π« WordPress Plugin Harbored Five-Year Backdoor
Quick Page/Post Redirect plugin, active on over 70,000 WordPress sites, contained a hidden backdoor since 2020 that enabled remote code execution via external update servers. Versions 5.2.1 and 5.2.2 included a self-update mechanism pointing to third-party domain 'anadnet.com', which pushed tampered builds outside WordPress.org's oversight. The backdoor delivered SEO spam to logged-out visitors while maintaining persistent update hooks to attacker infrastructure, according to security researcher Austin Ginder.
WordPress.org has suspended the plugin pending review, leaving 70,000 sites with update checks still pointing to attacker infrastructure despite the dormant command-and-control subdomain no longer resolving.
π°οΈ Open sources - closed narratives
@sitreports
Quick Page/Post Redirect plugin, active on over 70,000 WordPress sites, contained a hidden backdoor since 2020 that enabled remote code execution via external update servers. Versions 5.2.1 and 5.2.2 included a self-update mechanism pointing to third-party domain 'anadnet.com', which pushed tampered builds outside WordPress.org's oversight. The backdoor delivered SEO spam to logged-out visitors while maintaining persistent update hooks to attacker infrastructure, according to security researcher Austin Ginder.
WordPress.org has suspended the plugin pending review, leaving 70,000 sites with update checks still pointing to attacker infrastructure despite the dormant command-and-control subdomain no longer resolving.
π°οΈ Open sources - closed narratives
@sitreports
π‘ ORNL develops portable GPS spoofing detector with equal-strength detection capability
Oak Ridge National Laboratory researchers led by Austin Albright have developed a portable GPS interference detection system capable of identifying both jamming and spoofing attacks. The device uses a software-defined radio and embedded GPU running novel RF analysis algorithms. Critically, according to reporting, the system can detect spoofing even when fake and real signals are equally strongβa capability no known detector currently possesses.
With successful DHS testing for commercial trucking complete, the team is pursuing cost reduction to enable broader deployment across logistics and critical cargo transport sectors where GPS manipulation poses growing operational risks.
π°οΈ Open sources - closed narratives
@sitreports
Oak Ridge National Laboratory researchers led by Austin Albright have developed a portable GPS interference detection system capable of identifying both jamming and spoofing attacks. The device uses a software-defined radio and embedded GPU running novel RF analysis algorithms. Critically, according to reporting, the system can detect spoofing even when fake and real signals are equally strongβa capability no known detector currently possesses.
With successful DHS testing for commercial trucking complete, the team is pursuing cost reduction to enable broader deployment across logistics and critical cargo transport sectors where GPS manipulation poses growing operational risks.
π°οΈ Open sources - closed narratives
@sitreports
π€ Pentagon to Establish Autonomous Warfare Sub-Unified Command
Defense Secretary Pete Hegseth announced plans for a dedicated autonomous warfare sub-unified command during testimony before the House Armed Services Committee on the Pentagon's fiscal 2027 budget request. The organizational structure would centralize oversight of unmanned and AI-enabled systems across military branches.
The move signals institutional recognition that autonomous systems require unified doctrine, training, and operational integration beyond existing service-specific programs. Creation of a sub-unified command structure reflects lessons from Ukraine and accelerating peer competition in unmanned domain awareness, according to reporting from Defense Scoop.
π°οΈ Open sources - closed narratives
@sitreports
Defense Secretary Pete Hegseth announced plans for a dedicated autonomous warfare sub-unified command during testimony before the House Armed Services Committee on the Pentagon's fiscal 2027 budget request. The organizational structure would centralize oversight of unmanned and AI-enabled systems across military branches.
The move signals institutional recognition that autonomous systems require unified doctrine, training, and operational integration beyond existing service-specific programs. Creation of a sub-unified command structure reflects lessons from Ukraine and accelerating peer competition in unmanned domain awareness, according to reporting from Defense Scoop.
