uz
Feedback
SITREP - Independent OSINT Channel

SITREP - Independent OSINT Channel

Kanalga Telegram’da o‘tish

AI, technology, mass surveillance, and intelligence — everything you need to know about tomorrow.

Ko'proq ko'rsatish

📈 Telegram kanali SITREP - Independent OSINT Channel analitikasi

SITREP - Independent OSINT Channel (@sitreports) Ingliz til segmentidagi kanali faol ishtirokchi. Hozirda hamjamiyat 23 334 obunachidan iborat bo'lib, Texnologiyalar & Aralashmalar toifasida 5 710-o'rinni va AQSH mintaqasida 1 724-o'rinni egallagan.

📊 Auditoriya ko‘rsatkichlari va dinamika

невідомо sanasidan buyon loyiha tez o‘sib, 23 334 obunachiga ega bo‘ldi.

12 Iyul, 2026 dagi oxirgi ma’lumotlarga ko‘ra kanal barqaror faollikka ega. Oxirgi 30 kunda obunachilar soni -191 ga, so‘nggi 24 soatda esa -8 ga o‘zgardi va umumiy qamrov yuqori darajada qolmoqda.

  • Tasdiqlash holati: Tasdiqlanmagan
  • Jalb etish (ER): Auditoriya o‘rtacha 2.77% darajada jalb etiladi. Nashrdan keyingi dastlabki 24 soatda kontent odatda umumiy obunachilar sonining 1.83% ini tashkil etuvchi reaksiyalarni to‘playdi.
  • Post qamrovi: Har bir post o‘rtacha 646 marta ko‘riladi; birinchi sutkada odatda 427 ta ko‘rish yig‘iladi.
  • Reaksiyalar va o‘zaro ta’sir: Auditoriya faol: har bir postga o‘rtacha 0 ta reaksiya keladi.
  • Tematik yo‘nalishlar: Kontent narrative, attack, infrastructure, threat, credential kabi asosiy mavzularga jamlangan.

📝 Tavsif va kontent siyosati

Muallif resursni shaxsiy fikrni ifoda etish maydoni sifatida ta’riflaydi:
AI, technology, mass surveillance, and intelligence — everything you need to know about tomorrow.

Yuqori yangilanish chastotasi (oxirgi ma’lumot 13 Iyul, 2026 da olingan) sababli kanal doimo dolzarb va katta qamrovli bo‘lib qoladi. Analitika auditoriya kontent bilan faol hamkorlik qilishini, uni Texnologiyalar & Aralashmalar toifasidagi muhim ta’sir nuqtasiga aylantirishini ko‘rsatadi.

