SITREP - Independent OSINT Channel
AI, technology, mass surveillance, and intelligence — everything you need to know about tomorrow.
Ko'proq ko'rsatish📈 Telegram kanali SITREP - Independent OSINT Channel analitikasi
SITREP - Independent OSINT Channel (@sitreports) Ingliz til segmentidagi kanali faol ishtirokchi. Hozirda hamjamiyat 23 407 obunachidan iborat bo'lib, Texnologiyalar & Aralashmalar toifasida 5 741-o'rinni va AQSH mintaqasida 1 723-o'rinni egallagan.
📊 Auditoriya ko‘rsatkichlari va dinamika
невідомо sanasidan buyon loyiha tez o‘sib, 23 407 obunachiga ega bo‘ldi.
02 Iyul, 2026 dagi oxirgi ma’lumotlarga ko‘ra kanal barqaror faollikka ega. Oxirgi 30 kunda obunachilar soni -149 ga, so‘nggi 24 soatda esa -1 ga o‘zgardi va umumiy qamrov yuqori darajada qolmoqda.
- Tasdiqlash holati: Tasdiqlanmagan
- Jalb etish (ER): Auditoriya o‘rtacha 7.31% darajada jalb etiladi. Nashrdan keyingi dastlabki 24 soatda kontent odatda umumiy obunachilar sonining 1.91% ini tashkil etuvchi reaksiyalarni to‘playdi.
- Post qamrovi: Har bir post o‘rtacha 1 710 marta ko‘riladi; birinchi sutkada odatda 446 ta ko‘rish yig‘iladi.
- Reaksiyalar va o‘zaro ta’sir: Auditoriya faol: har bir postga o‘rtacha 0 ta reaksiya keladi.
- Tematik yo‘nalishlar: Kontent narrative, attack, infrastructure, threat, credential kabi asosiy mavzularga jamlangan.
📝 Tavsif va kontent siyosati
Muallif resursni shaxsiy fikrni ifoda etish maydoni sifatida ta’riflaydi:
“AI, technology, mass surveillance, and intelligence — everything you need to know about tomorrow.”
Yuqori yangilanish chastotasi (oxirgi ma’lumot 03 Iyul, 2026 da olingan) sababli kanal doimo dolzarb va katta qamrovli bo‘lib qoladi. Analitika auditoriya kontent bilan faol hamkorlik qilishini, uni Texnologiyalar & Aralashmalar toifasidagi muhim ta’sir nuqtasiga aylantirishini ko‘rsatadi.
Ma'lumot yuklanmoqda...
| Sana | Obunachilarni jalb qilish | Esdaliklar | Kanallar | |
| 03 Iyul | +1 | |||
| 02 Iyul | +5 | |||
| 01 Iyul | +1 |
| 2 | 🔍 CISA flags active exploitation of SharePoint RCE
CISA has added CVE-2026-45659 to its Known Exploited Vulnerabilities catalog after confirming attacks against Microsoft SharePoint servers. The flaw is a deserialization issue allowing remote code execution with only Site Member-level privileges, low attack complexity, and no user interaction. Patches were released on 21 May for SharePoint 2016, 2019, and Subscription Edition.
The key operational detail is exposure: Shadowserver is tracking more than 10,000 internet-facing SharePoint servers. CISA has ordered U.S. federal agencies to remediate by Saturday under BOD 26-04, underscoring that unpatched on-prem SharePoint remains a live and scalable intrusion surface.
🛰️ Open sources - closed narratives
@sitreports | 69 |
| 3 | 🔍 Microsoft 365 hit with 81 million password-spray attempts
Huntress says an aggressive two-week campaign against Microsoft 365 tenants generated over 81 million login attempts between June 12 and 26, compromising 78 accounts across 64 organizations. The actor used exposed but still-valid credentials via Azure CLI, then authenticated through the ROPC flow, which in many cases bypassed MFA because Conditional Access was misconfigured or absent.
