π CISA Flags Exploited F5 BIG-IP Flaw
CISA has added CVE-2025-53521, an actively exploited vulnerability in F5 BIG-IP, to its Known Exploited Vulnerabilities catalog. According to the CISA advisory, threat actors are leveraging the flaw in confirmed real-world attacks against enterprise and government networks.
F5 BIG-IP appliances function as load balancers and application delivery controllers at network perimeters, making them high-value targets for initial access. Active exploitation of edge infrastructure vulnerabilities follows an established pattern of adversaries prioritizing network boundary devices over endpoint-level intrusion.
π°οΈ Open sources - closed narratives
@sitreports
CISA has added CVE-2025-53521, an actively exploited vulnerability in F5 BIG-IP, to its Known Exploited Vulnerabilities catalog. According to the CISA advisory, threat actors are leveraging the flaw in confirmed real-world attacks against enterprise and government networks.
F5 BIG-IP appliances function as load balancers and application delivery controllers at network perimeters, making them high-value targets for initial access. Active exploitation of edge infrastructure vulnerabilities follows an established pattern of adversaries prioritizing network boundary devices over endpoint-level intrusion.
π°οΈ Open sources - closed narratives
@sitreports
π΄ Fortinet EMS Flaw Actively Exploited
A critical vulnerability in Fortinet's FortiClient EMS platform is under active exploitation, per threat intelligence firm Defused. The FortiClient flaw affects endpoint management infrastructure, positioning it as a high-value target for initial access operations against enterprise networks.
FortiClient EMS manages endpoint security policies across organizations, meaning successful exploitation can yield broad lateral movement potential. The transition from disclosed vulnerability to active exploitation follows a compressed timeline increasingly common with high-severity Fortinet CVEs, several of which have been weaponized by state-linked and financially motivated actors in prior campaigns.
π°οΈ Open sources - closed narratives
@sitreports
A critical vulnerability in Fortinet's FortiClient EMS platform is under active exploitation, per threat intelligence firm Defused. The FortiClient flaw affects endpoint management infrastructure, positioning it as a high-value target for initial access operations against enterprise networks.
FortiClient EMS manages endpoint security policies across organizations, meaning successful exploitation can yield broad lateral movement potential. The transition from disclosed vulnerability to active exploitation follows a compressed timeline increasingly common with high-severity Fortinet CVEs, several of which have been weaponized by state-linked and financially motivated actors in prior campaigns.
π°οΈ Open sources - closed narratives
@sitreports
Forwarded from Rybar in English
Media is too big
VIEW IN TELEGRAM
all major events of the Iran war in 4 minutes
The American plan regarding Iran consisted of a rapid suppression of combat potential, as well as the elimination of the command system, which according to the logic of American and Israeli authorities should have led to the fall of the current state system.
However, the US did not account for planning errors in the strikes, nor for who would replace the killed commanders and leaders of the Islamic Republic, nor for how Iranian units would respond to the aggression unleashed by the US and Israel.
Instead of a small victorious war, the White House got a quagmire that is dragging in not only the United States, but the entire world. And there is no end to these events in sight.
To see what the Americans tried to achieve and how everything went wrong for them, watch our new video.
Please open Telegram to view this post
VIEW IN TELEGRAM
π Russia Escalates VPN Suppression Campaign
Russia's digital minister announced plans to further restrict VPN access, tools currently used by millions of Russian citizens to bypass state internet controls and censorship filters.
The move extends an existing regulatory trajectory in which Roskomnadzor has progressively narrowed the technical circumvention options available to domestic users. Targeting VPN infrastructure at scale represents a structural tightening of sovereign internet controls rather than enforcement against individual users.
π°οΈ Open sources - closed narratives
@sitreports
Russia's digital minister announced plans to further restrict VPN access, tools currently used by millions of Russian citizens to bypass state internet controls and censorship filters.
The move extends an existing regulatory trajectory in which Roskomnadzor has progressively narrowed the technical circumvention options available to domestic users. Targeting VPN infrastructure at scale represents a structural tightening of sovereign internet controls rather than enforcement against individual users.
π°οΈ Open sources - closed narratives
@sitreports
Forwarded from DD Geopolitics
Media is too big
VIEW IN TELEGRAM
πΊπ¦π·πΊ BREAKING | Video evidence has emerged showing that Ukrainian interceptor drones cannot damage Russian Geran drones. The interceptors simply explode, while the Gerans continue flying.
