🔍 DPRK Operatives Deploy AI-Generated npm Malware via Fake Companies
North Korean threat actors are leveraging artificial intelligence to inject malicious code into npm packages while posing as legitimate technology firms. The campaign combines social engineering through fabricated corporate identities with RAT deployment to target software developers and supply chain infrastructure, according to reporting from cybersecurity researchers.
The operation marks an evolution in DPRK tradecraft, integrating AI capabilities into package repository compromise tactics. This multi-vector approach expands attack surface beyond traditional phishing, creating persistent access points through trusted developer ecosystems and dependency chains.
🛰️ Open sources - closed narratives
@sitreports
North Korean threat actors are leveraging artificial intelligence to inject malicious code into npm packages while posing as legitimate technology firms. The campaign combines social engineering through fabricated corporate identities with RAT deployment to target software developers and supply chain infrastructure, according to reporting from cybersecurity researchers.
The operation marks an evolution in DPRK tradecraft, integrating AI capabilities into package repository compromise tactics. This multi-vector approach expands attack surface beyond traditional phishing, creating persistent access points through trusted developer ecosystems and dependency chains.
🛰️ Open sources - closed narratives
@sitreports
🔍 DHS Expands MQ-9 Drone Procurement
Customs and Border Protection plans to spend hundreds of millions of dollars expanding its fleet of high-powered surveillance drones, with procurement records indicating other DHS components may establish their own Predator-style drone operations. The expansion represents a significant scaling of domestic aerial surveillance infrastructure beyond CBP's current capabilities.
The procurement signals DHS's commitment to large-scale drone surveillance across multiple agency components, potentially extending MQ-9 deployment beyond border monitoring into broader homeland security mission sets.
🛰️ Open sources - closed narratives
@sitreports
Customs and Border Protection plans to spend hundreds of millions of dollars expanding its fleet of high-powered surveillance drones, with procurement records indicating other DHS components may establish their own Predator-style drone operations. The expansion represents a significant scaling of domestic aerial surveillance infrastructure beyond CBP's current capabilities.
The procurement signals DHS's commitment to large-scale drone surveillance across multiple agency components, potentially extending MQ-9 deployment beyond border monitoring into broader homeland security mission sets.
🛰️ Open sources - closed narratives
@sitreports
🔫 Mini Shai-Hulud Campaign Compromises SAP, Intercom, Lightning Packages
Cybercrime group TeamPCP deployed credential-stealing malware across multiple developer packages April 29-30, targeting SAP npm packages (mbt, @cap-js/db-service, @cap-js/postgres, @cap-js/sqlite), Intercom's intercom-client SDK, and PyPI's lightning framework. The malicious code executes on install, harvesting GitHub tokens, npm credentials, cloud secrets, and CI/CD data before encrypting and exfiltrating to attacker-controlled repositories, according to analysis by Wiz and Socket.
The self-propagating payload affects over 932,000 weekly downloads combined, with exposure extending into backend services and CI/CD pipelines across enterprise environments.
🛰️ Open sources - closed narratives
@sitreports
Cybercrime group TeamPCP deployed credential-stealing malware across multiple developer packages April 29-30, targeting SAP npm packages (mbt, @cap-js/db-service, @cap-js/postgres, @cap-js/sqlite), Intercom's intercom-client SDK, and PyPI's lightning framework. The malicious code executes on install, harvesting GitHub tokens, npm credentials, cloud secrets, and CI/CD data before encrypting and exfiltrating to attacker-controlled repositories, according to analysis by Wiz and Socket.
The self-propagating payload affects over 932,000 weekly downloads combined, with exposure extending into backend services and CI/CD pipelines across enterprise environments.
🛰️ Open sources - closed narratives
@sitreports
🔍 Pentagon Drone Strategy Faces Integration Crisis
Marine Corps Commandant Gen. Eric Smith and CNO Adm. Daryl Caudle called for ending service-specific drone procurement stovepipes in favor of unified standards. Speaking at Modern Day Marine, Caudle stated the Navy and Marine Corps should not independently build separate autonomous futures, while Smith emphasized the industrial base and budget cannot support duplicative programs.
