π₯οΈ Coast Guard Outsources Cutter Drone ISR
The U.S. Coast Guard has issued a requirement for contractors to supply and operate drone systems for intelligence, surveillance, and reconnaissance missions from both cutters and shore-based sites. The arrangement follows a contractor-owned, contractor-operated model, transferring equipment provision and mission execution to the private sector under Coast Guard contract.
The move fits a broader pattern across U.S. military and federal maritime services of disaggregating ISR capacity through commercial UAS operators rather than expanding organic military aviation assets. It indicates the Coast Guard is prioritizing operational flexibility and reduced acquisition overhead over in-house platform development.
π°οΈ Open sources - closed narratives
@sitreports
The U.S. Coast Guard has issued a requirement for contractors to supply and operate drone systems for intelligence, surveillance, and reconnaissance missions from both cutters and shore-based sites. The arrangement follows a contractor-owned, contractor-operated model, transferring equipment provision and mission execution to the private sector under Coast Guard contract.
The move fits a broader pattern across U.S. military and federal maritime services of disaggregating ISR capacity through commercial UAS operators rather than expanding organic military aviation assets. It indicates the Coast Guard is prioritizing operational flexibility and reduced acquisition overhead over in-house platform development.
π°οΈ Open sources - closed narratives
@sitreports
π MuddyWater Linked To Russian MaaS
Researchers have linked Iranian threat group MuddyWater to a Russian-operated malware-as-a-service platform in a campaign designated ChainShell operation.
The connection indicates cross-national infrastructure sharing between distinct state-aligned threat actors. MuddyWater's adoption of a Russian MaaS platform reduces its operational development overhead while introducing a layer of attribution complexity β separating tool origin from actor identity.
π°οΈ Open sources - closed narratives
@sitreports
Researchers have linked Iranian threat group MuddyWater to a Russian-operated malware-as-a-service platform in a campaign designated ChainShell operation.
The connection indicates cross-national infrastructure sharing between distinct state-aligned threat actors. MuddyWater's adoption of a Russian MaaS platform reduces its operational development overhead while introducing a layer of attribution complexity β separating tool origin from actor identity.
π°οΈ Open sources - closed narratives
@sitreports
Salman wants to use Islam as an alternative to diplomacy
King Salman appears to be weighing a calculated bet: that Islamic solidarity can achieve what conventional diplomacy has failed to deliver in the Iran conflict.
The signal came earlier than many noticed β Albir Krganov, head of the Spiritual Assembly of Muslims of Russia, back in March asked Saudi Arabia to organize a council and discuss the future of peace at the level of heads of Muslim states, a proposal that aligns precisely with Riyadh's interest in casting itself as the guardian of Muslim unity rather than a party to a geopolitical confrontation.
The logic behind using religion as a diplomatic instrument is not new, but the current moment gives it unusual traction. Iran's leadership speaks the language of Islamic legitimacy fluently, and a summit framed around Muslim solidarity rather than security guarantees or sanctions relief would give Tehran a face-saving framework to step back from the brink.
For Salman, successfully convening such a gathering would also cement Saudi Arabia's role as the indispensable center of the Islamic world β a prize worth pursuing regardless of whether the ceasefire holds.
@sitreports
King Salman appears to be weighing a calculated bet: that Islamic solidarity can achieve what conventional diplomacy has failed to deliver in the Iran conflict.
The signal came earlier than many noticed β Albir Krganov, head of the Spiritual Assembly of Muslims of Russia, back in March asked Saudi Arabia to organize a council and discuss the future of peace at the level of heads of Muslim states, a proposal that aligns precisely with Riyadh's interest in casting itself as the guardian of Muslim unity rather than a party to a geopolitical confrontation.
The logic behind using religion as a diplomatic instrument is not new, but the current moment gives it unusual traction. Iran's leadership speaks the language of Islamic legitimacy fluently, and a summit framed around Muslim solidarity rather than security guarantees or sanctions relief would give Tehran a face-saving framework to step back from the brink.
For Salman, successfully convening such a gathering would also cement Saudi Arabia's role as the indispensable center of the Islamic world β a prize worth pursuing regardless of whether the ceasefire holds.
