uz
Feedback
SITREP - Independent OSINT Channel

SITREP - Independent OSINT Channel

Kanalga Telegram’da o‘tish

AI, technology, mass surveillance, and intelligence — everything you need to know about tomorrow.

Ko'proq ko'rsatish

📈 Telegram kanali SITREP - Independent OSINT Channel analitikasi

SITREP - Independent OSINT Channel (@sitreports) Ingliz til segmentidagi kanali faol ishtirokchi. Hozirda hamjamiyat 23 392 obunachidan iborat bo'lib, Texnologiyalar & Aralashmalar toifasida 5 738-o'rinni va AQSH mintaqasida 1 718-o'rinni egallagan.

📊 Auditoriya ko‘rsatkichlari va dinamika

невідомо sanasidan buyon loyiha tez o‘sib, 23 392 obunachiga ega bo‘ldi.

03 Iyul, 2026 dagi oxirgi ma’lumotlarga ko‘ra kanal barqaror faollikka ega. Oxirgi 30 kunda obunachilar soni -174 ga, so‘nggi 24 soatda esa -11 ga o‘zgardi va umumiy qamrov yuqori darajada qolmoqda.

  • Tasdiqlash holati: Tasdiqlanmagan
  • Jalb etish (ER): Auditoriya o‘rtacha 3.70% darajada jalb etiladi. Nashrdan keyingi dastlabki 24 soatda kontent odatda umumiy obunachilar sonining 1.85% ini tashkil etuvchi reaksiyalarni to‘playdi.
  • Post qamrovi: Har bir post o‘rtacha 866 marta ko‘riladi; birinchi sutkada odatda 433 ta ko‘rish yig‘iladi.
  • Reaksiyalar va o‘zaro ta’sir: Auditoriya faol: har bir postga o‘rtacha 0 ta reaksiya keladi.
  • Tematik yo‘nalishlar: Kontent narrative, attack, infrastructure, threat, credential kabi asosiy mavzularga jamlangan.

📝 Tavsif va kontent siyosati

Muallif resursni shaxsiy fikrni ifoda etish maydoni sifatida ta’riflaydi:
AI, technology, mass surveillance, and intelligence — everything you need to know about tomorrow.

Yuqori yangilanish chastotasi (oxirgi ma’lumot 04 Iyul, 2026 da olingan) sababli kanal doimo dolzarb va katta qamrovli bo‘lib qoladi. Analitika auditoriya kontent bilan faol hamkorlik qilishini, uni Texnologiyalar & Aralashmalar toifasidagi muhim ta’sir nuqtasiga aylantirishini ko‘rsatadi.

