uz
Feedback
SITREP - Independent OSINT Channel

SITREP - Independent OSINT Channel

Kanalga Telegram’da o‘tish

AI, technology, mass surveillance, and intelligence — everything you need to know about tomorrow.

Ko'proq ko'rsatish

📈 Telegram kanali SITREP - Independent OSINT Channel analitikasi

SITREP - Independent OSINT Channel (@sitreports) Ingliz til segmentidagi kanali faol ishtirokchi. Hozirda hamjamiyat 23 365 obunachidan iborat bo'lib, Texnologiyalar & Aralashmalar toifasida 5 722-o'rinni va AQSH mintaqasida 1 712-o'rinni egallagan.

📊 Auditoriya ko‘rsatkichlari va dinamika

невідомо sanasidan buyon loyiha tez o‘sib, 23 365 obunachiga ega bo‘ldi.

07 Iyul, 2026 dagi oxirgi ma’lumotlarga ko‘ra kanal barqaror faollikka ega. Oxirgi 30 kunda obunachilar soni -171 ga, so‘nggi 24 soatda esa -5 ga o‘zgardi va umumiy qamrov yuqori darajada qolmoqda.

  • Tasdiqlash holati: Tasdiqlanmagan
  • Jalb etish (ER): Auditoriya o‘rtacha 3.50% darajada jalb etiladi. Nashrdan keyingi dastlabki 24 soatda kontent odatda umumiy obunachilar sonining 1.78% ini tashkil etuvchi reaksiyalarni to‘playdi.
  • Post qamrovi: Har bir post o‘rtacha 818 marta ko‘riladi; birinchi sutkada odatda 415 ta ko‘rish yig‘iladi.
  • Reaksiyalar va o‘zaro ta’sir: Auditoriya faol: har bir postga o‘rtacha 0 ta reaksiya keladi.
  • Tematik yo‘nalishlar: Kontent narrative, attack, infrastructure, threat, credential kabi asosiy mavzularga jamlangan.

📝 Tavsif va kontent siyosati

Muallif resursni shaxsiy fikrni ifoda etish maydoni sifatida ta’riflaydi:
AI, technology, mass surveillance, and intelligence — everything you need to know about tomorrow.

Yuqori yangilanish chastotasi (oxirgi ma’lumot 08 Iyul, 2026 da olingan) sababli kanal doimo dolzarb va katta qamrovli bo‘lib qoladi. Analitika auditoriya kontent bilan faol hamkorlik qilishini, uni Texnologiyalar & Aralashmalar toifasidagi muhim ta’sir nuqtasiga aylantirishini ko‘rsatadi.