π΄ @DDGeopolitics | Socials | Donate | Advertising
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from The Islander
Telegram
DD Geopolitics
πΊπ¦π·πΊ BREAKING | Video evidence has emerged showing that Ukrainian interceptor drones cannot damage Russian Geran drones. The interceptors simply explode, while the Gerans continue flying.
π΄@DDGeopolitics | Socials | Donate | Advertising
π΄@DDGeopolitics | Socials | Donate | Advertising
Videos have emerged showing Ukranian interceptor drones clashing with Russian Geran drones.
According to media reports, Zelenskyy is asking the UAE and Qatar for between $35 billion and $50 billion to help procure interceptor drones. The only thing is, he didnβt tell his clients that Ukrainian interceptor drones are practically useless.
πSubscribe @TheIslanderNews
Donate - Support Our Work
According to media reports, Zelenskyy is asking the UAE and Qatar for between $35 billion and $50 billion to help procure interceptor drones. The only thing is, he didnβt tell his clients that Ukrainian interceptor drones are practically useless.
πSubscribe @TheIslanderNews
Donate - Support Our Work
π Dutch Finance Ministry Portal Breached
The Dutch Ministry of Finance took its treasury banking portal and associated systems offline following a confirmed breach detected two weeks prior to the shutdown. The delay between detection and public disclosure indicates the ministry conducted initial internal assessment before moving to containment.
The targeted system handled treasury banking functions β a segment of government financial infrastructure with direct access to state payment operations. Offline isolation of such portals is standard procedure when the scope of unauthorized access has not been fully determined.
The Dutch Ministry of Finance took its treasury banking portal and associated systems offline following a confirmed breach detected two weeks prior to the shutdown. The delay between detection and public disclosure indicates the ministry conducted initial internal assessment before moving to containment.
The targeted system handled treasury banking functions β a segment of government financial infrastructure with direct access to state payment operations. Offline isolation of such portals is standard procedure when the scope of unauthorized access has not been fully determined.
π Claude AI Locates RCE Zero-Days
Anthropic's Claude model identified critical remote code execution vulnerabilities in Vim and Emacs after being issued a minimal prompt instructing it to locate a file-triggered zero-day. The model proceeded to analyze both editors' codebases and surfaced exploitable flaws without further human guidance.
The result demonstrates that LLM-assisted vulnerability discovery now operates at a functional level with minimal operator input. The ability to surface zero-days from an informal, unstructured prompt compresses the skill threshold required to conduct original security research against widely deployed software.
π°οΈ Open sources - closed narratives
@sitreports
Anthropic's Claude model identified critical remote code execution vulnerabilities in Vim and Emacs after being issued a minimal prompt instructing it to locate a file-triggered zero-day. The model proceeded to analyze both editors' codebases and surfaced exploitable flaws without further human guidance.
The result demonstrates that LLM-assisted vulnerability discovery now operates at a functional level with minimal operator input. The ability to surface zero-days from an informal, unstructured prompt compresses the skill threshold required to conduct original security research against widely deployed software.
π°οΈ Open sources - closed narratives
@sitreports
π Axios npm Compromise Deploys Cross-Platform RAT
Axios versions 1.14.1 and 0.30.4 were trojanized following an npm account compromise on March 31, 2026. The malicious packages injected a dependency β plain-crypto-js@4.2.1 β which deployed a cross-platform RAT on affected systems.
The attack follows an established supply chain pattern: compromise a maintainer account, push a poisoned version of a widely-used package, and propagate malware through legitimate dependency resolution. Axios is a high-volume HTTP client library with substantial downstream reach across Node.js and browser environments, broadening the potential exposure surface.
π°οΈ Open sources - closed narratives
@sitreports
Axios versions 1.14.1 and 0.30.4 were trojanized following an npm account compromise on March 31, 2026. The malicious packages injected a dependency β plain-crypto-js@4.2.1 β which deployed a cross-platform RAT on affected systems.
The attack follows an established supply chain pattern: compromise a maintainer account, push a poisoned version of a widely-used package, and propagate malware through legitimate dependency resolution. Axios is a high-volume HTTP client library with substantial downstream reach across Node.js and browser environments, broadening the potential exposure surface.
π°οΈ Open sources - closed narratives
@sitreports
π North Korea Poisons Axios npm Packages
Google has attributed a supply chain attack targeting the Axios npm library to North Korean threat cluster UNC1069. Trojanized versions 1.14.1 and 0.30.4 were used to distribute malware designated WAVESHAPER.V2 across multiple operating systems.