23 334
Obunachilar
-824 soatlar
-417 kunlar
-19130 kunlar
Obunachilarni jalb qilish
Iyul '26
Iyul '26
+18
6 kanalda
Iyun '26
+154
2 kanalda
Get PRO
May '26
+48
6 kanalda
Get PRO
Aprel '26
+113
14 kanalda
Get PRO
Mart '26
+380
6 kanalda
Get PRO
Fevral '26
+121
1 kanalda
Get PRO
Yanvar '26
+143
1 kanalda
Get PRO
Dekabr '25
+90
4 kanalda
Get PRO
Noyabr '25
+92
1 kanalda
Get PRO
Oktabr '25
+43
2 kanalda
Get PRO
Sentabr '25
+22
1 kanalda
Get PRO
Avgust '25
+14
2 kanalda
Get PRO
Iyul '25
+136
2 kanalda
Get PRO
Iyun '25
+186
5 kanalda
Get PRO
May '25
+28
6 kanalda
Get PRO
Aprel '25
+13
6 kanalda
Get PRO
Mart '25
+13
5 kanalda
Get PRO
Fevral '25
+11
9 kanalda
Get PRO
Yanvar '25
+11
3 kanalda
Get PRO
Dekabr '24
+62
5 kanalda
Get PRO
Noyabr '24
+128
32 kanalda
Get PRO
Oktabr '24
+45
1 kanalda
Get PRO
Sentabr '24
+93
8 kanalda
Get PRO
Avgust '24
+1 524
67 kanalda
Get PRO
Iyul '24
+478
54 kanalda
Get PRO
Iyun '24
+984
76 kanalda
Get PRO
May '24
+1 380
80 kanalda
Get PRO
Aprel '24
+1 274
64 kanalda
Get PRO
Mart '24
+1 674
74 kanalda
Get PRO
Fevral '24
+1 629
80 kanalda
Get PRO
Yanvar '24
+1 576
67 kanalda
Get PRO
Dekabr '23
+1 932
63 kanalda
Get PRO
Noyabr '23
+1 211
75 kanalda
Get PRO
Oktabr '23
+1 367
60 kanalda
Get PRO
Sentabr '23
+1 173
0 kanalda
Get PRO
Avgust '23
+985
0 kanalda
Get PRO
Iyul '23
+597
0 kanalda
Get PRO
Iyun '23
+1 518
0 kanalda
Get PRO
May '23
+1 048
0 kanalda
Get PRO
Aprel '23
+1 017
0 kanalda
Get PRO
Mart '23
+675
0 kanalda
Get PRO
Fevral '23
+1 080
0 kanalda
Get PRO
Yanvar '23
+2 476
0 kanalda
Get PRO
Dekabr '22
+4 174
0 kanalda
Get PRO
Noyabr '22
+5 621
0 kanalda
Sana
Obunachilarni jalb qilish
Esdaliklar
Kanallar
12 Iyul0
11 Iyul+3
10 Iyul+4
09 Iyul+1
08 Iyul+2
07 Iyul0
06 Iyul+1
05 Iyul0
04 Iyul0
03 Iyul+1
02 Iyul+5
01 Iyul+1
Kanal postlari
🔍 Critical Zimbra flaw enables code execution via crafted emails A critical vulnerability in Zimbra could allow specially cr
🔍 Critical Zimbra flaw enables code execution via crafted emails A critical vulnerability in Zimbra could allow specially crafted emails to execute malicious code within a user’s active webmail session. The issue affects client-side interaction with email content, turning message delivery itself into the attack vector. Operationally, this reduces the barrier to compromise for any organization relying on Zimbra webmail. If exploited, a single inbound message could trigger session-level code execution, making mailbox access a direct path for credential abuse, persistence, or follow-on activity inside enterprise communications workflows. 🛰️ Open sources - closed narratives @sitreports

