Years before the air strike that killed Ayatollah Ali Khamenei, Israeli intelligence had been quietly mapping the daily rhythms of Tehran. According to reporting by the Financial Times (paywalled), nearly all of the Iranian capital’s traffic cameras had been hacked years earlier, their footage encrypted and transmitted to Israeli servers. One camera angle near Pasteur Street, close to Khamenei’s compound, allowed analysts to observe the routines of bodyguards and drivers: where they parked, when they arrived and whom they escorted. That data was fed into complex algorithms that built what intelligence officials call a “pattern of life,” detailed profiles including addresses, work schedules and, crucially, which senior officials were being protected and transported. The surveillance stream was one of hundreds feeding Israel’s intelligence system, which combines signals interception from Unit 8200, human assets recruited by the Mossad and large-scale data analysis by military intelligence.
When US and Israeli intelligence determined that Khamenei would attend a Saturday morning meeting at his compound, the opportunity was judged unusually favorable. Two people familiar with the operation told the FT that US intelligence provided confirmation from a human source that the meeting was proceeding as planned, a level of certainty required for a target of such magnitude. Israeli aircraft, reportedly airborne for hours, fired as many as 30 precision munitions. The strike was carried out in daylight, which the Israeli military said created tactical surprise despite heightened Iranian alertness. The Financial Times reports that the assassination was a political decision as much as a technological feat. Even during last year’s 12-day war, when Israeli strikes killed more than a dozen Iranian nuclear scientists and senior military officials and disabled air defences through cyber operations and drones, Israel did not attempt to kill Khamenei.
The capability to do so, however, had been built over decades. Former Mossad official Sima Shine told the FT that Israel’s strategic focus on Iran dates back to a 2001 directive from then-prime minister Ariel Sharon instructing intelligence chief Meir Dagan to make the Islamic Republic the priority target. What distinguishes the latest operation, according to the FT, is the scale of automation. Target tracking that once required painstaking visual confirmation has increasingly been handled by algorithm-driven systems parsing billions of data points. One person familiar with the process described it as an “assembly line with a single product: targets.”
Tag: hackers
AI overlords of the world hacked: Fallout from the massive Palantir breach
Palantir Technologies has been hacked, according to well-known blogger Kim Dotcom. The company develops software for intelligence and big data analysis.
Palantir (named after the magical ‘seeing stones’ from ‘The Lord of the Rings’) doesn’t engage in surveillance in the conventional sense using spies, cameras, or bugs. Instead, it develops software that is sold to government agencies, military organizations, and large corporations.
Clients (like the CIA or the German police) upload all their data, and Palantir (its primary platforms are Gotham for military purposes and Foundry for business) then utilizes AI to transform this chaotic information into a coherent picture.
Essentially, it creates a ‘digital twin’ of reality, revealing connections that analysts could have never recognized on their own: for example, that a terrorist had called the cousin of someone who recently transferred money to a suspicious account.
The claims about wiretapping Trump and Musk are likely untrue or highly exaggerated. However, there’s no doubt that Palantir serves as a massive surveillance mechanism for monitoring America’s adversaries (and not only). It is an “operating system for war and intelligence,” providing agencies with a supercomputer that can see everything. But it’s the agencies themselves that feed this computer with data.
Hackers Just Took Down This Massive ICE Doxxing Website
Images uploaded to social media show that hackers have taken down one of the largest websites leftist agitators have used to doxx ICE agents conducting immigration operations in the wake of the two fatal self-defense shootings in Minneapolis.
“We were not kidding,” a message to administrators and users of the website read. “We sent your names, logins, passwords, and locations to a bunch of government agencies.”
The hackers responsible also mocked the website’s abysmal security.
“Sherman Austin is a terrible coder, so are ‘RC’ Concepcion and Matt Beran,” the message continued.
StopICE is a website designed to allow users to designate and track license plates radicals believe belong to ICE agents, making it one of the largest of its kind. The hackers had a second surprise for the site’s users. Whenever they would search for a plate in the database, they would be greeted with a Tom Homan meme.
Open-Source AI Models Vulnerable to Criminal Misuse, Researchers Warn
Hackers and other criminals can easily commandeer computers operating open-source large language models outside the guardrails and constraints of the major artificial-intelligence platforms, creating security risks and vulnerabilities, researchers said on Thursday.
Hackers could target the computers running the LLMs and direct them to carry out spam operations, phishing content creation or disinformation campaigns, evading platform security protocols, the researchers said.
The research, carried out jointly by cybersecurity companies SentinelOne and Censys over the course of 293 days and shared exclusively with Reuters, offers a new window into the scale of potentially illicit use cases for thousands of open-source LLM deployments.
