📡 Amazon SES Hijacked for Large-Scale Phishing Operations
Amazon Simple Email Service is facing widespread abuse as threat actors exploit exposed AWS IAM credentials to send authenticated phishing emails that bypass standard security filters. Kaspersky researchers report an uptick in attacks leveraging leaked access keys from GitHub repositories, Docker images, and public S3 buckets, with automated bots scanning for exposed secrets at scale.
The abuse enables high-quality phishing campaigns including fake DocuSign notifications and sophisticated BEC attacks with fabricated email threads. Because SES emails pass SPF, DKIM, and DMARC checks, traditional reputation-based blocking proves ineffective without disrupting legitimate AWS email traffic.
🛰️ Open sources - closed narratives
@sitreports
Amazon Simple Email Service is facing widespread abuse as threat actors exploit exposed AWS IAM credentials to send authenticated phishing emails that bypass standard security filters. Kaspersky researchers report an uptick in attacks leveraging leaked access keys from GitHub repositories, Docker images, and public S3 buckets, with automated bots scanning for exposed secrets at scale.
The abuse enables high-quality phishing campaigns including fake DocuSign notifications and sophisticated BEC attacks with fabricated email threads. Because SES emails pass SPF, DKIM, and DMARC checks, traditional reputation-based blocking proves ineffective without disrupting legitimate AWS email traffic.
🛰️ Open sources - closed narratives
@sitreports
🔫 Phishing Campaign Targets 80+ Organizations via RMM Tools
A coordinated phishing campaign has compromised over 80 organizations by weaponizing legitimate remote monitoring and management platforms SimpleHelp and ScreenConnect. Attackers delivered credential-harvesting pages and deployed remote access tools through phishing lures, according to reporting published May 4.
The abuse of trusted RMM software enables attackers to maintain persistent access while evading security controls designed to block malicious binaries. Organizations using these platforms face elevated risk of lateral movement and data exfiltration once initial access is established through social engineering.
🛰️ Open sources - closed narratives
@sitreports
A coordinated phishing campaign has compromised over 80 organizations by weaponizing legitimate remote monitoring and management platforms SimpleHelp and ScreenConnect. Attackers delivered credential-harvesting pages and deployed remote access tools through phishing lures, according to reporting published May 4.
The abuse of trusted RMM software enables attackers to maintain persistent access while evading security controls designed to block malicious binaries. Organizations using these platforms face elevated risk of lateral movement and data exfiltration once initial access is established through social engineering.
🛰️ Open sources - closed narratives
@sitreports
🔫 PyTorch Lightning Supply Chain Attack Deploys Credential Stealer
Version 2.6.3 of the PyTorch Lightning package on PyPI was compromised to deliver ShaiWorm, an information stealer targeting browser credentials, environment files, API keys, and cloud service tokens. The malicious code executed automatically upon import, spawning a background process that downloaded a JavaScript runtime and obfuscated payload. The package, which had over 11 million downloads last month, was disclosed by developers on April 30 after Microsoft Defender detected the threat.
Users who imported version 2.6.3 are advised to immediately rotate all secrets, keys, and tokens. The package has been reverted to version 2.6.1 while maintainers investigate the pipeline breach.
🛰️ Open sources - closed narratives
@sitreports
Version 2.6.3 of the PyTorch Lightning package on PyPI was compromised to deliver ShaiWorm, an information stealer targeting browser credentials, environment files, API keys, and cloud service tokens. The malicious code executed automatically upon import, spawning a background process that downloaded a JavaScript runtime and obfuscated payload. The package, which had over 11 million downloads last month, was disclosed by developers on April 30 after Microsoft Defender detected the threat.
Users who imported version 2.6.3 are advised to immediately rotate all secrets, keys, and tokens. The package has been reverted to version 2.6.1 while maintainers investigate the pipeline breach.
🛰️ Open sources - closed narratives
@sitreports
🔍 Trellix Discloses Source Code Repository Breach
Cybersecurity firm Trellix, formed from the 2021 merger of McAfee Enterprise and FireEye, confirmed unauthorized access to a portion of its source code repository. The company, which serves over 50,000 business and government customers protecting 200 million endpoints, is working with forensic experts and has notified law enforcement. According to reporting, no evidence has been found that the code was exploited or altered.