@sitreports
Telegram
Rybar in English
πRussia Seeks Middle East Settlementπ
on RF mediation efforts in Middle East settlement
It is still too early to discuss the peace talks that are supposed to take place in Pakistan (especially since they have not even started yet). The events in the Middleβ¦
on RF mediation efforts in Middle East settlement
It is still too early to discuss the peace talks that are supposed to take place in Pakistan (especially since they have not even started yet). The events in the Middleβ¦
π Hungarian State Credentials Exposed Online
Nearly 800 Hungarian government login credentials surfaced in breach data, including accounts linked to defense ministries and NATO-affiliated systems. The credentials were associated with a threat actor operating under the handle FrankLampard.
The exposure of NATO-linked accounts alongside domestic state logins indicates the breach data carries potential counterintelligence value beyond Hungarian national infrastructure. Credential sets of this composition are consistent with infostealer-sourced collections, where malware aggregates logins indiscriminately across a compromised machine's stored sessions.
π°οΈ Open sources - closed narratives
@sitreports
Nearly 800 Hungarian government login credentials surfaced in breach data, including accounts linked to defense ministries and NATO-affiliated systems. The credentials were associated with a threat actor operating under the handle FrankLampard.
The exposure of NATO-linked accounts alongside domestic state logins indicates the breach data carries potential counterintelligence value beyond Hungarian national infrastructure. Credential sets of this composition are consistent with infostealer-sourced collections, where malware aggregates logins indiscriminately across a compromised machine's stored sessions.
π°οΈ Open sources - closed narratives
@sitreports
π‘ Law Enforcement Tracks 500M Devices
Citizen Lab has published findings that Webloc, a commercial surveillance platform, tracks up to 500 million devices by ingesting advertising ecosystem data. Multiple law enforcement agencies across jurisdictions have adopted the tool, conducting device tracking without warrants.
The operational model follows an established pattern: commercial data brokers aggregate location signals from ad networks, and the resulting datasets are licensed to government clients as a legal workaround to judicial oversight. Webloc represents a scaling of this infrastructure to near-global coverage.
π°οΈ Open sources - closed narratives
@sitreports
Citizen Lab has published findings that Webloc, a commercial surveillance platform, tracks up to 500 million devices by ingesting advertising ecosystem data. Multiple law enforcement agencies across jurisdictions have adopted the tool, conducting device tracking without warrants.
The operational model follows an established pattern: commercial data brokers aggregate location signals from ad networks, and the resulting datasets are licensed to government clients as a legal workaround to judicial oversight. Webloc represents a scaling of this infrastructure to near-global coverage.
π°οΈ Open sources - closed narratives
@sitreports
π Japan Funds Rapidus Chip R&D
Japan's Ministry of Economy, Trade and Industry approved an additional 631.5 billion yen in Rapidus funding to accelerate research and development at the domestic chipmaker. The total injection brings cumulative state support for the company to a substantial scale as Japan pursues indigenous advanced semiconductor production.
The move follows an established pattern of state-directed capital deployment in the semiconductor sector across multiple jurisdictions. Japan's ministry is using Rapidus as the primary vehicle for re-establishing domestic fabrication capability at leading-edge process nodes.
π°οΈ Open sources - closed narratives
@sitreports
Japan's Ministry of Economy, Trade and Industry approved an additional 631.5 billion yen in Rapidus funding to accelerate research and development at the domestic chipmaker. The total injection brings cumulative state support for the company to a substantial scale as Japan pursues indigenous advanced semiconductor production.
The move follows an established pattern of state-directed capital deployment in the semiconductor sector across multiple jurisdictions. Japan's ministry is using Rapidus as the primary vehicle for re-establishing domestic fabrication capability at leading-edge process nodes.
π°οΈ Open sources - closed narratives
@sitreports
π Red Hat Exits China Engineering
Red Hat has relocated its Chinese engineering operations to India, resulting in hundreds of redundancies across its mainland China team. According to The Register, the move is structured as a geographic realignment rather than a standard workforce reduction.
The decision follows a pattern of US technology firms restructuring their China-based engineering presence amid sustained regulatory and geopolitical friction between Washington and Beijing. Relocating technical headcount to India reduces exposure to Chinese data governance requirements and export control entanglements without eliminating regional capacity.
Red Hat, a subsidiary of IBM, joins a broader set of enterprise software vendors that have quietly shifted engineering dependencies away from Chinese jurisdiction over the past two years.
