SITREP - Independent OSINT Channel
AI, technology, mass surveillance, and intelligence — everything you need to know about tomorrow.
Ko'proq ko'rsatish📈 Telegram kanali SITREP - Independent OSINT Channel analitikasi
SITREP - Independent OSINT Channel (@sitreports) Ingliz til segmentidagi kanali faol ishtirokchi. Hozirda hamjamiyat 23 392 obunachidan iborat bo'lib, Texnologiyalar & Aralashmalar toifasida 5 738-o'rinni va AQSH mintaqasida 1 718-o'rinni egallagan.
📊 Auditoriya ko‘rsatkichlari va dinamika
невідомо sanasidan buyon loyiha tez o‘sib, 23 392 obunachiga ega bo‘ldi.
03 Iyul, 2026 dagi oxirgi ma’lumotlarga ko‘ra kanal barqaror faollikka ega. Oxirgi 30 kunda obunachilar soni -174 ga, so‘nggi 24 soatda esa -11 ga o‘zgardi va umumiy qamrov yuqori darajada qolmoqda.
- Tasdiqlash holati: Tasdiqlanmagan
- Jalb etish (ER): Auditoriya o‘rtacha 3.70% darajada jalb etiladi. Nashrdan keyingi dastlabki 24 soatda kontent odatda umumiy obunachilar sonining 1.85% ini tashkil etuvchi reaksiyalarni to‘playdi.
- Post qamrovi: Har bir post o‘rtacha 866 marta ko‘riladi; birinchi sutkada odatda 433 ta ko‘rish yig‘iladi.
- Reaksiyalar va o‘zaro ta’sir: Auditoriya faol: har bir postga o‘rtacha 0 ta reaksiya keladi.
- Tematik yo‘nalishlar: Kontent narrative, attack, infrastructure, threat, credential kabi asosiy mavzularga jamlangan.
📝 Tavsif va kontent siyosati
Muallif resursni shaxsiy fikrni ifoda etish maydoni sifatida ta’riflaydi:
“AI, technology, mass surveillance, and intelligence — everything you need to know about tomorrow.”
Yuqori yangilanish chastotasi (oxirgi ma’lumot 04 Iyul, 2026 da olingan) sababli kanal doimo dolzarb va katta qamrovli bo‘lib qoladi. Analitika auditoriya kontent bilan faol hamkorlik qilishini, uni Texnologiyalar & Aralashmalar toifasidagi muhim ta’sir nuqtasiga aylantirishini ko‘rsatadi.
Ma'lumot yuklanmoqda...
| Sana | Obunachilarni jalb qilish | Esdaliklar | Kanallar | |
| 04 Iyul | 0 | |||
| 03 Iyul | +1 | |||
| 02 Iyul | +5 | |||
| 01 Iyul | +1 |
| 2 | 🔍 FBI flags TeamPCP supply-chain campaign targeting CI/CD and cloud access
The FBI warned that TeamPCP compromised software distribution channels to push trojanized updates into tools used across enterprise development and security workflows, including Trivy, KICS, LiteLLM, and the Telnyx Python SDK. Reported payloads include CanisterWorm, SANDCLOCK, Mini Shai-Hulud, and Miasma, with theft focused on cloud tokens, API keys, Kubernetes credentials, and local environment secrets.
The operational impact is downstream and persistent: poisoned packages inside build pipelines can expose cloud control planes, automate credential harvesting, and propagate further through npm and PyPI using stolen accounts. The FBI assessment treats any exposed credentials or exfiltrated data as a long-term compromise risk.
🛰️ Open sources - closed narratives
@sitreports | 67 |
| 3 | 🤖 JADEPUFFER marks first documented end-to-end AI-run ransomware case
Sysdig says JADEPUFFER exploited CVE-2025-3248 on an exposed Langflow server, harvested secrets, pivoted through MinIO and Nacos, then encrypted and destroyed production database data without human intervention. Observed behavior included machine-speed error correction, adaptive parsing, persistence via crontab, and automated ransom note updates after encrypting 1,342 Nacos configuration items.