The push comes as DOD's $1.1B Drone Dominance Program aims to field 300,000 weaponized drones by 2027, with FY2027 proposing $54.6B for the Defense Autonomous Warfare Group. Caudle suggested a future robotic and autonomous systems commander role, while Hegseth indicated plans for a new sub-unified command structure remain under development.
🛰️ Open sources - closed narratives
@sitreports
Marine Corps Commandant Gen. Eric Smith and CNO Adm. Daryl Caudle called for ending service-specific drone procurement stovepipes in favor of unified standards. Speaking at Modern Day Marine, Caudle stated the Navy and Marine Corps should not independently build separate autonomous futures, while Smith emphasized the industrial base and budget cannot support duplicative programs.
The push comes as DOD's $1.1B Drone Dominance Program aims to field 300,000 weaponized drones by 2027, with FY2027 proposing $54.6B for the Defense Autonomous Warfare Group. Caudle suggested a future robotic and autonomous systems commander role, while Hegseth indicated plans for a new sub-unified command structure remain under development.
🛰️ Open sources - closed narratives
@sitreports
🤖 AI-Driven Phishing Campaigns Hit 86 Percent of All Attacks
KnowBe4's latest threat trends report reveals that 86 percent of phishing campaigns tracked over the past six months incorporated artificial intelligence, marking a steady climb from 80 percent in 2024. AI is now automating reconnaissance, generating hyper-personalized lures, and enabling multi-vector attacks that combine emails with malicious calendar invites and fake Microsoft Teams messages impersonating IT support staff.
The operational shift is significant: according to Microsoft's data, AI-generated phishing is 4.5 times more effective than human-crafted campaigns. Attackers are moving beyond basic email lures to polymorphic, multi-stage operations that harvest credentials through automated social engineering across enterprise communication platforms.
🛰️ Open sources - closed narratives
@sitreports
KnowBe4's latest threat trends report reveals that 86 percent of phishing campaigns tracked over the past six months incorporated artificial intelligence, marking a steady climb from 80 percent in 2024. AI is now automating reconnaissance, generating hyper-personalized lures, and enabling multi-vector attacks that combine emails with malicious calendar invites and fake Microsoft Teams messages impersonating IT support staff.
The operational shift is significant: according to Microsoft's data, AI-generated phishing is 4.5 times more effective than human-crafted campaigns. Attackers are moving beyond basic email lures to polymorphic, multi-stage operations that harvest credentials through automated social engineering across enterprise communication platforms.
🛰️ Open sources - closed narratives
@sitreports
📡 Senate Intelligence Chair Threatens Wyden Over Surveillance Disclosures
Sen. Ron Wyden delayed a 45-day extension of NSA's Section 702 surveillance authority until securing commitment to declassify a secret FISA court opinion detailing Trump administration violations of Americans' constitutional rights. Intelligence Committee Chairman Tom Cotton warned of "consequences" for Wyden's "distorting highly classified material," according to floor exchange reporting.
Wyden's maneuver forces Cotton and ranking Democrat Mark Warner to request declassification within 15 days before long-term reauthorization vote. The confrontation exposes friction between civil liberties advocates and intelligence community defenders over domestic surveillance program transparency.
🛰️ Open sources - closed narratives
@sitreports
Sen. Ron Wyden delayed a 45-day extension of NSA's Section 702 surveillance authority until securing commitment to declassify a secret FISA court opinion detailing Trump administration violations of Americans' constitutional rights. Intelligence Committee Chairman Tom Cotton warned of "consequences" for Wyden's "distorting highly classified material," according to floor exchange reporting.
Wyden's maneuver forces Cotton and ranking Democrat Mark Warner to request declassification within 15 days before long-term reauthorization vote. The confrontation exposes friction between civil liberties advocates and intelligence community defenders over domestic surveillance program transparency.