π°οΈ Open sources - closed narratives
@sitreports
Red Hat has relocated its Chinese engineering operations to India, resulting in hundreds of redundancies across its mainland China team. According to The Register, the move is structured as a geographic realignment rather than a standard workforce reduction.
The decision follows a pattern of US technology firms restructuring their China-based engineering presence amid sustained regulatory and geopolitical friction between Washington and Beijing. Relocating technical headcount to India reduces exposure to Chinese data governance requirements and export control entanglements without eliminating regional capacity.
Red Hat, a subsidiary of IBM, joins a broader set of enterprise software vendors that have quietly shifted engineering dependencies away from Chinese jurisdiction over the past two years.
π°οΈ Open sources - closed narratives
@sitreports
π Vance, Bessent Briefed CEOs Pre-Launch
A week before Anthropic released its Mythos model, U.S. Vice President JD Vance and Treasury Secretary Scott Bessent convened with senior technology executives to discuss AI model security and cyber attack response, according to a CNBC report.
The timing places the meeting directly ahead of a major frontier model release, indicating that executive branch engagement with AI security is being coordinated at the deployment cycle level rather than as post-incident response.
π°οΈ Open sources - closed narratives
@sitreports
A week before Anthropic released its Mythos model, U.S. Vice President JD Vance and Treasury Secretary Scott Bessent convened with senior technology executives to discuss AI model security and cyber attack response, according to a CNBC report.
The timing places the meeting directly ahead of a major frontier model release, indicating that executive branch engagement with AI security is being coordinated at the deployment cycle level rather than as post-incident response.
π°οΈ Open sources - closed narratives
@sitreports
π°οΈ Space Force Opens $1.8B SDA Pool
The U.S. Space Force has designated 14 companies eligible to compete under the Andromeda contract vehicle, a 10-year, $1.8 billion indefinite-delivery framework targeting next-generation space domain awareness capabilities.
Structuring the program as a multi-vendor pool over a decade allows the Space Force to issue task orders competitively across a pre-qualified vendor base, distributing development risk while maintaining procurement flexibility. The $1.8 billion ceiling defines the outer boundary of obligation, not guaranteed spend per vendor.
The U.S. Space Force has designated 14 companies eligible to compete under the Andromeda contract vehicle, a 10-year, $1.8 billion indefinite-delivery framework targeting next-generation space domain awareness capabilities.
Structuring the program as a multi-vendor pool over a decade allows the Space Force to issue task orders competitively across a pre-qualified vendor base, distributing development risk while maintaining procurement flexibility. The $1.8 billion ceiling defines the outer boundary of obligation, not guaranteed spend per vendor.
π JIATF-401 Commits $600M Counter-Drone
Joint Interagency Task Force 401 has confirmed over $600 million committed to counter-drone capabilities spanning Operation Epic Fury deployments and domestic programs, per Defense Scoop reporting. The task force indicated continued dispatch of counter-UAS assets to the Middle East under CENTCOM's operational umbrella.
The scale of the commitment reflects sustained institutional investment in counter-UAS as a primary force protection requirement rather than an ad hoc response. JIATF-401's dual mandate β covering both theater deployments and continental U.S. efforts β indicates the drone threat is being managed as a persistent, multi-domain problem across geographic boundaries.
π°οΈ Open sources - closed narratives
@sitreports
Joint Interagency Task Force 401 has confirmed over $600 million committed to counter-drone capabilities spanning Operation Epic Fury deployments and domestic programs, per Defense Scoop reporting. The task force indicated continued dispatch of counter-UAS assets to the Middle East under CENTCOM's operational umbrella.
The scale of the commitment reflects sustained institutional investment in counter-UAS as a primary force protection requirement rather than an ad hoc response. JIATF-401's dual mandate β covering both theater deployments and continental U.S. efforts β indicates the drone threat is being managed as a persistent, multi-domain problem across geographic boundaries.
π°οΈ Open sources - closed narratives
@sitreports
π 4,000 US Industrial Devices Exposed
Nearly 4,000 Rockwell Automation programmable logic controllers operating inside U.S. critical infrastructure networks remain exposed to the internet, constituting the primary attack surface targeted by Iranian-linked threat actors in ongoing operations against industrial systems.