The significance is not new tooling but full task chaining: known flaws, default credentials, and exposed services were combined into a complete extortion workflow by an AI agent. The case shifts defensive focus toward exposure reduction, credential hygiene, and runtime detection, especially around internet-facing AI infrastructure.
🛰️ Open sources - closed narratives
@sitreports | 99 |
| 4 | 🔍 EU lawmaker who investigated surveillance reportedly hacked with Israeli spyware
Researchers say a former European Parliament member who worked on an inquiry into abusive surveillance was compromised with Israeli spyware. The reported target had previously been involved in examining misuse of monitoring technologies inside the EU.
If confirmed, the case is notable because it places a figure tied to oversight of surveillance among the victims. That sharpens concerns around counter-investigation pressure, exposure of committee activity, and the wider security posture of officials handling sensitive accountability work.
🛰️ Open sources - closed narratives
@sitreports | 150 |
| 5 | 🤖 Air and Space Force test integrated AI battle management stack
The Department of the Air Force ran its first Multi-Decision Advantage Sprint for Human-Machine Teaming in May, combining AI microservices from six industry teams plus government engineers into a single workflow. The two-week MASH experiment also marked the first active Space Force participation in this ABMS wargame series.
The event is notable less for standalone AI performance than for software orchestration across vendors and domains. Air Force officials said the tools accelerated target identification, capability matching, and course-of-action generation, while guardian participation tested whether the same decision architecture can support integrated multi-domain command and control.
🛰️ Open sources - closed narratives
@sitreports | 430 |
| 6 | 🤖 Dutch military invests millions in drone software platform
The Netherlands is committing tens of millions of euros to a three-year partnership with Intelic to develop drone software for the Dutch military. The deal centers on a domestic defence technology firm and signals a funded push into software infrastructure rather than airframes alone.
Operationally, this points to growing emphasis on the software layer behind unmanned systems: control, integration, scaling, and mission management. For OSINT watchers, it is another indicator that European militaries are investing not just in drones, but in the digital architecture needed to field them effectively.
🛰️ Open sources - closed narratives
@sitreports | 401 |
| 7 | 🔫 Pentagon awards $500M counter-drone contract to AeroVironment
The Pentagon has awarded AeroVironment a $500 million, three-year Army-managed contract to procure commercial counter-drone technology, with task orders to define locations and funding. The AeroVironment award specifically references defenses against small unmanned aerial systems.
The contract signals continued DoD emphasis on scaling lower-cost C-UAS options after recent scrutiny of expensive interceptors used against cheap drones. It also deepens AeroVironment’s position across both strike and defensive drone segments, including directed-energy systems already tested in military airspace operations.
🛰️ Open sources - closed narratives
@sitreports | 356 |
| 8 | 🔍 950 Oracle E-Business Suite instances exposed amid active CVE-2026-46817 exploitation
Shadowserver identified about 950 internet-exposed Oracle E-Business Suite instances worldwide after expanding detection to include domain-based scanning. The exposure set coincides with observed exploitation attempts targeting CVE-2026-46817, while Oracle has published remediation in its May 2026 Critical Patch Update Security Alert.
The count reflects external visibility, not confirmed compromise, but the overlap between broad exposure and active attack traffic puts internet-facing EBS deployments into a time-critical patching window. Given EBS’s role in finance, HR, and supply-chain workflows, exposed systems present both high-value data targets and potential internal access points.
🛰️ Open sources - closed narratives
@sitreports | 331 |
| 9 | 🔍 Cisco confirms active exploitation of Unified CM flaw
Cisco has acknowledged in its security advisory update that CVE-2026-20230 is being exploited in the wild. The flaw affects Unified Communications Manager and can be triggered remotely without privileges via crafted HTTP requests in SSRF attacks. Cisco patched it on June 3 and now urges customers to move to fixed releases or disable the WebDialer service if patching is delayed.