The incident adds Trellix to a growing list of cybersecurity vendors breached in 2026, including Checkmarx, which confirmed LAPSUS$ leaked stolen GitHub data, and Cisco, whose development environment was compromised in the Trivy supply chain attack. Details remain limited on how attackers gained access or whether ransom demands were issued.
🛰️ Open sources - closed narratives
@sitreports
Cybersecurity firm Trellix, formed from the 2021 merger of McAfee Enterprise and FireEye, confirmed unauthorized access to a portion of its source code repository. The company, which serves over 50,000 business and government customers protecting 200 million endpoints, is working with forensic experts and has notified law enforcement. According to reporting, no evidence has been found that the code was exploited or altered.
The incident adds Trellix to a growing list of cybersecurity vendors breached in 2026, including Checkmarx, which confirmed LAPSUS$ leaked stolen GitHub data, and Cisco, whose development environment was compromised in the Trivy supply chain attack. Details remain limited on how attackers gained access or whether ransom demands were issued.
🛰️ Open sources - closed narratives
@sitreports
🔫 Army Awards AeroVironment Switchblade 400 Contract for LASSO Program
The U.S. Army has awarded AeroVironment a prototype agreement for its Switchblade 400 loitering munition to support the Low Altitude Stalking and Strike Ordnance (LASSO) program. The 39-pound SB 400 can destroy moving tanks and armored vehicles at ranges up to 65 kilometers with 35-minute endurance, featuring EO/IR sensors and aided target recognition. The system can be deployed by a single soldier in under five minutes.
LASSO addresses mobile brigade combat teams' shortfall in organic long-range direct fire against armored targets. The Army is requesting $110 million for LASSO procurement in FY2027, according to Defense Scoop reporting, with nearly $1.2 billion planned through FY2031.
🛰️ Open sources - closed narratives
@sitreports
The U.S. Army has awarded AeroVironment a prototype agreement for its Switchblade 400 loitering munition to support the Low Altitude Stalking and Strike Ordnance (LASSO) program. The 39-pound SB 400 can destroy moving tanks and armored vehicles at ranges up to 65 kilometers with 35-minute endurance, featuring EO/IR sensors and aided target recognition. The system can be deployed by a single soldier in under five minutes.
LASSO addresses mobile brigade combat teams' shortfall in organic long-range direct fire against armored targets. The Army is requesting $110 million for LASSO procurement in FY2027, according to Defense Scoop reporting, with nearly $1.2 billion planned through FY2031.
🛰️ Open sources - closed narratives
@sitreports
🔍 Silver Fox Targets India and Russia with Tax-Themed Malware Campaign
The Silver Fox threat actor has deployed ABCDoor malware through phishing emails disguised as tax-related communications targeting organizations in India and Russia. The campaign leverages social engineering around tax filing deadlines to establish persistent network access through the custom backdoor.
The operation demonstrates continued threat actor preference for financial and governmental themes in initial compromise vectors. ABCDoor deployment indicates focus on sustained intelligence collection rather than immediate financial gain, consistent with espionage-motivated intrusion patterns in both target regions.
🛰️ Open sources - closed narratives
@sitreports
The Silver Fox threat actor has deployed ABCDoor malware through phishing emails disguised as tax-related communications targeting organizations in India and Russia. The campaign leverages social engineering around tax filing deadlines to establish persistent network access through the custom backdoor.
The operation demonstrates continued threat actor preference for financial and governmental themes in initial compromise vectors. ABCDoor deployment indicates focus on sustained intelligence collection rather than immediate financial gain, consistent with espionage-motivated intrusion patterns in both target regions.
🛰️ Open sources - closed narratives
@sitreports
🤖 India's securities regulator orders immediate infosec review amid Mythos threat
India's Securities and Exchange Board issued an advisory to 19 classes of financial entities directing immediate security audits in response to AI-driven vulnerability detection tools like Anthropic's Claude Mythos. The regulator warned such tools enable exploitation at unprecedented speed and scale, according to The Register. A dedicated taskforce will coordinate threat intelligence and review vendor security.