PLCs of this type govern physical processes in energy, water, and manufacturing sectors. Internet-exposed industrial controllers represent a structural vulnerability: devices designed for isolated operational environments but connected to public networks without adequate segmentation or authentication controls.
Iranian-affiliated groups have demonstrated sustained focus on U.S. operational technology infrastructure. Targeting Rockwell hardware specifically indicates adversary familiarity with the vendor's deployment footprint across high-value sectors.
π°οΈ Open sources - closed narratives
@sitreports
Nearly 4,000 Rockwell Automation programmable logic controllers operating inside U.S. critical infrastructure networks remain exposed to the internet, constituting the primary attack surface targeted by Iranian-linked threat actors in ongoing operations against industrial systems.
PLCs of this type govern physical processes in energy, water, and manufacturing sectors. Internet-exposed industrial controllers represent a structural vulnerability: devices designed for isolated operational environments but connected to public networks without adequate segmentation or authentication controls.
Iranian-affiliated groups have demonstrated sustained focus on U.S. operational technology infrastructure. Targeting Rockwell hardware specifically indicates adversary familiarity with the vendor's deployment footprint across high-value sectors.
π°οΈ Open sources - closed narratives
@sitreports
π Pentagon Stands Up Economic Defense Unit
The U.S. Department of Defense has formally established the Economic Defense Unit via a memo signed by Deputy Defense Secretary Steve Feinberg, simultaneously creating the position of EDU director. The unit is structured to align military objectives with global financial instruments.
The move institutionalizes economic statecraft as a dedicated DoD function rather than a secondary coordination role. Embedding the capability at the deputy secretary level signals direct integration with senior defense planning rather than placement in a subordinate advisory capacity.
π°οΈ Open sources - closed narratives
@sitreports
The U.S. Department of Defense has formally established the Economic Defense Unit via a memo signed by Deputy Defense Secretary Steve Feinberg, simultaneously creating the position of EDU director. The unit is structured to align military objectives with global financial instruments.
The move institutionalizes economic statecraft as a dedicated DoD function rather than a secondary coordination role. Embedding the capability at the deputy secretary level signals direct integration with senior defense planning rather than placement in a subordinate advisory capacity.
π°οΈ Open sources - closed narratives
@sitreports
π‘ Section 702 Renewal Debate Returns
Section 702 of the Foreign Intelligence Surveillance Act, which authorizes mass collection of Americans' communications with foreign nationals abroad, is again approaching its reauthorization deadline. The Electronic Frontier Foundation has published a public mobilization call opposing a clean extension β meaning reauthorization without added restrictions or reforms.
The provision has followed a recurring legislative cycle: periodic expiration, institutional pressure for renewal, and passage with minimal structural change. A clean extension preserves existing collection authorities intact, including warrantless querying of the database for U.S. persons' communications β a mechanism that has drawn sustained legal challenge from civil liberties organizations.
π°οΈ Open sources - closed narratives
@sitreports
Section 702 of the Foreign Intelligence Surveillance Act, which authorizes mass collection of Americans' communications with foreign nationals abroad, is again approaching its reauthorization deadline. The Electronic Frontier Foundation has published a public mobilization call opposing a clean extension β meaning reauthorization without added restrictions or reforms.
The provision has followed a recurring legislative cycle: periodic expiration, institutional pressure for renewal, and passage with minimal structural change. A clean extension preserves existing collection authorities intact, including warrantless querying of the database for U.S. persons' communications β a mechanism that has drawn sustained legal challenge from civil liberties organizations.
π°οΈ Open sources - closed narratives
@sitreports
π Navy Deploys Drones, Hormuz Mines
U.S. Central Command announced that underwater drones will be deployed to clear Iranian mines from the Strait of Hormuz, according to a CENTCOM statement published Saturday.
The use of unmanned underwater vehicles for mine countermeasures reflects an operational shift away from crewed platforms in high-threat maritime environments. The Strait of Hormuz carries approximately one-fifth of global oil transit, making mine clearance there a logistics and force-protection priority for CENTCOM-assigned naval assets.
π°οΈ Open sources - closed narratives
@sitreports
U.S. Central Command announced that underwater drones will be deployed to clear Iranian mines from the Strait of Hormuz, according to a CENTCOM statement published Saturday.