🛰️ Open sources - closed narratives
@sitreports
🔫 FBI: China's Hacker-for-Hire Ecosystem Out of Control
Chinese national Xu Zewei was extradited from Italy to face nine hacking-related charges, including involvement in the 2021 Hafnium/Silk Typhoon campaign that exploited Microsoft Exchange zero-days and compromised 12,700 US organizations. FBI cyber division chief Brett Leatherman stated China's network of private contractors operates at the behest of intelligence agencies, exploiting systems for profit and selling access when the government won't buy, creating a "less secure environment ripe for further lawlessness" according to prosecutors.
Xu allegedly worked as general manager at Shanghai Powerock Network, coordinating hacking operations directed by Shanghai State Security Bureau, including targeting COVID-19 research during the pandemic.
🛰️ Open sources - closed narratives
@sitreports
Chinese national Xu Zewei was extradited from Italy to face nine hacking-related charges, including involvement in the 2021 Hafnium/Silk Typhoon campaign that exploited Microsoft Exchange zero-days and compromised 12,700 US organizations. FBI cyber division chief Brett Leatherman stated China's network of private contractors operates at the behest of intelligence agencies, exploiting systems for profit and selling access when the government won't buy, creating a "less secure environment ripe for further lawlessness" according to prosecutors.
Xu allegedly worked as general manager at Shanghai Powerock Network, coordinating hacking operations directed by Shanghai State Security Bureau, including targeting COVID-19 research during the pandemic.
🛰️ Open sources - closed narratives
@sitreports
🤖 Bluekit Phishing Service Adds AI Assistant and 40 Templates
A new phishing-as-a-service platform named Bluekit offers over 40 templates targeting major email providers, cloud services, and cryptocurrency platforms, integrated with an AI assistant supporting GPT-4.1, Claude, and Gemini. The platform consolidates domain registration, phishing deployment, and campaign management with anti-analysis controls and real-time victim monitoring, exfiltrating credentials via Telegram.
While analysis by Varonis indicates the AI features currently generate placeholder content rather than turnkey campaigns, Bluekit represents the continued evolution of accessible cybercrime tooling that lowers technical barriers for threat actors seeking streamlined phishing operations.
🛰️ Open sources - closed narratives
@sitreports
A new phishing-as-a-service platform named Bluekit offers over 40 templates targeting major email providers, cloud services, and cryptocurrency platforms, integrated with an AI assistant supporting GPT-4.1, Claude, and Gemini. The platform consolidates domain registration, phishing deployment, and campaign management with anti-analysis controls and real-time victim monitoring, exfiltrating credentials via Telegram.
While analysis by Varonis indicates the AI features currently generate placeholder content rather than turnkey campaigns, Bluekit represents the continued evolution of accessible cybercrime tooling that lowers technical barriers for threat actors seeking streamlined phishing operations.
🛰️ Open sources - closed narratives
@sitreports
🔫 Copy Fail Linux Kernel Flaw Enables Unprivileged Root Access
A critical Linux kernel vulnerability tracked as CVE-2026-31431, dubbed Copy Fail, allows any local unprivileged user to write four controlled bytes into the page cache of readable files. The flaw, with a CVSS score of 7.8, affects all major distributions including Ubuntu, RHEL, SUSE, and Amazon Linux shipped since 2017. Researchers demonstrated a 732-byte Python exploit that modifies setuid binaries in memory, achieving root access across kernel versions 6.12 to 6.18.
The vulnerability exploits a logic bug in the kernel's authenc cryptographic template combined with AF_ALG and splice() system calls, as detailed in security research.
🛰️ Open sources - closed narratives
@sitreports
A critical Linux kernel vulnerability tracked as CVE-2026-31431, dubbed Copy Fail, allows any local unprivileged user to write four controlled bytes into the page cache of readable files. The flaw, with a CVSS score of 7.8, affects all major distributions including Ubuntu, RHEL, SUSE, and Amazon Linux shipped since 2017. Researchers demonstrated a 732-byte Python exploit that modifies setuid binaries in memory, achieving root access across kernel versions 6.12 to 6.18.