These include hacking, hate speech and harassment, violent or gore content, personal data theft, scams or fraud, and in some cases child sexual abuse material, the researchers said.
While thousands of open-source LLM variants exist, a significant portion of the LLMs on the internet-accessible hosts are variants of Meta’s Llama, Google DeepMind’s Gemma, and others, according to the researchers. While some of the open-source models include guardrails, the researchers identified hundreds of instances where guardrails were explicitly removed.
AI industry conversations about security controls are “ignoring this kind of surplus capacity that is clearly being utilized for all kinds of different stuff, some of it legitimate, some obviously criminal,” said Juan Andres Guerrero-Saade, executive director for intelligence and security research at SentinelOne.
Guerrero-Saade likened the situation to an “iceberg” that is not being properly accounted for across the industry and open-source community.
The research analyzed publicly accessible deployments of open-source LLMs deployed through Ollama, a tool that allows people and organizations to run their own versions of various large-language models.
The researchers were able to see system prompts, which are the instructions that dictate how the model behaves, in roughly a quarter of the LLMs they observed. Of those, they determined that 7.5% could potentially enable harmful activity.
Roughly 30% of the hosts observed by the researchers are operating out of China, and about 20% in the U.S.
Rachel Adams, the CEO and founder of the Global Center on AI Governance, said in an email that once open models are released, responsibility for what happens next becomes shared across the ecosystem, including the originating labs.
“Labs are not responsible for every downstream misuse (which are hard to anticipate), but they retain an important duty of care to anticipate foreseeable harms, document risks, and provide mitigation tooling and guidance, particularly given uneven global enforcement capacity,” Adams said.
A spokesperson for Meta declined to respond to questions about developers’ responsibilities for addressing concerns around downstream abuse of open-source models and how concerns might be reported, but noted the company’s Llama Protection tools for Llama developers, and the company’s Meta Llama Responsible Use Guide.
Microsoft AI Red Team Lead Ram Shankar Siva Kumar said in an email that Microsoft believes open-source models “play an important role” in a variety of areas, but, “at the same time, we are clear-eyed that open models, like all transformative technologies, can be misused by adversaries if released without appropriate safeguards.”
Shocking study linking covid jabs and cancer ‘censored’ by mysterious cyberattack
A global review examining reported cases of cancer following Covid vaccination was published earlier this month, just as the medical journal hosting it was hit by a cyberattack that has since taken the site offline.
The study appeared in the peer-reviewed journal Oncotarget on January 3 and was authored by cancer researchers from Tufts University in Boston and Brown University in Rhode Island.
In the review, researchers analyzed 69 previously published studies and case reports from around the world, identifying 333 instances in which cancer was newly diagnosed or rapidly worsened within a few weeks following Covid vaccination.
The review covered studies from 2020 to 2025 and included reports from 27 countries, including the US, Japan, China, Italy, Spain, and South Korea. No single country dominated, suggesting the observed patterns were reported globally.
The authors emphasized that the review highlights patterns observed in existing reports, but does not establish a direct causal link between vaccination and cancer.
Days after publication, Oncotarget’s website became inaccessible, displaying a ‘bad gateway’ error that the journal attributed to an ongoing cyberattack.
The journal reported the incident to the FBI, noting disruptions to its online operations.
In social media posts, one of the paper’s authors, Dr Wafik El-Deiry of Brown University, expressed concern that the attack disrupted access to newly published research.
‘Censorship is alive and well in the US, and it has come into medicine in a big, awful way,’ El-Deiry wrote in a post on X.
The FBI told Daily Mail that it ‘neither confirms nor denies the existence of any specific investigation’ into a cyberattack on Oncotarget.
The Daily Mail has reached out to Oncotarget for comment on the cyberattack investigation.
In a post that can no longer be accessed because of the website hacking, Oncotarget noted disruptions to the availability of new studies online. Although they did not accuse a specific group of wrongdoing, the journal alleged without evidence that the hackers may be connected to the anonymous research review group PubPeer.
The researchers alleged that the cyberattack targeted Oncotarget’s servers to disrupt the journal’s operations and prevent new papers from being properly added to the site’s index.
The message was shared on social media by El-Deiry before the website crashed, with the doctor adding, ‘Censorship of the scientific press is keeping important published information about Covid infection, Covid vaccines and cancer signals from reaching the scientific community and beyond.’
In a statement to the Daily Mail, PubPeer declared: ‘No officer, employee or volunteer at PubPeer has any involvement whatsoever with whatever is going on at that journal.’