The directive mandates baseline controls—patch management, API hardening, zero-trust implementation—alongside AI-augmented SOC transformation. India's proactive alert differs from softer US, Singapore, and Australian guidance, positioning it as an operational readiness mandate rather than advisory.
🛰️ Open sources - closed narratives
@sitreports
India's Securities and Exchange Board issued an advisory to 19 classes of financial entities directing immediate security audits in response to AI-driven vulnerability detection tools like Anthropic's Claude Mythos. The regulator warned such tools enable exploitation at unprecedented speed and scale, according to The Register. A dedicated taskforce will coordinate threat intelligence and review vendor security.
The directive mandates baseline controls—patch management, API hardening, zero-trust implementation—alongside AI-augmented SOC transformation. India's proactive alert differs from softer US, Singapore, and Australian guidance, positioning it as an operational readiness mandate rather than advisory.
🛰️ Open sources - closed narratives
@sitreports
🔫 Quasar Linux implant weaponizes developer infrastructure
A previously undocumented Linux malware dubbed Quasar Linux (QLNX) is targeting software developers with combined rootkit, RAT, and credential-stealing capabilities. The implant operates in-memory, dynamically compiles rootkit modules using gcc, deploys seven persistence mechanisms including LD_PRELOAD and systemd, and harvests SSH keys, cloud credentials, and browser data from DevOps environments.
According to Trend Micro analysis, QLNX combines userland LD_PRELOAD hooks with kernel-level eBPF rootkit components to evade detection, enabling supply-chain compromise by positioning attackers inside development pipelines with stolen credentials. Only four security solutions currently flag the binary as malicious.
🛰️ Open sources - closed narratives
@sitreports
A previously undocumented Linux malware dubbed Quasar Linux (QLNX) is targeting software developers with combined rootkit, RAT, and credential-stealing capabilities. The implant operates in-memory, dynamically compiles rootkit modules using gcc, deploys seven persistence mechanisms including LD_PRELOAD and systemd, and harvests SSH keys, cloud credentials, and browser data from DevOps environments.
According to Trend Micro analysis, QLNX combines userland LD_PRELOAD hooks with kernel-level eBPF rootkit components to evade detection, enabling supply-chain compromise by positioning attackers inside development pipelines with stolen credentials. Only four security solutions currently flag the binary as malicious.
🛰️ Open sources - closed narratives
@sitreports
📄 ShinyHunters Claims 280M Records from 8,800 Educational Institutions
Education technology firm Instructure, operator of the Canvas learning management system, confirmed a data breach after the ShinyHunters extortion gang claimed theft of 280 million records spanning students, teachers, and staff across 8,809 colleges, school districts, and online platforms. The attackers allegedly exploited Canvas data export features including DAP queries, provisioning reports, and user APIs to harvest user records, private messages, and enrollment data.
Multiple universities including CU Boulder and Rutgers have issued breach notifications, though according to reporting, Instructure has not responded to media inquiries regarding the full scope of impact.
🛰️ Open sources - closed narratives
@sitreports
Education technology firm Instructure, operator of the Canvas learning management system, confirmed a data breach after the ShinyHunters extortion gang claimed theft of 280 million records spanning students, teachers, and staff across 8,809 colleges, school districts, and online platforms. The attackers allegedly exploited Canvas data export features including DAP queries, provisioning reports, and user APIs to harvest user records, private messages, and enrollment data.
Multiple universities including CU Boulder and Rutgers have issued breach notifications, though according to reporting, Instructure has not responded to media inquiries regarding the full scope of impact.
🛰️ Open sources - closed narratives
@sitreports
🤖 82nd Airborne Division operates AI-enabled C2 hub for Strait of Hormuz operations
The U.S. Army's 82nd Airborne Division is coordinating over 100 aircraft, drones, ships and sensors through AI-augmented joint all-domain command and control networks during Project Freedom operations in the Strait of Hormuz. Gen. Dan Caine stated the unit now functions beyond traditional airborne assault roles, synchronizing multi-domain effects in real time to protect commercial shipping. Over 1,550 vessels carrying 22,500 mariners remain trapped in the Arabian Gulf.