23 392
Obunachilar
-1124 soatlar
-477 kunlar
-17430 kunlar
Obunachilarni jalb qilish
Iyul '26
Iyul '26
+7
2 kanalda
Iyun '26
+154
2 kanalda
Get PRO
May '26
+48
6 kanalda
Get PRO
Aprel '26
+113
14 kanalda
Get PRO
Mart '26
+380
6 kanalda
Get PRO
Fevral '26
+121
1 kanalda
Get PRO
Yanvar '26
+143
1 kanalda
Get PRO
Dekabr '25
+90
4 kanalda
Get PRO
Noyabr '25
+92
1 kanalda
Get PRO
Oktabr '25
+43
2 kanalda
Get PRO
Sentabr '25
+22
1 kanalda
Get PRO
Avgust '25
+14
2 kanalda
Get PRO
Iyul '25
+136
2 kanalda
Get PRO
Iyun '25
+186
5 kanalda
Get PRO
May '25
+28
6 kanalda
Get PRO
Aprel '25
+13
6 kanalda
Get PRO
Mart '25
+13
5 kanalda
Get PRO
Fevral '25
+11
9 kanalda
Get PRO
Yanvar '25
+11
3 kanalda
Get PRO
Dekabr '24
+62
5 kanalda
Get PRO
Noyabr '24
+128
32 kanalda
Get PRO
Oktabr '24
+45
1 kanalda
Get PRO
Sentabr '24
+93
8 kanalda
Get PRO
Avgust '24
+1 524
67 kanalda
Get PRO
Iyul '24
+478
54 kanalda
Get PRO
Iyun '24
+984
76 kanalda
Get PRO
May '24
+1 380
80 kanalda
Get PRO
Aprel '24
+1 274
64 kanalda
Get PRO
Mart '24
+1 674
74 kanalda
Get PRO
Fevral '24
+1 629
80 kanalda
Get PRO
Yanvar '24
+1 576
67 kanalda
Get PRO
Dekabr '23
+1 932
63 kanalda
Get PRO
Noyabr '23
+1 211
75 kanalda
Get PRO
Oktabr '23
+1 367
60 kanalda
Get PRO
Sentabr '23
+1 173
0 kanalda
Get PRO
Avgust '23
+985
0 kanalda
Get PRO
Iyul '23
+597
0 kanalda
Get PRO
Iyun '23
+1 518
0 kanalda
Get PRO
May '23
+1 048
0 kanalda
Get PRO
Aprel '23
+1 017
0 kanalda
Get PRO
Mart '23
+675
0 kanalda
Get PRO
Fevral '23
+1 080
0 kanalda
Get PRO
Yanvar '23
+2 476
0 kanalda
Get PRO
Dekabr '22
+4 174
0 kanalda
Get PRO
Noyabr '22
+5 621
0 kanalda
Sana
Obunachilarni jalb qilish
Esdaliklar
Kanallar
04 Iyul0
03 Iyul+1
02 Iyul+5
01 Iyul+1
Kanal postlari
🔍 PolinRider expands across open-source supply chain North Korea-linked PolinRider activity has now been tied to 108 open-so
🔍 PolinRider expands across open-source supply chain North Korea-linked PolinRider activity has now been tied to 108 open-source projects, with 162 malicious release artifacts spanning 80 Go modules, 10 Packagist packages, and one Chrome extension. The campaign is associated with Contagious Interview and Famous Chollima, and includes compromised maintainer accounts such as Xpos587 used to push synchronized changes across unrelated repositories. The tradecraft is notable: force-pushed and anti-dated commits can make repository history appear clean, while obfuscated loaders are hidden in config files or fake .woff2 font files and triggered through .vscode/tasks.json. This shifts detection away from visible commit timelines toward account activity, Git history anomalies, and developer-environment persistence. 🛰️ Open sources - closed narratives @sitreports

