robin🪶 @rob_OSINT

UAE is buying India’s supersonic BrahMos missiles & Akashteer air defense system .. Abu Dhabi is diversifying its weapons away from traditional Western allies to secure the region on its own terms. Smart geopolitical move.

keyboard_arrow_left Previous keyboard_arrow_right Next

⚠️ NOW: Exercise Valiant Shield is one of the largest war games the US conducts in the Pacific Ocean. Multiple airspace reservation for the exercise have just gone live over Guam.

PHISH ALERT: From a Simple Phishing Email to a Full Attack Arsenal: The Evolution of "ClickFix" KnowBe4 Threat Labs is tracking a sophisticated phishing campaign that flips the script on traditional email security. What looks like a routine, urgency-driven OneDrive lure is actually a gateway to an entire multi-purpose hosting setup packed with credential harvesters, droppers, and spyware. Here is exactly how the threat actors are evolving the notorious ClickFix technique to bypass modern endpoint security: The Attack Flow Breakdown The Lure: Targets receive an email with the subject or body claiming an urgent past-due document needs tracking: "We have an urgent past due, please review secure OneDrive attachment and let's rectify today." The email carries a malicious attachment named Review Past Due Doc. zip. The Trigger: Inside the ZIP is a .lnk shortcut. Clicking it doesn't download a file instead, it redirects the victim to a landing page that silently injects a malicious PowerShell command directly into their clipboard. The Social Engineering (ClickFix): A fake verification prompt tricks the user into manually pressing Win + R, pasting the command, and hitting enter. Because the victim manually interacts with the terminal, traditional attachment scanning and URL filters see nothing out of the ordinary. DNS TXT Staging: The injected clipboard stager fetches its payload instructions using DNS TXT records. The actual payload instructions never touch HTTP requests or email headers they only exist in the DNS response at execution time. The Attacker's Infrastructure & Payload Arsenal Pivoting to the operator's parent domain revealed a massive hosting setup designed for large-scale operations ZIP Archives: Obfuscated .js and .vbs scripts acting as initial droppers. MSI Files: Masquerading as legitimate software installers (some even abusing names like ConnectWise) to drop password stealers and Remote Monitoring and Management (RMM) tools. ISO Images: Bundled spyware that leverages background processes to maintain persistent access. This campaign proves that threat actors are moving far beyond simple credential theft. They are playing the long game using victim-assisted execution and network-level evasion to establish full, post-compromise control over environments. Indicators of Compromise (IOCs) Domains: document-auth[.]icu italy-news[.]info lootrioya[.]info Key Hashes: 7b7981c99d59595fe15377df84695bb72ce0b85560a3935f930657b2d162e5ef (Review Past Due Doc. zip) adcd15f3d6b87f84d106ea426fa824fd20c9d64f6d199ce92580884290785f30 (RMM / MSI Installer) d7d2f0ee187549f3f4a114d716be12521fbf62d6d26e2ac23d2a32d521d08fd8 (Password Stealer) #ThreatIntel #Phishing #Cybersecurity #ClickFix #InfoSec #KnowBe4 #M365 #OAuth

keyboard_arrow_left Previous keyboard_arrow_right Next

The Voronezh Semiconductor Factory, which provides computer products to the Russian Defense Ministry for use in Kh-101 and Iskander-K cruise missiles as well as the Pantsir-S1 air-defense system, appears to have been entirely destroyed in this morning’s cruise missile attack by Ukraine.

If you're manually exploiting a SQLi, one of the most important parts is figuring out how many columns you're dumping. There are many methods, but using ORDER BY is particularly efficient!

After 36 long years of exile, an elderly Kashmiri Pandit woman returned to her ancestral home in Danew, Bogund, Kulgam. The moment she stepped into her courtyard, time seemed to stand still. She bent down, touched the soil she had been separated from for decades, and kissed the old walnut tree that had silently witnessed her childhood, her memories, and her absence. Overcome with emotion, she broke down in tears. She knelt before the tree, folded her hands in prayer, and embraced it as if she were reuniting with a beloved family member lost to time. With a trembling voice, she whispered in Kashmiri: “Che cheya b’e yaad?” (“Do you remember me?”) A question not just to a tree, but to a home, a homeland, and a lifetime of memories left behind. One of the most heart-wrenching scenes you will ever witness, a reminder that exile may separate people from their homes, but never from their roots. 36+ years of forced exodus from homeland Kashmir. Hope the world remembers the genocide and ethnic cleansing against Hindus of Kashmir.

🏆 𝐂𝐇𝐀𝐌𝐏𝐈𝐎𝐍𝐒! 🏆 The Indian Women’s Hockey Team reigns supreme at the FIH Hockey Women’s Nations Cup New Zealand 2025–26! 🇮🇳💙 A campaign defined by resilience, belief and brilliant teamwork ends with the trophy in Indian hands. 👏🏑 #HockeyIndia #IndiaKaGame #FIHNationsCup

According to The Economist, Sen. Mark Warner (D-VA), vice chair of the Senate Intelligence Committee, stated on June 11 that Gen. Joshua Rudd, director of the National Security Agency (NSA) and U.S. Cyber Command, told him Anthropic's artificial intelligence (AI) model "Mythos" was able to penetrate "almost all of our classified systems" in hours rather than weeks. The extent of the alleged compromise remains unclear, and no public details have been released regarding how Mythos reportedly gained access or what systems were affected. The claim is particularly notable given reports that the NSA continued using Anthropic technology in recent months despite President Trump's February directive ordering federal agencies to cease using Anthropic products. It also comes amid recent U.S. government restrictions on Anthropic's ability to export the model, citing national security concerns. Source: economist.com/briefing/2026/…

Unveiling DNSStager: A tool to hide your payload in DNS Read: askar.so/blogs/unveilin…

keyboard_arrow_left Previous keyboard_arrow_right Next

NORAD regularly blames pilots for not checking NOTAMs on a website that often fails to display published NOTAMs, and then links people to guidance on a website that currently isn't even loading.