The timeline matters: public PoC code appeared before Cisco confirmed active abuse, while external researchers had already documented file-write exploitation paths. With more than 200 internet-exposed Unified CM instances reportedly visible, this shifts the issue from patch guidance to active attack surface reduction.
🛰️ Open sources - closed narratives
@sitreports | 310 |
| 10 | 🔍 Ransomware operators shift toward edge exploits and trusted access
A new ransomware trend highlights increasing use of Citrix Bleed 2, bring-your-own-vulnerable-driver techniques, and stolen supply-chain credentials. The activity points to attackers combining perimeter exploitation, kernel-level evasion, and access obtained through third-party relationships rather than relying on a single intrusion path.
Operationally, this compresses detection time and complicates response across identity, endpoint, and network layers. The overlap of edge-device compromise, legitimate credential abuse, and signed but vulnerable drivers reduces friction for lateral movement and makes trusted dependencies a primary exposure surface.
🛰️ Open sources - closed narratives
@sitreports | 315 |
| 11 | 🔍 Google disrupts NetNut proxy network used in malware operations
Google says it disrupted NetNut proxy network infrastructure that was allegedly used to conceal and route malicious activity. The move points to action against a large pool of internet-connected devices functioning as relay nodes for malware-linked operations.
Operationally, degrading a proxy layer matters because it strips threat actors of obfuscation, complicates command routing, and can expose traffic patterns for follow-on detection. It also highlights how commercial or semi-commercial proxy services can intersect with criminal intrusion ecosystems.
🛰️ Open sources - closed narratives
@sitreports | 322 |
| 12 | 🔍 Umbrij malware uses OAuth flow to reach Gmail via Google API
Researchers linked the Umbrij malware to the ToddyCat cluster after identifying abuse of OAuth authentication to access Gmail through the Google API. The case highlights a credential access path that relies on legitimate cloud authorization mechanisms rather than direct password theft.
Operationally, this shifts detection from mailbox compromise indicators toward OAuth consent activity, token use, and anomalous API calls. For defenders, the key issue is that trusted cloud workflows can be repurposed for espionage access while blending into normal service traffic.
🛰️ Open sources - closed narratives
@sitreports | 320 |
| 13 | 🔍 ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds
ConsentFix and ClickFix describe fast account-takeover methods targeting Microsoft 365 accounts. The title indicates token theft via fake prompts and OAuth consent flows, enabling rapid session compromise without relying on password theft alone.
Operationally, this highlights the continuing shift from credential attacks to token and authorization abuse. For defenders, the key issue is that MFA can be sidestepped when users are tricked into granting access or handing over active session material.
🛰️ Open sources - closed narratives
@sitreports | 336 |
| 14 | 🔍 CISA flags active exploitation of SharePoint RCE
CISA has added CVE-2026-45659 to its Known Exploited Vulnerabilities catalog after confirming attacks against Microsoft SharePoint servers. The flaw is a deserialization issue allowing remote code execution with only Site Member-level privileges, low attack complexity, and no user interaction. Patches were released on 21 May for SharePoint 2016, 2019, and Subscription Edition.
The key operational detail is exposure: Shadowserver is tracking more than 10,000 internet-facing SharePoint servers. CISA has ordered U.S. federal agencies to remediate by Saturday under BOD 26-04, underscoring that unpatched on-prem SharePoint remains a live and scalable intrusion surface.
🛰️ Open sources - closed narratives
@sitreports | 398 |
| 15 | 🔍 Microsoft 365 hit with 81 million password-spray attempts
Huntress says an aggressive two-week campaign against Microsoft 365 tenants generated over 81 million login attempts between June 12 and 26, compromising 78 accounts across 64 organizations. The actor used exposed but still-valid credentials via Azure CLI, then authenticated through the ROPC flow, which in many cases bypassed MFA because Conditional Access was misconfigured or absent.