2
🔍 CISA details internal AWS GovCloud credential exposure CISA disclosed that AWS GovCloud admin credentials and internal pla
🔍 CISA details internal AWS GovCloud credential exposure CISA disclosed that AWS GovCloud admin credentials and internal plaintext usernames and passwords were exposed in a public repository tied to a contractor’s personal account, not the agency’s official GitHub organization. The repository was reportedly unmonitored for about six months. CISA took systems offline, revoked access, rotated credentials, and published lessons learned. Log review found no external use of the leaked keys and no mission or customer data compromise. The case highlights a familiar failure chain: long-lived static secrets, code movement into unmanaged personal repositories, and weak reporting paths. CISA’s own review identified missing GitHub/cloud IR playbooks and slower-than-expected key rotation across interconnected environments. 🛰️ Open sources - closed narratives @sitreports
418
3
🔍 Australia flags mass exploitation of vulnerable CMS platforms Australia’s ACSC warned of a global campaign exploiting flaw
🔍 Australia flags mass exploitation of vulnerable CMS platforms Australia’s ACSC warned of a global campaign exploiting flaws in CMS platforms and plugins, with Australian small and medium businesses already affected by webshell deployments. Products named include WordPress plugins, Craft CMS, MaxSite CMS, MetInfo CMS, and Joomla JCE, detailed in the ACSC alert. The activity points to broad internet-wide scanning and rapid post-compromise persistence on exposed websites. For defenders, the key issue is not a single product but the attack pattern: unpatched CMS components becoming entry points for credential theft, follow-on malware, and deeper network access. 🛰️ Open sources - closed narratives @sitreports
373
4
🔍 CISA adds two Joomla extension RCE paths to KEV CISA has added CVE-2026-48939 in iCagenda and CVE-2026-56291 in Balbooa Fo
🔍 CISA adds two Joomla extension RCE paths to KEV CISA has added CVE-2026-48939 in iCagenda and CVE-2026-56291 in Balbooa Forms to the Known Exploited Vulnerabilities catalog. Both issues are unrestricted file upload flaws. In iCagenda, the attachment feature can allow arbitrary file upload and PHP execution. In Balbooa Forms, an unauthenticated upload path can lead to executable file placement and full remote code execution. Federal agencies have until July 13, 2026 to remediate. The KEV addition confirms active exploitation and elevates both flaws from patching backlog to immediate exposure management. Because both affect Joomla extensions and rely on file upload abuse, internet-facing sites using either component should be treated as potentially reachable RCE surfaces. 🛰️ Open sources - closed narratives @sitreports
363
5
🔍 Ghostcommit uses image-embedded prompts to bypass AI code review Researchers from the ASSET Research Group demonstrated Gh
🔍 Ghostcommit uses image-embedded prompts to bypass AI code review Researchers from the ASSET Research Group demonstrated Ghostcommit, a pull-request attack that hides prompt injection inside a PNG referenced by AGENTS.md. Text-only reviewers may approve the change, while a later coding agent reads the image, accesses .env, and emits the secrets as integer constants in source code. In tests, Cursor and Antigravity leaked credentials across multiple models; Claude Code refused. The key finding is structural: the failure point was often the toolchain, not the model. If reviewers skip images and scanners do not decode covert output formats, secret exfiltration can pass through normal PR workflows and appear as benign code generation. 🛰️ Open sources - closed narratives @sitreports
355
6
🔍 Critical U-Boot flaws weaken secure boot across embedded devices Binarly identified six vulnerabilities in U-Boot FIT imag
🔍 Critical U-Boot flaws weaken secure boot across embedded devices Binarly identified six vulnerabilities in U-Boot FIT image verification, including two paths to arbitrary code execution and four denial-of-service conditions. The affected code dates back to v2013.07 and may impact more than 50 stable releases used in routers, cameras, BMCs, and other embedded systems. Patches have been accepted upstream. Because U-Boot executes before the OS and most security controls, flaws in signature verification directly erode the trust chain of verified boot. The issue is especially relevant for remotely updateable devices and server management hardware, where a compromised boot stage can persist below normal detection and recovery layers. 🛰️ Open sources - closed narratives @sitreports
346
7
🔍 Dell BIOS flaw exposes recoverable passwords from SPI flash Dell has disclosed CVE-2026-40639 under DSA-2026-197, a BIOS p
🔍 Dell BIOS flaw exposes recoverable passwords from SPI flash Dell has disclosed CVE-2026-40639 under DSA-2026-197, a BIOS password storage flaw affecting the SystemPwSmm SMM driver across multiple client platforms. Passwords stored in the DVAR region use a repeating XOR scheme that leaks key material through null padding, allowing plaintext recovery from an SPI flash dump without brute force once flash access is obtained. The issue turns BIOS passwords into weak obfuscation rather than a security boundary. With physical or attacker-controlled OS access, recovered credentials can support Secure Boot or pre-boot protection bypass, widening risk for disk-encrypted systems and for fleets reusing the same BIOS password. 🛰️ Open sources - closed narratives @sitreports
407
8
🔍 Trojanized Visual Studio projects expand software supply chain risk A multi-stage malware cluster documented by Doctor Web