π°οΈ Open sources - closed narratives
@sitreports
π« Incomplete Windows Patch Creates New Zero-Click Exploit Vector
Microsoft's February patch for CVE-2026-21510, a zero-day exploited by Russia's APT28 against Ukrainian targets, failed to fully remediate the authentication coercion vulnerability. CISA has now added the resulting flaw, CVE-2026-32202, to its Known Exploited Vulnerabilities catalog after detecting active exploitation. The new bug enables zero-click credential theft via weaponized LNK files, exposing Net-NTLMv2 hashes to attackers without user interaction.
Akamai researchers discovered the bypass during patch validation, noting victim machines continued authenticating to attacker-controlled servers despite the initial fix. The gap between path resolution and trust verification allows credential harvesting and potential lateral movement. Federal agencies face a May 12 remediation deadline.
π°οΈ Open sources - closed narratives
@sitreports
Microsoft's February patch for CVE-2026-21510, a zero-day exploited by Russia's APT28 against Ukrainian targets, failed to fully remediate the authentication coercion vulnerability. CISA has now added the resulting flaw, CVE-2026-32202, to its Known Exploited Vulnerabilities catalog after detecting active exploitation. The new bug enables zero-click credential theft via weaponized LNK files, exposing Net-NTLMv2 hashes to attackers without user interaction.
Akamai researchers discovered the bypass during patch validation, noting victim machines continued authenticating to attacker-controlled servers despite the initial fix. The gap between path resolution and trust verification allows credential harvesting and potential lateral movement. Federal agencies face a May 12 remediation deadline.
π°οΈ Open sources - closed narratives
@sitreports
π« SAP npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack
Multiple SAP-related npm packages have been compromised in a credential-stealing supply chain attack deploying malware dubbed "Mini Shai-Hulud." The malicious code was injected into legitimate packages used by developers working with SAP systems, enabling attackers to harvest authentication credentials from infected development environments.
The compromise represents a significant risk to enterprise supply chains, particularly organizations integrating SAP modules via Node.js tooling. According to security reporting, the attack demonstrates continued targeting of high-value developer dependencies as a vector for credential theft and lateral movement within corporate networks.
π°οΈ Open sources - closed narratives
@sitreports
Multiple SAP-related npm packages have been compromised in a credential-stealing supply chain attack deploying malware dubbed "Mini Shai-Hulud." The malicious code was injected into legitimate packages used by developers working with SAP systems, enabling attackers to harvest authentication credentials from infected development environments.
The compromise represents a significant risk to enterprise supply chains, particularly organizations integrating SAP modules via Node.js tooling. According to security reporting, the attack demonstrates continued targeting of high-value developer dependencies as a vector for credential theft and lateral movement within corporate networks.
π°οΈ Open sources - closed narratives
@sitreports
π« XXE Vulnerability in NSA's Abandoned GrassMarlin OT Tool
CISA has flagged CVE-2026-6807, an XML External Entity vulnerability in GrassMarlin, the NSA's open-source network security tool for critical infrastructure and SCADA systems. The flaw enables data exfiltration through maliciously crafted XML session files, with a severity rating of 5.5. GrassMarlin reached end-of-life in 2017, leaving no patches available. A proof-of-concept exploit published by Rapid7 demonstrates base64-encoded file exfiltration via external DTD references.
Operational risk is limited to social engineering requiring victims to open weaponized .gm3 session files. CISA recommends network segmentation and internet isolation for control systems, though no remediation exists for the deprecated tool.
π°οΈ Open sources - closed narratives
@sitreports
CISA has flagged CVE-2026-6807, an XML External Entity vulnerability in GrassMarlin, the NSA's open-source network security tool for critical infrastructure and SCADA systems. The flaw enables data exfiltration through maliciously crafted XML session files, with a severity rating of 5.5. GrassMarlin reached end-of-life in 2017, leaving no patches available. A proof-of-concept exploit published by Rapid7 demonstrates base64-encoded file exfiltration via external DTD references.
Operational risk is limited to social engineering requiring victims to open weaponized .gm3 session files. CISA recommends network segmentation and internet isolation for control systems, though no remediation exists for the deprecated tool.