The vulnerability exploits a logic bug in the kernel's authenc cryptographic template combined with AF_ALG and splice() system calls, as detailed in security research.
🛰️ Open sources - closed narratives
@sitreports
🔫 French Police Detain 15-Year-Old Over ANTS Breach Affecting 18M Records
French prosecutors detained a 15-year-old suspect, allegedly operating as "breach3d," on April 25 over unauthorized access to France Titres (ANTS), the national agency managing passports and identity documents. The breach exposed 12-18 million records including names, emails, phone numbers, and addresses advertised on cybercrime forums, according to The Register. The minor faces two computer crime charges carrying maximum penalties of seven years imprisonment and €300,000 fines for adults.
The incident potentially impacts one-third of France's population. Paris prosecutors opened formal investigation April 29 and requested judicial supervision of the suspect.
🛰️ Open sources - closed narratives
@sitreports
French prosecutors detained a 15-year-old suspect, allegedly operating as "breach3d," on April 25 over unauthorized access to France Titres (ANTS), the national agency managing passports and identity documents. The breach exposed 12-18 million records including names, emails, phone numbers, and addresses advertised on cybercrime forums, according to The Register. The minor faces two computer crime charges carrying maximum penalties of seven years imprisonment and €300,000 fines for adults.
The incident potentially impacts one-third of France's population. Paris prosecutors opened formal investigation April 29 and requested judicial supervision of the suspect.
🛰️ Open sources - closed narratives
@sitreports
🔫 FBI Links Cyber Intrusions to $725M Cargo Theft Surge
The FBI reports cyber-enabled cargo theft in the US and Canada reached $725 million in 2025, a 60% year-over-year increase. Threat actors compromise freight broker and carrier systems via phishing, then post fraudulent load board listings and impersonate legitimate companies to divert high-value shipments. Average theft value rose 36% to $273,990 due to selective targeting.
Attackers deploy remote monitoring tools through credential phishing, alter FMCSA registration data, and in some cases demand ransom for diverted loads. The bureau's advisory urges multi-factor authentication, secondary verification of shipment requests, and IC3 reporting of incidents targeting the transportation and logistics sectors.
🛰️ Open sources - closed narratives
@sitreports
The FBI reports cyber-enabled cargo theft in the US and Canada reached $725 million in 2025, a 60% year-over-year increase. Threat actors compromise freight broker and carrier systems via phishing, then post fraudulent load board listings and impersonate legitimate companies to divert high-value shipments. Average theft value rose 36% to $273,990 due to selective targeting.
Attackers deploy remote monitoring tools through credential phishing, alter FMCSA registration data, and in some cases demand ransom for diverted loads. The bureau's advisory urges multi-factor authentication, secondary verification of shipment requests, and IC3 reporting of incidents targeting the transportation and logistics sectors.
🛰️ Open sources - closed narratives
@sitreports
📦 PyTorch Lightning and Intercom-client Packages Compromised in PyPI Supply Chain Attack
The PyTorch Lightning machine learning framework package and the Intercom-client library were compromised through unauthorized access to maintainer accounts on the Python Package Index (PyPI). Malicious versions of both packages were uploaded containing credential-stealing code, according to reporting from The Hacker News, targeting developers downloading the infected packages.
The incident highlights persistent vulnerabilities in open-source supply chains where compromised maintainer credentials enable direct injection of malicious code into trusted packages. Organizations using Python dependencies should verify package integrity and audit recent installations of affected libraries.
🛰️ Open sources - closed narratives
@sitreports
The PyTorch Lightning machine learning framework package and the Intercom-client library were compromised through unauthorized access to maintainer accounts on the Python Package Index (PyPI). Malicious versions of both packages were uploaded containing credential-stealing code, according to reporting from The Hacker News, targeting developers downloading the infected packages.
The incident highlights persistent vulnerabilities in open-source supply chains where compromised maintainer credentials enable direct injection of malicious code into trusted packages. Organizations using Python dependencies should verify package integrity and audit recent installations of affected libraries.
