uz
Feedback
SITREP - Independent OSINT Channel

SITREP - Independent OSINT Channel

Kanalga Telegram’da o‘tish

AI, technology, mass surveillance, and intelligence — everything you need to know about tomorrow.

Ko'proq ko'rsatish

📈 Telegram kanali SITREP - Independent OSINT Channel analitikasi

SITREP - Independent OSINT Channel (@sitreports) Ingliz til segmentidagi kanali faol ishtirokchi. Hozirda hamjamiyat 23 407 obunachidan iborat bo'lib, Texnologiyalar & Aralashmalar toifasida 5 741-o'rinni va AQSH mintaqasida 1 723-o'rinni egallagan.

📊 Auditoriya ko‘rsatkichlari va dinamika

невідомо sanasidan buyon loyiha tez o‘sib, 23 407 obunachiga ega bo‘ldi.

02 Iyul, 2026 dagi oxirgi ma’lumotlarga ko‘ra kanal barqaror faollikka ega. Oxirgi 30 kunda obunachilar soni -149 ga, so‘nggi 24 soatda esa -1 ga o‘zgardi va umumiy qamrov yuqori darajada qolmoqda.

  • Tasdiqlash holati: Tasdiqlanmagan
  • Jalb etish (ER): Auditoriya o‘rtacha 7.31% darajada jalb etiladi. Nashrdan keyingi dastlabki 24 soatda kontent odatda umumiy obunachilar sonining 1.91% ini tashkil etuvchi reaksiyalarni to‘playdi.
  • Post qamrovi: Har bir post o‘rtacha 1 710 marta ko‘riladi; birinchi sutkada odatda 446 ta ko‘rish yig‘iladi.
  • Reaksiyalar va o‘zaro ta’sir: Auditoriya faol: har bir postga o‘rtacha 0 ta reaksiya keladi.
  • Tematik yo‘nalishlar: Kontent narrative, attack, infrastructure, threat, credential kabi asosiy mavzularga jamlangan.

📝 Tavsif va kontent siyosati

Muallif resursni shaxsiy fikrni ifoda etish maydoni sifatida ta’riflaydi:
AI, technology, mass surveillance, and intelligence — everything you need to know about tomorrow.

Yuqori yangilanish chastotasi (oxirgi ma’lumot 03 Iyul, 2026 da olingan) sababli kanal doimo dolzarb va katta qamrovli bo‘lib qoladi. Analitika auditoriya kontent bilan faol hamkorlik qilishini, uni Texnologiyalar & Aralashmalar toifasidagi muhim ta’sir nuqtasiga aylantirishini ko‘rsatadi.