π°οΈ Open sources - closed narratives
@sitreports
π DPRK Operatives Deploy AI-Generated npm Malware via Fake Companies
North Korean threat actors are leveraging artificial intelligence to inject malicious code into npm packages while posing as legitimate technology firms. The campaign combines social engineering through fabricated corporate identities with RAT deployment to target software developers and supply chain infrastructure, according to reporting from cybersecurity researchers.
The operation marks an evolution in DPRK tradecraft, integrating AI capabilities into package repository compromise tactics. This multi-vector approach expands attack surface beyond traditional phishing, creating persistent access points through trusted developer ecosystems and dependency chains.
π°οΈ Open sources - closed narratives
@sitreports
North Korean threat actors are leveraging artificial intelligence to inject malicious code into npm packages while posing as legitimate technology firms. The campaign combines social engineering through fabricated corporate identities with RAT deployment to target software developers and supply chain infrastructure, according to reporting from cybersecurity researchers.
The operation marks an evolution in DPRK tradecraft, integrating AI capabilities into package repository compromise tactics. This multi-vector approach expands attack surface beyond traditional phishing, creating persistent access points through trusted developer ecosystems and dependency chains.
π°οΈ Open sources - closed narratives
@sitreports
π DHS Expands MQ-9 Drone Procurement
Customs and Border Protection plans to spend hundreds of millions of dollars expanding its fleet of high-powered surveillance drones, with procurement records indicating other DHS components may establish their own Predator-style drone operations. The expansion represents a significant scaling of domestic aerial surveillance infrastructure beyond CBP's current capabilities.
The procurement signals DHS's commitment to large-scale drone surveillance across multiple agency components, potentially extending MQ-9 deployment beyond border monitoring into broader homeland security mission sets.
π°οΈ Open sources - closed narratives
@sitreports
Customs and Border Protection plans to spend hundreds of millions of dollars expanding its fleet of high-powered surveillance drones, with procurement records indicating other DHS components may establish their own Predator-style drone operations. The expansion represents a significant scaling of domestic aerial surveillance infrastructure beyond CBP's current capabilities.
The procurement signals DHS's commitment to large-scale drone surveillance across multiple agency components, potentially extending MQ-9 deployment beyond border monitoring into broader homeland security mission sets.
π°οΈ Open sources - closed narratives
@sitreports
π« Mini Shai-Hulud Campaign Compromises SAP, Intercom, Lightning Packages
Cybercrime group TeamPCP deployed credential-stealing malware across multiple developer packages April 29-30, targeting SAP npm packages (mbt, @cap-js/db-service, @cap-js/postgres, @cap-js/sqlite), Intercom's intercom-client SDK, and PyPI's lightning framework. The malicious code executes on install, harvesting GitHub tokens, npm credentials, cloud secrets, and CI/CD data before encrypting and exfiltrating to attacker-controlled repositories, according to analysis by Wiz and Socket.
The self-propagating payload affects over 932,000 weekly downloads combined, with exposure extending into backend services and CI/CD pipelines across enterprise environments.
π°οΈ Open sources - closed narratives
@sitreports
Cybercrime group TeamPCP deployed credential-stealing malware across multiple developer packages April 29-30, targeting SAP npm packages (mbt, @cap-js/db-service, @cap-js/postgres, @cap-js/sqlite), Intercom's intercom-client SDK, and PyPI's lightning framework. The malicious code executes on install, harvesting GitHub tokens, npm credentials, cloud secrets, and CI/CD data before encrypting and exfiltrating to attacker-controlled repositories, according to analysis by Wiz and Socket.
The self-propagating payload affects over 932,000 weekly downloads combined, with exposure extending into backend services and CI/CD pipelines across enterprise environments.
π°οΈ Open sources - closed narratives
@sitreports
π Pentagon Drone Strategy Faces Integration Crisis
Marine Corps Commandant Gen. Eric Smith and CNO Adm. Daryl Caudle called for ending service-specific drone procurement stovepipes in favor of unified standards. Speaking at Modern Day Marine, Caudle stated the Navy and Marine Corps should not independently build separate autonomous futures, while Smith emphasized the industrial base and budget cannot support duplicative programs.