23 365
Obunachilar
-524 soatlar
-567 kunlar
-17130 kunlar
Obunachilarni jalb qilish
Iyul '26
Iyul '26
+10
3 kanalda
Iyun '26
+154
2 kanalda
Get PRO
May '26
+48
6 kanalda
Get PRO
Aprel '26
+113
14 kanalda
Get PRO
Mart '26
+380
6 kanalda
Get PRO
Fevral '26
+121
1 kanalda
Get PRO
Yanvar '26
+143
1 kanalda
Get PRO
Dekabr '25
+90
4 kanalda
Get PRO
Noyabr '25
+92
1 kanalda
Get PRO
Oktabr '25
+43
2 kanalda
Get PRO
Sentabr '25
+22
1 kanalda
Get PRO
Avgust '25
+14
2 kanalda
Get PRO
Iyul '25
+136
2 kanalda
Get PRO
Iyun '25
+186
5 kanalda
Get PRO
May '25
+28
6 kanalda
Get PRO
Aprel '25
+13
6 kanalda
Get PRO
Mart '25
+13
5 kanalda
Get PRO
Fevral '25
+11
9 kanalda
Get PRO
Yanvar '25
+11
3 kanalda
Get PRO
Dekabr '24
+62
5 kanalda
Get PRO
Noyabr '24
+128
32 kanalda
Get PRO
Oktabr '24
+45
1 kanalda
Get PRO
Sentabr '24
+93
8 kanalda
Get PRO
Avgust '24
+1 524
67 kanalda
Get PRO
Iyul '24
+478
54 kanalda
Get PRO
Iyun '24
+984
76 kanalda
Get PRO
May '24
+1 380
80 kanalda
Get PRO
Aprel '24
+1 274
64 kanalda
Get PRO
Mart '24
+1 674
74 kanalda
Get PRO
Fevral '24
+1 629
80 kanalda
Get PRO
Yanvar '24
+1 576
67 kanalda
Get PRO
Dekabr '23
+1 932
63 kanalda
Get PRO
Noyabr '23
+1 211
75 kanalda
Get PRO
Oktabr '23
+1 367
60 kanalda
Get PRO
Sentabr '23
+1 173
0 kanalda
Get PRO
Avgust '23
+985
0 kanalda
Get PRO
Iyul '23
+597
0 kanalda
Get PRO
Iyun '23
+1 518
0 kanalda
Get PRO
May '23
+1 048
0 kanalda
Get PRO
Aprel '23
+1 017
0 kanalda
Get PRO
Mart '23
+675
0 kanalda
Get PRO
Fevral '23
+1 080
0 kanalda
Get PRO
Yanvar '23
+2 476
0 kanalda
Get PRO
Dekabr '22
+4 174
0 kanalda
Get PRO
Noyabr '22
+5 621
0 kanalda
Sana
Obunachilarni jalb qilish
Esdaliklar
Kanallar
08 Iyul+2
07 Iyul0
06 Iyul+1
05 Iyul0
04 Iyul0
03 Iyul+1
02 Iyul+5
01 Iyul+1
Kanal postlari
🤖 Ukraine to pick AI models operated without provider control, official says Ukraine says it will prioritize AI systems that
🤖 Ukraine to pick AI models operated without provider control, official says Ukraine says it will prioritize AI systems that can run on domestic servers without external provider control. The stated aim is to reduce reliance on remote platforms that can be restricted, disabled, or otherwise controlled by vendors, including for government services, business use, and the military. The shift was outlined by a senior official in Ukraine. Operationally, this points to a resilience-first procurement model: sovereignty over compute, continuity under wartime conditions, and lower exposure to external policy or access decisions. In practice, it aligns AI adoption with infrastructure security and command reliability. 🛰️ Open sources - closed narratives @sitreports