23 407
Obunachilar
-124 soatlar
-387 kunlar
-14930 kunlar
Obunachilarni jalb qilish
Iyul '26
Iyul '26
+7
2 kanalda
Iyun '26
+154
2 kanalda
Get PRO
May '26
+48
6 kanalda
Get PRO
Aprel '26
+113
14 kanalda
Get PRO
Mart '26
+380
6 kanalda
Get PRO
Fevral '26
+121
1 kanalda
Get PRO
Yanvar '26
+143
1 kanalda
Get PRO
Dekabr '25
+90
4 kanalda
Get PRO
Noyabr '25
+92
1 kanalda
Get PRO
Oktabr '25
+43
2 kanalda
Get PRO
Sentabr '25
+22
1 kanalda
Get PRO
Avgust '25
+14
2 kanalda
Get PRO
Iyul '25
+136
2 kanalda
Get PRO
Iyun '25
+186
5 kanalda
Get PRO
May '25
+28
6 kanalda
Get PRO
Aprel '25
+13
6 kanalda
Get PRO
Mart '25
+13
5 kanalda
Get PRO
Fevral '25
+11
9 kanalda
Get PRO
Yanvar '25
+11
3 kanalda
Get PRO
Dekabr '24
+62
5 kanalda
Get PRO
Noyabr '24
+128
32 kanalda
Get PRO
Oktabr '24
+45
1 kanalda
Get PRO
Sentabr '24
+93
8 kanalda
Get PRO
Avgust '24
+1 524
67 kanalda
Get PRO
Iyul '24
+478
54 kanalda
Get PRO
Iyun '24
+984
76 kanalda
Get PRO
May '24
+1 380
80 kanalda
Get PRO
Aprel '24
+1 274
64 kanalda
Get PRO
Mart '24
+1 674
74 kanalda
Get PRO
Fevral '24
+1 629
80 kanalda
Get PRO
Yanvar '24
+1 576
67 kanalda
Get PRO
Dekabr '23
+1 932
63 kanalda
Get PRO
Noyabr '23
+1 211
75 kanalda
Get PRO
Oktabr '23
+1 367
60 kanalda
Get PRO
Sentabr '23
+1 173
0 kanalda
Get PRO
Avgust '23
+985
0 kanalda
Get PRO
Iyul '23
+597
0 kanalda
Get PRO
Iyun '23
+1 518
0 kanalda
Get PRO
May '23
+1 048
0 kanalda
Get PRO
Aprel '23
+1 017
0 kanalda
Get PRO
Mart '23
+675
0 kanalda
Get PRO
Fevral '23
+1 080
0 kanalda
Get PRO
Yanvar '23
+2 476
0 kanalda
Get PRO
Dekabr '22
+4 174
0 kanalda
Get PRO
Noyabr '22
+5 621
0 kanalda
Sana
Obunachilarni jalb qilish
Esdaliklar
Kanallar
03 Iyul+1
02 Iyul+5
01 Iyul+1
Kanal postlari
🔍 ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds ConsentFix and ClickFix describe fast accoun
🔍 ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds ConsentFix and ClickFix describe fast account-takeover methods targeting Microsoft 365 accounts. The title indicates token theft via fake prompts and OAuth consent flows, enabling rapid session compromise without relying on password theft alone. Operationally, this highlights the continuing shift from credential attacks to token and authorization abuse. For defenders, the key issue is that MFA can be sidestepped when users are tricked into granting access or handing over active session material. 🛰️ Open sources - closed narratives @sitreports