The push comes as DOD's $1.1B Drone Dominance Program aims to field 300,000 weaponized drones by 2027, with FY2027 proposing $54.6B for the Defense Autonomous Warfare Group. Caudle suggested a future robotic and autonomous systems commander role, while Hegseth indicated plans for a new sub-unified command structure remain under development.
π°οΈ Open sources - closed narratives
@sitreports
Marine Corps Commandant Gen. Eric Smith and CNO Adm. Daryl Caudle called for ending service-specific drone procurement stovepipes in favor of unified standards. Speaking at Modern Day Marine, Caudle stated the Navy and Marine Corps should not independently build separate autonomous futures, while Smith emphasized the industrial base and budget cannot support duplicative programs.
The push comes as DOD's $1.1B Drone Dominance Program aims to field 300,000 weaponized drones by 2027, with FY2027 proposing $54.6B for the Defense Autonomous Warfare Group. Caudle suggested a future robotic and autonomous systems commander role, while Hegseth indicated plans for a new sub-unified command structure remain under development.
π°οΈ Open sources - closed narratives
@sitreports
π€ AI-Driven Phishing Campaigns Hit 86 Percent of All Attacks
KnowBe4's latest threat trends report reveals that 86 percent of phishing campaigns tracked over the past six months incorporated artificial intelligence, marking a steady climb from 80 percent in 2024. AI is now automating reconnaissance, generating hyper-personalized lures, and enabling multi-vector attacks that combine emails with malicious calendar invites and fake Microsoft Teams messages impersonating IT support staff.
The operational shift is significant: according to Microsoft's data, AI-generated phishing is 4.5 times more effective than human-crafted campaigns. Attackers are moving beyond basic email lures to polymorphic, multi-stage operations that harvest credentials through automated social engineering across enterprise communication platforms.
π°οΈ Open sources - closed narratives
@sitreports
KnowBe4's latest threat trends report reveals that 86 percent of phishing campaigns tracked over the past six months incorporated artificial intelligence, marking a steady climb from 80 percent in 2024. AI is now automating reconnaissance, generating hyper-personalized lures, and enabling multi-vector attacks that combine emails with malicious calendar invites and fake Microsoft Teams messages impersonating IT support staff.
The operational shift is significant: according to Microsoft's data, AI-generated phishing is 4.5 times more effective than human-crafted campaigns. Attackers are moving beyond basic email lures to polymorphic, multi-stage operations that harvest credentials through automated social engineering across enterprise communication platforms.
π°οΈ Open sources - closed narratives
@sitreports
π‘ Senate Intelligence Chair Threatens Wyden Over Surveillance Disclosures
Sen. Ron Wyden delayed a 45-day extension of NSA's Section 702 surveillance authority until securing commitment to declassify a secret FISA court opinion detailing Trump administration violations of Americans' constitutional rights. Intelligence Committee Chairman Tom Cotton warned of "consequences" for Wyden's "distorting highly classified material," according to floor exchange reporting.
Wyden's maneuver forces Cotton and ranking Democrat Mark Warner to request declassification within 15 days before long-term reauthorization vote. The confrontation exposes friction between civil liberties advocates and intelligence community defenders over domestic surveillance program transparency.
π°οΈ Open sources - closed narratives
@sitreports
Sen. Ron Wyden delayed a 45-day extension of NSA's Section 702 surveillance authority until securing commitment to declassify a secret FISA court opinion detailing Trump administration violations of Americans' constitutional rights. Intelligence Committee Chairman Tom Cotton warned of "consequences" for Wyden's "distorting highly classified material," according to floor exchange reporting.
Wyden's maneuver forces Cotton and ranking Democrat Mark Warner to request declassification within 15 days before long-term reauthorization vote. The confrontation exposes friction between civil liberties advocates and intelligence community defenders over domestic surveillance program transparency.
