π AiTM Phishing Campaigns Target SaaS Platforms
Threat actors are deploying adversary-in-the-middle login pages to compromise SharePoint, HubSpot, and Google Workspace environments. Recent analysis shows attackers are bypassing endpoint security by targeting SaaS infrastructure directly, exploiting the credential harvesting window during authentication flows.
The shift indicates adversary adaptation to cloud-first enterprise architectures where traditional perimeter defenses offer limited visibility. AiTM techniques allow real-time session token capture, enabling immediate account takeover even when multi-factor authentication is enabled.
π°οΈ Open sources - closed narratives
@sitreports
Threat actors are deploying adversary-in-the-middle login pages to compromise SharePoint, HubSpot, and Google Workspace environments. Recent analysis shows attackers are bypassing endpoint security by targeting SaaS infrastructure directly, exploiting the credential harvesting window during authentication flows.
The shift indicates adversary adaptation to cloud-first enterprise architectures where traditional perimeter defenses offer limited visibility. AiTM techniques allow real-time session token capture, enabling immediate account takeover even when multi-factor authentication is enabled.
π°οΈ Open sources - closed narratives
@sitreports
π Trellix Confirms Source Code Repository Breach
Cybersecurity firm Trellix disclosed unauthorized access to part of its source code repository, though the company states there is no evidence of code alteration or exploitation. The breach prompted an immediate forensic investigation and law enforcement notification, according to Security Affairs reporting. Details on the threat actor, access duration, and compromised data scope remain undisclosed.
Source code exposure creates risk vectors including vulnerability discovery, exploit development, credential extraction, and supply chain compromise. The incident highlights persistent targeting of security vendor infrastructure, where reconnaissance value exceeds immediate operational impact.
π°οΈ Open sources - closed narratives
@sitreports
Cybersecurity firm Trellix disclosed unauthorized access to part of its source code repository, though the company states there is no evidence of code alteration or exploitation. The breach prompted an immediate forensic investigation and law enforcement notification, according to Security Affairs reporting. Details on the threat actor, access duration, and compromised data scope remain undisclosed.
Source code exposure creates risk vectors including vulnerability discovery, exploit development, credential extraction, and supply chain compromise. The incident highlights persistent targeting of security vendor infrastructure, where reconnaissance value exceeds immediate operational impact.
π°οΈ Open sources - closed narratives
@sitreports
π« cPanelSniper PoC Exploit Framework Released Publicly
A weaponized proof-of-concept framework targeting a critical vulnerability in cPanel and WebHost Manager has been released, according to recent reporting. The exploit enables unauthorized access to vulnerable servers running the widely deployed hosting management platform.
Public availability of the cPanelSniper framework significantly lowers the technical barrier for mass exploitation attempts. Administrators running affected versions face immediate risk of compromise and should prioritize patching operations.
π°οΈ Open sources - closed narratives
@sitreports
A weaponized proof-of-concept framework targeting a critical vulnerability in cPanel and WebHost Manager has been released, according to recent reporting. The exploit enables unauthorized access to vulnerable servers running the widely deployed hosting management platform.
Public availability of the cPanelSniper framework significantly lowers the technical barrier for mass exploitation attempts. Administrators running affected versions face immediate risk of compromise and should prioritize patching operations.
π°οΈ Open sources - closed narratives
@sitreports
π€ UK cyber agency warns of AI-driven vulnerability surge
The UK's National Cyber Security Center has issued a warning that AI is exploiting technical debt at scale, creating an imminent "patch wave" that will overwhelm defensive capabilities. NCSC CTO Ollie Whitehouse stated that AI-powered bug hunting tools like Claude Mythos and GPT-5.5-Cyber are rapidly exposing decades of accumulated vulnerabilities, accelerating both discovery and exploitation timelines faster than many organizations can manage.
The agency recommends immediate reduction of internet-facing attack surfaces and prioritizing perimeter defenses, while noting that end-of-life systems may require full replacement rather than patching alone.