The key issue is not credential theft alone but policy coverage: MFA limited to specific apps, groups, or locations left a legacy auth path open. Huntress also logged a 155-fold rise in password spraying, with tenants averaging 1,964 failed login attempts per month.
🛰️ Open sources - closed narratives
@sitreports | 569 |
| 16 | 📡 Pentagon centralizes drone and autonomy control
Defense Secretary Pete Hegseth has created the direct reporting portfolio manager for unmanned offensive and defensive systems, or DRPM-UxS, to act as the Pentagon’s single joint integrator for most drone, autonomous, counter-UAS, and related software efforts. The office will report to Deputy Defense Secretary Stephen Feinberg and will absorb initial elements including JIATF-401 and DAWG.
The move concentrates acquisition, fielding, standards, interoperability, sustainment, and industry engagement under one authority. Operationally, this reduces fragmentation across services and gives one office precedence over most UxS program execution, signaling a shift from dispersed experimentation toward centralized scaling.
🛰️ Open sources - closed narratives
@sitreports | 495 |
| 17 | 📡 AWS and Anduril push tactical cloud to the edge
AWS and Anduril have launched a joint tactical data-center package combining AWS Outposts with Anduril’s Menace-I mobile infrastructure, now available to Pentagon users through the JWCC Marketplace. The system is designed to deliver local computing, storage, and AI in remote, degraded, or denied environments, with cited use cases including shipborne AI operations and near-real-time flight data analysis.
The significance is not the hardware alone but the procurement path: a pre-vetted JWCC listing lowers friction for field adoption. The offering aligns with the U.S. military shift toward dispersed operations where cloud access, data locality, and resilience under contested connectivity are becoming operational requirements.
🛰️ Open sources - closed narratives
@sitreports | 433 |
| 18 | 🔍 Critical flaws in Cursor could break AI sandboxing
Researchers identified multiple vulnerabilities in Cursor that could allow prompt injection to escape its sandbox and execute system commands. The issue affects an AI coding workflow where untrusted input can influence model behavior beyond intended boundaries.
Operationally, this shifts prompt injection from data exposure and workflow tampering into potential host-level command execution. For teams using AI-assisted development tools, the finding underscores that model guardrails alone do not equal isolation when the surrounding execution environment is weak.
🛰️ Open sources - closed narratives
@sitreports | 357 |
| 19 | 🤖 DeepSeek output tied to browser-native ransomware chain
Check Point says a DeepSeek-generated sample can be turned into working in-browser ransomware with minimal effort. The tracked code, including the Android-focused InfernoGrabber 9000 blueprint, used a phishing-style web app and Chrome’s File System Access API to request local file access, process data in-browser, and lock users out of original content.
The significance is not novelty of the browser risk, but compression of the attack chain. Check Point’s test showed prompt filtering could be bypassed by removing explicit malware terms, lowering the skill threshold for browser-only extortion and data theft without a native payload or exploit.
🛰️ Open sources - closed narratives
@sitreports | 347 |
| 20 | 🔍 ChocoPoC campaign hides malware in PoC dependencies
Researchers identified at least seven GitHub exploit repositories distributing the Python RAT ChocoPoC via trojanized dependencies rather than altered exploit code. A package named frint pulls skytext from PyPI, which deploys the payload and uses Mapbox datasets for retrieval and exfiltration. ChocoPoC can execute commands, steal browser data, collect shell history, enumerate processes, and upload files.
The tradecraft is notable because the PoC itself can appear intact while malicious behavior is shifted into seemingly benign packages. This directly targets researchers and testers who routinely run untrusted code, reinforcing dependency review and isolated execution as the critical control point.
🛰️ Open sources - closed narratives
@sitreports | 346 |
Endi mavjud! Telegram Tadqiqoti 2025 — yilning asosiy insaytlari 
