collection surface that extends beyond the interaction log into the host system environment.
🛰️ Open sources - closed narratives
@sitreports