uz
Feedback
SITREP - Independent OSINT Channel

SITREP - Independent OSINT Channel

Kanalga Telegram’da o‘tish

AI, technology, mass surveillance, and intelligence — everything you need to know about tomorrow.

Ko'proq ko'rsatish

📈 Telegram kanali SITREP - Independent OSINT Channel analitikasi

SITREP - Independent OSINT Channel (@sitreports) Ingliz til segmentidagi kanali faol ishtirokchi. Hozirda hamjamiyat 23 368 obunachidan iborat bo'lib, Texnologiyalar & Aralashmalar toifasida 5 721-o'rinni va AQSH mintaqasida 1 707-o'rinni egallagan.

📊 Auditoriya ko‘rsatkichlari va dinamika

невідомо sanasidan buyon loyiha tez o‘sib, 23 368 obunachiga ega bo‘ldi.

06 Iyul, 2026 dagi oxirgi ma’lumotlarga ko‘ra kanal barqaror faollikka ega. Oxirgi 30 kunda obunachilar soni -176 ga, so‘nggi 24 soatda esa -3 ga o‘zgardi va umumiy qamrov yuqori darajada qolmoqda.

  • Tasdiqlash holati: Tasdiqlanmagan
  • Jalb etish (ER): Auditoriya o‘rtacha 3.68% darajada jalb etiladi. Nashrdan keyingi dastlabki 24 soatda kontent odatda umumiy obunachilar sonining 1.79% ini tashkil etuvchi reaksiyalarni to‘playdi.
  • Post qamrovi: Har bir post o‘rtacha 861 marta ko‘riladi; birinchi sutkada odatda 418 ta ko‘rish yig‘iladi.
  • Reaksiyalar va o‘zaro ta’sir: Auditoriya faol: har bir postga o‘rtacha 0 ta reaksiya keladi.
  • Tematik yo‘nalishlar: Kontent narrative, attack, infrastructure, threat, credential kabi asosiy mavzularga jamlangan.

📝 Tavsif va kontent siyosati

Muallif resursni shaxsiy fikrni ifoda etish maydoni sifatida ta’riflaydi:
AI, technology, mass surveillance, and intelligence — everything you need to know about tomorrow.

Yuqori yangilanish chastotasi (oxirgi ma’lumot 07 Iyul, 2026 da olingan) sababli kanal doimo dolzarb va katta qamrovli bo‘lib qoladi. Analitika auditoriya kontent bilan faol hamkorlik qilishini, uni Texnologiyalar & Aralashmalar toifasidagi muhim ta’sir nuqtasiga aylantirishini ko‘rsatadi.