The deployment implements next-generation tactical networks, providing continuous overwatch against Iranian drone and small boat threats while maintaining the ceasefire established after Operation Epic Fury.
🛰️ Open sources - closed narratives
@sitreports
The U.S. Army's 82nd Airborne Division is coordinating over 100 aircraft, drones, ships and sensors through AI-augmented joint all-domain command and control networks during Project Freedom operations in the Strait of Hormuz. Gen. Dan Caine stated the unit now functions beyond traditional airborne assault roles, synchronizing multi-domain effects in real time to protect commercial shipping. Over 1,550 vessels carrying 22,500 mariners remain trapped in the Arabian Gulf.
The deployment implements next-generation tactical networks, providing continuous overwatch against Iranian drone and small boat threats while maintaining the ceasefire established after Operation Epic Fury.
🛰️ Open sources - closed narratives
@sitreports
🤖 OpenAI Grants US Government Early Access to GPT-5.5 for Security Evaluation
OpenAI provided the U.S. government with pre-release access to its GPT-5.5 model for national security testing, according to company executive Chris Lehane. The disclosure marks a continuation of OpenAI's practice of allowing federal agencies to assess advanced AI systems before public deployment.
The arrangement reflects growing integration between frontier AI developers and national security apparatus, enabling government evaluation of potential risks including dual-use capabilities, information operations vulnerabilities, and emergent behaviors in increasingly capable language models.
🛰️ Open sources - closed narratives
@sitreports
OpenAI provided the U.S. government with pre-release access to its GPT-5.5 model for national security testing, according to company executive Chris Lehane. The disclosure marks a continuation of OpenAI's practice of allowing federal agencies to assess advanced AI systems before public deployment.
The arrangement reflects growing integration between frontier AI developers and national security apparatus, enabling government evaluation of potential risks including dual-use capabilities, information operations vulnerabilities, and emergent behaviors in increasingly capable language models.
🛰️ Open sources - closed narratives
@sitreports
🤖 Pentagon Deploys AI to Salvage Audit Compliance by 2028
The Department of Defense is integrating artificial intelligence and automation into its financial auditing process to meet a congressional mandate for a clean FY28 audit, with funding penalties looming if the deadline is missed. Deputy CFO Tom Harker outlined plans to centralize transaction data in the Advana platform and deploy AI for automated substantive testing, a process that according to Defense Department officials previously required months of manual analysis.
The initiative reflects operational urgency as auditors adopt AI-based verification tools, forcing DOD to match capabilities or face audit failures. Technical staffing gaps remain a critical vulnerability, with direct-hire authority now authorized to recruit coders and data engineers capable of operating Python-based analytics systems.
🛰️ Open sources - closed narratives
@sitreports
The Department of Defense is integrating artificial intelligence and automation into its financial auditing process to meet a congressional mandate for a clean FY28 audit, with funding penalties looming if the deadline is missed. Deputy CFO Tom Harker outlined plans to centralize transaction data in the Advana platform and deploy AI for automated substantive testing, a process that according to Defense Department officials previously required months of manual analysis.
The initiative reflects operational urgency as auditors adopt AI-based verification tools, forcing DOD to match capabilities or face audit failures. Technical staffing gaps remain a critical vulnerability, with direct-hire authority now authorized to recruit coders and data engineers capable of operating Python-based analytics systems.
🛰️ Open sources - closed narratives
@sitreports
🔫 DAEMON Tools Installer Backdoored in Month-Long Supply Chain Attack
DAEMON Tools installers downloaded from the official website between April 8 and May 5 were trojanized to deploy a multi-stage backdoor, affecting thousands of systems across 100+ countries. The compromised versions (12.5.0.2421 through 12.5.0.2434) delivered first-stage information stealers, with second-stage payloads deployed to approximately a dozen high-value targets in retail, government, scientific, and manufacturing sectors in Russia, Belarus, and Thailand.
The attack evaded detection for nearly a month despite digitally signed binaries, with Kaspersky researchers noting Chinese-language artifacts in the malware. At least one Russian educational institute received QUIC RAT, an advanced remote access trojan.