The operation follows an established DPRK pattern of embedding malicious code in widely-used open-source packages to achieve broad downstream compromise. Axios is a high-volume HTTP client library, making version-level tampering an efficient vector for reaching targets across disparate development environments.
π° Open sources - closed narratives
@sitreports
Google has attributed a supply chain attack targeting the Axios npm library to North Korean threat cluster UNC1069. Trojanized versions 1.14.1 and 0.30.4 were used to distribute malware designated WAVESHAPER.V2 across multiple operating systems.
The operation follows an established DPRK pattern of embedding malicious code in widely-used open-source packages to achieve broad downstream compromise. Axios is a high-volume HTTP client library, making version-level tampering an efficient vector for reaching targets across disparate development environments.
π° Open sources - closed narratives
@sitreports
π TrueConf Zero-Day Hits Southeast Asia
A zero-day vulnerability in TrueConf, tracked as CVE-2026-3502 with a CVSS score of 7.8, has been exploited in targeted attacks against government entities across Southeast Asia. The campaign has been designated Operation TrueChaos by researchers tracking the activity.
The exploitation of video conferencing infrastructure against government targets follows a documented pattern of threat actors prioritizing communication platforms as initial access vectors. A CVSS score of 7.8 indicates high-severity local or network exploitability, consistent with post-authentication or adjacent-network attack chains typically used in targeted intrusion operations.
π°οΈ Open sources - closed narratives
@sitreports
A zero-day vulnerability in TrueConf, tracked as CVE-2026-3502 with a CVSS score of 7.8, has been exploited in targeted attacks against government entities across Southeast Asia. The campaign has been designated Operation TrueChaos by researchers tracking the activity.
The exploitation of video conferencing infrastructure against government targets follows a documented pattern of threat actors prioritizing communication platforms as initial access vectors. A CVSS score of 7.8 indicates high-severity local or network exploitability, consistent with post-authentication or adjacent-network attack chains typically used in targeted intrusion operations.
π°οΈ Open sources - closed narratives
@sitreports
π Claude Code Source Exposes Data Collection
A source code leak of Anthropic's Claude Code tool has revealed the scope of system and user data the application collects during operation, according to The Register's analysis. The exposed code details telemetry collection covering local system environment, file paths, and session activity transmitted to Anthropic's infrastructure.
The disclosure fits a pattern of AI developer tooling accumulating substantially broader telemetry than disclosed in user-facing documentation. CLI-based coding assistants operate with elevated local permissions by design, creating a collection surface that extends beyond the interaction log into the host system environment.
π°οΈ Open sources - closed narratives
@sitreports
A source code leak of Anthropic's Claude Code tool has revealed the scope of system and user data the application collects during operation, according to The Register's analysis. The exposed code details telemetry collection covering local system environment, file paths, and session activity transmitted to Anthropic's infrastructure.
The disclosure fits a pattern of AI developer tooling accumulating substantially broader telemetry than disclosed in user-facing documentation. CLI-based coding assistants operate with elevated local permissions by design, creating a collection surface that extends beyond the interaction log into the host system environment.
π°οΈ Open sources - closed narratives
@sitreports
π Iran Sprays M365, Targets Missile Strike Cities
Iranian threat actors have conducted password-spraying campaigns against Microsoft 365 accounts, with researchers identifying a pattern in the target selection: affected accounts correlate geographically with cities previously hit by Iranian missile strikes.
The overlap between kinetic strike locations and credential-access targets indicates a coordinated intelligence-collection effort running parallel to, or following, physical strike operations. Password spraying against M365 β using low-volume attempts across many accounts to avoid lockout β is a low-cost, low-signature method suited for sustained access rather than one-time exploitation.
The pattern fits established doctrine of pairing kinetic operations with follow-on signals collection against surviving infrastructure and personnel in the same geographic zones.
π°οΈ Open sources - closed narratives
@sitreports
Iranian threat actors have conducted password-spraying campaigns against Microsoft 365 accounts, with researchers identifying a pattern in the target selection: affected accounts correlate geographically with cities previously hit by Iranian missile strikes.
The overlap between kinetic strike locations and credential-access targets indicates a coordinated intelligence-collection effort running parallel to, or following, physical strike operations. Password spraying against M365 β using low-volume attempts across many accounts to avoid lockout β is a low-cost, low-signature method suited for sustained access rather than one-time exploitation.
The pattern fits established doctrine of pairing kinetic operations with follow-on signals collection against surviving infrastructure and personnel in the same geographic zones.