PubPeer is an online platform where researchers can anonymously comment on peer-reviewed scientific papers after they’ve already appeared in journals.
Its stated goal has been post-publication peer review, meaning people discuss, critique, or point out potential issues in studies that have already passed the usual pre-publication checks.
Australia’s weapons programs exposed in defence industry cyber attacks
A series of cyber attacks on defence industry supply chain contractors has exposed threats to Australia’s weapons programs, security analysts say.
Over the past week, it was revealed that a hacker group shared material about Australia’s $7 billion Land 400 military program after allegedly breaching several Israeli defence companies.
The Cyber Toufan group posted images and details on Telegram about the Australian Defence Force’s (ADF) next-generation Redback infantry fighting vehicle.
Israeli weapons manufacturer Elbit Systems is involved in the project, supplying the vehicle’s high-tech turrets.
Another group claimed responsibility for a cyber attack on IKAD Engineering, a key player in the Australian defence industry.
The J Group ransomware gang alleges it infiltrated the company’s systems for five months in what it described as a “staycation in the defence supply chain”.
The hackers claimed they obtained information relating to Australian naval contracts, including the Hunter Class frigate and Collins Class submarine programs.
IKAD Engineering chief executive Gerard Dyson confirmed the incident, saying an “external third party” had gained unauthorised access to a portion of its internal IT systems
He said so far only “non-sensitive project information” had been impacted, along with employee files, adding that IKAD did not have direct connections into ADF systems.
Cybersecurity experts warned even non-sensitive data could have strategic value, and the attacks should be a “wake-up call”.
Congressional Budget Office Plagued by ‘Ongoing’ Cybersecurity Breach
When the agency that crunches Washington’s numbers can’t even secure its own, it’s hard not to see a metaphor in the math.
The Congressional Budget Office confirmed this week that it’s battling an “ongoing” cybersecurity incident — one that, by all accounts, has stretched on for days and remains unresolved.
Politico first reported the breach, noting that CBO officials are still assessing the full scope of the intrusion and what data, if any, may have been compromised.
The nonpartisan agency, which provides cost estimates and fiscal analyses to Congress, said it has added new monitoring systems and security controls while a full investigation continues.
The CBO has not said whether sensitive information was stolen or who might be behind the attack, the Associated Press reported. Officials also declined to specify how long the agency’s systems have been affected.
Reuters added that Senate offices were warned by the chamber’s Sergeant at Arms that email communications with the CBO might have been exposed, potentially giving hackers a chance to spoof messages or launch phishing attempts.
That advisory urged congressional staff to treat any CBO-related email traffic with extra caution until the incident is fully contained.
While the agency insists its work for lawmakers continues uninterrupted, the breach’s duration has sparked questions about whether the CBO’s analytical models and data pipelines could have been tampered with.
Experts told the Associated Press that a breach described as “ongoing” suggests investigators are still chasing active threats within the network rather than cleaning up a finished intrusion.
The incident comes at a sensitive time for Congress, with fiscal debates, spending fights, and shutdown negotiations all relying on the CBO’s projections to guide votes and policy.
Reuters noted that the longer such breaches persist, the greater the risk that attackers can map internal systems, gather intelligence, or establish backdoors for later use.
The Washington Post reported that early assessments point to a possible foreign actor, though officials have not publicly attributed the breach to any specific nation or group.
In a statement, the CBO said it “continually monitors” for cyber threats and had taken “immediate action” to safeguard its systems once the incident was detected.
Still, the episode has renewed scrutiny of cybersecurity readiness across federal agencies — particularly those, like the CBO, that don’t handle classified data but remain critical to day-to-day government operations.
Researchers expose large-scale YouTube malware distribution network
Check Point researchers have uncovered, mapped and helped set back a stealthy, large-scale malware distribution operation on YouTube they dubbed the “YouTube Ghost Network.”
The network published more than 3,000 videos across compromised or fake channels, luring viewers with game cheats, cracked software, or pirated tools, but instead delivering malware or phishing pages. 
The YouTube Ghost Network
The YouTube Ghost Network is strikingly similar to the Stargazers Ghost Network, a previously uncovered network of fake or hijacked GitHub accounts that served as a malware and phishing link Distribution-as-a-Service.
In the Stargazers Ghost Network, different accounts filled different roles. Some accounts directed targets to malicious downloads, others served malware, and others still starred, forked, and subscribed to malicious repositories, in an obvious attempt to make the other accounts appear legitimate to potential victims.
Similarly, the YouTube Ghost Network consists of video accounts, post accounts, and interact accounts.