🔍 Trojanized Visual Studio projects expand software supply chain risk A multi-stage malware cluster documented by Doctor Web researchers weaponizes Visual Studio workflows by inserting malicious pre-build events into .vcxproj and .csproj files. The chain also infects .suo files, Dear ImGui components, and winnetwk.h, while delivering credential theft, clipboard hijacking, backdoor access, cryptomining, and propagation via trojanized executables. The key operational shift is execution through trusted developer activity: opening, cloning, or building an infected project can trigger reinfection and push compromised code further downstream. Monitoring pre-build events, mutexes Global\PFNMX and global\PFNX_side, and GitHub or Steam-based dead-drop C2 resolution is now directly relevant to build pipeline defense. 🛰️ Open sources - closed narratives @sitreports
378
9
🔍 Compromised jscrambler 8.14.0 npm release executed hidden binary at install The npm package jscrambler version 8.14.0 was
🔍 Compromised jscrambler 8.14.0 npm release executed hidden binary at install The npm package jscrambler version 8.14.0 was reported compromised, with the install process triggering a concealed platform-specific binary. The malicious release used the trusted jscrambler package path to run code during dependency installation rather than at application runtime. This is a supply-chain intrusion with immediate developer workstation exposure. The key issue is execution on install, which can bypass normal application testing boundaries and affect CI/CD hosts, build systems, and local environments before the package is ever used. 🛰️ Open sources - closed narratives @sitreports
383
10
🔍 Balochistan Police portal used in parallel espionage activity A compromised Balochistan Police web portal was reportedly w
🔍 Balochistan Police portal used in parallel espionage activity A compromised Balochistan Police web portal was reportedly weaponized by multiple threat groups to deliver malware and support cyber-espionage operations, turning a legitimate government platform into an infection vector. The campaign outlined in The Hacker News report highlights overlapping abuse of trusted regional infrastructure. The case underlines a familiar operational pattern: attackers gain leverage not only through malware, but through the credibility of official portals. For defenders, this shifts attention from payload analysis alone to the security posture, monitoring, and integrity of public-sector web assets. 🛰️ Open sources - closed narratives @sitreports
431
11
📡 DARPA opens heavy-lift drone challenge with 124 teams DARPA has selected 124 teams from more than 20 countries for its Lif
📡 DARPA opens heavy-lift drone challenge with 124 teams DARPA has selected 124 teams from more than 20 countries for its Lift Challenge, a vertical-lift UAS competition set for Aug. 2-9 in Dayton, Ohio. The event will test drones on a five-nautical-mile circuit, with up to $6.5 million in prizes for the best payload-to-weight ratios and novel designs. The target is a four-to-one payload-to-weight ratio for cargo-carrying drones. The program is focused on logistics rather than strike or ISR roles. If the benchmark is met, it would directly address the current cost barrier in vertical lift by reducing aircraft size for the same payload, with clear military utility for resupply and wider commercial relevance. 🛰️ Open sources - closed narratives @sitreports
637
12
🔍 Pentagon moves post-quantum cryptography toward contractor compliance The Pentagon’s June PQC Strategy says Cybersecurity
🔍 Pentagon moves post-quantum cryptography toward contractor compliance The Pentagon’s June PQC Strategy says Cybersecurity Maturity Model Certification requirements will be updated to incorporate quantum-resistant algorithms for the defense industrial base. The document sets department-wide targets for systems to support PQC by end-2030 and employ it by end-2031, while CMMC Revision 3 has formally entered transition. Enforcement details and timelines for contractors remain undefined. Operationally, this signals that quantum resilience is moving from long-range planning into the compliance pipeline for defense suppliers. The main constraint is execution: CMMC changes require rulemaking, many firms are still adapting to Revision 3, and current PQC rollouts can disrupt existing infrastructure. 🛰️ Open sources - closed narratives @sitreports
558
13
🔍 Fake Entra passkey enrollment used to seize Microsoft 365 access Attackers are using spoofed Microsoft Entra passkey enrol
🔍 Fake Entra passkey enrollment used to seize Microsoft 365 access Attackers are using spoofed Microsoft Entra passkey enrollment flows to obtain access to Microsoft 365 accounts. The method abuses user trust in legitimate authentication branding and targets passkey setup as the entry point rather than password theft. The case highlights a shift from credential harvesting toward adversary-controlled MFA and passwordless enrollment. For defenders, the key issue is that account compromise can occur during the authentication lifecycle itself, making enrollment monitoring and user-facing identity workflows a direct attack surface. 🛰️ Open sources - closed narratives @sitreports
502
14
🔍 Progress orders ShareFile server shutdown over active threat Progress Software told ShareFile customers using on-premises