π°οΈ Open sources - closed narratives
@sitreports
π» Cisco Source Code Stolen via Trivy
A threat actor used credentials obtained through the Trivy supply chain compromise to access Cisco's internal development environment, exfiltrating source code belonging to Cisco and an undisclosed number of its customers.
The incident illustrates how supply chain breaches function as credential harvesting operations with delayed downstream impact. A single compromise in a shared developer toolchain β in this case Trivy, a widely used vulnerability scanner β yields access to multiple organizations through legitimate-appearing authentication.
For Cisco customers whose proprietary code was stored in the affected environment, the exposure extends beyond the vendor relationship into potential intellectual property and vulnerability disclosure risk.
π°οΈ Open sources - closed narratives
@sitreports
A threat actor used credentials obtained through the Trivy supply chain compromise to access Cisco's internal development environment, exfiltrating source code belonging to Cisco and an undisclosed number of its customers.
The incident illustrates how supply chain breaches function as credential harvesting operations with delayed downstream impact. A single compromise in a shared developer toolchain β in this case Trivy, a widely used vulnerability scanner β yields access to multiple organizations through legitimate-appearing authentication.
For Cisco customers whose proprietary code was stored in the affected environment, the exposure extends beyond the vendor relationship into potential intellectual property and vulnerability disclosure risk.
π°οΈ Open sources - closed narratives
@sitreports
π Pentagon Advances Drone Swarm Program
The U.S. Department of Defense is preparing a drone swarm testing initiative designated Swarm Forge, classified as one of several pace-setting projects directed by Defense Secretary Pete Hegseth in a departmental memo on AI integration.
The initiative fits a broader DoD pattern of accelerating autonomous systems development under direct secretarial mandate, placing swarm coordination alongside other AI-priority programs at the institutional level. Designating such projects as pace-setters signals resource prioritization and reduced bureaucratic friction in acquisition and testing cycles.
π°οΈ Open sources - closed narratives
@sitreports
The U.S. Department of Defense is preparing a drone swarm testing initiative designated Swarm Forge, classified as one of several pace-setting projects directed by Defense Secretary Pete Hegseth in a departmental memo on AI integration.
The initiative fits a broader DoD pattern of accelerating autonomous systems development under direct secretarial mandate, placing swarm coordination alongside other AI-priority programs at the institutional level. Designating such projects as pace-setters signals resource prioritization and reduced bureaucratic friction in acquisition and testing cycles.
π°οΈ Open sources - closed narratives
@sitreports
π Pentagon Deploys Bunkers, Tech for Iran
As of March 31, U.S. Central Command has recorded at least 348 U.S. military personnel wounded in the ongoing Iran war. The casualty figures accompany Pentagon moves to expand hardened shelter capacity and additional force protection technologies under Operation Epic Fury.
The push toward increased bunker infrastructure signals a sustained threat environment requiring passive defense solutions alongside active measures. Prioritizing physical hardening reflects an operational assessment that personnel exposure to indirect fire or aerial attack remains a persistent variable in the theater.
π° Open sources - closed narratives
@sitreports
As of March 31, U.S. Central Command has recorded at least 348 U.S. military personnel wounded in the ongoing Iran war. The casualty figures accompany Pentagon moves to expand hardened shelter capacity and additional force protection technologies under Operation Epic Fury.
The push toward increased bunker infrastructure signals a sustained threat environment requiring passive defense solutions alongside active measures. Prioritizing physical hardening reflects an operational assessment that personnel exposure to indirect fire or aerial attack remains a persistent variable in the theater.
π° Open sources - closed narratives
@sitreports
π TSMC Japan 3nm Production 2028
TSMC's second factory in Japan is scheduled to begin equipment installation and mass production of 3-nanometre wafers in 2028, according to a Taiwanese government filing. The facility marks TSMC's continued geographic expansion of advanced-node manufacturing beyond Taiwan.
The 3nm node is currently among the most capable process technologies in volume production. Establishing this capacity in Japan shifts a portion of leading-edge semiconductor output into a second jurisdiction, reducing single-point geographic concentration in TSMC's production network.
π°οΈ Open sources - closed narratives
@sitreports
TSMC's second factory in Japan is scheduled to begin equipment installation and mass production of 3-nanometre wafers in 2028, according to a Taiwanese government filing. The facility marks TSMC's continued geographic expansion of advanced-node manufacturing beyond Taiwan.