π°οΈ Open sources - closed narratives
@sitreports
π« FBI: China's Hacker-for-Hire Ecosystem Out of Control
Chinese national Xu Zewei was extradited from Italy to face nine hacking-related charges, including involvement in the 2021 Hafnium/Silk Typhoon campaign that exploited Microsoft Exchange zero-days and compromised 12,700 US organizations. FBI cyber division chief Brett Leatherman stated China's network of private contractors operates at the behest of intelligence agencies, exploiting systems for profit and selling access when the government won't buy, creating a "less secure environment ripe for further lawlessness" according to prosecutors.
Xu allegedly worked as general manager at Shanghai Powerock Network, coordinating hacking operations directed by Shanghai State Security Bureau, including targeting COVID-19 research during the pandemic.
π°οΈ Open sources - closed narratives
@sitreports
Chinese national Xu Zewei was extradited from Italy to face nine hacking-related charges, including involvement in the 2021 Hafnium/Silk Typhoon campaign that exploited Microsoft Exchange zero-days and compromised 12,700 US organizations. FBI cyber division chief Brett Leatherman stated China's network of private contractors operates at the behest of intelligence agencies, exploiting systems for profit and selling access when the government won't buy, creating a "less secure environment ripe for further lawlessness" according to prosecutors.
Xu allegedly worked as general manager at Shanghai Powerock Network, coordinating hacking operations directed by Shanghai State Security Bureau, including targeting COVID-19 research during the pandemic.
π°οΈ Open sources - closed narratives
@sitreports
π€ Bluekit Phishing Service Adds AI Assistant and 40 Templates
A new phishing-as-a-service platform named Bluekit offers over 40 templates targeting major email providers, cloud services, and cryptocurrency platforms, integrated with an AI assistant supporting GPT-4.1, Claude, and Gemini. The platform consolidates domain registration, phishing deployment, and campaign management with anti-analysis controls and real-time victim monitoring, exfiltrating credentials via Telegram.
While analysis by Varonis indicates the AI features currently generate placeholder content rather than turnkey campaigns, Bluekit represents the continued evolution of accessible cybercrime tooling that lowers technical barriers for threat actors seeking streamlined phishing operations.
π°οΈ Open sources - closed narratives
@sitreports
A new phishing-as-a-service platform named Bluekit offers over 40 templates targeting major email providers, cloud services, and cryptocurrency platforms, integrated with an AI assistant supporting GPT-4.1, Claude, and Gemini. The platform consolidates domain registration, phishing deployment, and campaign management with anti-analysis controls and real-time victim monitoring, exfiltrating credentials via Telegram.
While analysis by Varonis indicates the AI features currently generate placeholder content rather than turnkey campaigns, Bluekit represents the continued evolution of accessible cybercrime tooling that lowers technical barriers for threat actors seeking streamlined phishing operations.
π°οΈ Open sources - closed narratives
@sitreports
π« Copy Fail Linux Kernel Flaw Enables Unprivileged Root Access
A critical Linux kernel vulnerability tracked as CVE-2026-31431, dubbed Copy Fail, allows any local unprivileged user to write four controlled bytes into the page cache of readable files. The flaw, with a CVSS score of 7.8, affects all major distributions including Ubuntu, RHEL, SUSE, and Amazon Linux shipped since 2017. Researchers demonstrated a 732-byte Python exploit that modifies setuid binaries in memory, achieving root access across kernel versions 6.12 to 6.18.
The vulnerability exploits a logic bug in the kernel's authenc cryptographic template combined with AF_ALG and splice() system calls, as detailed in security research.
π°οΈ Open sources - closed narratives
@sitreports
A critical Linux kernel vulnerability tracked as CVE-2026-31431, dubbed Copy Fail, allows any local unprivileged user to write four controlled bytes into the page cache of readable files. The flaw, with a CVSS score of 7.8, affects all major distributions including Ubuntu, RHEL, SUSE, and Amazon Linux shipped since 2017. Researchers demonstrated a 732-byte Python exploit that modifies setuid binaries in memory, achieving root access across kernel versions 6.12 to 6.18.