The key issue is not credential theft alone but policy coverage: MFA limited to specific apps, groups, or locations left a legacy auth path open. Huntress also logged a 155-fold rise in password spraying, with tenants averaging 1,964 failed login attempts per month.
🛰️ Open sources - closed narratives
@sitreports | 454 |
| 4 | 📡 Pentagon centralizes drone and autonomy control
Defense Secretary Pete Hegseth has created the direct reporting portfolio manager for unmanned offensive and defensive systems, or DRPM-UxS, to act as the Pentagon’s single joint integrator for most drone, autonomous, counter-UAS, and related software efforts. The office will report to Deputy Defense Secretary Stephen Feinberg and will absorb initial elements including JIATF-401 and DAWG.
The move concentrates acquisition, fielding, standards, interoperability, sustainment, and industry engagement under one authority. Operationally, this reduces fragmentation across services and gives one office precedence over most UxS program execution, signaling a shift from dispersed experimentation toward centralized scaling.
🛰️ Open sources - closed narratives
@sitreports | 408 |
| 5 | 📡 AWS and Anduril push tactical cloud to the edge
AWS and Anduril have launched a joint tactical data-center package combining AWS Outposts with Anduril’s Menace-I mobile infrastructure, now available to Pentagon users through the JWCC Marketplace. The system is designed to deliver local computing, storage, and AI in remote, degraded, or denied environments, with cited use cases including shipborne AI operations and near-real-time flight data analysis.
The significance is not the hardware alone but the procurement path: a pre-vetted JWCC listing lowers friction for field adoption. The offering aligns with the U.S. military shift toward dispersed operations where cloud access, data locality, and resilience under contested connectivity are becoming operational requirements.
🛰️ Open sources - closed narratives
@sitreports | 355 |
| 6 | 🔍 Critical flaws in Cursor could break AI sandboxing
Researchers identified multiple vulnerabilities in Cursor that could allow prompt injection to escape its sandbox and execute system commands. The issue affects an AI coding workflow where untrusted input can influence model behavior beyond intended boundaries.
Operationally, this shifts prompt injection from data exposure and workflow tampering into potential host-level command execution. For teams using AI-assisted development tools, the finding underscores that model guardrails alone do not equal isolation when the surrounding execution environment is weak.
🛰️ Open sources - closed narratives
@sitreports | 298 |
| 7 | 🤖 DeepSeek output tied to browser-native ransomware chain
Check Point says a DeepSeek-generated sample can be turned into working in-browser ransomware with minimal effort. The tracked code, including the Android-focused InfernoGrabber 9000 blueprint, used a phishing-style web app and Chrome’s File System Access API to request local file access, process data in-browser, and lock users out of original content.
The significance is not novelty of the browser risk, but compression of the attack chain. Check Point’s test showed prompt filtering could be bypassed by removing explicit malware terms, lowering the skill threshold for browser-only extortion and data theft without a native payload or exploit.
🛰️ Open sources - closed narratives
@sitreports | 290 |
| 8 | 🔍 ChocoPoC campaign hides malware in PoC dependencies
Researchers identified at least seven GitHub exploit repositories distributing the Python RAT ChocoPoC via trojanized dependencies rather than altered exploit code. A package named frint pulls skytext from PyPI, which deploys the payload and uses Mapbox datasets for retrieval and exfiltration. ChocoPoC can execute commands, steal browser data, collect shell history, enumerate processes, and upload files.
The tradecraft is notable because the PoC itself can appear intact while malicious behavior is shifted into seemingly benign packages. This directly targets researchers and testers who routinely run untrusted code, reinforcing dependency review and isolated execution as the critical control point.
🛰️ Open sources - closed narratives
@sitreports | 290 |
| 9 | 🔍 FortiBleed tied to INC and Lynx ransomware
SOCRadar says the FortiBleed campaign stealing credentials from Fortinet devices is directly linked to the INC and Lynx ransomware operations. Investigators found access to both groups’ negotiation panels on a Windows server within the FortiBleed infrastructure. The campaign reportedly targeted over 430,000 FortiGate firewalls, deployed sniffers on about 19,000 devices, and exposed 73,000 device credentials.