The 3nm node is currently among the most capable process technologies in volume production. Establishing this capacity in Japan shifts a portion of leading-edge semiconductor output into a second jurisdiction, reducing single-point geographic concentration in TSMC's production network.
π°οΈ Open sources - closed narratives
@sitreports
βοΈ Iran Strike Hits AWS Bahrain
An Iranian strike damaged Amazon's cloud computing infrastructure in Bahrain, according to a Reuters report citing the Financial Times.
The incident marks a direct physical impact on commercial cloud infrastructure from state military action. AWS's Bahrain region serves as a primary node for Gulf-area enterprise and government workloads, making its degradation operationally significant beyond Amazon's commercial exposure.
The targeting β whether deliberate or incidental β establishes a data point on the physical vulnerability of hyperscaler infrastructure to conventional strike activity in contested regions.
π°οΈ Open sources - closed narratives
@sitreports
An Iranian strike damaged Amazon's cloud computing infrastructure in Bahrain, according to a Reuters report citing the Financial Times.
The incident marks a direct physical impact on commercial cloud infrastructure from state military action. AWS's Bahrain region serves as a primary node for Gulf-area enterprise and government workloads, making its degradation operationally significant beyond Amazon's commercial exposure.
The targeting β whether deliberate or incidental β establishes a data point on the physical vulnerability of hyperscaler infrastructure to conventional strike activity in contested regions.
π°οΈ Open sources - closed narratives
@sitreports
π€ Army Tests AI Strike Drone
The 101st Airborne Division integrated Northrop Grumman's Lumberjack one-way attack drone into a recent training exercise, pairing the system with the Army's Maven Smart System for AI-enabled targeting trials.
The Lumberjack is a loitering munition designed for single-use strike missions. Its integration with Maven β the Army's primary AI targeting platform β indicates a structural push toward machine-assisted engagement decisions at the division level, embedding autonomous strike capacity into conventional airborne formations.
π°οΈ Open sources - closed narratives
@sitreports
The 101st Airborne Division integrated Northrop Grumman's Lumberjack one-way attack drone into a recent training exercise, pairing the system with the Army's Maven Smart System for AI-enabled targeting trials.
The Lumberjack is a loitering munition designed for single-use strike missions. Its integration with Maven β the Army's primary AI targeting platform β indicates a structural push toward machine-assisted engagement decisions at the division level, embedding autonomous strike capacity into conventional airborne formations.
π°οΈ Open sources - closed narratives
@sitreports
π Handala Claims Israeli Defense Contractor Breach
Iranian hacker group Handala claims to have breached PSK Wind Technologies, a contractor responsible for designing and operating Israeli military command centers and air defense communication systems. The reported breach has not been independently confirmed.
The targeting of a third-party vendor embedded in the IDF supply chain follows an established pattern of perimeter bypass through contractor access. Direct military networks carry hardened defenses; vendors integrated into those networks frequently do not. Handala has previously used this method to reach assets that would otherwise require penetrating military-grade infrastructure.
π°οΈ Open sources - closed narratives
@sitreports
Iranian hacker group Handala claims to have breached PSK Wind Technologies, a contractor responsible for designing and operating Israeli military command centers and air defense communication systems. The reported breach has not been independently confirmed.
The targeting of a third-party vendor embedded in the IDF supply chain follows an established pattern of perimeter bypass through contractor access. Direct military networks carry hardened defenses; vendors integrated into those networks frequently do not. Handala has previously used this method to reach assets that would otherwise require penetrating military-grade infrastructure.
π°οΈ Open sources - closed narratives
@sitreports
π UAE Iran Strike Narratives Diverge
A Bellingcat open-source review finds that UAE official statements on Iranian drone and missile strikes do not consistently match physical evidence and imagery available through open-source channels. Discrepancies center on strike outcomes β whether intercepted or successful β and the extent of documented damage.
The pattern fits an established information management model in which regional governments control damage acknowledgment to limit political exposure and maintain deterrence posture. Selective disclosure of intercept claims, without corroborating debris or impact data, functions as a structural feature of official battlefield communication rather than an exception.
A Bellingcat open-source review finds that UAE official statements on Iranian drone and missile strikes do not consistently match physical evidence and imagery available through open-source channels. Discrepancies center on strike outcomes β whether intercepted or successful β and the extent of documented damage.
The pattern fits an established information management model in which regional governments control damage acknowledgment to limit political exposure and maintain deterrence posture. Selective disclosure of intercept claims, without corroborating debris or impact data, functions as a structural feature of official battlefield communication rather than an exception.