βοΈCybersecurity company Aura suffered a data breach after a phone phishing attack by ShinyHunters.
The attackers gained access to an employee account. Most of the stolen data came from a company Aura acquired in 2021: over 900,000 names and email addresses stored in Salesforce.
Additionally, data of fewer than 20,000 current and 15,000 former Aura customers was stolen, including names, emails, addresses, and phone numbers.
The attackers gained access to an employee account. Most of the stolen data came from a company Aura acquired in 2021: over 900,000 names and email addresses stored in Salesforce.
Additionally, data of fewer than 20,000 current and 15,000 former Aura customers was stolen, including names, emails, addresses, and phone numbers.
π©1
βοΈGTIG has identified an exploit chain targeting Apple iOS users called DarkSword.
Victims get compromised by visiting a website.
It's capabilities include stealing and performing the following:
βͺοΈ Messages, contacts, call logs
βͺοΈ Location, browser data
βͺοΈ Crypto wallets, WiFi pass, keychains
βͺοΈ Take screenshots, record audio
βοΈTargets iOS 18.4β18.7. Used by commercial surveillance vendors and a suspected Russian espionage group against targets in four countries.
How it works:
- Victim visits a compromised or fake website
- Six vulnerabilities are chained, from browser RCE to kernel-level privilege escalation
- Three malware families are deployed: GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER
Read the GTIG article:
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
Victims get compromised by visiting a website.
It's capabilities include stealing and performing the following:
βͺοΈ Messages, contacts, call logs
βͺοΈ Location, browser data
βͺοΈ Crypto wallets, WiFi pass, keychains
βͺοΈ Take screenshots, record audio
βοΈTargets iOS 18.4β18.7. Used by commercial surveillance vendors and a suspected Russian espionage group against targets in four countries.
How it works:
- Victim visits a compromised or fake website
- Six vulnerabilities are chained, from browser RCE to kernel-level privilege escalation
- Three malware families are deployed: GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER
Read the GTIG article:
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
π©2
π¨βΌοΈ CRITICAL: Ubiquiti UniFi Network Application vulnerabilities were just disclosed
CVE-2026-22557 CVSS 10.0
Remote path traversal vulnerability allowing an attacker to access and manipulate files, leading to account takeover. No authentication required.
CVE-2026-22558 β CVSS 7.7
Authenticated NoSQL Injection allowing privilege escalation.
Patch now!
https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b
CVE-2026-22557 CVSS 10.0
Remote path traversal vulnerability allowing an attacker to access and manipulate files, leading to account takeover. No authentication required.
CVE-2026-22558 β CVSS 7.7
Authenticated NoSQL Injection allowing privilege escalation.
Patch now!
https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b
π1π©1
βοΈJust in: An internal government report reveals federal cyber experts reviewed Microsoft's cloud.
They called it "a pile of shit."
Then approved it anyway. π
Microsoft's lack of proper security documentation left reviewers with a "lack of confidence in assessing the system's overall security posture," according to an internal government report reviewed by ProPublica.
https://www.propublica.org/article/microsoft-cloud-fedramp-cybersecurity-government
They called it "a pile of shit."
Then approved it anyway. π
Microsoft's lack of proper security documentation left reviewers with a "lack of confidence in assessing the system's overall security posture," according to an internal government report reviewed by ProPublica.
https://www.propublica.org/article/microsoft-cloud-fedramp-cybersecurity-government
π©3β€1
βΌοΈπ¨π³ Massive breach: Confidential data from China's National Supercomputing Center in Tianjin has been put up for sale.
We've looked at the samples β the data includes aerospace engineering, military technology, bioinformatics, and nuclear fusion simulations.
There are multiple simulations showing explosions and the integrity of buildings/vehicles and more.
The National Supercomputing Center in Tianjin is a government-owned datacenter where SOEs and universities run complex data simulations, virtual test systems, and scientific computation models.
Many documents are proprietary scientific software binaries containing test results and simulation setups.
We've looked at the samples β the data includes aerospace engineering, military technology, bioinformatics, and nuclear fusion simulations.
There are multiple simulations showing explosions and the integrity of buildings/vehicles and more.
The National Supercomputing Center in Tianjin is a government-owned datacenter where SOEs and universities run complex data simulations, virtual test systems, and scientific computation models.
Many documents are proprietary scientific software binaries containing test results and simulation setups.
π©1
βΌοΈπ¨π³ Massive breach: Confidential data from China's National Supercomputing Center in Tianjin has been put up for sale.
We've looked at the samples β the data includes aerospace engineering, military technology, bioinformatics, and nuclear fusion simulations.
There are multiple simulations showing explosions and the integrity of buildings/vehicles and more.
The National Supercomputing Center in Tianjin is a government-owned datacenter where SOEs and universities run complex data simulations, virtual test systems, and scientific computation models.
Many documents are proprietary scientific software binaries containing test results and simulation setups.
We've looked at the samples β the data includes aerospace engineering, military technology, bioinformatics, and nuclear fusion simulations.
There are multiple simulations showing explosions and the integrity of buildings/vehicles and more.
The National Supercomputing Center in Tianjin is a government-owned datacenter where SOEs and universities run complex data simulations, virtual test systems, and scientific computation models.
Many documents are proprietary scientific software binaries containing test results and simulation setups.
π¨1
This media is not supported in your browser
VIEW IN TELEGRAM
This canβt be real.
Weβre living in a simulation. π
Weβre living in a simulation. π
π€£6π₯1