🛰️ Open sources - closed narratives
@sitreports
🤖 Pentagon Integrates Eight AI Vendors Into Classified Networks
The Defense Department has signed agreements with SpaceX, OpenAI, Google, NVIDIA, Reflection, Microsoft, AWS, and Oracle to deploy frontier AI capabilities on classified Impact Level 6 and 7 networks. The move follows a major contract dispute with Anthropic that led to the company's blacklisting as a "supply chain risk" — a designation typically reserved for adversaries.
The expansion reflects DOD's shift toward diversified AI sourcing after recognizing vendor dependency risks. With 1.3 million users generating tens of millions of prompts on GenAI.mil in five months, the Pentagon is accelerating its transformation into an "AI-first fighting force" across warfighting, intelligence, and enterprise operations.
🛰️ Open sources - closed narratives
@sitreports
The Defense Department has signed agreements with SpaceX, OpenAI, Google, NVIDIA, Reflection, Microsoft, AWS, and Oracle to deploy frontier AI capabilities on classified Impact Level 6 and 7 networks. The move follows a major contract dispute with Anthropic that led to the company's blacklisting as a "supply chain risk" — a designation typically reserved for adversaries.
The expansion reflects DOD's shift toward diversified AI sourcing after recognizing vendor dependency risks. With 1.3 million users generating tens of millions of prompts on GenAI.mil in five months, the Pentagon is accelerating its transformation into an "AI-first fighting force" across warfighting, intelligence, and enterprise operations.
🛰️ Open sources - closed narratives
@sitreports
🔍 Google AppSheet Exploited in Facebook Credential Harvesting Operation
Approximately 30,000 Facebook accounts have been compromised through a phishing campaign leveraging Google AppSheet, a no-code application development platform. Threat actors used AppSheet's legitimate infrastructure to host credential harvesting pages, exploiting user trust in Google-branded domains to bypass traditional security filters.
The campaign highlights adversary adaptation to cloud-native platforms for social engineering operations. By abusing legitimate SaaS tools, attackers achieve domain reputation advantages while complicating detection and takedown efforts for defenders and platform providers.
🛰️ Open sources - closed narratives
@sitreports
Approximately 30,000 Facebook accounts have been compromised through a phishing campaign leveraging Google AppSheet, a no-code application development platform. Threat actors used AppSheet's legitimate infrastructure to host credential harvesting pages, exploiting user trust in Google-branded domains to bypass traditional security filters.
The campaign highlights adversary adaptation to cloud-native platforms for social engineering operations. By abusing legitimate SaaS tools, attackers achieve domain reputation advantages while complicating detection and takedown efforts for defenders and platform providers.
🛰️ Open sources - closed narratives
@sitreports
🔫 French Authorities Detain 15-Year-Old Over Government Data Breach
French law enforcement has detained a 15-year-old suspect allegedly behind a cyberattack on France Titres (ANTS), the national agency managing administrative documents. The minor, operating under the alias 'breach3d', is accused of exfiltrating and offering for sale between 12 and 18 million records containing names, email addresses, dates of birth, and contact information from 11.7 million accounts, according to prosecutors.
The suspect faces charges including unauthorized access to state automated systems and possession of hacking tools, carrying a maximum sentence of seven years imprisonment and EUR 300,000 fine. The case highlights persistent threats to government infrastructure from increasingly young threat actors operating on cybercriminal forums.
🛰️ Open sources - closed narratives
@sitreports
French law enforcement has detained a 15-year-old suspect allegedly behind a cyberattack on France Titres (ANTS), the national agency managing administrative documents. The minor, operating under the alias 'breach3d', is accused of exfiltrating and offering for sale between 12 and 18 million records containing names, email addresses, dates of birth, and contact information from 11.7 million accounts, according to prosecutors.
The suspect faces charges including unauthorized access to state automated systems and possession of hacking tools, carrying a maximum sentence of seven years imprisonment and EUR 300,000 fine. The case highlights persistent threats to government infrastructure from increasingly young threat actors operating on cybercriminal forums.