The finding connects large-scale credential harvesting to a downstream ransomware workflow, not just opportunistic theft. It also indicates a broader, organized intrusion ecosystem spanning collection, credential cracking, access expansion, and extortion operations.
🛰️ Open sources - closed narratives
@sitreports | 303 |
| 10 | 🔍 Argo CD repo-server flaw exposes Kubernetes control path
An unpatched vulnerability in Argo CD repo-server could allow attackers to compromise Kubernetes clusters. The issue affects a core GitOps component used to fetch and render manifests, placing cluster management workflows at risk where the service is exposed or reachable in production environments.
The significance is structural: repo-server sits in the deployment trust chain, so compromise can turn CI/CD automation into a cluster access vector. For defenders, this shifts attention from edge exposure alone to internal service reachability, permissions, and the security assumptions around GitOps tooling.
🛰️ Open sources - closed narratives
@sitreports | 331 |
| 11 | 🔍 Oracle E-Business flaw now under active exploitation
CVE-2026-46817, a critical unauthenticated HTTP takeover bug in Oracle Payments for E-Business Suite 12.2.3 through 12.2.15, is being exploited in the wild. Oracle patched the issue in its latest CPU, while Shadowserver now tracks roughly 950 internet-facing EBS instances globally, most of them in the US.
The key OSINT signal is timing: active exploitation is confirmed before broad defender visibility on patch status. With hundreds of public-facing systems still exposed and no public technical details disclosed, the gap is now between internet exposure and patch execution.
🛰️ Open sources - closed narratives
@sitreports | 337 |
| 12 | 🔍 DHS confirms breach of HSIN platform
The US Department of Homeland Security says a cyber incident affected the unclassified Homeland Security Information Network, with reporting indicating HSIN servers and a related SharePoint collaboration system were targeted between late May and early June. DHS says affected systems were isolated, mitigation is underway, and classified networks were not impacted.
HSIN is used to share sensitive but unclassified data across federal, state, local, international, and private-sector partners. Even without confirmed data theft or attribution, compromise of this environment is operationally significant because it sits inside coordination, alerting, incident management, and threat-information workflows.
🛰️ Open sources - closed narratives
@sitreports | 396 |
| 13 | 🔍 Microsoft flags prompt injection risk in MCP tool metadata
Microsoft has warned that poisoned descriptions in Model Context Protocol tools can manipulate AI agents into leaking data or performing unintended actions. The issue targets the text agents use to understand external tools, turning metadata into an injection surface across agent workflows. The warning was outlined in MCP tool descriptions used by connected AI systems.
The security implication is supply-chain level: trust in tool registries and integrations becomes part of the model’s attack surface. Defending the agent alone is insufficient if hostile instructions can arrive through tool definitions it treats as operational context.
🛰️ Open sources - closed narratives
@sitreports | 563 |
| 14 | 📡 SOCOM surveys industry for air-launched long-range loitering munition
U.S. Special Operations Command has issued an RFI for an Air Loitering Munition to be launched from fixed-wing aircraft including the AC-130J. Baseline requirements include at least 75 nautical miles of range, 40 minutes of loiter time, launch from 5,000 to 30,000 feet, altitude over target of 500 to 3,000 feet, and weight under 95 pounds. Industry responses are due by July 27.
The notice points to a push for deeper stand-off strike from special operations aircraft without exposing crews to short-range air defenses. Cost requests for 500, 1,000, and 3,000 units, plus planned spiral development and flight demonstration, indicate SOCOM is testing both technical maturity and production scalability.
🛰️ Open sources - closed narratives
@sitreports | 496 |
| 15 | 🔍 Langflow RCE Used to Drop Monero Miner on Exposed AI App Endpoints
Attackers are exploiting a remote code execution flaw in Langflow to deploy Monero mining payloads on internet-exposed AI application endpoints. The observed activity turns vulnerable servers into cryptomining nodes rather than using them for data theft or persistence-heavy post-exploitation.