2
🔍 FBI flags TeamPCP supply-chain campaign targeting CI/CD and cloud access The FBI warned that TeamPCP compromised software
🔍 FBI flags TeamPCP supply-chain campaign targeting CI/CD and cloud access The FBI warned that TeamPCP compromised software distribution channels to push trojanized updates into tools used across enterprise development and security workflows, including Trivy, KICS, LiteLLM, and the Telnyx Python SDK. Reported payloads include CanisterWorm, SANDCLOCK, Mini Shai-Hulud, and Miasma, with theft focused on cloud tokens, API keys, Kubernetes credentials, and local environment secrets. The operational impact is downstream and persistent: poisoned packages inside build pipelines can expose cloud control planes, automate credential harvesting, and propagate further through npm and PyPI using stolen accounts. The FBI assessment treats any exposed credentials or exfiltrated data as a long-term compromise risk. 🛰️ Open sources - closed narratives @sitreports
67
3
🤖 JADEPUFFER marks first documented end-to-end AI-run ransomware case Sysdig says JADEPUFFER exploited CVE-2025-3248 on an e
🤖 JADEPUFFER marks first documented end-to-end AI-run ransomware case Sysdig says JADEPUFFER exploited CVE-2025-3248 on an exposed Langflow server, harvested secrets, pivoted through MinIO and Nacos, then encrypted and destroyed production database data without human intervention. Observed behavior included machine-speed error correction, adaptive parsing, persistence via crontab, and automated ransom note updates after encrypting 1,342 Nacos configuration items. The significance is not new tooling but full task chaining: known flaws, default credentials, and exposed services were combined into a complete extortion workflow by an AI agent. The case shifts defensive focus toward exposure reduction, credential hygiene, and runtime detection, especially around internet-facing AI infrastructure. 🛰️ Open sources - closed narratives @sitreports
99
4
🔍 EU lawmaker who investigated surveillance reportedly hacked with Israeli spyware Researchers say a former European Parliam
🔍 EU lawmaker who investigated surveillance reportedly hacked with Israeli spyware Researchers say a former European Parliament member who worked on an inquiry into abusive surveillance was compromised with Israeli spyware. The reported target had previously been involved in examining misuse of monitoring technologies inside the EU. If confirmed, the case is notable because it places a figure tied to oversight of surveillance among the victims. That sharpens concerns around counter-investigation pressure, exposure of committee activity, and the wider security posture of officials handling sensitive accountability work. 🛰️ Open sources - closed narratives @sitreports
150
5
🤖 Air and Space Force test integrated AI battle management stack The Department of the Air Force ran its first Multi-Decisio
🤖 Air and Space Force test integrated AI battle management stack The Department of the Air Force ran its first Multi-Decision Advantage Sprint for Human-Machine Teaming in May, combining AI microservices from six industry teams plus government engineers into a single workflow. The two-week MASH experiment also marked the first active Space Force participation in this ABMS wargame series. The event is notable less for standalone AI performance than for software orchestration across vendors and domains. Air Force officials said the tools accelerated target identification, capability matching, and course-of-action generation, while guardian participation tested whether the same decision architecture can support integrated multi-domain command and control. 🛰️ Open sources - closed narratives @sitreports
430
6
🤖 Dutch military invests millions in drone software platform The Netherlands is committing tens of millions of euros to a th
🤖 Dutch military invests millions in drone software platform The Netherlands is committing tens of millions of euros to a three-year partnership with Intelic to develop drone software for the Dutch military. The deal centers on a domestic defence technology firm and signals a funded push into software infrastructure rather than airframes alone. Operationally, this points to growing emphasis on the software layer behind unmanned systems: control, integration, scaling, and mission management. For OSINT watchers, it is another indicator that European militaries are investing not just in drones, but in the digital architecture needed to field them effectively. 🛰️ Open sources - closed narratives @sitreports
401
7
🔫 Pentagon awards $500M counter-drone contract to AeroVironment The Pentagon has awarded AeroVironment a $500 million, three
🔫 Pentagon awards $500M counter-drone contract to AeroVironment The Pentagon has awarded AeroVironment a $500 million, three-year Army-managed contract to procure commercial counter-drone technology, with task orders to define locations and funding. The AeroVironment award specifically references defenses against small unmanned aerial systems. The contract signals continued DoD emphasis on scaling lower-cost C-UAS options after recent scrutiny of expensive interceptors used against cheap drones. It also deepens AeroVironment’s position across both strike and defensive drone segments, including directed-energy systems already tested in military airspace operations. 🛰️ Open sources - closed narratives @sitreports
356
8
🔍 950 Oracle E-Business Suite instances exposed amid active CVE-2026-46817 exploitation Shadowserver identified about 950 in