2
📡 Navy opens next-generation undersea security program The U.S. Navy’s Strategic Systems Programs office has launched the Ne
📡 Navy opens next-generation undersea security program The U.S. Navy’s Strategic Systems Programs office has launched the Next Generation Undersea Security Initiative, a 22-area prototyping effort focused on unmanned systems, autonomy, sensor fusion, electronic security, and counter-UxS tools. The framework will use other transaction authority and participant basic agreements to engage industry and non-profits on protecting ports, harbors, submarines, and strategic infrastructure. The notice shows SSP is treating undersea security as a full-spectrum problem: drone swarms, AI-enabled ISR, spoofing, cyber-physical attacks, and infrastructure denial. The emphasis is not just on platform defense, but on persistent surveillance, layered access control, and rapid fielding around the nuclear maritime enterprise. 🛰️ Open sources - closed narratives @sitreports
273
3
🔍 GAO flags hypersonic schedule and production strain across three Pentagon programs A new GAO assessment says the Air Force
🔍 GAO flags hypersonic schedule and production strain across three Pentagon programs A new GAO assessment says the Air Force’s HACM, the Army’s LRHW, and the Navy’s CPS face delay risk or may deliver systems not fully demonstrated. HACM has already cut planned flight tests from seven to five, while LRHW and CPS are dealing with production quality issues, unclear work standards, and missile availability constraints. The report points to a consistent pattern: compressed acquisition timelines are colliding with immature technology and unstable production lines. For OSINT watchers, the key indicator is not funding but whether testing, design finalization, and industrial throughput can align before fielding milestones slip again. 🛰️ Open sources - closed narratives @sitreports
268
4
🔍 DEBULL weaponizes Microsoft device-code flow against M365 DEBULL is reported abusing Microsoft’s device-code authenticatio
🔍 DEBULL weaponizes Microsoft device-code flow against M365 DEBULL is reported abusing Microsoft’s device-code authentication flow to target Microsoft 365 accounts. The technique leverages a legitimate sign-in mechanism, shifting the intrusion path from exploit delivery to credential capture and session access within a trusted identity process. Operationally, this highlights how adversaries can repurpose standard cloud auth workflows to reduce friction and blend into normal user activity. For defenders, the key issue is that abuse occurs inside approved identity infrastructure rather than through malware-heavy tradecraft. 🛰️ Open sources - closed narratives @sitreports
249
5
🔍 GitHub Actions exposure bypasses “green” CI signals Researchers at Novee Security disclosed the Cordyceps CI/CD weakness a
🔍 GitHub Actions exposure bypasses “green” CI signals Researchers at Novee Security disclosed the Cordyceps CI/CD weakness after scanning ~30,000 high-impact repositories and flagging 654, with 300+ confirmed exploitable. The pattern abuses GitHub Actions workflow composition rather than a single malformed file, using pull_request_target, workflow_run, command injection, script injection, and cross-workflow privilege escalation. The significance is operational: standard CI security scanners can report healthy pipelines while privileged workflows still process attacker-controlled input. The issue sits in trust boundaries between workflows, meaning valid YAML and passing checks do not reliably indicate a governed build path. 🛰️ Open sources - closed narratives @sitreports
266
6
🔍 Public PoC released for SharePoint RCE chain A working proof-of-concept is now public for CVE-2026-33112, a critical Micro
🔍 Public PoC released for SharePoint RCE chain A working proof-of-concept is now public for CVE-2026-33112, a critical Microsoft SharePoint flaw that allows low-privilege authenticated users to achieve remote code execution. The exploit abuses external XSD imports during DataSet deserialization to bypass XmlValidator, then leverages PPSAuthoringService.asmx TestConnection to trigger ExcelDataSet.get_DataTable() indirectly. The significance is straightforward: site-member access is sufficient, the malicious schema is fetched over the network rather than embedded locally, and the attack path targets exposed SharePoint service endpoints. This raises both exploitation speed and detection difficulty for on-prem deployments. 🛰️ Open sources - closed narratives @sitreports
281
7
🔍 GitLost exposes private repos via GitHub issue comments Researchers at Noma Labs demonstrated “GitLost,” a prompt injectio
🔍 GitLost exposes private repos via GitHub issue comments Researchers at Noma Labs demonstrated “GitLost,” a prompt injection flaw in GitHub Agentic Workflows. A crafted public issue assigned to the workflow was enough to make the AI agent read data from both public and private repositories in the same organization and post it back as a public comment. No credentials or repo access were required. The significance is the trust boundary failure: untrusted issue text was treated as executable instruction inside an agent with cross-repo read access and public write capability. This turns routine collaboration surfaces into exfiltration paths when agent permissions and context handling are not tightly constrained. 🛰️ Open sources - closed narratives @sitreports
282
8
🔍 Critical Gitea Docker flaw exploited in the wild Attackers are actively exploiting CVE-2026-20896, a critical auth bypass