🛰️ Open sources - closed narratives
@sitreports
🤖 USMC Advances Multi-Domain Drone Strategy Through 2040
The Marine Corps plans operational testing of its MUX TACAIR collaborative combat aircraft by 2029, with Northrop Grumman integrating Kratos XQ-58 Valkyrie drones. Concurrent programs include Group 3 UAS for organic ISR, autonomous logistics platforms ALC and MARV-EL for expeditionary resupply, and the Future Attack Strike program to replace UH-1 helicopters with optionally-piloted multi-role aircraft by 2040.
Officials compare the transformation to introducing rotary-wing aviation in the 1950s, according to statements at Modern Day Marine. The shift reflects force design requirements for distributed Pacific operations under contested conditions.
🛰️ Open sources - closed narratives
@sitreports
The Marine Corps plans operational testing of its MUX TACAIR collaborative combat aircraft by 2029, with Northrop Grumman integrating Kratos XQ-58 Valkyrie drones. Concurrent programs include Group 3 UAS for organic ISR, autonomous logistics platforms ALC and MARV-EL for expeditionary resupply, and the Future Attack Strike program to replace UH-1 helicopters with optionally-piloted multi-role aircraft by 2040.
Officials compare the transformation to introducing rotary-wing aviation in the 1950s, according to statements at Modern Day Marine. The shift reflects force design requirements for distributed Pacific operations under contested conditions.
🛰️ Open sources - closed narratives
@sitreports
🔫 Cybercrime Groups Weaponize Vishing and SSO Flaws for SaaS Extortion
Threat actors are combining voice phishing with single sign-on abuse to conduct rapid extortion attacks against SaaS platforms. The technique allows attackers to bypass traditional security controls by exploiting trust relationships in federated authentication systems, according to recent reporting.
The shift toward SSO-targeted social engineering represents an evolution in access broker tactics, compressing the intrusion-to-extortion timeline significantly. Organizations relying heavily on federated identity without secondary verification mechanisms face elevated exposure to this attack vector.
🛰️ Open sources - closed narratives
@sitreports
Threat actors are combining voice phishing with single sign-on abuse to conduct rapid extortion attacks against SaaS platforms. The technique allows attackers to bypass traditional security controls by exploiting trust relationships in federated authentication systems, according to recent reporting.
The shift toward SSO-targeted social engineering represents an evolution in access broker tactics, compressing the intrusion-to-extortion timeline significantly. Organizations relying heavily on federated identity without secondary verification mechanisms face elevated exposure to this attack vector.
🛰️ Open sources - closed narratives
@sitreports
🔍 China-Linked APT Targets Governments and Civil Society Across Asia and NATO
A China-attributed threat actor has conducted intrusion operations against government entities in multiple Asian countries, at least one NATO member state, as well as journalists and activists. The campaign demonstrates continued focus on strategic intelligence collection across governmental and civil society targets, according to reporting published on May 1.
The targeting pattern indicates sustained interest in both state-level intelligence and monitoring of individuals involved in politically sensitive activities. The overlap between government networks and civil society figures suggests coordinated intelligence priorities aligned with strategic geopolitical interests.
🛰️ Open sources - closed narratives
@sitreports
A China-attributed threat actor has conducted intrusion operations against government entities in multiple Asian countries, at least one NATO member state, as well as journalists and activists. The campaign demonstrates continued focus on strategic intelligence collection across governmental and civil society targets, according to reporting published on May 1.
The targeting pattern indicates sustained interest in both state-level intelligence and monitoring of individuals involved in politically sensitive activities. The overlap between government networks and civil society figures suggests coordinated intelligence priorities aligned with strategic geopolitical interests.