🔍 950 Oracle E-Business Suite instances exposed amid active CVE-2026-46817 exploitation Shadowserver identified about 950 internet-exposed Oracle E-Business Suite instances worldwide after expanding detection to include domain-based scanning. The exposure set coincides with observed exploitation attempts targeting CVE-2026-46817, while Oracle has published remediation in its May 2026 Critical Patch Update Security Alert. The count reflects external visibility, not confirmed compromise, but the overlap between broad exposure and active attack traffic puts internet-facing EBS deployments into a time-critical patching window. Given EBS’s role in finance, HR, and supply-chain workflows, exposed systems present both high-value data targets and potential internal access points. 🛰️ Open sources - closed narratives @sitreports
331
9
🔍 Cisco confirms active exploitation of Unified CM flaw Cisco has acknowledged in its security advisory update that CVE-2026
🔍 Cisco confirms active exploitation of Unified CM flaw Cisco has acknowledged in its security advisory update that CVE-2026-20230 is being exploited in the wild. The flaw affects Unified Communications Manager and can be triggered remotely without privileges via crafted HTTP requests in SSRF attacks. Cisco patched it on June 3 and now urges customers to move to fixed releases or disable the WebDialer service if patching is delayed. The timeline matters: public PoC code appeared before Cisco confirmed active abuse, while external researchers had already documented file-write exploitation paths. With more than 200 internet-exposed Unified CM instances reportedly visible, this shifts the issue from patch guidance to active attack surface reduction. 🛰️ Open sources - closed narratives @sitreports
310
10
🔍 Ransomware operators shift toward edge exploits and trusted access A new ransomware trend highlights increasing use of Cit
🔍 Ransomware operators shift toward edge exploits and trusted access A new ransomware trend highlights increasing use of Citrix Bleed 2, bring-your-own-vulnerable-driver techniques, and stolen supply-chain credentials. The activity points to attackers combining perimeter exploitation, kernel-level evasion, and access obtained through third-party relationships rather than relying on a single intrusion path. Operationally, this compresses detection time and complicates response across identity, endpoint, and network layers. The overlap of edge-device compromise, legitimate credential abuse, and signed but vulnerable drivers reduces friction for lateral movement and makes trusted dependencies a primary exposure surface. 🛰️ Open sources - closed narratives @sitreports
315
11
🔍 Google disrupts NetNut proxy network used in malware operations Google says it disrupted NetNut proxy network infrastructu
🔍 Google disrupts NetNut proxy network used in malware operations Google says it disrupted NetNut proxy network infrastructure that was allegedly used to conceal and route malicious activity. The move points to action against a large pool of internet-connected devices functioning as relay nodes for malware-linked operations. Operationally, degrading a proxy layer matters because it strips threat actors of obfuscation, complicates command routing, and can expose traffic patterns for follow-on detection. It also highlights how commercial or semi-commercial proxy services can intersect with criminal intrusion ecosystems. 🛰️ Open sources - closed narratives @sitreports
322
12
🔍 Umbrij malware uses OAuth flow to reach Gmail via Google API Researchers linked the Umbrij malware to the ToddyCat cluster
🔍 Umbrij malware uses OAuth flow to reach Gmail via Google API Researchers linked the Umbrij malware to the ToddyCat cluster after identifying abuse of OAuth authentication to access Gmail through the Google API. The case highlights a credential access path that relies on legitimate cloud authorization mechanisms rather than direct password theft. Operationally, this shifts detection from mailbox compromise indicators toward OAuth consent activity, token use, and anomalous API calls. For defenders, the key issue is that trusted cloud workflows can be repurposed for espionage access while blending into normal service traffic. 🛰️ Open sources - closed narratives @sitreports
320
13
🔍 ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds ConsentFix and ClickFix describe fast accoun
🔍 ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds ConsentFix and ClickFix describe fast account-takeover methods targeting Microsoft 365 accounts. The title indicates token theft via fake prompts and OAuth consent flows, enabling rapid session compromise without relying on password theft alone. Operationally, this highlights the continuing shift from credential attacks to token and authorization abuse. For defenders, the key issue is that MFA can be sidestepped when users are tricked into granting access or handing over active session material. 🛰️ Open sources - closed narratives @sitreports
336
14
🔍 CISA flags active exploitation of SharePoint RCE CISA has added CVE-2026-45659 to its Known Exploited Vulnerabilities cata
🔍 CISA flags active exploitation of SharePoint RCE CISA has added CVE-2026-45659 to its Known Exploited Vulnerabilities catalog after confirming attacks against Microsoft SharePoint servers. The flaw is a deserialization issue allowing remote code execution with only Site Member-level privileges, low attack complexity, and no user interaction. Patches were released on 21 May for SharePoint 2016, 2019, and Subscription Edition. The key operational detail is exposure: Shadowserver is tracking more than 10,000 internet-facing SharePoint servers. CISA has ordered U.S. federal agencies to remediate by Saturday under BOD 26-04, underscoring that unpatched on-prem SharePoint remains a live and scalable intrusion surface. 🛰️ Open sources - closed narratives @sitreports