π°οΈ Open sources - closed narratives
@sitreports
The UK's National Cyber Security Center has issued a warning that AI is exploiting technical debt at scale, creating an imminent "patch wave" that will overwhelm defensive capabilities. NCSC CTO Ollie Whitehouse stated that AI-powered bug hunting tools like Claude Mythos and GPT-5.5-Cyber are rapidly exposing decades of accumulated vulnerabilities, accelerating both discovery and exploitation timelines faster than many organizations can manage.
The agency recommends immediate reduction of internet-facing attack surfaces and prioritizing perimeter defenses, while noting that end-of-life systems may require full replacement rather than patching alone.
π°οΈ Open sources - closed narratives
@sitreports
π Five Eyes Agencies Warn Against Rush to Deploy Agentic AI
Cybersecurity agencies from the US, UK, Canada, Australia, and New Zealand issued joint guidance cautioning that agentic AI systems may behave unpredictably and amplify existing organizational vulnerabilities. The document details scenarios where AI agents with excessive permissions could be exploited by insiders or attackers to approve fraudulent payments, delete audit logs, or compromise critical systems through interconnected attack surfaces.
The agencies recommend organizations deploy incrementally, starting with low-risk tasks while maintaining human oversight. Until security standards mature, the guidance prioritizes "resilience, reversibility and risk containment over efficiency gains" β a measured response as agentic AI expands across defense and critical infrastructure sectors.
π°οΈ Open sources - closed narratives
@sitreports
Cybersecurity agencies from the US, UK, Canada, Australia, and New Zealand issued joint guidance cautioning that agentic AI systems may behave unpredictably and amplify existing organizational vulnerabilities. The document details scenarios where AI agents with excessive permissions could be exploited by insiders or attackers to approve fraudulent payments, delete audit logs, or compromise critical systems through interconnected attack surfaces.
The agencies recommend organizations deploy incrementally, starting with low-risk tasks while maintaining human oversight. Until security standards mature, the guidance prioritizes "resilience, reversibility and risk containment over efficiency gains" β a measured response as agentic AI expands across defense and critical infrastructure sectors.
π°οΈ Open sources - closed narratives
@sitreports
π Instructure Breach Exposes 240M Education Records
Educational technology company Instructure, operator of Canvas learning management system used by nearly 9,000 schools globally, confirmed a cyberattack resulting in data theft. ShinyHunters extortion gang claims responsibility for stealing over 240 million records containing names, email addresses, student IDs, and billions of private messages between students and teachers across 15,000 institutions. The company states that no passwords or financial data appear compromised, though investigations continue.
The incident represents one of the largest education sector breaches by volume, affecting institutions across North America, Europe, and Asia-Pacific. Instructure has deployed patches, rotated application keys, and engaged law enforcement.
π°οΈ Open sources - closed narratives
@sitreports
Educational technology company Instructure, operator of Canvas learning management system used by nearly 9,000 schools globally, confirmed a cyberattack resulting in data theft. ShinyHunters extortion gang claims responsibility for stealing over 240 million records containing names, email addresses, student IDs, and billions of private messages between students and teachers across 15,000 institutions. The company states that no passwords or financial data appear compromised, though investigations continue.
The incident represents one of the largest education sector breaches by volume, affecting institutions across North America, Europe, and Asia-Pacific. Instructure has deployed patches, rotated application keys, and engaged law enforcement.
π°οΈ Open sources - closed narratives
@sitreports
π Microsoft Defender False Positive Removes DigiCert Root Certificates
Microsoft Defender flagged legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha starting April 30, causing widespread false positives that removed certificates from Windows trust stores globally. The detections targeted two specific DigiCert root certificate entries and removed them from the AuthRoot registry store, according to reporting from BleepingComputer.