23 368
Obunachilar
-324 soatlar
-627 kunlar
-17630 kunlar
Obunachilarni jalb qilish
Iyul '26
Iyul '26
+8
3 kanalda
Iyun '26
+154
2 kanalda
Get PRO
May '26
+48
6 kanalda
Get PRO
Aprel '26
+113
14 kanalda
Get PRO
Mart '26
+380
6 kanalda
Get PRO
Fevral '26
+121
1 kanalda
Get PRO
Yanvar '26
+143
1 kanalda
Get PRO
Dekabr '25
+90
4 kanalda
Get PRO
Noyabr '25
+92
1 kanalda
Get PRO
Oktabr '25
+43
2 kanalda
Get PRO
Sentabr '25
+22
1 kanalda
Get PRO
Avgust '25
+14
2 kanalda
Get PRO
Iyul '25
+136
2 kanalda
Get PRO
Iyun '25
+186
5 kanalda
Get PRO
May '25
+28
6 kanalda
Get PRO
Aprel '25
+13
6 kanalda
Get PRO
Mart '25
+13
5 kanalda
Get PRO
Fevral '25
+11
9 kanalda
Get PRO
Yanvar '25
+11
3 kanalda
Get PRO
Dekabr '24
+62
5 kanalda
Get PRO
Noyabr '24
+128
32 kanalda
Get PRO
Oktabr '24
+45
1 kanalda
Get PRO
Sentabr '24
+93
8 kanalda
Get PRO
Avgust '24
+1 524
67 kanalda
Get PRO
Iyul '24
+478
54 kanalda
Get PRO
Iyun '24
+984
76 kanalda
Get PRO
May '24
+1 380
80 kanalda
Get PRO
Aprel '24
+1 274
64 kanalda
Get PRO
Mart '24
+1 674
74 kanalda
Get PRO
Fevral '24
+1 629
80 kanalda
Get PRO
Yanvar '24
+1 576
67 kanalda
Get PRO
Dekabr '23
+1 932
63 kanalda
Get PRO
Noyabr '23
+1 211
75 kanalda
Get PRO
Oktabr '23
+1 367
60 kanalda
Get PRO
Sentabr '23
+1 173
0 kanalda
Get PRO
Avgust '23
+985
0 kanalda
Get PRO
Iyul '23
+597
0 kanalda
Get PRO
Iyun '23
+1 518
0 kanalda
Get PRO
May '23
+1 048
0 kanalda
Get PRO
Aprel '23
+1 017
0 kanalda
Get PRO
Mart '23
+675
0 kanalda
Get PRO
Fevral '23
+1 080
0 kanalda
Get PRO
Yanvar '23
+2 476
0 kanalda
Get PRO
Dekabr '22
+4 174
0 kanalda
Get PRO
Noyabr '22
+5 621
0 kanalda
Sana
Obunachilarni jalb qilish
Esdaliklar
Kanallar
07 Iyul0
06 Iyul+1
05 Iyul0
04 Iyul0
03 Iyul+1
02 Iyul+5
01 Iyul+1
Kanal postlari
📄 DIU cuts seven portfolios to three under Owen West The Pentagon’s Defense Innovation Unit is reorganizing from seven opera
📄 DIU cuts seven portfolios to three under Owen West The Pentagon’s Defense Innovation Unit is reorganizing from seven operational portfolios to three priority tracks: drones and autonomous warfare, kill webs, and “10x” technologies. Officials cited a push to focus experts and funding where “speed, scale, and lethality” align, with AI no longer treated as a standalone line but embedded across the Defense Innovation Unit. The move narrows DIU’s mission from broad tech coverage toward direct combat capability delivery. Structurally, it concentrates procurement attention on autonomy, networked targeting architecture, and breakthrough cost-performance gains rather than maintaining separate verticals for cyber, energy, space, or human systems. 🛰️ Open sources - closed narratives @sitreports