🔍 Critical Gitea Docker flaw exploited in the wild Attackers are actively exploiting CVE-2026-20896, a critical auth bypass affecting official Gitea Docker images before 1.26.3. The issue allows login as any known or guessable user via a crafted X-WEBAUTH-USER header when reverse-proxy auth is enabled, exposing repositories, private code, and stored secrets. The flaw is tied to insecure Docker image defaults that trust requests from any IP as a reverse proxy. Standard or self-built Gitea deployments are not affected by that default. Gitea 1.26.3 and 1.26.4 change reverse-proxy auth to opt-in, narrowing direct internet-facing abuse. 🛰️ Open sources - closed narratives @sitreports
292
9
🔍 Accenture confirms breach after data sale claim Accenture says it remediated an “isolated matter” after a threat actor usi
🔍 Accenture confirms breach after data sale claim Accenture says it remediated an “isolated matter” after a threat actor using the handle 888 offered 35 GB of alleged company data for sale. The claimed haul includes source code, RSA and SSH keys, Azure PATs, storage access keys, and configuration files. A screenshot shared with the sale post appears to show an Azure DevOps repository clone tied to an Accenture domain. Accenture says operations and service delivery were not affected. The key issue is not outage but exposure depth: if authentic, the listed credentials and code artifacts could enable follow-on access, token abuse, and wider environment mapping. The company has not disclosed intrusion method, exfiltration scope, or potential customer impact. 🛰️ Open sources - closed narratives @sitreports
315
10
🔍 Chinese-linked UAT-7810 expands ORB infrastructure with LONGLEASH Cisco Talos says UAT-7810 is upgrading its Operational R
🔍 Chinese-linked UAT-7810 expands ORB infrastructure with LONGLEASH Cisco Talos says UAT-7810 is upgrading its Operational Relay Box network by compromising internet-facing routers, mainly unpatched Ruckus devices, and deploying LONGLEASH alongside DOGLEASH, JARLEASH, and LEASHTEST. The new LONGLEASH build adds reverse shell access, multi-protocol proxying, SMTP, TLS/PKI support, self-removal, and intermediate C2 relay functions. The activity points to deliberate scaling of a relay layer that can mask operator traffic behind legitimate regional infrastructure. The shift from SHORTLEASH to a broader toolset also indicates stronger persistence, more flexible traffic handling, and improved resilience across compromised edge devices. 🛰️ Open sources - closed narratives @sitreports
389
11
📄 DIU cuts seven portfolios to three under Owen West The Pentagon’s Defense Innovation Unit is reorganizing from seven opera
📄 DIU cuts seven portfolios to three under Owen West The Pentagon’s Defense Innovation Unit is reorganizing from seven operational portfolios to three priority tracks: drones and autonomous warfare, kill webs, and “10x” technologies. Officials cited a push to focus experts and funding where “speed, scale, and lethality” align, with AI no longer treated as a standalone line but embedded across the Defense Innovation Unit. The move narrows DIU’s mission from broad tech coverage toward direct combat capability delivery. Structurally, it concentrates procurement attention on autonomy, networked targeting architecture, and breakthrough cost-performance gains rather than maintaining separate verticals for cyber, energy, space, or human systems. 🛰️ Open sources - closed narratives @sitreports
557
12
🔍 fast-mcp-telegram auth bypass exposes default Telegram sessions A critical path traversal flaw in fast-mcp-telegram allows
🔍 fast-mcp-telegram auth bypass exposes default Telegram sessions A critical path traversal flaw in fast-mcp-telegram allows Bearer token authentication bypass on all versions through 0.19.0. The bug lets crafted traversal tokens resolve to the default telegram.session file, giving remote access without a valid token. The issue is tracked as GHSA-rxw2-pc8j-vxwm and is patched in 0.19.1. Impact is direct account takeover in deployments using HTTP auth where a legacy or default session file exists. Successful abuse exposes Telegram MCP functions tied to that session, including message access, message sending, MTProto API calls, and attachment-capable tool surfaces. 🛰️ Open sources - closed narratives @sitreports
479
13
📡 Fake IT support calls on Teams deliver EtherRAT Attackers are using Microsoft Teams voice calls to impersonate internal IT
📡 Fake IT support calls on Teams deliver EtherRAT Attackers are using Microsoft Teams voice calls to impersonate internal IT staff after sending a phishing email with an “Employee Survey” lure. Victims are persuaded to grant screen-sharing control, install HopToDesk or AnyDesk, and run a malicious MSI that deploys EtherRAT, a Node.js RAT that retrieves C2 details via Ethereum smart contracts. The chain blends a trusted enterprise platform, legitimate remote-access tools, and a cross-platform payload to achieve initial access with minimal malware exposure early in the intrusion. The observed use of an external Teams tenant and multiple installer versions points to an active, iterating campaign. 🛰️ Open sources - closed narratives @sitreports
437
14
🔍 Fake tax utility used to deliver DcRAT in India-targeted intrusion Researchers tracked a suspected China-nexus campaign us
🔍 Fake tax utility used to deliver DcRAT in India-targeted intrusion Researchers tracked a suspected China-nexus campaign using a trojanized Indian tax filing utility to infect users with DcRAT. The lure mimics a legitimate financial workflow, placing malware inside software expected during tax preparation and likely aimed at users handling sensitive personal and business records. The tradecraft is notable for blending administrative trust with commodity remote access malware. Packaging the payload as a tax tool increases execution likelihood, while access to filing environments can expose identity data, financial documents, and downstream enterprise credentials. 🛰️ Open sources - closed narratives @sitreports