Microsoft confirmed the false positives stemmed from detections added after a recent DigiCert breach where attackers obtained valid code-signing certificates used to sign malware. The issue has been resolved in Security Intelligence update 1.449.430.0, which automatically restores removed certificates on affected systems.
π°οΈ Open sources - closed narratives
@sitreports
Microsoft Defender flagged legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha starting April 30, causing widespread false positives that removed certificates from Windows trust stores globally. The detections targeted two specific DigiCert root certificate entries and removed them from the AuthRoot registry store, according to reporting from BleepingComputer.
Microsoft confirmed the false positives stemmed from detections added after a recent DigiCert breach where attackers obtained valid code-signing certificates used to sign malware. The issue has been resolved in Security Intelligence update 1.449.430.0, which automatically restores removed certificates on affected systems.
π°οΈ Open sources - closed narratives
@sitreports
π« cPanel Authentication Bypass Added to CISA KEV Catalog
CISA has added CVE-2026-41940, an authentication bypass flaw in WebPros cPanel and WHM versions after 11.40, to its Known Exploited Vulnerabilities catalog. The vulnerability allows remote attackers to bypass login checks and gain unauthorized control panel access. Shadowserver Foundation reports at least 44,000 IPs compromised and actively scanning, with exploitation dating back to February.
Federal agencies must remediate by May 3, 2026 under BOD 22-01. watchTowr released detection tools after discovering the flaw, while hosting providers including Namecheap have implemented temporary access restrictions to mitigate active exploitation.
π°οΈ Open sources - closed narratives
@sitreports
CISA has added CVE-2026-41940, an authentication bypass flaw in WebPros cPanel and WHM versions after 11.40, to its Known Exploited Vulnerabilities catalog. The vulnerability allows remote attackers to bypass login checks and gain unauthorized control panel access. Shadowserver Foundation reports at least 44,000 IPs compromised and actively scanning, with exploitation dating back to February.
Federal agencies must remediate by May 3, 2026 under BOD 22-01. watchTowr released detection tools after discovering the flaw, while hosting providers including Namecheap have implemented temporary access restrictions to mitigate active exploitation.
π°οΈ Open sources - closed narratives
@sitreports
π« Telegram Mini Apps weaponized for crypto fraud and malware delivery
Researchers have identified a large-scale fraud operation dubbed FEMITBOT exploiting Telegram's Mini App feature to run cryptocurrency scams, impersonate major brands including Apple, NVIDIA, and Disney, and distribute Android malware. The platform uses Telegram bots to launch phishing pages within the app's WebView, creating fake dashboards with fraudulent balances and countdown timers to pressure victims into deposits, while some campaigns push malicious APK files.
CTM360's analysis shows the operation employs shared API responses across multiple domains, tracking pixels, and TLS-validated hosting for rapid rebranding. Users should avoid sideloading APK files and exercise caution with bots requesting deposits or app downloads.
π°οΈ Open sources - closed narratives
@sitreports
Researchers have identified a large-scale fraud operation dubbed FEMITBOT exploiting Telegram's Mini App feature to run cryptocurrency scams, impersonate major brands including Apple, NVIDIA, and Disney, and distribute Android malware. The platform uses Telegram bots to launch phishing pages within the app's WebView, creating fake dashboards with fraudulent balances and countdown timers to pressure victims into deposits, while some campaigns push malicious APK files.
CTM360's analysis shows the operation employs shared API responses across multiple domains, tracking pixels, and TLS-validated hosting for rapid rebranding. Users should avoid sideloading APK files and exercise caution with bots requesting deposits or app downloads.
π°οΈ Open sources - closed narratives
@sitreports
β‘ CISA Adds Linux Root Escalation Flaw to Active Exploit Catalog
The U.S. Cybersecurity and Infrastructure Security Agency has added CVE-2026-31431, a Linux privilege escalation vulnerability enabling root access, to its Known Exploited Vulnerabilities catalog. The agency confirmed active exploitation in the wild, triggering mandatory patching requirements for federal agencies under Binding Operational Directive 22-01.