🛰️ Open sources - closed narratives
@sitreports
🔫 cPanel Critical Flaw Exploited as Zero-Day, Ransomware Demands Reported
CISA added CVE-2026-41940 to its Known Exploited Vulnerabilities catalog, confirming active exploitation of a 9.8 CVSS-rated authentication bypass affecting cPanel and WHM installations. Hosting provider KnownHost disclosed exploitation attempts dating to February 23, weeks before patches shipped Tuesday. At least one small business reported a $7,000 ransomware demand following compromise. Namecheap temporarily blocked cPanel access entirely during the incident window.
Roughly 1.5 million internet-exposed cPanel instances remain visible via Shodan, with successful exploitation granting full server control. The vulnerability affects all supported versions post-11.40, creating exposure across tens of millions of hosted sites reliant on third-party patching cycles.
🛰️ Open sources - closed narratives
@sitreports
CISA added CVE-2026-41940 to its Known Exploited Vulnerabilities catalog, confirming active exploitation of a 9.8 CVSS-rated authentication bypass affecting cPanel and WHM installations. Hosting provider KnownHost disclosed exploitation attempts dating to February 23, weeks before patches shipped Tuesday. At least one small business reported a $7,000 ransomware demand following compromise. Namecheap temporarily blocked cPanel access entirely during the incident window.
Roughly 1.5 million internet-exposed cPanel instances remain visible via Shodan, with successful exploitation granting full server control. The vulnerability affects all supported versions post-11.40, creating exposure across tens of millions of hosted sites reliant on third-party patching cycles.
🛰️ Open sources - closed narratives
@sitreports
🔫 Ubuntu infrastructure under sustained DDoS, extortion demands follow
Canonical confirms its web infrastructure is experiencing a cross-border DDoS attack claimed by pro-Iranian hacktivist group 313 Team. Ubuntu.com and multiple subdomains have been offline for over 12 hours, blocking distro downloads and user account access. The group initially announced a four-hour operation via Telegram but extended the assault with ransom demands, threatening continued disruption unless Canonical contacts them through a provided Session ID.
313 Team has targeted eBay Japan, eBay US, and BlueSky in recent weeks. The shift from hacktivist disruption to explicit extortion marks an operational escalation. No motive for targeting the London-based open source firm has been stated.
🛰️ Open sources - closed narratives
@sitreports
Canonical confirms its web infrastructure is experiencing a cross-border DDoS attack claimed by pro-Iranian hacktivist group 313 Team. Ubuntu.com and multiple subdomains have been offline for over 12 hours, blocking distro downloads and user account access. The group initially announced a four-hour operation via Telegram but extended the assault with ransom demands, threatening continued disruption unless Canonical contacts them through a provided Session ID.
313 Team has targeted eBay Japan, eBay US, and BlueSky in recent weeks. The shift from hacktivist disruption to explicit extortion marks an operational escalation. No motive for targeting the London-based open source firm has been stated.
🛰️ Open sources - closed narratives
@sitreports
🔫 Two Cybersecurity Professionals Sentenced to Four Years for BlackCat Ransomware Operations
Two individuals working in cybersecurity roles have received four-year prison sentences for their participation in BlackCat ransomware attacks, according to reporting from The Hacker News. The case marks a notable prosecution of threat actors who leveraged professional security expertise to conduct criminal operations.
The sentencing highlights ongoing law enforcement focus on dismantling ransomware-as-a-service operations and prosecuting both operators and affiliates. The involvement of credentialed cybersecurity professionals in ransomware activities demonstrates continued insider threat risk and potential exploitation of privileged access for criminal purposes.
🛰️ Open sources - closed narratives
@sitreports
Two individuals working in cybersecurity roles have received four-year prison sentences for their participation in BlackCat ransomware attacks, according to reporting from The Hacker News. The case marks a notable prosecution of threat actors who leveraged professional security expertise to conduct criminal operations.
The sentencing highlights ongoing law enforcement focus on dismantling ransomware-as-a-service operations and prosecuting both operators and affiliates. The involvement of credentialed cybersecurity professionals in ransomware activities demonstrates continued insider threat risk and potential exploitation of privileged access for criminal purposes.
🛰️ Open sources - closed narratives
@sitreports