2
🔍 CISA flags active exploitation of SharePoint RCE CISA has added CVE-2026-45659 to its Known Exploited Vulnerabilities cata
🔍 CISA flags active exploitation of SharePoint RCE CISA has added CVE-2026-45659 to its Known Exploited Vulnerabilities catalog after confirming attacks against Microsoft SharePoint servers. The flaw is a deserialization issue allowing remote code execution with only Site Member-level privileges, low attack complexity, and no user interaction. Patches were released on 21 May for SharePoint 2016, 2019, and Subscription Edition. The key operational detail is exposure: Shadowserver is tracking more than 10,000 internet-facing SharePoint servers. CISA has ordered U.S. federal agencies to remediate by Saturday under BOD 26-04, underscoring that unpatched on-prem SharePoint remains a live and scalable intrusion surface. 🛰️ Open sources - closed narratives @sitreports
69
3
🔍 Microsoft 365 hit with 81 million password-spray attempts Huntress says an aggressive two-week campaign against Microsoft
🔍 Microsoft 365 hit with 81 million password-spray attempts Huntress says an aggressive two-week campaign against Microsoft 365 tenants generated over 81 million login attempts between June 12 and 26, compromising 78 accounts across 64 organizations. The actor used exposed but still-valid credentials via Azure CLI, then authenticated through the ROPC flow, which in many cases bypassed MFA because Conditional Access was misconfigured or absent. The key issue is not credential theft alone but policy coverage: MFA limited to specific apps, groups, or locations left a legacy auth path open. Huntress also logged a 155-fold rise in password spraying, with tenants averaging 1,964 failed login attempts per month. 🛰️ Open sources - closed narratives @sitreports
454
4
📡 Pentagon centralizes drone and autonomy control Defense Secretary Pete Hegseth has created the direct reporting portfolio
📡 Pentagon centralizes drone and autonomy control Defense Secretary Pete Hegseth has created the direct reporting portfolio manager for unmanned offensive and defensive systems, or DRPM-UxS, to act as the Pentagon’s single joint integrator for most drone, autonomous, counter-UAS, and related software efforts. The office will report to Deputy Defense Secretary Stephen Feinberg and will absorb initial elements including JIATF-401 and DAWG. The move concentrates acquisition, fielding, standards, interoperability, sustainment, and industry engagement under one authority. Operationally, this reduces fragmentation across services and gives one office precedence over most UxS program execution, signaling a shift from dispersed experimentation toward centralized scaling. 🛰️ Open sources - closed narratives @sitreports
408
5
📡 AWS and Anduril push tactical cloud to the edge AWS and Anduril have launched a joint tactical data-center package combini
📡 AWS and Anduril push tactical cloud to the edge AWS and Anduril have launched a joint tactical data-center package combining AWS Outposts with Anduril’s Menace-I mobile infrastructure, now available to Pentagon users through the JWCC Marketplace. The system is designed to deliver local computing, storage, and AI in remote, degraded, or denied environments, with cited use cases including shipborne AI operations and near-real-time flight data analysis. The significance is not the hardware alone but the procurement path: a pre-vetted JWCC listing lowers friction for field adoption. The offering aligns with the U.S. military shift toward dispersed operations where cloud access, data locality, and resilience under contested connectivity are becoming operational requirements. 🛰️ Open sources - closed narratives @sitreports
355
6
🔍 Critical flaws in Cursor could break AI sandboxing Researchers identified multiple vulnerabilities in Cursor that could al
🔍 Critical flaws in Cursor could break AI sandboxing Researchers identified multiple vulnerabilities in Cursor that could allow prompt injection to escape its sandbox and execute system commands. The issue affects an AI coding workflow where untrusted input can influence model behavior beyond intended boundaries. Operationally, this shifts prompt injection from data exposure and workflow tampering into potential host-level command execution. For teams using AI-assisted development tools, the finding underscores that model guardrails alone do not equal isolation when the surrounding execution environment is weak. 🛰️ Open sources - closed narratives @sitreports
298
7
🤖 DeepSeek output tied to browser-native ransomware chain Check Point says a DeepSeek-generated sample can be turned into wo
🤖 DeepSeek output tied to browser-native ransomware chain Check Point says a DeepSeek-generated sample can be turned into working in-browser ransomware with minimal effort. The tracked code, including the Android-focused InfernoGrabber 9000 blueprint, used a phishing-style web app and Chrome’s File System Access API to request local file access, process data in-browser, and lock users out of original content. The significance is not novelty of the browser risk, but compression of the attack chain. Check Point’s test showed prompt filtering could be bypassed by removing explicit malware terms, lowering the skill threshold for browser-only extortion and data theft without a native payload or exploit. 🛰️ Open sources - closed narratives @sitreports
290
8
🔍 ChocoPoC campaign hides malware in PoC dependencies Researchers identified at least seven GitHub exploit repositories dist