The inclusion signals threat actors are actively leveraging the flaw in ongoing campaigns. Linux systems across enterprise and containerized environments face elevated risk, particularly where privilege boundaries are critical to segmentation and containment strategies.
π°οΈ Open sources - closed narratives
@sitreports
The U.S. Cybersecurity and Infrastructure Security Agency has added CVE-2026-31431, a Linux privilege escalation vulnerability enabling root access, to its Known Exploited Vulnerabilities catalog. The agency confirmed active exploitation in the wild, triggering mandatory patching requirements for federal agencies under Binding Operational Directive 22-01.
The inclusion signals threat actors are actively leveraging the flaw in ongoing campaigns. Linux systems across enterprise and containerized environments face elevated risk, particularly where privilege boundaries are critical to segmentation and containment strategies.
π°οΈ Open sources - closed narratives
@sitreports
π Google Restructures Bug Bounty Programs Amid AI Surge
Google has overhauled its Vulnerability Reward Programs for Android and Chrome, responding to AI-driven automation flooding submissions with low-quality reports. Android's top reward for Pixel Titan M zero-click exploits rises to $1.5M, while Chrome base payouts drop to $500 as Google shifts focus toward quality over quantity. The company now prioritizes complete proof-of-concept submissions with proposed fixes.
Despite individual payout reductions, Google expects total 2026 rewards to exceed 2025's record $17.1M, signaling an evolution in how tech giants balance automation with meaningful security research.
π°οΈ Open sources - closed narratives
@sitreports
Google has overhauled its Vulnerability Reward Programs for Android and Chrome, responding to AI-driven automation flooding submissions with low-quality reports. Android's top reward for Pixel Titan M zero-click exploits rises to $1.5M, while Chrome base payouts drop to $500 as Google shifts focus toward quality over quantity. The company now prioritizes complete proof-of-concept submissions with proposed fixes.
Despite individual payout reductions, Google expects total 2026 rewards to exceed 2025's record $17.1M, signaling an evolution in how tech giants balance automation with meaningful security research.
π°οΈ Open sources - closed narratives
@sitreports
π« Progress patches critical MOVEit Automation authentication bypass
Progress Software fixed two vulnerabilities in MOVEit Automation, including CVE-2026-4670, a critical authentication bypass flaw, and CVE-2026-5174, a privilege escalation issue. The bugs affect versions up to 2025.1.4, 2025.0.8, and 2024.1.7, with no workarounds available. Airbus SecLab researchers discovered and reported the flaws to Progress.
The vulnerabilities pose mass exploitation risk similar to 2023's MOVEit Transfer incident, when Cl0p ransomware gang compromised approximately 1,000 organizations and exposed over 60 million records. Authentication bypass flaws in widely-deployed enterprise file transfer systems enable rapid lateral movement and data theft at scale.
π°οΈ Open sources - closed narratives
@sitreports
Progress Software fixed two vulnerabilities in MOVEit Automation, including CVE-2026-4670, a critical authentication bypass flaw, and CVE-2026-5174, a privilege escalation issue. The bugs affect versions up to 2025.1.4, 2025.0.8, and 2024.1.7, with no workarounds available. Airbus SecLab researchers discovered and reported the flaws to Progress.
The vulnerabilities pose mass exploitation risk similar to 2023's MOVEit Transfer incident, when Cl0p ransomware gang compromised approximately 1,000 organizations and exposed over 60 million records. Authentication bypass flaws in widely-deployed enterprise file transfer systems enable rapid lateral movement and data theft at scale.
π°οΈ Open sources - closed narratives
@sitreports
π« Weaver E-cology RCE Exploited Days After Patch
Critical unauthenticated RCE vulnerability CVE-2026-22679 in Weaver E-cology office automation platform exploited in wild since mid-March, five days post-patch release. Attackers leveraged exposed debug API endpoint to execute system commands, deploying reconnaissance tooling and PowerShell payloads against primarily Chinese enterprise deployments. Exploitation attempts blocked by endpoint defenses; no persistent access achieved.
