
Iranian State-Sponsored Hackers Unveil Cavern C2 Framework: Multi-Format .NET Compilation Bypasses All Security Detection Tools
In July 2026, Check Point Research exposed Cavern Manticore, an Iranian MOIS-linked APT group, actively targeting Israeli IT providers and government entities with a sophisticated modular C2 framework called Cavern (also known as Cav3rn). Unlike previous Iranian groups that rely on public tools, this actor built an entirely custom .NET-based framework deliberately compiled into three incompatible binary formats—pure IL, mixed-mode C++/CLI, and .NET 8 Native AOT—to force analysts to maintain multiple reverse-engineering toolchains and dramatically increase operational costs. The framework achieves near-zero detection rates on VirusTotal by avoiding traditional obfuscation and instead weaponizing compilation formats themselves, with modules running in isolated AppDomains that leave no persistent artifacts. Attackers gain initial access through compromised RMM solutions such as SysAid, abusing legitimate update mechanisms to sideload the Cavern Agent disguised as uxtheme.dll via a WinDirStat DLL side-loading chain. Communication uses XOR encryption with Base64 encoding, fixed Edge User-Agent strings, custom headers, and a unique protocol syntax, while supporting hot updates and aggressive cleanup. The campaign coincides with parallel operations by MuddyWater against regional targets, highlighting Iran’s coordinated escalation in cyberspace and the growing threat of supply-chain trust abuse against MSPs and RMM platforms worldwide.
Translated from Chinese
Read full articleLatest News

Fake Telegram Proxy Repositories on GitHub Deliver Stealer Malware to Home Users Seeking to Bypass Restrictions
Cybersecurity researchers from Solar 4RAYS at GC Solar have uncovered a widespread campaign where attackers distribute fake Telegram proxy tools on GitHub and mirror sites. The scheme capitalizes on Russian users searching for ways to circumvent Telegram restrictions, with malicious repositories quickly replacing legitimate ones in search engine results. Victims download trojans such as Salat Stealer or Santa Stealer that are disguised as useful proxy software, complete with copied README files, layout, and even the original developer’s donation details. These stealers extract browser sessions, passwords, and specific file types, potentially leading to account takeovers and data theft. The attack benefits from high user trust in GitHub, although the platform’s hosting service cannot always review the constant stream of new uploads. Experts warn users to avoid automatic downloads and to watch for warning signs such as brand-new accounts, zero stars or forks, and requests to disable antivirus software before installation.
Translated from Russian

Looking for Gasoline? Hand Over Your Account: Scammers Launch Fake Gas Station Card Phishing Sites Targeting Fuel Shortages
Cybercriminals have created more than 60 phishing websites that impersonate gas station locator services, game platforms, marketplaces, and video hosting sites to exploit fuel shortages and user demand for bonuses. The primary scheme involves promising users real-time information on available gasoline, electronic fuel coupons, or free in-game rewards in exchange for providing a phone number and confirming it with an SMS code. Once the code is entered, attackers gain full access to the victim's messenger account, allowing them to read conversations, download media and documents, view contacts, and send messages on the victim's behalf. The fraudulent sites often appear highly convincing, prompting users to select fuel type and region before redirecting them to a fake verification form instead of displaying actual station data. F6 specialists identified that over half of the sites mimic marketplace brands, 19% pose as social platforms, and the remainder target gas station maps, games like Brawl Stars, video services, and classifieds boards using domains such as .site, .click, .shop, .lol, and .xyz. The same campaign also targets children by offering free Brawl Stars loot boxes and virtual currency. F6 has already submitted the malicious domains for blocking, though new phishing pages continue to emerge regularly.
Translated from Russian

Progress Software Urges Businesses to Immediately Shut Down ShareFile Storage Zone Controller Servers Over Credible External Threat
Progress Software has instructed customers to manually power down servers running ShareFile Storage Zone Controller due to a credible external threat, temporarily blocking affected accounts while an investigation is underway. The company has not disclosed the nature of the threat or any timeline for restoring access, and no evidence of unauthorized access to customer data has been found so far. Storage Zone Controller enables organizations to store and manage data in their own infrastructure or with third-party providers instead of relying solely on Progress-hosted services. Some users have speculated that the incident may be linked to two high-severity vulnerabilities patched in March, CVE-2026-2699 and CVE-2026-2701, which could allow unauthenticated attackers to modify controller settings, upload malicious files, and execute arbitrary commands. Progress Software is treating the server shutdown as an additional protective measure while the investigation continues, highlighting the seriousness with which the company views the potential risk.
Translated from Russian