🔍 ChocoPoC campaign hides malware in PoC dependencies Researchers identified at least seven GitHub exploit repositories distributing the Python RAT ChocoPoC via trojanized dependencies rather than altered exploit code. A package named frint pulls skytext from PyPI, which deploys the payload and uses Mapbox datasets for retrieval and exfiltration. ChocoPoC can execute commands, steal browser data, collect shell history, enumerate processes, and upload files. The tradecraft is notable because the PoC itself can appear intact while malicious behavior is shifted into seemingly benign packages. This directly targets researchers and testers who routinely run untrusted code, reinforcing dependency review and isolated execution as the critical control point. 🛰️ Open sources - closed narratives @sitreports
290
9
🔍 FortiBleed tied to INC and Lynx ransomware SOCRadar says the FortiBleed campaign stealing credentials from Fortinet device
🔍 FortiBleed tied to INC and Lynx ransomware SOCRadar says the FortiBleed campaign stealing credentials from Fortinet devices is directly linked to the INC and Lynx ransomware operations. Investigators found access to both groups’ negotiation panels on a Windows server within the FortiBleed infrastructure. The campaign reportedly targeted over 430,000 FortiGate firewalls, deployed sniffers on about 19,000 devices, and exposed 73,000 device credentials. The finding connects large-scale credential harvesting to a downstream ransomware workflow, not just opportunistic theft. It also indicates a broader, organized intrusion ecosystem spanning collection, credential cracking, access expansion, and extortion operations. 🛰️ Open sources - closed narratives @sitreports
303
10
🔍 Argo CD repo-server flaw exposes Kubernetes control path An unpatched vulnerability in Argo CD repo-server could allow att
🔍 Argo CD repo-server flaw exposes Kubernetes control path An unpatched vulnerability in Argo CD repo-server could allow attackers to compromise Kubernetes clusters. The issue affects a core GitOps component used to fetch and render manifests, placing cluster management workflows at risk where the service is exposed or reachable in production environments. The significance is structural: repo-server sits in the deployment trust chain, so compromise can turn CI/CD automation into a cluster access vector. For defenders, this shifts attention from edge exposure alone to internal service reachability, permissions, and the security assumptions around GitOps tooling. 🛰️ Open sources - closed narratives @sitreports
331
11
🔍 Oracle E-Business flaw now under active exploitation CVE-2026-46817, a critical unauthenticated HTTP takeover bug in Oracl
🔍 Oracle E-Business flaw now under active exploitation CVE-2026-46817, a critical unauthenticated HTTP takeover bug in Oracle Payments for E-Business Suite 12.2.3 through 12.2.15, is being exploited in the wild. Oracle patched the issue in its latest CPU, while Shadowserver now tracks roughly 950 internet-facing EBS instances globally, most of them in the US. The key OSINT signal is timing: active exploitation is confirmed before broad defender visibility on patch status. With hundreds of public-facing systems still exposed and no public technical details disclosed, the gap is now between internet exposure and patch execution. 🛰️ Open sources - closed narratives @sitreports
337
12
🔍 DHS confirms breach of HSIN platform The US Department of Homeland Security says a cyber incident affected the unclassifie
🔍 DHS confirms breach of HSIN platform The US Department of Homeland Security says a cyber incident affected the unclassified Homeland Security Information Network, with reporting indicating HSIN servers and a related SharePoint collaboration system were targeted between late May and early June. DHS says affected systems were isolated, mitigation is underway, and classified networks were not impacted. HSIN is used to share sensitive but unclassified data across federal, state, local, international, and private-sector partners. Even without confirmed data theft or attribution, compromise of this environment is operationally significant because it sits inside coordination, alerting, incident management, and threat-information workflows. 🛰️ Open sources - closed narratives @sitreports
396
13
🔍 Microsoft flags prompt injection risk in MCP tool metadata Microsoft has warned that poisoned descriptions in Model Contex
🔍 Microsoft flags prompt injection risk in MCP tool metadata Microsoft has warned that poisoned descriptions in Model Context Protocol tools can manipulate AI agents into leaking data or performing unintended actions. The issue targets the text agents use to understand external tools, turning metadata into an injection surface across agent workflows. The warning was outlined in MCP tool descriptions used by connected AI systems. The security implication is supply-chain level: trust in tool registries and integrations becomes part of the model’s attack surface. Defending the agent alone is insufficient if hostile instructions can arrive through tool definitions it treats as operational context. 🛰️ Open sources - closed narratives @sitreports
563
14
📡 SOCOM surveys industry for air-launched long-range loitering munition U.S. Special Operations Command has issued an RFI fo
📡 SOCOM surveys industry for air-launched long-range loitering munition U.S. Special Operations Command has issued an RFI for an Air Loitering Munition to be launched from fixed-wing aircraft including the AC-130J. Baseline requirements include at least 75 nautical miles of range, 40 minutes of loiter time, launch from 5,000 to 30,000 feet, altitude over target of 500 to 3,000 feet, and weight under 95 pounds. Industry responses are due by July 27. The notice points to a push for deeper stand-off strike from special operations aircraft without exposing crews to short-range air defenses. Cost requests for 500, 1,000, and 3,000 units, plus planned spiral development and flight demonstration, indicate SOCOM is testing both technical maturity and production scalability. 🛰️ Open sources - closed narratives @sitreports