Video accounts, which are either hijacked or created by the malware peddlers, upload videos that promise something appealing, e.g., a free/cracked version of Adobe Photoshop, or game hacks for popular games like Roblox. The descriptions contain download links or direct viewers to password-protected archives on services like Dropbox, Google Drive or MediaFire, and they often tell users to temporarily disable Windows Defender before installing the downloaded cracked software.
Post accounts publish community posts with the same links and passwords, and interact accounts flood comment sections with fake endorsements, creating a false sense of trust.
China Escalates Cyberattacks That Are Increasingly Hard To Detect
AChinese hacking group is reportedly behind a significant espionage campaign targeting U.S. technology firms and legal services, highlighting a worrisome escalation in China’s cyber “Cold War” with the United States.
Since March 2025, Google’s Threat Intelligence Group and its cybersecurity subsidiary, Mandiant, have tracked suspicious activities, delivered over a backdoor malware known as “BRICKSTORM.” This sophisticated campaign is targeting a variety of sectors, including law firms, software-as-a-service providers, and other technology companies. Following extensive monitoring and analysis, Google has linked these hacking efforts to UNC5221, a long-suspected Chinese Advanced Persistent Threat (APT) actor, alongside other “threat clusters” associated with China.
The BRICKSTORM campaign is especially disturbing for two primary reasons. Firstly, it was crafted to ensure “long-term stealthy access” by embedding backdoors into targeted systems, enabling hackers to dodge conventional detection and response methods. The stealth campaign has proven so adept that, on average, these intruders remain undetected in targeted systems for nearly 400 days, as revealed by a Google report.
Secondly, the motivations behind these cyberattacks transcend the theft of trade secrets and national security data. Google suspects that these hackers are also probing for “zero-day vulnerabilities targeting network appliances,” as well as “establishing pivot points for broader access” to additional victims. This indicates a strategy to gather intelligence that could be pivotal to the Chinese military should tensions escalate between the U.S. and China.
Xi Jinping, the leader of Communist China, has consistently expressed his ambition for the nation to become a “cyber superpower.” With this goal in mind, the Chinese government has invested significant resources in building a formidable cyber army.
The People’s Liberation Army (PLA) considers cyber warfare to be a crucial aspect of both its defensive and offensive strategies, alongside traditional military forces. Cyberattacks are viewed as a cost-effective means to undermine an opponent’s will to fight by targeting its economic, political, scientific, and technological systems.
Thus, the PLA reportedly employs as many as 60,000 cyber personnel, ten times larger than the U.S. Cyber Command’s Cyber Mission Force. Additionally, a higher proportion of the PLA’s cyber force is dedicated to offensive operations compared to the United States (18.2 percent versus 2.8 percent).
Alongside China’s official cyber force, the Ministry of State Security and the Ministry of Public Security have adopted a “pseudo-private” contractor model that allows them to hire civilian hackers to conduct cyber espionage abroad while obscuring the Chinese government’s involvement.
Over time, the Communist regime has also significantly advanced its cyber operation capabilities. Today, China’s cyber operations are increasingly sophisticated, utilizing advanced tactics, techniques, and procedures to infiltrate victim networks, according to a U.S. government report.
The BRICKSTORM attack is part of a long series of high-profile cyberattacks originating from China in recent years. Between 2023 and 2024, Salt Typhoon, a Chinese hacking group linked to the Ministry of State Security accessed U.S. wireless networks operated by companies such as AT&T and Verizon, “as well as systems used for court-appointed surveillance.” This breach resulted in the compromise of telecommunication data for over a million American users, including individuals involved in both Trump’s and then-Vice President Kamala Harris’s presidential campaigns.
Roughly 70,000 Government ID Photos Potentially Stolen in Discord Hack
Government ID photos of around 70,000 Discord users, collected for age verification purposes, may have been stolen in a hack, the company said in an Oct. 9 update. Discord is a group chat app used largely by programmers and gamers.
Initially announced on Oct. 3, the data breach occurred on the systems of third-party vendor 5CA, which Discord uses for customer support efforts. The malicious actor aimed to extort a financial ransom from Discord, the company stated.
According to Discord, the unauthorized party “gained access to information from a limited number of users who had contacted Discord through our Customer Support and/or Trust & Safety teams.”
“No messages or activities were accessed beyond what users may have discussed with Customer Support or Trust & Safety agents,” the company said.
“Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals.”
Age-related appeals refer to instances when users were locked out of the app due to being reported as underage and then had to submit photo IDs to verify their age and unlock their accounts.
Hellbound and Down 
You must be logged in to post a comment.