❗️GTIG has identified an exploit chain targeting Apple iOS users called DarkSword.
Victims get compromised by visiting a website.
It's capabilities include stealing and performing the following:
▪️ Messages, contacts, call logs
▪️ Location, browser data
▪️ Crypto wallets, WiFi pass, keychains
▪️ Take screenshots, record audio
❗️Targets iOS 18.4–18.7. Used by commercial surveillance vendors and a suspected Russian espionage group against targets in four countries.
How it works:
- Victim visits a compromised or fake website
- Six vulnerabilities are chained, from browser RCE to kernel-level privilege escalation
- Three malware families are deployed: GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER
Read the GTIG article:
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
Victims get compromised by visiting a website.
It's capabilities include stealing and performing the following:
▪️ Messages, contacts, call logs
▪️ Location, browser data
▪️ Crypto wallets, WiFi pass, keychains
▪️ Take screenshots, record audio
❗️Targets iOS 18.4–18.7. Used by commercial surveillance vendors and a suspected Russian espionage group against targets in four countries.
How it works:
- Victim visits a compromised or fake website
- Six vulnerabilities are chained, from browser RCE to kernel-level privilege escalation
- Three malware families are deployed: GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER
Read the GTIG article:
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
💩2
🚨‼️ CRITICAL: Ubiquiti UniFi Network Application vulnerabilities were just disclosed
CVE-2026-22557 CVSS 10.0
Remote path traversal vulnerability allowing an attacker to access and manipulate files, leading to account takeover. No authentication required.
CVE-2026-22558 — CVSS 7.7
Authenticated NoSQL Injection allowing privilege escalation.
Patch now!
https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b
CVE-2026-22557 CVSS 10.0
Remote path traversal vulnerability allowing an attacker to access and manipulate files, leading to account takeover. No authentication required.
CVE-2026-22558 — CVSS 7.7
Authenticated NoSQL Injection allowing privilege escalation.
Patch now!
https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b
👍1💩1
❗️Just in: An internal government report reveals federal cyber experts reviewed Microsoft's cloud.
They called it "a pile of shit."
Then approved it anyway. 🙃
Microsoft's lack of proper security documentation left reviewers with a "lack of confidence in assessing the system's overall security posture," according to an internal government report reviewed by ProPublica.
https://www.propublica.org/article/microsoft-cloud-fedramp-cybersecurity-government
They called it "a pile of shit."
Then approved it anyway. 🙃
Microsoft's lack of proper security documentation left reviewers with a "lack of confidence in assessing the system's overall security posture," according to an internal government report reviewed by ProPublica.
https://www.propublica.org/article/microsoft-cloud-fedramp-cybersecurity-government
💩3❤1
‼️🇨🇳 Massive breach: Confidential data from China's National Supercomputing Center in Tianjin has been put up for sale.
We've looked at the samples — the data includes aerospace engineering, military technology, bioinformatics, and nuclear fusion simulations.
There are multiple simulations showing explosions and the integrity of buildings/vehicles and more.
The National Supercomputing Center in Tianjin is a government-owned datacenter where SOEs and universities run complex data simulations, virtual test systems, and scientific computation models.
Many documents are proprietary scientific software binaries containing test results and simulation setups.
We've looked at the samples — the data includes aerospace engineering, military technology, bioinformatics, and nuclear fusion simulations.
There are multiple simulations showing explosions and the integrity of buildings/vehicles and more.
The National Supercomputing Center in Tianjin is a government-owned datacenter where SOEs and universities run complex data simulations, virtual test systems, and scientific computation models.
Many documents are proprietary scientific software binaries containing test results and simulation setups.
💩1
‼️🇨🇳 Massive breach: Confidential data from China's National Supercomputing Center in Tianjin has been put up for sale.
We've looked at the samples — the data includes aerospace engineering, military technology, bioinformatics, and nuclear fusion simulations.
There are multiple simulations showing explosions and the integrity of buildings/vehicles and more.
The National Supercomputing Center in Tianjin is a government-owned datacenter where SOEs and universities run complex data simulations, virtual test systems, and scientific computation models.
Many documents are proprietary scientific software binaries containing test results and simulation setups.
We've looked at the samples — the data includes aerospace engineering, military technology, bioinformatics, and nuclear fusion simulations.
There are multiple simulations showing explosions and the integrity of buildings/vehicles and more.
The National Supercomputing Center in Tianjin is a government-owned datacenter where SOEs and universities run complex data simulations, virtual test systems, and scientific computation models.
Many documents are proprietary scientific software binaries containing test results and simulation setups.
😨1
This media is not supported in your browser
VIEW IN TELEGRAM
This can’t be real.
We’re living in a simulation. 😂
We’re living in a simulation. 😂
🤣6🔥1