The use of unmanned underwater vehicles for mine countermeasures reflects an operational shift away from crewed platforms in high-threat maritime environments. The Strait of Hormuz carries approximately one-fifth of global oil transit, making mine clearance there a logistics and force-protection priority for CENTCOM-assigned naval assets.
π°οΈ Open sources - closed narratives
@sitreports
π 5,219 PLCs Exposed to Iranian APTs
Censys researchers identified 5,219 internet-exposed Rockwell PLCs vulnerable to targeting by Iranian APT groups, with the exposed devices concentrated primarily in the United States. Censys recommended operators either secure or disconnect the affected hardware.
The finding reflects a persistent structural condition in industrial control system security: OT devices remain network-accessible beyond operational necessity. Iranian APT activity against ICS/SCADA infrastructure has been documented across energy, water, and manufacturing sectors, making Rockwell PLCs a recognized target class.
π°οΈ Open sources - closed narratives
@sitreports
Censys researchers identified 5,219 internet-exposed Rockwell PLCs vulnerable to targeting by Iranian APT groups, with the exposed devices concentrated primarily in the United States. Censys recommended operators either secure or disconnect the affected hardware.
The finding reflects a persistent structural condition in industrial control system security: OT devices remain network-accessible beyond operational necessity. Iranian APT activity against ICS/SCADA infrastructure has been documented across energy, water, and manufacturing sectors, making Rockwell PLCs a recognized target class.
π°οΈ Open sources - closed narratives
@sitreports
π AI Confirmed in Government Cyberattacks
A newly released technical report confirms that artificial intelligence tools are being actively deployed in advanced cyberattacks targeting government agencies, corroborating earlier threat assessments that had flagged this operational shift.
The development marks a structural transition in offensive cyber operations β AI integration moves attack capability beyond manual exploitation, enabling faster reconnaissance, adaptive evasion, and scaled targeting against institutional infrastructure.
π°οΈ Open sources - closed narratives
@sitreports
A newly released technical report confirms that artificial intelligence tools are being actively deployed in advanced cyberattacks targeting government agencies, corroborating earlier threat assessments that had flagged this operational shift.
The development marks a structural transition in offensive cyber operations β AI integration moves attack capability beyond manual exploitation, enabling faster reconnaissance, adaptive evasion, and scaled targeting against institutional infrastructure.
π°οΈ Open sources - closed narratives
@sitreports
π Iranian APT Targets Rockwell PLCs
On April 7, 2026, U.S. cybersecurity and defense agencies issued a joint advisory confirming that Iranian-linked threat actors are actively targeting Rockwell Automation programmable logic controllers exposed on public networks.
Thousands of Rockwell PLCs remain internet-accessible, presenting a persistent attack surface across industrial and critical infrastructure sectors. Iranian APT activity against operational technology follows an established pattern of pre-positioning within control system environments rather than immediate disruption.
The advisory indicates coordinated federal recognition of an active targeting cycle, not a theoretical threat model. PLC exposure at this scale reflects systemic integration failures between IT and OT security practices across affected operators.
π°οΈ Open sources - closed narratives
@sitreports
On April 7, 2026, U.S. cybersecurity and defense agencies issued a joint advisory confirming that Iranian-linked threat actors are actively targeting Rockwell Automation programmable logic controllers exposed on public networks.
Thousands of Rockwell PLCs remain internet-accessible, presenting a persistent attack surface across industrial and critical infrastructure sectors. Iranian APT activity against operational technology follows an established pattern of pre-positioning within control system environments rather than immediate disruption.
The advisory indicates coordinated federal recognition of an active targeting cycle, not a theoretical threat model. PLC exposure at this scale reflects systemic integration failures between IT and OT security practices across affected operators.
π°οΈ Open sources - closed narratives
@sitreports
π Adobe Patches Acrobat Reader Zero-Day
Adobe released security bulletin APSB26-43 on April 11, 2026, patching CVE-2026-34621, a zero-day vulnerability in Acrobat Reader confirmed as actively exploited prior to the patch.
Acrobat Reader's near-universal deployment across enterprise and government environments makes unpatched zero-days in the application a reliable vector for initial access operations. Active exploitation prior to disclosure indicates the flaw was weaponized before Adobe's detection cycle closed.