383
15
🔍 Veeam backup flaw allows domain user to reach SYSTEM Veeam disclosed CVE-2026-44963, a critical RCE affecting domain-joine
🔍 Veeam backup flaw allows domain user to reach SYSTEM Veeam disclosed CVE-2026-44963, a critical RCE affecting domain-joined Backup & Replication 12.x servers. Any authenticated domain user can execute code on the Backup Server via the .NET Remoting service on TCP/8000, leading to SYSTEM-level compromise. Builds through 12.3.2.4465 are affected; the issue is patched in 12.3.2.4854. Version 13.x is not affected. The exposure is operationally significant because the Backup Server centralizes privileged access to backup catalogs, repositories, hypervisors, and cloud targets. A low-privilege domain foothold can therefore be converted into control over recovery infrastructure, including deletion or tampering of restore points. 🛰️ Open sources - closed narratives @sitreports
378
16
📡 Marine Corps centralizes drone and counter-drone training The U.S. Marine Corps has established the Marine Corps Robotics
📡 Marine Corps centralizes drone and counter-drone training The U.S. Marine Corps has established the Marine Corps Robotics Integration Group at Twentynine Palms to oversee Group 1 and 2 UAS and counter-UAS training. The unit will manage pilot courses, curriculum standardization, instructor qualification, regional coordination, lessons learned, and service-wide training updates. The move creates a single institutional channel for small-drone and counter-drone training across the force. It shifts these capabilities from dispersed experimentation toward standardized doctrine, formal instruction, and centralized oversight, indicating sustained Marine Corps investment in tactical UAS integration. 🛰️ Open sources - closed narratives @sitreports
718
17
📡 Pentagon issues $80.5M counter-UAS task order for Air Force base defense AeroVironment received an $80.5 million task orde
📡 Pentagon issues $80.5M counter-UAS task order for Air Force base defense AeroVironment received an $80.5 million task order to deliver AI-enabled counter-drone systems for Air Force Global Strike Command under the Army-led Domestic Shield initiative. The package includes Titan-MS, Titan 4, EO/IR payloads, and radar for layered defense against small UAS. It is the first order under a broader $500 million contract vehicle announced last week. The award signals a shift from pilot efforts to fielded, interoperable base-defense architecture focused on detect-and-defeat coverage at fixed installations. Its relevance is amplified by recent unauthorized drone incursions reported at Barksdale AFB, a key AFGSC site. 🛰️ Open sources - closed narratives @sitreports
391
18
📡 TrojPix turns HDMI cables into covert transmitters Researchers presented TrojPix, an EM exfiltration method that encodes d
📡 TrojPix turns HDMI cables into covert transmitters Researchers presented TrojPix, an EM exfiltration method that encodes data into imperceptible pixel changes on digital displays. Malware with only user-level access can modulate TMDS emissions from standard video cables, reaching 8.1 Mbps at up to 208 meters. Tests across nine monitor brands and 15 cables reportedly achieved near-perfect recovery, including through a 30 cm concrete wall. The operational takeaway is that air gaps remain vulnerable through routine display infrastructure, without hardware modification or visible screen artifacts. The technique expands the threat model for military, industrial, government, and financial networks where HDMI-class links are treated as passive components. 🛰️ Open sources - closed narratives @sitreports
393
19
🔍 16-year-old KVM flaw enables guest-to-host escape on x86 A newly disclosed Linux KVM vulnerability affects Intel and AMD x
🔍 16-year-old KVM flaw enables guest-to-host escape on x86 A newly disclosed Linux KVM vulnerability affects Intel and AMD x86 systems and allows a guest virtual machine to escape isolation and execute on the host. The issue reportedly persisted in KVM for 16 years, turning a core virtualization boundary into a potential host-level compromise path. Technical details are outlined in the KVM flaw coverage. The significance is direct: multi-tenant and virtualized environments depend on KVM isolation as a primary security control. A guest-to-host escape collapses that assumption and can expose the hypervisor layer, with immediate relevance for cloud infrastructure, enterprise virtualization, and lab environments. 🛰️ Open sources - closed narratives @sitreports
428
20
📡 Iran-linked cluster deploys Cavern C2 against Israeli targets Researchers have identified a new command-and-control framew
📡 Iran-linked cluster deploys Cavern C2 against Israeli targets Researchers have identified a new command-and-control framework, Cavern C2, used by an Iran-linked threat actor in operations targeting Israeli organizations. The campaign adds a fresh malware management layer to an already active regional cyber confrontation. A dedicated C2 framework matters because it improves operator control, tasking, and persistence across multiple intrusions. Its emergence indicates continued tool development rather than one-off reuse, giving defenders a new infrastructure and tradecraft set to map, detect, and disrupt. 🛰️ Open sources - closed narratives @sitreports
492