The vulnerability exploits a logic bug in the kernel's authenc cryptographic template combined with AF_ALG and splice() system calls, as detailed in security research.
π°οΈ Open sources - closed narratives
@sitreports
π« French Police Detain 15-Year-Old Over ANTS Breach Affecting 18M Records
French prosecutors detained a 15-year-old suspect, allegedly operating as "breach3d," on April 25 over unauthorized access to France Titres (ANTS), the national agency managing passports and identity documents. The breach exposed 12-18 million records including names, emails, phone numbers, and addresses advertised on cybercrime forums, according to The Register. The minor faces two computer crime charges carrying maximum penalties of seven years imprisonment and β¬300,000 fines for adults.
The incident potentially impacts one-third of France's population. Paris prosecutors opened formal investigation April 29 and requested judicial supervision of the suspect.
π°οΈ Open sources - closed narratives
@sitreports
French prosecutors detained a 15-year-old suspect, allegedly operating as "breach3d," on April 25 over unauthorized access to France Titres (ANTS), the national agency managing passports and identity documents. The breach exposed 12-18 million records including names, emails, phone numbers, and addresses advertised on cybercrime forums, according to The Register. The minor faces two computer crime charges carrying maximum penalties of seven years imprisonment and β¬300,000 fines for adults.
The incident potentially impacts one-third of France's population. Paris prosecutors opened formal investigation April 29 and requested judicial supervision of the suspect.
π°οΈ Open sources - closed narratives
@sitreports
π« FBI Links Cyber Intrusions to $725M Cargo Theft Surge
The FBI reports cyber-enabled cargo theft in the US and Canada reached $725 million in 2025, a 60% year-over-year increase. Threat actors compromise freight broker and carrier systems via phishing, then post fraudulent load board listings and impersonate legitimate companies to divert high-value shipments. Average theft value rose 36% to $273,990 due to selective targeting.
Attackers deploy remote monitoring tools through credential phishing, alter FMCSA registration data, and in some cases demand ransom for diverted loads. The bureau's advisory urges multi-factor authentication, secondary verification of shipment requests, and IC3 reporting of incidents targeting the transportation and logistics sectors.
π°οΈ Open sources - closed narratives
@sitreports
The FBI reports cyber-enabled cargo theft in the US and Canada reached $725 million in 2025, a 60% year-over-year increase. Threat actors compromise freight broker and carrier systems via phishing, then post fraudulent load board listings and impersonate legitimate companies to divert high-value shipments. Average theft value rose 36% to $273,990 due to selective targeting.
Attackers deploy remote monitoring tools through credential phishing, alter FMCSA registration data, and in some cases demand ransom for diverted loads. The bureau's advisory urges multi-factor authentication, secondary verification of shipment requests, and IC3 reporting of incidents targeting the transportation and logistics sectors.
π°οΈ Open sources - closed narratives
@sitreports
π¦ PyTorch Lightning and Intercom-client Packages Compromised in PyPI Supply Chain Attack
The PyTorch Lightning machine learning framework package and the Intercom-client library were compromised through unauthorized access to maintainer accounts on the Python Package Index (PyPI). Malicious versions of both packages were uploaded containing credential-stealing code, according to reporting from The Hacker News, targeting developers downloading the infected packages.
The incident highlights persistent vulnerabilities in open-source supply chains where compromised maintainer credentials enable direct injection of malicious code into trusted packages. Organizations using Python dependencies should verify package integrity and audit recent installations of affected libraries.
π°οΈ Open sources - closed narratives
@sitreports
The PyTorch Lightning machine learning framework package and the Intercom-client library were compromised through unauthorized access to maintainer accounts on the Python Package Index (PyPI). Malicious versions of both packages were uploaded containing credential-stealing code, according to reporting from The Hacker News, targeting developers downloading the infected packages.
The incident highlights persistent vulnerabilities in open-source supply chains where compromised maintainer credentials enable direct injection of malicious code into trusted packages. Organizations using Python dependencies should verify package integrity and audit recent installations of affected libraries.
