1010.cx

  • AWS Console Supply Chain Breach Enables GitHub Repository Hijacking 

    ·

    , , , , ,

    A newly reported supply chain attack targeting the Amazon Web Services (AWS) management console has raised alarms across the developer community.   Cybersecurity researchers have discovered that threat actors are exploiting misconfigured AWS credentials and integrated GitHub actions to hijack repositories and inject malicious code into open-source projects.  According to the security firm that uncovered the incident, attackers exploit compromised […]

    The post AWS Console Supply Chain Breach Enables GitHub Repository Hijacking  appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Zero-Click Exploit Chain Discovered Targeting Google Pixel 9 Devices

    ·

    , , , , ,

    Security researchers at Google Project Zero have disclosed a complete zero-click exploit chain affecting Google Pixel 9 smartphones, chaining vulnerabilities in the Dolby audio decoder and kernel driver to achieve code execution and privilege escalation without any user interaction. The exploit leverages three distinct vulnerabilities: CVE-2025-54957 in the Dolby Unified Decoder, CVE-2025-36934 in a kernel […]

    The post Zero-Click Exploit Chain Discovered Targeting Google Pixel 9 Devices appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Azure Identity Token Flaw Exposes Windows Admin Center to Tenant-Wide Breaches

    ·

    , , , ,

    Cymulate Research Labs discovered a high-severity authentication bypass vulnerability in Microsoft Windows Admin Centre’s Azure AD Single Sign-On implementation that enables attackers with local administrator access on a single machine to compromise any other Windows Admin Center-managed system within the same Azure tenant. The flaw, tracked as CVE-2026-20965, stems from improper validation of Proof-of-Possession (PoP) tokens […]

    The post Azure Identity Token Flaw Exposes Windows Admin Center to Tenant-Wide Breaches appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure

    ·

    A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year. Cisco Talos, which is tracking the activity under the name UAT-8837, assessed it to be a China-nexus advanced persistent threat (APT) actor with medium confidence based on tactical overlaps with other campaigns mounted by threat actors from the region.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

    ·

    Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686. The vulnerability, tracked as CVE-2025-20393 (CVSS

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Another 340 firms approved to bid on Golden Dome work worth up to $151B

    ·

    Another 340 companies and schools have been added to the Golden Dome missile defense contract vehicle, leaving only a small handful of the original 2,400-plus applicants out of the running for a pool of work worth up to $151 billion.

    On Thursday, the Missile Defense Agency announced the third list of organizations deemed eligible to bid on the multiple-award indefinite-delivery/quantity contract, known as the Scalable Homeland Innovative Enterprise Layered Defense, or SHIELD. Several U.S. schools were among the 340 additions, including Northern Arizona University, New York University, and the University of Dayton in Ohio.

    In December, MDA made two announcements that identified a total of 2,100 awardees. Now a total of 2,440 applicants have been approved, out of a original pool of 2,463, leaving 23 applicants out of the running. Thursday’s announcement said said the large group “encompasses a broad range of work areas that allows for the rapid delivery of innovative capabilities,” and added that work under the SHIELD contract “will continue through December 2035.”

    A Missile Defense Agency spokesperson did not respond by publication time to requests for more details about those remaining offers. 

    The announcement came one day after President Donald Trump said U.S. control of Greenland was “vital” for the Golden Dome defense initiative, although experts were quick to point out that the existing Space Force base and longstanding diplomatic agreements counter his claim. 

    Golden Dome’s architecture—pitched by Trump and Defense Secretary Pete Hegseth as a catch-all missile defense system to counter ICBMs, hypersonic missiles, and drones of all sizes—has not been made public. 

    The administration says space-based interceptors are key to stopping long-range missiles. The Space Force has started awarding contracts to develop the needed technology. In November, the service awarded contracts to several companies under a competitive, and secret, other transaction agreement. In December, it sought proposals for a space-based “kinetic midcourse interceptor” prototype intended to ram enemy missiles. 

    In an executive order signed last month, Trump said the nation will achieve “space superiority” by “developing and demonstrating prototype next-generation missile defense technologies by 2028.”

    ]]>

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • The Pentagon leans into drone swarms with a $100M challenge

    ·

    The U.S. military wants to make it easy for troops to direct swarms of drones—on land, at sea, or in the air—and is offering vendors up to $100 million to do so.

    On Tuesday, the Pentagon’s Defense Innovation Unit announced the Orchestrator Prize Challenge, the latest sign that the military is looking beyond simply buying warbots in bulk toward the larger challenge of giving commanders a way to command groups of different drones from different makers.

    “We want orchestrator technologies that allow humans to work the way they already command–through plain language that expresses desired effects, constraints, timing, and priorities—not by clicking through menus or programming behaviors,” said Lt. Gen. Frank Donovan, who leads the Defense Autonomous Warfare Group. The DAWG, essentially a re-branding of the Replicator initiative, is running the challenge along with DIU and the Navy.

    Replicator sought to procure thousands of small, highly autonomous drones quickly but missed a key August goal for delivery. (The bar is set by Ukraine, which last year sent more than a million drones to its frontline units.)