Study Reveals That Names Gradually Shape Adult Facial Appearance Through Societal Expectations, Not Genetics Alone
New research demonstrates that a person's given name can influence their physical appearance over time as they unconsciously conform to social stereotypes associated with that name. The study compared photographs of children and adults, finding that participants could accurately guess names from adult faces at rates significantly above chance, while the same task proved nearly impossible with children's images. Machine learning algorithms reinforced these findings by detecting greater facial similarity among adults sharing the same name, an effect absent in younger subjects. To rule out natural aging as the cause, researchers artificially aged childhood photos, yet the resulting images still failed to match name-based expectations. The phenomenon is attributed to social structuring, where repeated societal feedback creates a self-fulfilling prophecy that subtly alters expressions, posture, and facial habits. This effect highlights how even minor social labels can leave measurable marks on human appearance by adulthood.
Translated from Russian

Ghostcommit Attack: Malicious Prompts Hidden in PNG Images Hijack AI Coding Agents to Steal .env Secrets
A novel supply-chain attack called Ghostcommit allows attackers to embed prompt-injection instructions inside PNG images, bypassing AI-powered code review tools and tricking coding agents into leaking sensitive .env configuration files and API keys. Researchers from the ASSET Research Group demonstrated that direct plaintext instructions are immediately flagged by tools such as Cursor and CodeRabbit, but splitting the payload across an AGENTS.md file and a seemingly innocuous image evades detection. The attack remains dormant until a developer later asks the agent to perform normal development tasks, at which point the agent reads the image, extracts the .env contents byte-by-byte, and outputs them as a long tuple of ASCII numbers. Testing across 11 tool-model combinations revealed that success depends primarily on the runtime framework rather than the underlying LLM, with Cursor and Antigravity leaking secrets while Claude Code successfully blocked the attack in most cases. The team also released an open-source multimodal defense prototype based on Gemma 4 that runs on a single 4 GB GPU and achieved near-perfect detection rates on both known and unknown attack samples.
Translated from Chinese

OpenClaw AI Assistant Compromised via WhatsApp: Three Critical Vulnerabilities Allowed Credential Theft, Sandbox Escape, and Arbitrary Code Execution on Host
Security researchers discovered three high-severity vulnerabilities in OpenClaw that could let attackers steal credentials, escalate privileges, and execute arbitrary code on the host system running the AI assistant. Two flaws rated 8.8 on the CVSS scale stemmed from incomplete command filtering that failed to block dangerous inputs, while a third issue rated 8.4 enabled sandbox bypass by mounting parent directories such as /home or /var. The weaknesses potentially exposed sensitive data in ~/.ssh, ~/.aws, and ~/.gnupg, and even allowed attackers to reach the Docker socket for full host escape. Notably, the attack could be triggered remotely through an external WhatsApp message without any prior system access, according to researcher Chinmohan Nayak. All issues were patched in OpenClaw version 2026.6.6, and users are urged to update immediately while tightening sandbox and tool permissions.
Translated from Russian

EU Adds Russian Tech Giant VK to Sanctions List Over Development of National Messenger MAX
The European Union has included VK in its sanctions regime, targeting the parent company of Russia’s largest social media platforms including VKontakte and Odnoklassniki. The move was triggered by VK’s ownership of the developer behind the national messenger application MAX, which Russian authorities have been promoting as a domestic digital platform. According to the Council of the EU, VK serves as the parent structure for LLC Communication Platform, the entity directly responsible for creating and operating MAX. The sanctions decision was formally published on 13 July in the Official Journal of the European Union, marking the first time Brussels has directly sanctioned a major Russian IT holding in connection with a consumer messaging service. While the exact operational and commercial consequences for VK, its subsidiaries, and international partners remain unspecified in the official notice, the action extends EU restrictive measures beyond traditional sectors such as banking, energy, and manufacturing into the Russian technology industry. VK’s press service stated that the sanctions do not affect the functioning of VK or MAX and that all applications and services remain available to users without disruption.
Translated from Russian