2
🔍 fast-mcp-telegram auth bypass exposes default Telegram sessions A critical path traversal flaw in fast-mcp-telegram allows
🔍 fast-mcp-telegram auth bypass exposes default Telegram sessions A critical path traversal flaw in fast-mcp-telegram allows Bearer token authentication bypass on all versions through 0.19.0. The bug lets crafted traversal tokens resolve to the default telegram.session file, giving remote access without a valid token. The issue is tracked as GHSA-rxw2-pc8j-vxwm and is patched in 0.19.1. Impact is direct account takeover in deployments using HTTP auth where a legacy or default session file exists. Successful abuse exposes Telegram MCP functions tied to that session, including message access, message sending, MTProto API calls, and attachment-capable tool surfaces. 🛰️ Open sources - closed narratives @sitreports
191
3
📡 Fake IT support calls on Teams deliver EtherRAT Attackers are using Microsoft Teams voice calls to impersonate internal IT
📡 Fake IT support calls on Teams deliver EtherRAT Attackers are using Microsoft Teams voice calls to impersonate internal IT staff after sending a phishing email with an “Employee Survey” lure. Victims are persuaded to grant screen-sharing control, install HopToDesk or AnyDesk, and run a malicious MSI that deploys EtherRAT, a Node.js RAT that retrieves C2 details via Ethereum smart contracts. The chain blends a trusted enterprise platform, legitimate remote-access tools, and a cross-platform payload to achieve initial access with minimal malware exposure early in the intrusion. The observed use of an external Teams tenant and multiple installer versions points to an active, iterating campaign. 🛰️ Open sources - closed narratives @sitreports
212
4
🔍 Fake tax utility used to deliver DcRAT in India-targeted intrusion Researchers tracked a suspected China-nexus campaign us
🔍 Fake tax utility used to deliver DcRAT in India-targeted intrusion Researchers tracked a suspected China-nexus campaign using a trojanized Indian tax filing utility to infect users with DcRAT. The lure mimics a legitimate financial workflow, placing malware inside software expected during tax preparation and likely aimed at users handling sensitive personal and business records. The tradecraft is notable for blending administrative trust with commodity remote access malware. Packaging the payload as a tax tool increases execution likelihood, while access to filing environments can expose identity data, financial documents, and downstream enterprise credentials. 🛰️ Open sources - closed narratives @sitreports
212
5
🔍 Veeam backup flaw allows domain user to reach SYSTEM Veeam disclosed CVE-2026-44963, a critical RCE affecting domain-joine
🔍 Veeam backup flaw allows domain user to reach SYSTEM Veeam disclosed CVE-2026-44963, a critical RCE affecting domain-joined Backup & Replication 12.x servers. Any authenticated domain user can execute code on the Backup Server via the .NET Remoting service on TCP/8000, leading to SYSTEM-level compromise. Builds through 12.3.2.4465 are affected; the issue is patched in 12.3.2.4854. Version 13.x is not affected. The exposure is operationally significant because the Backup Server centralizes privileged access to backup catalogs, repositories, hypervisors, and cloud targets. A low-privilege domain foothold can therefore be converted into control over recovery infrastructure, including deletion or tampering of restore points. 🛰️ Open sources - closed narratives @sitreports
224
6
📡 Marine Corps centralizes drone and counter-drone training The U.S. Marine Corps has established the Marine Corps Robotics
📡 Marine Corps centralizes drone and counter-drone training The U.S. Marine Corps has established the Marine Corps Robotics Integration Group at Twentynine Palms to oversee Group 1 and 2 UAS and counter-UAS training. The unit will manage pilot courses, curriculum standardization, instructor qualification, regional coordination, lessons learned, and service-wide training updates. The move creates a single institutional channel for small-drone and counter-drone training across the force. It shifts these capabilities from dispersed experimentation toward standardized doctrine, formal instruction, and centralized oversight, indicating sustained Marine Corps investment in tactical UAS integration. 🛰️ Open sources - closed narratives @sitreports
482
7
📡 Pentagon issues $80.5M counter-UAS task order for Air Force base defense AeroVironment received an $80.5 million task orde
📡 Pentagon issues $80.5M counter-UAS task order for Air Force base defense AeroVironment received an $80.5 million task order to deliver AI-enabled counter-drone systems for Air Force Global Strike Command under the Army-led Domestic Shield initiative. The package includes Titan-MS, Titan 4, EO/IR payloads, and radar for layered defense against small UAS. It is the first order under a broader $500 million contract vehicle announced last week. The award signals a shift from pilot efforts to fielded, interoperable base-defense architecture focused on detect-and-defeat coverage at fixed installations. Its relevance is amplified by recent unauthorized drone incursions reported at Barksdale AFB, a key AFGSC site. 🛰️ Open sources - closed narratives @sitreports
249
8
📡 TrojPix turns HDMI cables into covert transmitters Researchers presented TrojPix, an EM exfiltration method that encodes d