Vendor removed vulnerable debug endpoint entirely in March 12 build. No workarounds availableβorganizations running E-cology 10.0 must upgrade immediately, as documented by Vega researchers. Attack pattern indicates opportunistic scanning post-disclosure rather than targeted intrusion campaign.
π°οΈ Open sources - closed narratives
@sitreports
Critical unauthenticated RCE vulnerability CVE-2026-22679 in Weaver E-cology office automation platform exploited in wild since mid-March, five days post-patch release. Attackers leveraged exposed debug API endpoint to execute system commands, deploying reconnaissance tooling and PowerShell payloads against primarily Chinese enterprise deployments. Exploitation attempts blocked by endpoint defenses; no persistent access achieved.
Vendor removed vulnerable debug endpoint entirely in March 12 build. No workarounds availableβorganizations running E-cology 10.0 must upgrade immediately, as documented by Vega researchers. Attack pattern indicates opportunistic scanning post-disclosure rather than targeted intrusion campaign.
π°οΈ Open sources - closed narratives
@sitreports
π Critical cPanel Vulnerability Exploited in Global Campaign
Attackers are actively exploiting CVE-2026-41940, a critical flaw in cPanel infrastructure, to compromise government and managed service provider networks. Security Affairs reports that campaigns have been detected across Southeast Asia, the United States, and Canada, targeting high-value administrative environments.
The focus on MSPs represents a supply chain approach, enabling attackers to pivot into multiple downstream client networks through compromised hosting infrastructure. The vulnerability's severity and confirmed exploitation indicate immediate patching priority for organizations running affected cPanel versions.
π°οΈ Open sources - closed narratives
@sitreports
Attackers are actively exploiting CVE-2026-41940, a critical flaw in cPanel infrastructure, to compromise government and managed service provider networks. Security Affairs reports that campaigns have been detected across Southeast Asia, the United States, and Canada, targeting high-value administrative environments.
The focus on MSPs represents a supply chain approach, enabling attackers to pivot into multiple downstream client networks through compromised hosting infrastructure. The vulnerability's severity and confirmed exploitation indicate immediate patching priority for organizations running affected cPanel versions.
π°οΈ Open sources - closed narratives
@sitreports
π« Army Seeks VTOL Battalion Drone to Close Tactical Reconnaissance Gaps
The U.S. Army issued an urgent call for a production-ready vertical take-off drone to address "reconnaissance and security gaps" at battalion level. The Battalion Reconnaissance UAS must weigh under 55 pounds, fly over 40 kilometers for more than five hours, operate autonomously in contested spectrum, and integrate AI-enabled target detection with modular lethal munitions, according to the solicitation notice. Industry responses are due May 5.
The requirement reflects lessons from Ukraine's drone-saturated battlefield, where legacy fixed-wing systems like the RQ-11 Raven proved inadequate.
π°οΈ Open sources - closed narratives
@sitreports
The U.S. Army issued an urgent call for a production-ready vertical take-off drone to address "reconnaissance and security gaps" at battalion level. The Battalion Reconnaissance UAS must weigh under 55 pounds, fly over 40 kilometers for more than five hours, operate autonomously in contested spectrum, and integrate AI-enabled target detection with modular lethal munitions, according to the solicitation notice. Industry responses are due May 5.
The requirement reflects lessons from Ukraine's drone-saturated battlefield, where legacy fixed-wing systems like the RQ-11 Raven proved inadequate.
