Tornike

🚨 CRITICAL: CVE-2026-34908 (UniFi OS) CVSS 10.0 Unauthenticated attacker on the network can take unauthorized control actions via improper access control. Advisory: github.com/advisories/GHS… #CVE #cybersecurity #infosec #ThreatIntel

Here's my update to the broader community about the ongoing incident investigation. I want to give you the rundown of the situation directly. A Vercel employee got compromised via the breach of an AI platform customer called Context.ai that he was using. The details are being fully investigated. Through a series of maneuvers that escalated from our colleague’s compromised Vercel Google Workspace account, the attacker got further access to Vercel environments. Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as “non-sensitive”. Unfortunately, the attacker got further access through their enumeration. We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI. They moved with surprising velocity and in-depth understanding of Vercel. At the moment, we believe the number of customers with security impact to be quite limited. We’ve reached out with utmost priority to the ones we have concerns about. All of our focus right now is on investigation, communication to customers, enhancement of security measures, and sanitization of our environments. We’ve deployed extensive protection measures and monitoring. We’ve analyzed our supply chain, ensuring Next.js, Turbopack, and our many open source projects remain safe for our community. The recommendation for all Vercel customers is to follow the Security Bulletin closely (vercel.com/kb/bulletin/ve…). My advice to everyone is to follow the best practices of security response: secret rotation, monitoring access to your Vercel environments and linked services, and ensuring the proper use of the sensitive env variables feature. In response to this, and to aid in the improvement of all of our customers’ security postures, we’ve already rolled out new capabilities in the dashboard, including an overview page of environment variables, and a better user interface for sensitive env var creation and management. As always, I’m totally open to your feedback. We’re working with elite cybersecurity firms, industry peers, and law enforcement. We’ve reached out to Context to assist in understanding the full scale of the incident, in an effort to protect other organizations and the broader internet. I also want to thank the Google Mandiant team for their active engagement and assistance. It’s my mission to turn this attack into the most formidable security response imaginable. It’s always been a top priority for me. Vercel employs some of the most dedicated security researchers and security-minded engineers in the world. I commit to keeping you updated and rolling out extensive improvements and defenses so you, our customers and community, can have the peace of mind that Vercel always has your back.

Google services are down in parts of Southeastern Europe. Map: outage.report/google #GoogleDown #GoogleServices #internetoutage #google

@gatanasova2015 @DeyvianD outage.report/google

@DeyvianD where do you get this map from?

Oh well Google services are down for eastern Europe

Apple zero-day CVE-2025-43300 exploited in highly sophisticated attack 😱 Stay patched! #Apple #ZeroDay #CVE2025_43300 #Infosec #CyberSecurity

$5 Membership sale is live for the next 24 hours: account.shodan.io/billing/member

Nulled.to and Cracked.io domains got seized by law enforcement

@elonmusk I congratulate the Georgian people 🇬🇪 and thank you @elonmusk for that

Starlink now available in Georgia!

@vxunderground funny and that's what he says Spyware OS company :))

Microsoft flags the vx-underground malware source code collection as being unsafe.

#microsoft #SharePoint

Using Fav-Up github.com/pielco11/fav-up is a simple and effective tool for identifying the real IP address of a server behind #Cloudflare. By using the #favicon associated with a web application as a starting point #search for the server's real IP address using #Shodan. #OSINT

reuters.com/technology/mic… #teams #MicrosoftTeams #Microsoft #down

#Telegram data leak: 395 Million User allegedly put on sale online #DarkWeb Data expose the content messages it is worrying Telegram has yet to confirm the #dataleak, that the only evidence thus far consists of unsubstantiated screenshots posted to the dark web. #databreach

@jephjacques LoL 😃🤖

@KitPloit also godbolt.org

PenguinTrace - Tool To Show How Code Runs At The Hardware Level ift.tt/MQWxP8l

#Telegram leak votre username dans l'header TLS [Server_Name_Indication extension] Sympa non ? :)

@SaraBadran18 crt.sh censys.io developers.facebook.com/tools/ct/  exchange.xforce.ibmcloud.com/url/ dnsdumpster.com pulsedive.com securitytrails.com subdomainfinder.c99.nl wappalyzer.com filesearch.link

Hackers Top Search Engines List❤❤🔥🔥 shodan.io censys.io hunter.io intelx.io app.netlas.io searchcode.com urlscan.io publicwww.com zoomeye.org #bugbountytip