🔍 Progress orders ShareFile server shutdown over active threat Progress Software told ShareFile customers using on-premises Storage Zone Controllers to immediately shut down the Windows servers hosting them after identifying a “credible external security threat.” The company also temporarily disabled affected accounts in the ShareFile cloud, while a status page warning says customers with Storage Zone Controllers are currently not operational. The key point is that cloud-side restrictions were judged insufficient, indicating risk remains at the internet-facing controller layer itself. These hybrid nodes broker file transfers between ShareFile and customer-managed storage, making them a high-value exposure point with direct operational impact. 🛰️ Open sources - closed narratives @sitreports
481
15
🔍 Laser fault attack hits Tangem hardware wallets Researchers demonstrated a laser-based fault injection method that can res
🔍 Laser fault attack hits Tangem hardware wallets Researchers demonstrated a laser-based fault injection method that can reset the access code on Tangem wallet cards, enabling unauthorized wallet takeover if an attacker has physical possession. The affected cards are described as unpatchable, leaving deployed hardware exposed to a permanent design-level weakness detailed in the Tangem wallet report. The case underscores a core hardware-security problem: physical access can bypass software trust assumptions, and immutable consumer devices offer no remediation path once a flaw is confirmed. For custodial hygiene, device recovery and replacement become the only meaningful mitigations. 🛰️ Open sources - closed narratives @sitreports
426
16
📡 Researcher maps WhatsApp-to-host chain via three OpenClaw flaws A security researcher detailed an attack path from WhatsAp
📡 Researcher maps WhatsApp-to-host chain via three OpenClaw flaws A security researcher detailed an attack path from WhatsApp to underlying host access by chaining three vulnerabilities in OpenClaw. The report outlines how multiple weaknesses can be combined to move from an exposed messaging surface toward host-level compromise. The case highlights the operational risk of cross-layer exploit chains: issues that appear isolated can become materially more severe when linked across application and host boundaries. For defenders, the key takeaway is that patching priority should reflect chaining potential, not just standalone CVSS-style severity. 🛰️ Open sources - closed narratives @sitreports
443
17
🔍 New U-Boot flaws expose early-boot attack surface Six vulnerabilities in the widely used bootloader U-Boot were disclosed
🔍 New U-Boot flaws expose early-boot attack surface Six vulnerabilities in the widely used bootloader U-Boot were disclosed by Binarly, including two that may allow arbitrary code execution during FIT signature verification and four that can crash devices. The affected code reportedly dates back to version 2013.07 and may impact more than 50 releases plus downstream vendor forks. The issue is operationally significant because compromise at the bootloader stage occurs before the OS and its security tooling start. Systems using remote firmware update paths, including some BMC environments, expand the exposure, while remediation depends on vendor firmware updates rather than upstream fixes alone. 🛰️ Open sources - closed narratives @sitreports
423
18
🔍 Gitea Docker auth bypass is under active exploitation Attackers are exploiting CVE-2026-20896, a critical authentication b
🔍 Gitea Docker auth bypass is under active exploitation Attackers are exploiting CVE-2026-20896, a critical authentication bypass in the official Gitea Docker image. The flaw affects default deployments where reverse-proxy auth headers are trusted from any source, allowing unauthenticated users to impersonate arbitrary accounts, including admins. Publicly exposed Gitea instances number about 6,200, though vulnerable exposure remains unclear. Operationally, this is a configuration-level trust failure in a widely used self-hosted code platform. Immediate risk includes unauthorized access to repositories, CI/CD workflows, and admin functions. Fixed releases are 1.26.3 and 1.26.4; if patching is delayed, trusted proxy IPs should be restricted and logs reviewed for header-based abuse. 🛰️ Open sources - closed narratives @sitreports
433
19
🔍 Injective Labs GitHub breach used to seed wallet-key-stealing npm packages A compromise of Injective Labs’ GitHub account
🔍 Injective Labs GitHub breach used to seed wallet-key-stealing npm packages A compromise of Injective Labs’ GitHub account was used to publish malicious npm packages designed to steal wallet private keys. The campaign weaponized trust in the project’s developer ecosystem, turning package distribution into an initial access and credential theft vector. Details are outlined in Injective Labs coverage. The incident highlights a direct supply-chain path from source-code platform compromise to downstream wallet theft. For defenders, the key issue is not just repository access, but how quickly compromised maintainers can push malicious dependencies into developer workflows. 🛰️ Open sources - closed narratives @sitreports
443
20
📡 MODBEACON shifts RAT command traffic to gRPC streaming A new MODBEACON RAT variant uses gRPC streaming to carry encrypted
📡 MODBEACON shifts RAT command traffic to gRPC streaming A new MODBEACON RAT variant uses gRPC streaming to carry encrypted command-and-control traffic, replacing more typical web-style beaconing with a protocol common in modern backend services. The malware’s network profile is designed to blend into legitimate encrypted application traffic rather than expose distinct C2 patterns. Operationally, this raises the detection burden from simple signature matching to protocol-aware inspection and traffic baselining. gRPC over encrypted channels can reduce visibility for defenders and complicate separation of benign service traffic from active remote access activity. 🛰️ Open sources - closed narratives @sitreports
492