π°οΈ Open sources - closed narratives
@sitreports
π€ Pentagon Integrates Eight AI Vendors Into Classified Networks
The Defense Department has signed agreements with SpaceX, OpenAI, Google, NVIDIA, Reflection, Microsoft, AWS, and Oracle to deploy frontier AI capabilities on classified Impact Level 6 and 7 networks. The move follows a major contract dispute with Anthropic that led to the company's blacklisting as a "supply chain risk" β a designation typically reserved for adversaries.
The expansion reflects DOD's shift toward diversified AI sourcing after recognizing vendor dependency risks. With 1.3 million users generating tens of millions of prompts on GenAI.mil in five months, the Pentagon is accelerating its transformation into an "AI-first fighting force" across warfighting, intelligence, and enterprise operations.
π°οΈ Open sources - closed narratives
@sitreports
The Defense Department has signed agreements with SpaceX, OpenAI, Google, NVIDIA, Reflection, Microsoft, AWS, and Oracle to deploy frontier AI capabilities on classified Impact Level 6 and 7 networks. The move follows a major contract dispute with Anthropic that led to the company's blacklisting as a "supply chain risk" β a designation typically reserved for adversaries.
The expansion reflects DOD's shift toward diversified AI sourcing after recognizing vendor dependency risks. With 1.3 million users generating tens of millions of prompts on GenAI.mil in five months, the Pentagon is accelerating its transformation into an "AI-first fighting force" across warfighting, intelligence, and enterprise operations.
π°οΈ Open sources - closed narratives
@sitreports
π Google AppSheet Exploited in Facebook Credential Harvesting Operation
Approximately 30,000 Facebook accounts have been compromised through a phishing campaign leveraging Google AppSheet, a no-code application development platform. Threat actors used AppSheet's legitimate infrastructure to host credential harvesting pages, exploiting user trust in Google-branded domains to bypass traditional security filters.
The campaign highlights adversary adaptation to cloud-native platforms for social engineering operations. By abusing legitimate SaaS tools, attackers achieve domain reputation advantages while complicating detection and takedown efforts for defenders and platform providers.
π°οΈ Open sources - closed narratives
@sitreports
Approximately 30,000 Facebook accounts have been compromised through a phishing campaign leveraging Google AppSheet, a no-code application development platform. Threat actors used AppSheet's legitimate infrastructure to host credential harvesting pages, exploiting user trust in Google-branded domains to bypass traditional security filters.
The campaign highlights adversary adaptation to cloud-native platforms for social engineering operations. By abusing legitimate SaaS tools, attackers achieve domain reputation advantages while complicating detection and takedown efforts for defenders and platform providers.
π°οΈ Open sources - closed narratives
@sitreports
π« French Authorities Detain 15-Year-Old Over Government Data Breach
French law enforcement has detained a 15-year-old suspect allegedly behind a cyberattack on France Titres (ANTS), the national agency managing administrative documents. The minor, operating under the alias 'breach3d', is accused of exfiltrating and offering for sale between 12 and 18 million records containing names, email addresses, dates of birth, and contact information from 11.7 million accounts, according to prosecutors.
The suspect faces charges including unauthorized access to state automated systems and possession of hacking tools, carrying a maximum sentence of seven years imprisonment and EUR 300,000 fine. The case highlights persistent threats to government infrastructure from increasingly young threat actors operating on cybercriminal forums.
π°οΈ Open sources - closed narratives
@sitreports
French law enforcement has detained a 15-year-old suspect allegedly behind a cyberattack on France Titres (ANTS), the national agency managing administrative documents. The minor, operating under the alias 'breach3d', is accused of exfiltrating and offering for sale between 12 and 18 million records containing names, email addresses, dates of birth, and contact information from 11.7 million accounts, according to prosecutors.
The suspect faces charges including unauthorized access to state automated systems and possession of hacking tools, carrying a maximum sentence of seven years imprisonment and EUR 300,000 fine. The case highlights persistent threats to government infrastructure from increasingly young threat actors operating on cybercriminal forums.
π°οΈ Open sources - closed narratives
@sitreports