π°οΈ Open sources - closed narratives
@sitreports
π‘ Amazon SES Hijacked for Large-Scale Phishing Operations
Amazon Simple Email Service is facing widespread abuse as threat actors exploit exposed AWS IAM credentials to send authenticated phishing emails that bypass standard security filters. Kaspersky researchers report an uptick in attacks leveraging leaked access keys from GitHub repositories, Docker images, and public S3 buckets, with automated bots scanning for exposed secrets at scale.
The abuse enables high-quality phishing campaigns including fake DocuSign notifications and sophisticated BEC attacks with fabricated email threads. Because SES emails pass SPF, DKIM, and DMARC checks, traditional reputation-based blocking proves ineffective without disrupting legitimate AWS email traffic.
π°οΈ Open sources - closed narratives
@sitreports
Amazon Simple Email Service is facing widespread abuse as threat actors exploit exposed AWS IAM credentials to send authenticated phishing emails that bypass standard security filters. Kaspersky researchers report an uptick in attacks leveraging leaked access keys from GitHub repositories, Docker images, and public S3 buckets, with automated bots scanning for exposed secrets at scale.
The abuse enables high-quality phishing campaigns including fake DocuSign notifications and sophisticated BEC attacks with fabricated email threads. Because SES emails pass SPF, DKIM, and DMARC checks, traditional reputation-based blocking proves ineffective without disrupting legitimate AWS email traffic.
π°οΈ Open sources - closed narratives
@sitreports
π« Phishing Campaign Targets 80+ Organizations via RMM Tools
A coordinated phishing campaign has compromised over 80 organizations by weaponizing legitimate remote monitoring and management platforms SimpleHelp and ScreenConnect. Attackers delivered credential-harvesting pages and deployed remote access tools through phishing lures, according to reporting published May 4.
The abuse of trusted RMM software enables attackers to maintain persistent access while evading security controls designed to block malicious binaries. Organizations using these platforms face elevated risk of lateral movement and data exfiltration once initial access is established through social engineering.
π°οΈ Open sources - closed narratives
@sitreports
A coordinated phishing campaign has compromised over 80 organizations by weaponizing legitimate remote monitoring and management platforms SimpleHelp and ScreenConnect. Attackers delivered credential-harvesting pages and deployed remote access tools through phishing lures, according to reporting published May 4.
The abuse of trusted RMM software enables attackers to maintain persistent access while evading security controls designed to block malicious binaries. Organizations using these platforms face elevated risk of lateral movement and data exfiltration once initial access is established through social engineering.
π°οΈ Open sources - closed narratives
@sitreports
π« PyTorch Lightning Supply Chain Attack Deploys Credential Stealer
Version 2.6.3 of the PyTorch Lightning package on PyPI was compromised to deliver ShaiWorm, an information stealer targeting browser credentials, environment files, API keys, and cloud service tokens. The malicious code executed automatically upon import, spawning a background process that downloaded a JavaScript runtime and obfuscated payload. The package, which had over 11 million downloads last month, was disclosed by developers on April 30 after Microsoft Defender detected the threat.
Users who imported version 2.6.3 are advised to immediately rotate all secrets, keys, and tokens. The package has been reverted to version 2.6.1 while maintainers investigate the pipeline breach.
π°οΈ Open sources - closed narratives
@sitreports
Version 2.6.3 of the PyTorch Lightning package on PyPI was compromised to deliver ShaiWorm, an information stealer targeting browser credentials, environment files, API keys, and cloud service tokens. The malicious code executed automatically upon import, spawning a background process that downloaded a JavaScript runtime and obfuscated payload. The package, which had over 11 million downloads last month, was disclosed by developers on April 30 after Microsoft Defender detected the threat.
Users who imported version 2.6.3 are advised to immediately rotate all secrets, keys, and tokens. The package has been reverted to version 2.6.1 while maintainers investigate the pipeline breach.