📡 TrojPix turns HDMI cables into covert transmitters Researchers presented TrojPix, an EM exfiltration method that encodes data into imperceptible pixel changes on digital displays. Malware with only user-level access can modulate TMDS emissions from standard video cables, reaching 8.1 Mbps at up to 208 meters. Tests across nine monitor brands and 15 cables reportedly achieved near-perfect recovery, including through a 30 cm concrete wall. The operational takeaway is that air gaps remain vulnerable through routine display infrastructure, without hardware modification or visible screen artifacts. The technique expands the threat model for military, industrial, government, and financial networks where HDMI-class links are treated as passive components. 🛰️ Open sources - closed narratives @sitreports
256
9
🔍 16-year-old KVM flaw enables guest-to-host escape on x86 A newly disclosed Linux KVM vulnerability affects Intel and AMD x
🔍 16-year-old KVM flaw enables guest-to-host escape on x86 A newly disclosed Linux KVM vulnerability affects Intel and AMD x86 systems and allows a guest virtual machine to escape isolation and execute on the host. The issue reportedly persisted in KVM for 16 years, turning a core virtualization boundary into a potential host-level compromise path. Technical details are outlined in the KVM flaw coverage. The significance is direct: multi-tenant and virtualized environments depend on KVM isolation as a primary security control. A guest-to-host escape collapses that assumption and can expose the hypervisor layer, with immediate relevance for cloud infrastructure, enterprise virtualization, and lab environments. 🛰️ Open sources - closed narratives @sitreports
292
10
📡 Iran-linked cluster deploys Cavern C2 against Israeli targets Researchers have identified a new command-and-control framew
📡 Iran-linked cluster deploys Cavern C2 against Israeli targets Researchers have identified a new command-and-control framework, Cavern C2, used by an Iran-linked threat actor in operations targeting Israeli organizations. The campaign adds a fresh malware management layer to an already active regional cyber confrontation. A dedicated C2 framework matters because it improves operator control, tasking, and persistence across multiple intrusions. Its emergence indicates continued tool development rather than one-off reuse, giving defenders a new infrastructure and tradecraft set to map, detect, and disrupt. 🛰️ Open sources - closed narratives @sitreports
349
11
🤖 Flipper Zero shifts firmware model to community-led maintenance Flipper Devices says Flipper Zero firmware will continue t
🤖 Flipper Zero shifts firmware model to community-led maintenance Flipper Devices says Flipper Zero firmware will continue to be maintained, but full-time feature development has ended. The company says the codebase reached maturity after the 1.0 release in 2024 and stable version 1.4.3 in December 2025. Requests will be reviewed weekly through GitHub Discussions, with stricter pull-request checks and mandatory integration and regression testing. The move formalizes a narrower core-team role: oversight, review, and quality control rather than active expansion. It also centralizes user demand into a vote-based workflow, reducing direct support load while keeping the firmware operational as the company shifts resources to new hardware. 🛰️ Open sources - closed narratives @sitreports
623
12
🔍 EY fires two staff over alleged access to Australian PM bank data EY Australia has dismissed two staff accused of accessin
🔍 EY fires two staff over alleged access to Australian PM bank data EY Australia has dismissed two staff accused of accessing bank account details linked to Prime Minister Anthony Albanese while working on a Commonwealth Bank contract. The bank has not explained how contractors were able to reach such sensitive records. The case was outlined in EY Australia coverage published 6 July. The incident adds another data-handling failure to Australia’s major consultancy sector. Operationally, it highlights the exposure created when external contractors are embedded inside financial workflows with access paths to high-value personal and political data. 🛰️ Open sources - closed narratives @sitreports
535
13
🔍 MFA-optional banks keep a major access path exposed A reported US fraud case saw attackers reuse compromised or recycled c
🔍 MFA-optional banks keep a major access path exposed A reported US fraud case saw attackers reuse compromised or recycled credentials to enter bank, retirement, and Gmail accounts, then hide alerts with mailbox filters and move roughly $30,000 before recovery. The broader issue outlined in MFA-optional banks is that several major institutions still leave multi-factor authentication disabled by default or optional. Operationally, optional MFA creates a predictable weak point: attackers only need one password-based entry path, especially on web logins where app biometrics do not apply. Convenience-driven authentication policy directly expands account takeover risk and delays fraud visibility. 🛰️ Open sources - closed narratives @sitreports
558
14
🔍 Parrot 7.3 shifts focus to performance and launcher infrastructure Parrot 7.3 has been released with an opt-in set of opti
🔍 Parrot 7.3 shifts focus to performance and launcher infrastructure Parrot 7.3 has been released with an opt-in set of optimized builds for x86-64-v3 and ARMv8.2-A, targeting gains in compression, encryption, hashing, media encoding, and other compute-heavy workloads. The release also replaces older shell-based menu handling with two Go binaries, parrot-exec and launcher-updater, while adding official amd64 Vagrant boxes for Home and Security editions. The update is notable less for new tools than for system-layer changes: higher CPU baselines for selected packages, reduced image bloat, and a faster on-demand launcher path for uninstalled applications. Compatibility-sensitive services remain on conservative baselines, preserving standard apt/dpkg behavior and update flow. 🛰️ Open sources - closed narratives @sitreports