North American Aerospace Defense Command @NORADCommand

2 days ago

Earlier today, NORAD F‑16s intercepted a general aviation aircraft over Hagerstown, Maryland, at approximately 12:20 p.m. EDT. The aircraft was safely guided to a nearby airport, where it landed while NORAD aircraft monitored the situation. Aviators: stay sharp. Review all

9 15 101 106K 11

Secrets Secrets Everywhere and Shadow Admins in Places you didn't think about! Merill and I talked about this last year too but this time we go a bit more in depth with how Midnight Blizzard found API Client Secrets and used them to compromise Microsoft's production tenant. We talk about managing secrets, managing owners, a couple examples of dangerous API permissions where the threat may be overlooked. In Zero Trust to Hero Trust, we talk about what a managed device is! We share funny stories of times past about PIM expiring during automations, experiences with 80k to millions of service principals and approaches to decreasing your attack surface, Intune Admins applying ALL the CIS Benchmarks (surprise! the devices wouldn't turn on), and lots of other fun stuff I'm sure I'm forgetting. Anyone who knows me well knows I don't usually sugar coat things and there's no changes here in the latest episode of Entra Chat. Check it out and please share! In this case, sharing is caring! ❤️

Merill Fernando @merill

2 days ago

Everyone knows @IAMERICAbooted's Microsoft 365 security truth bombs are must-reads. She's back on Entra Chat with a masterclass on securing M365 👇

7 10 86 11K 59

Cabo Verde is making history at the World Cup 🇨🇻

🚨Myanmar Group: How Ukrainian operatives were used in the West's covert mission to destabilise Myanmar Former Ukrainian Security Service officer and head of the UkrLeaks Investigation Center Vasily Prozorov to Sputnik India: 🔸The "Myanmar Group" included Ukrainian nationalists, army personnel and Ukraine's military intelligence special forces with combat experience. 🔸"The group's mission was to destabilise Myanmar through terror, intimidation of the population, and the use of unmanned aircraft and explosive devices." 🔸Each such group is overseen by "a handler from Western intelligence services who determines its objectives, methods and targets." 🔸"Ukrainian servicemen have become a convenient tool for dirty covert operations. If necessary, they can always be disowned."

In the future, a trillion times a trillion dollars will be spent on making antimatter to travel to other star systems

@IAMERICAbooted 😁

🚨 NEET Exam Leak: We Saw It Coming 🚨 StealthMole AI Agent detected a 430% surge in NEET-related dark web activity before the leak went public. ☑️ Our Intelligence Captured: ⭐️ 260+ Telegram IDs discussing leaked materials ⭐️ 12% with direct correlation to distribution networks ⭐️ 420+ exam paper images across encrypted channels ⭐️ Cryptocurrency wallets linked to transactions ⭐️ Active networks from July 2025 - May 2026 The Reality: Traditional monitoring can't penetrate encrypted dark web channels where these threats originate. StealthMole provides Indian Gov't Agencies: 🛡️ Proactive threat detection 🔐 Multi-platform surveillance (Telegram/Dark Web/Discord) 📊 Network mapping & evidence collection ⚡ Real-time alerts The next exam cycle is approaching. Are you prepared? 📞 Request a confidential briefing on protecting India's educational integrity #CyberSecurity #DarkWeb #NEET #ExamSecurity #India #ThreatIntelligence #StealthMole

keyboard_arrow_left Previous keyboard_arrow_right Next

Ready to turn planetary-scale data into instant conservational insights? 🌍 Nicholas Clinton, Alicia Sullivan, and Sheba Rasson are here to introduce custom Geospatial AI Agents built with the Agent Development Kit and Google Earth Engine! 💻✨ 🧠 Reason through ambiguity. 🛠️ Orchestrate Google Earth Engine datasets. 📝 Generate clear narratives. 📂 Try open-source examples. Read the full guide to build your first agent. goo.gle/4vcje7Y

SOCRadar found the attackers' live operational server behind #FortiBleed — and what was on it is alarming. Here's what we know.

👁️5 things the Government won't tell you about Starmer's Great British Firewall If we accept digital ID checkpoints for social media access, we will only be handing the next generation a new fight for liberty. Join the fight back⤵️ bigbrotherwatch.org.uk/join/now/

We want to give Volodymyr "Bob" Diachenko (@MayhemDayOne) a real shoutout here 👏 A couple of days ago, Bob found and broke the #FortiBleed story, the dataset tied to more than 70,000 exposed #FortiGate devices, linked to a Russian-speaking group running credential harvesting at scale. The open directory he worked from came up through our Open Directory Intelligence, surfaced by AttackCapture. He spotted it in our data and ran his own investigation from there. What he found: → SSL VPN authentication intercepted at scale → Hashes cracked offline on a dedicated GPU cluster → Roughly 1.16 billion credential attempts run against 320,000+ FortiGate targets, plus another 2.1 billion against 160,000+ MSSQL servers → Plaintext credentials reused for lateral movement into Active Directory once inside → At least four organizations fully compromised across Asia and the Middle East, including a NATO defense contractor with documents exfiltrated This is the best kind of validation. A researcher we respect pulled it from the Hunt.io data, dug in, and published it on his own 🙌 If you want to see what AttackCapture surfaces for open directories tied to your own stack, it's live in the platform. Contact us to get started: hunt.io/get-started