Tired of Instant Messaging, Users Flock to Virtual Pigeons: Roost App Revives Postal Delivery with Birds and Animals
Roost is a new messaging application that deliberately replaces instant delivery with delayed virtual bird flights, turning the wait itself into the core user experience. Users select couriers ranging from fast falcons to slow snails and turtles, with delivery times calculated from real animal speeds and actual geographic distances displayed on an interactive map. The app combines messenger functions, social networking, and a collectible creature-training game featuring over one thousand birds and animals that can be leveled up through mini-games. Created by Ticketmaster trust and safety manager Logan Mendelson as a small experiment, Roost went viral after a Threads post by Karen Lewis, growing from 10,000 to over 300,000 users in weeks without any paid marketing. Despite its playful design, the service raises notable privacy concerns because it requires precise location data, stores messages in plaintext, and sends content to OpenAI for moderation while lacking end-to-end encryption.
Translated from Russian

Scientists Develop Eye-in-a-Care-Box Device to Keep Whole Eyes Alive and Responsive to Light for 10 Hours After Death, Advancing Future Transplant Possibilities
Researchers have created a novel perfusion system called Eye-in-a-Care-Box (ECaBox) that successfully maintains the viability of whole eyes outside the body for extended periods after death. The device uses 3D-printed components and continuous oxygenated fluid circulation through the ophthalmic artery to supply oxygen and nutrients to delicate retinal tissues that typically degrade rapidly without blood flow. Experiments on pig eyes showed preserved cellular structure and electrical responses to light flashes via electroretinography even 10 hours post-mortem when perfusion began promptly, outperforming standard cold storage. Similar benefits were observed in limited tests with human donor eyes, though ethical constraints limited sample sizes and no light-response testing was performed on human retinas. The work builds on a landmark 2024 face-and-eye transplant case and highlights potential applications beyond transplantation, including ex vivo studies of macular degeneration without live animal testing. Challenges remain in reconnecting the optic nerve for vision restoration, but the technology could enable portable donor-eye preservation to reduce critical time delays.
Translated from Russian
From Russian sources
Translated from Russian

Russia to Mandate Gosuslugi Authentication for Hosting Providers, Further Reducing Anonymity in Runet
The Russian Ministry of Digital Development (MinTsifry) is advancing plans to require all hosting providers to identify clients exclusively through the Gosuslugi portal and the ESIA system. The measure aims to ensure that every allocated IP address is linked to a verified individual, going beyond current methods such as email or bank card verification. This approach mirrors the identification rules already enforced since September for .ru, .рф, and .su domain registrations and renewals. Industry reactions are divided: while some providers like Turbo Cloud support the initiative for combating fraud, others warn of high implementation costs and significant client losses. Smaller users, including students and independent developers, may migrate to foreign hosting services, and foreigners could face restricted access without alternative verification options.

Virtual Herd of Cows Solves Century-Old Mystery of Terracettes on Slopes That Puzzled Darwin
A new computer model demonstrates that grazing animals such as cows and sheep can independently create the striking stepped patterns known as terracettes on steep hillsides through simple energy-saving behavior. Researchers modeled individual virtual animals that only sought food while minimizing movement costs, without any pre-defined paths. On steep slopes, the animals gradually preferred horizontal routes because climbing or descending required more energy, and each step compacted soil and removed vegetation, reinforcing those paths for subsequent animals. This feedback mechanism, called stigmergy, led to the emergence of dozens of parallel, evenly spaced terraces after thousands of steps, closely matching real-world examples from the Alps, Britain, and other regions. The findings revive and strengthen observations made by Charles Darwin in 1881, who noted similar features and enlisted his son to count nearly 30 parallel steps on a 40-degree chalk slope in England. While soil creep and other geological factors may also contribute, the model proves that chaotic animal movement alone is sufficient to produce highly ordered landscape patterns without external coordination.