    The Pentagon has been hacking away at bureaucratic obstacles that prevent the fast acquisition of drones, but the larger problem is how to make them actually useful to commanders who can’t spare troops to operate one drone at a time, as Ukrainian units do.

    Hence the Ender’s Game-like “Orchestrator” challenge, to find a “robust, scalable and vehicle-agnostic capability for understanding, tasking and coordinating autonomous systems at the fleet level.”

    The concept of swarm robotics goes back more than 30 years, to this 1995 paper. The Pentagon has been holding multiple-robot challenges, like the Navy’s SWARM and LOCUST events, for more than a decade. But SWARM used about a dozen autonomous boats in very simple naval maneuvers, while LOCUST employed choreographed maneuvers.

    The challenge now is to integrate multiple drones capable of autonomous decision-making and to subordinate them to a human, or at least to human judgment (which is a closer reading of the actual Defense Department policy on lethal autonomous weapons).

    The end result may be the real test of how well humans and robotic swarms really understand each other.

    ]]>

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Ukraine’s future may turn on upcoming votes in Congress

    ·

    More than 30 countries recently announced security guarantees that would take effect following a cease-fire between Ukraine and Russia, vowing to continue providing “critical long-term military assistance” to Ukraine’s armed forces, which they declared to be Europe’s “first line of defense and deterrence.” The role of the United States in that effort will soon be decided by Congress, which is debating its contributions as emergency assistance shifts to sustained support.

    The 2026 National Defense Authorization Act, signed into law last month, authorizes $400 million for the Ukraine Security Assistance Initiative, the primary vehicle for U.S. security assistance since Russia first invaded Ukraine in 2014. USAI is not a cash transfer program; it pays for U.S. training and equipment like artillery, air defense, anti-tank systems, and drones.   

    But the NDAA is only an authorization bill. Funding will not materialize until Congress passes a full-year defense appropriations bill. USAI has received annual appropriations for more than a decade, under Democratic and Republican administrations. The House appropriations bill, however, provides no funding for fiscal 2026. No funding was requested by the Trump administration and an effort in committee to add funding failed. The Senate bill, by contrast, includes $800 million. 

    The actual amount for USAI will be driven by politics and the defense topline. House appropriators have approved $832 billion to the Defense Department for fiscal 2026, meeting the administration’s request, while Senate appropriators have added $22 billion. If the final topline comes in close to the House level, USAI is likely to land near $300 million. If the topline comes in close to the Senate level, $400 million or even higher becomes possible. According to Politico, House Appropriations Committee Chairman Tom Cole told reporters that the defense topline would slightly exceed the NDAA topline, which was $8 billion above the request.  

    At $300 million to $400 million, Congress is not trying to underwrite the war effort alone. That would cost billions. It is trying to keep Ukraine’s forces viable, reinforce European burden sharing, and maintain Western leverage in negotiations as Russia continues to attack Ukraine’s cities and infrastructure. 

    While Ukraine assistance has been controversial in Congress, several factors make it easier for members to vote for it this year: the Europeans’ agreement to a framework of security guarantees that the United States under the Trump administration has endorsed; and the passage of the NDAA—for members who might otherwise have difficulty supporting appropriations will have already voted for the underlying authorization. The departure of Rep. Marjorie Taylor Greene, one of the most vocal opponents of U.S. support for Ukraine, also helps.  

    Does this funding matter? Yes, both symbolically and substantively. 

    While these levels are a fraction of the tens of billions the United States was providing to Ukraine not that long ago, continued U.S. security assistance is highly symbolic at a time when peace talks are being considered and Ukraine is looking to see if those commitments will be backed up by real dollars. Moreover, if a peace deal is not reached, these funds will serve as a bridge until European funding and production increase.

    Ukraine assistance in the upcoming defense appropriations bill would signal to Ukraine and the Europeans that Washington intends to stay engaged in supporting Ukraine’s security. That signal can bolster the administration’s diplomatic efforts to end the war, and influence how much Europe is willing to invest and how confidently Ukraine can pursue a peace settlement.

    For Congress, the question is not whether Europe should carry more of the burden. The question is whether the United States will provide a modest but reliable amount that keeps Ukraine in the fight, keeps Europe at the table, and keeps the U.S. strategy credible. Without that credibility, Russia has little reason to strike a peace deal.

    David Bortnick is a Vice President at SMI, a government affairs firm. He previously served as a Professional Staff Member on the House Appropriations Committee, where his portfolio included security assistance for Ukraine, and as a Legislative Analyst at the White House Office of Management and Budget.

    ]]>

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • New PayPal Scam Sends Verified Invoices With Fake Support Numbers

    ·

    , , , , , , , ,
    Hackread.com exclusive: Scammers are using verified PayPal invoices to launch callback phishing attacks. Learn how the “Alexzander” invoice bypasses Google filters.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Rudd defends qualifications to lead NSA, Cyber Command at confirmation hearing

    ·

    President Donald Trump’s pick to lead U.S. Cyber Command and the National Security Agency told senators Thursday that his experience working with cyber intelligence in the Indo-Pacific qualifies him to serve in the dual-hatted role, though he notably stopped short of directly endorsing policy proposals for more aggressive cyber responses to China and other foreign adversaries.