496
15
🔍 Langflow RCE Used to Drop Monero Miner on Exposed AI App Endpoints Attackers are exploiting a remote code execution flaw i
🔍 Langflow RCE Used to Drop Monero Miner on Exposed AI App Endpoints Attackers are exploiting a remote code execution flaw in Langflow to deploy Monero mining payloads on internet-exposed AI application endpoints. The observed activity turns vulnerable servers into cryptomining nodes rather than using them for data theft or persistence-heavy post-exploitation. The case underscores a familiar pattern in AI tooling: externally reachable management or app interfaces are becoming low-friction targets once RCE is available. Even a miner-only intrusion is operationally relevant, as it confirms unauthorized code execution on exposed infrastructure and highlights weak exposure control around AI stacks. 🛰️ Open sources - closed narratives @sitreports
447
16
🔍 CISA adds critical SimpleHelp auth bypass to KEV CISA has added CVE-2026-48558 to the Known Exploited Vulnerabilities cata
🔍 CISA adds critical SimpleHelp auth bypass to KEV CISA has added CVE-2026-48558 to the Known Exploited Vulnerabilities catalog. The flaw affects SimpleHelp 5.5.15 and earlier plus 6.0 pre-release builds, and allows remote unauthenticated attackers to forge OIDC identity tokens and obtain a fully authenticated technician session. In some setups, MFA can also be bypassed. Federal agencies have until 2 July 2026 to remediate. The issue is high impact because SimpleHelp is commonly used for remote support and privileged endpoint access. A compromised server can hand an attacker technician-level control across managed systems, enabling remote access, script execution, and wider network compromise. 🛰️ Open sources - closed narratives @sitreports
395
17
🔍 Malicious PyPI forks targeted Telegram bot infrastructure At least eight trojanized Pyrogram forks on PyPI were used from
🔍 Malicious PyPI forks targeted Telegram bot infrastructure At least eight trojanized Pyrogram forks on PyPI were used from November 2025 to June 2026 to backdoor Telegram bot deployments. The packages added a hidden module that registers covert bot commands, allowing attackers to execute Python code or shell commands, read arbitrary files, dump secrets, and return results via Telegram. The operation focused specifically on bot accounts, indicating a deliberate push for access to production servers rather than developer endpoints. Shared code, command structure, infrastructure, and Telegram IDs tie the packages to one actor, turning a routine dependency install into direct server-level compromise. 🛰️ Open sources - closed narratives @sitreports
362
18
🔍 BioShocking exposes a control gap in AI browsers LayerX says its BioShocking prompt-injection PoC manipulated six agentic
🔍 BioShocking exposes a control gap in AI browsers LayerX says its BioShocking prompt-injection PoC manipulated six agentic browser products into treating unsafe actions as part of a fictional game scenario, culminating in copying and sharing sensitive data from a GitHub repository. OpenAI reportedly fixed the issue in ChatGPT Atlas; other tested products remained vulnerable or unresponsive. The reported failure is not simple prompt abuse but context collapse: agents did not separate game logic from real-world data handling. That makes guardrails brittle when browser agents are granted live access to repositories, credentials, or web sessions. 🛰️ Open sources - closed narratives @sitreports
362
19
📡 XSS.is takedown hit a ransomware supply hub, not the market French and Ukrainian police arrested the alleged admin of XSS.
📡 XSS.is takedown hit a ransomware supply hub, not the market French and Ukrainian police arrested the alleged admin of XSS.is in Kyiv and seized the forum plus its Jabber infrastructure. Europol said the Russian-language forum had 50,000+ members and generated over EUR 7 million through escrow services. Research from the leaked database shows a marketplace centered on exploits, malware, crypting, stolen access, shells, databases, and RDP footholds. The key loss is trust, not capability. XSS functioned as the brokerage layer connecting sellers and buyers across the intrusion chain, especially initial access. With forum data, private messages, IPs, emails, hashes, and Jabber logs exposed, the takedown degrades anonymity and escrow confidence, while access-broker activity is already shifting elsewhere. 🛰️ Open sources - closed narratives @sitreports
387
20
🤖 RustDuck Rebuilds for Cross-Platform DDoS Operations The RustDuck botnet has been rebuilt in Rust and is targeting routers
🤖 RustDuck Rebuilds for Cross-Platform DDoS Operations The RustDuck botnet has been rebuilt in Rust and is targeting routers and servers for DDoS activity. The rewrite indicates an updated malware codebase aimed at compromising internet-facing infrastructure rather than endpoint-heavy environments. A Rust implementation improves portability and can streamline deployment across mixed Linux-based targets common in network appliances and hosted systems. That shifts the threat from simple botnet persistence to scalable abuse of exposed infrastructure with direct impact on service availability. 🛰️ Open sources - closed narratives @sitreports
398