398
15
🔍 Microsoft 365 hit with 81 million password-spray attempts Huntress says an aggressive two-week campaign against Microsoft
🔍 Microsoft 365 hit with 81 million password-spray attempts Huntress says an aggressive two-week campaign against Microsoft 365 tenants generated over 81 million login attempts between June 12 and 26, compromising 78 accounts across 64 organizations. The actor used exposed but still-valid credentials via Azure CLI, then authenticated through the ROPC flow, which in many cases bypassed MFA because Conditional Access was misconfigured or absent. The key issue is not credential theft alone but policy coverage: MFA limited to specific apps, groups, or locations left a legacy auth path open. Huntress also logged a 155-fold rise in password spraying, with tenants averaging 1,964 failed login attempts per month. 🛰️ Open sources - closed narratives @sitreports
569
16
📡 Pentagon centralizes drone and autonomy control Defense Secretary Pete Hegseth has created the direct reporting portfolio
📡 Pentagon centralizes drone and autonomy control Defense Secretary Pete Hegseth has created the direct reporting portfolio manager for unmanned offensive and defensive systems, or DRPM-UxS, to act as the Pentagon’s single joint integrator for most drone, autonomous, counter-UAS, and related software efforts. The office will report to Deputy Defense Secretary Stephen Feinberg and will absorb initial elements including JIATF-401 and DAWG. The move concentrates acquisition, fielding, standards, interoperability, sustainment, and industry engagement under one authority. Operationally, this reduces fragmentation across services and gives one office precedence over most UxS program execution, signaling a shift from dispersed experimentation toward centralized scaling. 🛰️ Open sources - closed narratives @sitreports
495
17
📡 AWS and Anduril push tactical cloud to the edge AWS and Anduril have launched a joint tactical data-center package combini
📡 AWS and Anduril push tactical cloud to the edge AWS and Anduril have launched a joint tactical data-center package combining AWS Outposts with Anduril’s Menace-I mobile infrastructure, now available to Pentagon users through the JWCC Marketplace. The system is designed to deliver local computing, storage, and AI in remote, degraded, or denied environments, with cited use cases including shipborne AI operations and near-real-time flight data analysis. The significance is not the hardware alone but the procurement path: a pre-vetted JWCC listing lowers friction for field adoption. The offering aligns with the U.S. military shift toward dispersed operations where cloud access, data locality, and resilience under contested connectivity are becoming operational requirements. 🛰️ Open sources - closed narratives @sitreports
433
18
🔍 Critical flaws in Cursor could break AI sandboxing Researchers identified multiple vulnerabilities in Cursor that could al
🔍 Critical flaws in Cursor could break AI sandboxing Researchers identified multiple vulnerabilities in Cursor that could allow prompt injection to escape its sandbox and execute system commands. The issue affects an AI coding workflow where untrusted input can influence model behavior beyond intended boundaries. Operationally, this shifts prompt injection from data exposure and workflow tampering into potential host-level command execution. For teams using AI-assisted development tools, the finding underscores that model guardrails alone do not equal isolation when the surrounding execution environment is weak. 🛰️ Open sources - closed narratives @sitreports
357
19
🤖 DeepSeek output tied to browser-native ransomware chain Check Point says a DeepSeek-generated sample can be turned into wo
🤖 DeepSeek output tied to browser-native ransomware chain Check Point says a DeepSeek-generated sample can be turned into working in-browser ransomware with minimal effort. The tracked code, including the Android-focused InfernoGrabber 9000 blueprint, used a phishing-style web app and Chrome’s File System Access API to request local file access, process data in-browser, and lock users out of original content. The significance is not novelty of the browser risk, but compression of the attack chain. Check Point’s test showed prompt filtering could be bypassed by removing explicit malware terms, lowering the skill threshold for browser-only extortion and data theft without a native payload or exploit. 🛰️ Open sources - closed narratives @sitreports
347
20
🔍 ChocoPoC campaign hides malware in PoC dependencies Researchers identified at least seven GitHub exploit repositories dist
🔍 ChocoPoC campaign hides malware in PoC dependencies Researchers identified at least seven GitHub exploit repositories distributing the Python RAT ChocoPoC via trojanized dependencies rather than altered exploit code. A package named frint pulls skytext from PyPI, which deploys the payload and uses Mapbox datasets for retrieval and exfiltration. ChocoPoC can execute commands, steal browser data, collect shell history, enumerate processes, and upload files. The tradecraft is notable because the PoC itself can appear intact while malicious behavior is shifted into seemingly benign packages. This directly targets researchers and testers who routinely run untrusted code, reinforcing dependency review and isolated execution as the critical control point. 🛰️ Open sources - closed narratives @sitreports
346