π°οΈ Open sources - closed narratives
@sitreports
Adobe released security bulletin APSB26-43 on April 11, 2026, patching CVE-2026-34621, a zero-day vulnerability in Acrobat Reader confirmed as actively exploited prior to the patch.
Acrobat Reader's near-universal deployment across enterprise and government environments makes unpatched zero-days in the application a reliable vector for initial access operations. Active exploitation prior to disclosure indicates the flaw was weaponized before Adobe's detection cycle closed.
π°οΈ Open sources - closed narratives
@sitreports
β‘ Pentagon, FAA Formalize Counter-Drone Laser Accord
The Department of Defense and the Federal Aviation Administration have signed a safety agreement governing the domestic use of counter-drone laser technology, following recent testing at a domestic range. The accord establishes a formal coordination channel between the two agencies on directed-energy systems operating in shared airspace.
The agreement reflects an ongoing effort to integrate military counter-UAS capabilities into the civilian airspace framework β a structural requirement as laser-based interdiction moves from testing toward operational domestic deployment. Interagency formalization at this stage typically precedes broader fielding authority.
π°οΈ Open sources - closed narratives
@sitreports
The Department of Defense and the Federal Aviation Administration have signed a safety agreement governing the domestic use of counter-drone laser technology, following recent testing at a domestic range. The accord establishes a formal coordination channel between the two agencies on directed-energy systems operating in shared airspace.
The agreement reflects an ongoing effort to integrate military counter-UAS capabilities into the civilian airspace framework β a structural requirement as laser-based interdiction moves from testing toward operational domestic deployment. Interagency formalization at this stage typically precedes broader fielding authority.
π°οΈ Open sources - closed narratives
@sitreports
π APT41 Deploys Linux Backdoor, Clouds
APT41, also tracked as Winnti, has launched a campaign targeting Linux-based cloud environments using a newly identified backdoor variant designed for credential theft.
The shift to Linux cloud infrastructure marks a tactical expansion for APT41, a group historically associated with both state-sponsored espionage and financially motivated intrusions. Linux servers in cloud environments typically operate with elevated privileges and reduced endpoint monitoring coverage compared to enterprise Windows deployments, making them structurally attractive for credential harvesting operations.
The campaign follows a broader pattern of China-linked threat actors repositioning tooling toward cloud-native infrastructure as enterprise workloads migrate away from on-premise systems.
π°οΈ Open sources - closed narratives
@sitreports
APT41, also tracked as Winnti, has launched a campaign targeting Linux-based cloud environments using a newly identified backdoor variant designed for credential theft.
The shift to Linux cloud infrastructure marks a tactical expansion for APT41, a group historically associated with both state-sponsored espionage and financially motivated intrusions. Linux servers in cloud environments typically operate with elevated privileges and reduced endpoint monitoring coverage compared to enterprise Windows deployments, making them structurally attractive for credential harvesting operations.
The campaign follows a broader pattern of China-linked threat actors repositioning tooling toward cloud-native infrastructure as enterprise workloads migrate away from on-premise systems.
π°οΈ Open sources - closed narratives
@sitreports
π FBI Dismantles W3LL Phishing Platform
The FBI Atlanta Field Office and Indonesian authorities have dismantled the W3LL phishing platform, seizing its infrastructure and arresting the alleged developer. The operation marks the first coordinated enforcement action between the United States and Indonesia directed at a phishing kit developer.
W3LL operated as a commercial phishing-as-a-service platform, supplying kit infrastructure to downstream threat actors. Targeting the developer tier, rather than end users, reflects a law enforcement approach aimed at collapsing supply-side criminal tooling rather than pursuing individual operators.
π°οΈ Open sources - closed narratives
@sitreports
The FBI Atlanta Field Office and Indonesian authorities have dismantled the W3LL phishing platform, seizing its infrastructure and arresting the alleged developer. The operation marks the first coordinated enforcement action between the United States and Indonesia directed at a phishing kit developer.
W3LL operated as a commercial phishing-as-a-service platform, supplying kit infrastructure to downstream threat actors. Targeting the developer tier, rather than end users, reflects a law enforcement approach aimed at collapsing supply-side criminal tooling rather than pursuing individual operators.
π°οΈ Open sources - closed narratives
@sitreports