π°οΈ Open sources - closed narratives
@sitreports
π Trellix Discloses Source Code Repository Breach
Cybersecurity firm Trellix, formed from the 2021 merger of McAfee Enterprise and FireEye, confirmed unauthorized access to a portion of its source code repository. The company, which serves over 50,000 business and government customers protecting 200 million endpoints, is working with forensic experts and has notified law enforcement. According to reporting, no evidence has been found that the code was exploited or altered.
The incident adds Trellix to a growing list of cybersecurity vendors breached in 2026, including Checkmarx, which confirmed LAPSUS$ leaked stolen GitHub data, and Cisco, whose development environment was compromised in the Trivy supply chain attack. Details remain limited on how attackers gained access or whether ransom demands were issued.
π°οΈ Open sources - closed narratives
@sitreports
Cybersecurity firm Trellix, formed from the 2021 merger of McAfee Enterprise and FireEye, confirmed unauthorized access to a portion of its source code repository. The company, which serves over 50,000 business and government customers protecting 200 million endpoints, is working with forensic experts and has notified law enforcement. According to reporting, no evidence has been found that the code was exploited or altered.
The incident adds Trellix to a growing list of cybersecurity vendors breached in 2026, including Checkmarx, which confirmed LAPSUS$ leaked stolen GitHub data, and Cisco, whose development environment was compromised in the Trivy supply chain attack. Details remain limited on how attackers gained access or whether ransom demands were issued.
π°οΈ Open sources - closed narratives
@sitreports
π« Army Awards AeroVironment Switchblade 400 Contract for LASSO Program
The U.S. Army has awarded AeroVironment a prototype agreement for its Switchblade 400 loitering munition to support the Low Altitude Stalking and Strike Ordnance (LASSO) program. The 39-pound SB 400 can destroy moving tanks and armored vehicles at ranges up to 65 kilometers with 35-minute endurance, featuring EO/IR sensors and aided target recognition. The system can be deployed by a single soldier in under five minutes.
LASSO addresses mobile brigade combat teams' shortfall in organic long-range direct fire against armored targets. The Army is requesting $110 million for LASSO procurement in FY2027, according to Defense Scoop reporting, with nearly $1.2 billion planned through FY2031.
π°οΈ Open sources - closed narratives
@sitreports
The U.S. Army has awarded AeroVironment a prototype agreement for its Switchblade 400 loitering munition to support the Low Altitude Stalking and Strike Ordnance (LASSO) program. The 39-pound SB 400 can destroy moving tanks and armored vehicles at ranges up to 65 kilometers with 35-minute endurance, featuring EO/IR sensors and aided target recognition. The system can be deployed by a single soldier in under five minutes.
LASSO addresses mobile brigade combat teams' shortfall in organic long-range direct fire against armored targets. The Army is requesting $110 million for LASSO procurement in FY2027, according to Defense Scoop reporting, with nearly $1.2 billion planned through FY2031.
π°οΈ Open sources - closed narratives
@sitreports
π Silver Fox Targets India and Russia with Tax-Themed Malware Campaign
The Silver Fox threat actor has deployed ABCDoor malware through phishing emails disguised as tax-related communications targeting organizations in India and Russia. The campaign leverages social engineering around tax filing deadlines to establish persistent network access through the custom backdoor.
The operation demonstrates continued threat actor preference for financial and governmental themes in initial compromise vectors. ABCDoor deployment indicates focus on sustained intelligence collection rather than immediate financial gain, consistent with espionage-motivated intrusion patterns in both target regions.
π°οΈ Open sources - closed narratives
@sitreports
The Silver Fox threat actor has deployed ABCDoor malware through phishing emails disguised as tax-related communications targeting organizations in India and Russia. The campaign leverages social engineering around tax filing deadlines to establish persistent network access through the custom backdoor.
The operation demonstrates continued threat actor preference for financial and governmental themes in initial compromise vectors. ABCDoor deployment indicates focus on sustained intelligence collection rather than immediate financial gain, consistent with espionage-motivated intrusion patterns in both target regions.
π°οΈ Open sources - closed narratives
@sitreports