The case underscores a familiar pattern in AI tooling: externally reachable management or app interfaces are becoming low-friction targets once RCE is available. Even a miner-only intrusion is operationally relevant, as it confirms unauthorized code execution on exposed infrastructure and highlights weak exposure control around AI stacks.
🛰️ Open sources - closed narratives
@sitreports | 447 |
| 16 | 🔍 CISA adds critical SimpleHelp auth bypass to KEV
CISA has added CVE-2026-48558 to the Known Exploited Vulnerabilities catalog. The flaw affects SimpleHelp 5.5.15 and earlier plus 6.0 pre-release builds, and allows remote unauthenticated attackers to forge OIDC identity tokens and obtain a fully authenticated technician session. In some setups, MFA can also be bypassed. Federal agencies have until 2 July 2026 to remediate.
The issue is high impact because SimpleHelp is commonly used for remote support and privileged endpoint access. A compromised server can hand an attacker technician-level control across managed systems, enabling remote access, script execution, and wider network compromise.
🛰️ Open sources - closed narratives
@sitreports | 395 |
| 17 | 🔍 Malicious PyPI forks targeted Telegram bot infrastructure
At least eight trojanized Pyrogram forks on PyPI were used from November 2025 to June 2026 to backdoor Telegram bot deployments. The packages added a hidden module that registers covert bot commands, allowing attackers to execute Python code or shell commands, read arbitrary files, dump secrets, and return results via Telegram.
The operation focused specifically on bot accounts, indicating a deliberate push for access to production servers rather than developer endpoints. Shared code, command structure, infrastructure, and Telegram IDs tie the packages to one actor, turning a routine dependency install into direct server-level compromise.
🛰️ Open sources - closed narratives
@sitreports | 362 |
| 18 | 🔍 BioShocking exposes a control gap in AI browsers
LayerX says its BioShocking prompt-injection PoC manipulated six agentic browser products into treating unsafe actions as part of a fictional game scenario, culminating in copying and sharing sensitive data from a GitHub repository. OpenAI reportedly fixed the issue in ChatGPT Atlas; other tested products remained vulnerable or unresponsive.
The reported failure is not simple prompt abuse but context collapse: agents did not separate game logic from real-world data handling. That makes guardrails brittle when browser agents are granted live access to repositories, credentials, or web sessions.
🛰️ Open sources - closed narratives
@sitreports | 362 |
| 19 | 📡 XSS.is takedown hit a ransomware supply hub, not the market
French and Ukrainian police arrested the alleged admin of XSS.is in Kyiv and seized the forum plus its Jabber infrastructure. Europol said the Russian-language forum had 50,000+ members and generated over EUR 7 million through escrow services. Research from the leaked database shows a marketplace centered on exploits, malware, crypting, stolen access, shells, databases, and RDP footholds.
The key loss is trust, not capability. XSS functioned as the brokerage layer connecting sellers and buyers across the intrusion chain, especially initial access. With forum data, private messages, IPs, emails, hashes, and Jabber logs exposed, the takedown degrades anonymity and escrow confidence, while access-broker activity is already shifting elsewhere.
🛰️ Open sources - closed narratives
@sitreports | 387 |
| 20 | 🤖 RustDuck Rebuilds for Cross-Platform DDoS Operations
The RustDuck botnet has been rebuilt in Rust and is targeting routers and servers for DDoS activity. The rewrite indicates an updated malware codebase aimed at compromising internet-facing infrastructure rather than endpoint-heavy environments.
A Rust implementation improves portability and can streamline deployment across mixed Linux-based targets common in network appliances and hosted systems. That shifts the threat from simple botnet persistence to scalable abuse of exposed infrastructure with direct impact on service availability.
🛰️ Open sources - closed narratives
@sitreports | 398 |
Endi mavjud! Telegram Tadqiqoti 2025 — yilning asosiy insaytlari 