638
15
🔍 Verified X ads used in ClickFix-style macOS malware delivery A sponsored post from a verified X account redirected users t
🔍 Verified X ads used in ClickFix-style macOS malware delivery A sponsored post from a verified X account redirected users to a fake DynamicLake site and prompted them to paste a copied Terminal command, installing macOS malware including Atomic Stealer variants. The ad was later removed after Jamf alerted X and the account owner. The case shows how paid placement, verification signals, and lookalike domains can be combined to bypass trust checks while keeping execution user-driven. For defenders, the key indicators are sponsored social lures, clipboard-based Terminal prompts, and brand impersonation tied to fake utility downloads. 🛰️ Open sources - closed narratives @sitreports
539
16
🔍 U.S. government entity paid $1 million in Kairos extortion case A U.S. government entity paid $1 million to the Kairos gro
🔍 U.S. government entity paid $1 million in Kairos extortion case A U.S. government entity paid $1 million to the Kairos group after a data-theft extortion incident, as detailed in The Hacker News report. The case centers on extortion tied to stolen data rather than disruption or encryption, underscoring the continued effectiveness of pure theft-based pressure operations. The payment is significant because it shows a government target entering direct financial resolution in a data-leak scenario. Operationally, it highlights that exfiltration alone can generate strategic leverage even without a destructive network impact. 🛰️ Open sources - closed narratives @sitreports
487
17
🔍 Attested TLS flaw cuts into confidential computing trust New academic work and a published CVE show attested TLS can valid
🔍 Attested TLS flaw cuts into confidential computing trust New academic work and a published CVE show attested TLS can validate a genuine TEE while still relaying a client session to a different malicious endpoint. The issue, tracked as CVE-2026-33697, affects multiple intra-handshake attestation designs and was identified in production-linked implementations including Meta Private Processing, Edgeless Contrast, and Cocos AI versions 0.4.0-0.8.2. Operationally, the finding undercuts a core assurance sold by confidential computing: proving the party at the other end of the connection. Standards bodies have acknowledged the relay class, while the research argues the strongest binding to application data may be unreachable in current intra-handshake designs. 🛰️ Open sources - closed narratives @sitreports
453
18
🔍 BusySnake expands Windows infostealer tradecraft BusySnake is a Python-based Windows infostealer linked in reporting to Ar
🔍 BusySnake expands Windows infostealer tradecraft BusySnake is a Python-based Windows infostealer linked in reporting to Armored Likho. It steals browser passwords and cookies, Telegram Desktop session data, clipboard contents, screenshots, OTP-related data, and cryptocurrency wallet files or keys. Delivery uses spear-phishing archives with NSIS droppers or weaponized LNK files, followed by staged loaders, embedded Python 3.12, and PyArmor-protected payloads. The combination of Telegram session theft, browser credential extraction, and persistent C2 polling gives operators both immediate account access and flexible follow-on tasking. Defenders should treat infections as full credential and session compromise, especially where %APPDATA%-based Python runtimes, abnormal LNK chains, or scheduled VBScript launchers are present. 🛰️ Open sources - closed narratives @sitreports
431
19
🔍 CrownX embedded in Avalon hits backup and recovery paths Researchers tracking Avalon describe a multi-stage framework deli
🔍 CrownX embedded in Avalon hits backup and recovery paths Researchers tracking Avalon describe a multi-stage framework delivering the CrownX ransomware via phishing, Proton Drive-hosted archives, and a mounted ISO with a fake PDF shortcut. The chain uses MSBuild and in-memory .NET loading, disables ETW and AMSI visibility, manually maps payloads, steals credentials, and later encrypts files while targeting VSS, shadow copies, WinRE, and restore settings. Operationally, the combination of credential theft, lateral movement, anti-forensics, and recovery disruption in one framework compresses defender response time. Priority target sets included domain controllers, backup platforms, virtualization infrastructure, and other systems critical to restoration. 🛰️ Open sources - closed narratives @sitreports
417
20
🔍 TimbreStealer delivered via trusted updater binaries A targeted phishing campaign is using ZIP archives hosted on DigitalO
🔍 TimbreStealer delivered via trusted updater binaries A targeted phishing campaign is using ZIP archives hosted on DigitalOcean IPs to deliver TimbreStealer through DLL side-loading with legitimate EdgeUpdate and GoogleUpdater binaries. Victims appear primarily to be companies in Mexico, with lures themed around invoicing and CFDI documents. The payload steals browser, mail, and cloud-synced data, while using RC4-based decryption, PEB/export parsing, and anti-analysis checks. The tradecraft blends trusted executables with oversized malicious DLLs, geofencing, and runtime-only payload assembly, reducing static detection and complicating reverse engineering. Key indicators include updater-named DLLs around 45–50 MB, ZIP delivery from direct cloud IPs, and suspicious access to browser SQLite files. 🛰️ Open sources - closed narratives @sitreports
408