    Lt. Gen. Josh Rudd’s relative lack of direct experience in military cybersecurity and signals intelligence was raised multiple times when he testified before the Senate Armed Services Committee on Thursday. Currently the deputy commander of U.S. Indo-Pacific Command, Rudd has spent his career largely in special operations and joint command roles. Some former officials and China analysts view Rudd’s Indo-Pacific background as relevant to U.S. cyber operations involving Beijing.

    In his opening testimony, Rudd said he has frequently used cyber intelligence findings produced by the organizations he is nominated to lead. 

    “For decades, I have had the opportunity to be a leader, consumer, enabler, generator and integrator of the intelligence and operational capabilities of the NSA and Cyber Command,” he told senators.

    “I’m confident that the incredible talent at Cyber Com-NSA will provide great advice,” Rudd added. “I’m confident that, if confirmed, I can continue to lead and enable those two organizations to provide the best support to our combat commanders in the joint force, writ large.”

    The dual-hat arrangement of NSA and Cyber Command has been a frequent topic of debate among cyber policy practitioners, who have argued over whether the agencies should be led by two different officials. The fiscal 2026 defense policy package kept in place the current arrangement for now, but it is possible that may be revisited in future efforts.

    Rudd told several senators that his goal would be to remain “objective” about the dual-hat policy. He told committee chairman Roger Wicker, R-Miss., however, that the current buildout creates “unity of command and unity of effort” across the two organizations and provides an effectiveness that fosters the speed needed to respond to current cyber threats from adversaries.

    Sen. Jeanne Shaheen, D-N.H., asked Rudd about election security, and how he’d manage Cyber Command during a midterm election year amid governmentwide staffing reductions within federal cyber offices.

    “Any foreign attempt to undermine the American process of democracy … has got to be safeguarded. It’s absolutely a fundamental priority for the nation,” Rudd told Shaheen. He said his experience working across interagency processes would help in efforts to protect upcoming elections, though he said he isn’t sure what direct role Cyber Command would play in the future and would “continue to prioritize that as directed.”

    Rudd was not asked directly about Section 702 of the Foreign Intelligence Surveillance Act, a major surveillance authority in the NSA’s toolbox that expires in April unless reauthorized by Congress. Civil-society groups have said the authority allows too much collection and querying of Americans’ communications.

    In written testimony to the committee, he said he had “limited familiarity” with details of the statute’s collection processes, but said he has viewed intelligence derived from 702 findings.

    Intelligence officials have historically supported reauthorizing the statute, while opposing a warrant requirement long sought by civil liberties organizations. The law allows the NSA to target foreigners’ communications abroad without a warrant for foreign intelligence purposes, though it permits the incidental collection of U.S. persons’ communications.

    “As a current customer of FISA Section 702-derived intelligence products, I recognize how this authority is used every day to protect the nation from current and emerging threats by providing critical insights on key adversaries,” he said. “However, I would defer to the administration to fully characterize the value of this authority. If confirmed, I fully commit to working with Congress on all matters related to this authority.”

    Rudd didn’t directly answer questions from Sen. Angus King, I-Maine, about whether NSA and Cyber Command should develop an offensive cyber deterrence policy. More aggressive, gloves-off cyber offense has been talked up by current administration officials for the last year amid major Chinese cyber intrusions into U.S. telecom systems and other critical infrastructure.

    “Senator I don’t know if that’s my role to have that opinion,” Rudd said, adding that it’s his job to develop cyber options that “deliver deterrence” that would be the most effective.

    “I’m confused, because you’re nominated to be the top cyber officer in the United States government,” King replied. “And you don’t have an opinion on cyber policy or what’s important? Are you simply a lever puller? I really don’t understand.” King added he found the responses “disappointing.”

    Sen. Elissa Slotkin, D-Mich., also asked Rudd to provide affirmation that NSA capabilities won’t be used for domestic spying purposes, amid a Trump administration-wide effort to crack down on supposed domestic terrorist groups. 

    “Senator, if confirmed, I will execute my responsibilities in accordance with the constitution and all applicable laws,” Rudd said. 

    He also agreed to work with Sen. Jacky Rosen, D-Nev., on finding ways to develop and enhance the U.S. cyber workforce.

    Rudd is expected to testify before the Senate Intelligence Committee — which also has jurisdiction over his nomination — in two weeks and is unlikely to face major confirmation hurdles given the GOP majority in the high chamber. 

    NSA and Cyber Command have been without a permanent leader for months, after far-right activist Laura Loomer pushed for the firing of their previous leader, Gen. Timothy Haugh, in April. Since then, Lt. Gen. William Hartman has led the agency in an acting capacity. Hartman is expected to retire shortly after a permanent leader steps into the position, two people familiar with the matter have said.

    Rudd, if confirmed, will also have to contend with declining morale inside the spy agency, as well as significant workforce cuts that were influenced by Trump 2.0 efforts to shed government bloat and spending waste.

    ]]>

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