🛰️ Open sources - closed narratives
@sitreports
DAEMON Tools installers downloaded from the official website between April 8 and May 5 were trojanized to deploy a multi-stage backdoor, affecting thousands of systems across 100+ countries. The compromised versions (12.5.0.2421 through 12.5.0.2434) delivered first-stage information stealers, with second-stage payloads deployed to approximately a dozen high-value targets in retail, government, scientific, and manufacturing sectors in Russia, Belarus, and Thailand.
The attack evaded detection for nearly a month despite digitally signed binaries, with Kaspersky researchers noting Chinese-language artifacts in the malware. At least one Russian educational institute received QUIC RAT, an advanced remote access trojan.
🛰️ Open sources - closed narratives
@sitreports
🔫 Student Halts Taiwan High-Speed Rail with TETRA Radio Hack
A 23-year-old Taiwanese student triggered emergency brakes on four high-speed trains for 48 minutes on April 5, using software-defined radio equipment to impersonate legitimate TETRA system beacons. The suspect decoded 19-year-old unrotated radio parameters and bypassed seven verification layers to transmit a forged "General Alarm" signal.
The incident exposed critical infrastructure vulnerabilities in Taiwan's 350 km railway network serving 81.8 million annual passengers. According to reporting, the suspect faces up to 10 years imprisonment, though his lawyer claims the transmission was accidental—a defense authorities find unconvincing.
🛰️ Open sources - closed narratives
@sitreports
A 23-year-old Taiwanese student triggered emergency brakes on four high-speed trains for 48 minutes on April 5, using software-defined radio equipment to impersonate legitimate TETRA system beacons. The suspect decoded 19-year-old unrotated radio parameters and bypassed seven verification layers to transmit a forged "General Alarm" signal.
The incident exposed critical infrastructure vulnerabilities in Taiwan's 350 km railway network serving 81.8 million annual passengers. According to reporting, the suspect faces up to 10 years imprisonment, though his lawyer claims the transmission was accidental—a defense authorities find unconvincing.
🛰️ Open sources - closed narratives
@sitreports
🤖 Major AI firms agree to pre-release security screening with US government
Microsoft, Google, and Elon Musk's xAI will provide the U.S. government with early access to new artificial intelligence models before public deployment under a newly announced arrangement. The agreement enables federal authorities to conduct national security assessments on frontier AI systems prior to commercial release.
The move signals a shift toward formalized government oversight of cutting-edge AI development, establishing a precedent for pre-deployment review of dual-use technologies. According to Reuters, the framework creates a structured channel for identifying potential risks in advanced models before they enter the public domain.
🛰️ Open sources - closed narratives
@sitreports
Microsoft, Google, and Elon Musk's xAI will provide the U.S. government with early access to new artificial intelligence models before public deployment under a newly announced arrangement. The agreement enables federal authorities to conduct national security assessments on frontier AI systems prior to commercial release.
The move signals a shift toward formalized government oversight of cutting-edge AI development, establishing a precedent for pre-deployment review of dual-use technologies. According to Reuters, the framework creates a structured channel for identifying potential risks in advanced models before they enter the public domain.
🛰️ Open sources - closed narratives
@sitreports
🤖 India's SEBI establishes task force against AI-powered cyber threats
India's Securities and Exchange Board has issued an advisory warning regulated financial entities about emerging risks from AI-driven vulnerability detection tools. According to Reuters, the regulator is forming a specialized task force to address these evolving threats to market infrastructure.
The advisory reflects growing institutional concern that offensive AI tools designed to identify system weaknesses are now accessible enough to pose systemic risk to financial market operators and clearing systems.
🛰️ Open sources - closed narratives
@sitreports
India's Securities and Exchange Board has issued an advisory warning regulated financial entities about emerging risks from AI-driven vulnerability detection tools. According to Reuters, the regulator is forming a specialized task force to address these evolving threats to market infrastructure.
The advisory reflects growing institutional concern that offensive AI tools designed to identify system weaknesses are now accessible enough to pose systemic risk to financial market operators and clearing systems.
🛰️ Open sources - closed narratives
@sitreports