Legacy of Hawking, Penrose and Zeldovich: US Laboratory Recreates Rotating Black Hole Physics with Synthetic Superluminal Rotation
Physicists at the Advanced Science Research Center of the City University of New York have successfully reproduced the core physical principle behind energy extraction from rotating black holes in a stationary laboratory setup. By using a ring of electronic resonators whose parameters were rapidly modulated in sequence, the team created an artificial rotational pattern that interacted with radio waves exactly as a superluminal rotating medium would. The experiment directly demonstrates the Penrose process and Zeldovich’s rotational superradiance without any mechanical motion, gravity, or event horizon. Radio waves carrying the correct angular momentum were amplified by drawing energy from the electronic control system that continuously altered resonator properties. Published in Nature, the work belongs to the emerging field of Floquet engineering and opens pathways for studying extreme Doppler shifts and wave interactions in controlled tabletop environments. Potential future applications include advanced wireless communications, photonics, signal processing, and quantum devices, although significant miniaturization remains necessary before practical deployment.

Universe Proves Ordinary After All: High-Profile DESI Study Claiming Giant Aligned Cosmic Structures Collapses Following Data Correction
A widely publicized study published in Nature that used Dark Energy Spectroscopic Instrument (DESI) observations to suggest the existence of unusually long, preferentially aligned filaments in the cosmic web has been overturned by independent analysis. The original paper analyzed data on 47 million galaxies and quasars spanning more than 11 billion years and argued that these structures could stretch across billions of light-years and show non-random orientations, potentially violating the cosmological principle. Critics identified two critical errors: the use of luminosity distance instead of the standard comoving distance and the failure to account for the evolving distances caused by the universe’s expansion. Once these corrections were applied, the apparent giant aligned structures vanished, restoring consistency with the standard cosmological model in which the universe appears statistically uniform on the largest scales. The episode has reignited debate over the rigor of peer review at top journals, the risks of embargoed pre-publication announcements, and the importance of releasing results on preprint servers such as arXiv for community scrutiny before formal publication.

Europe Unveils RLV C5 Reusable Rocket Concept as a Potential Competitor to SpaceX Starship
Following the successful recovery of Super Heavy booster using tower catch arms, SpaceX's Starship continues to push the boundaries of fully reusable super-heavy launch systems. A detailed independent analysis by the German Aerospace Center (DLR) reconstructed flight data from early Starship tests and estimated current payload capacity at around 59 tons to low Earth orbit in fully reusable configuration. The study also modeled future Starship variants with Raptor 3 engines, projecting up to 115 tons reusable and 188 tons expendable. In response, DLR presented its own European super-heavy concept called RLV C5, which features a reusable winged booster based on SpaceLiner technology and an expendable upper stage. The design uses liquid hydrogen/oxygen propulsion and an innovative mid-air capture system by a large subsonic aircraft, aiming for higher payload-to-mass efficiency than Starship. While Starship already undergoes real flight testing, RLV C5 remains a paper study requiring significant further development and funding.

IRIS C2 Zero-Day Marketplace: How Two Convicted Fraudsters Jack Berkman and Jacob Wohl Launched a Government-Facing Exploit Trading Operation
IRIS C2, a Virginia-based company promising up to $7 million for zero-day vulnerabilities and offensive hacking tools, is operated by Calvexa Group LLC and run by two previously convicted political provocateurs with histories of fraud and operating under false identities. Journalist Brian Krebs uncovered that the firm, which emerged on social media in January 2025, markets itself as a supplier of offensive cyber capabilities while actively recruiting young talent without requiring formal degrees or experience. The company claims to purchase zero-days, exploit chains, and ready-made attack tools for major platforms, then refine them into stable, weaponized products for sale primarily to government agencies, including phone-hacking solutions. Founders Jack Berkman and Jacob Wohl previously ran fake intelligence firms, spread false accusations against politicians, and were convicted in 2022 for wire fraud in Ohio, later receiving a $5.1 million FCC fine for illegal robocall campaigns. They also received $300,000 from a cryptocurrency theft suspect to lobby for a presidential pardon, continuing a pattern of deceptive business practices exposed by outlets including KrebsOnSecurity and Politico.
From Chinese sources
Translated from Chinese

Phase II of National 100-City FDE Frontier Deployment Engineer Onboarding Program Officially Launches
The second phase of the nationwide "Hundred Cities On-the-Job Plan" for FDE Frontier Deployment Engineers has been announced, expanding opportunities across China. The initiative targets experienced engineers specializing in advanced deployment technologies and aims to place professionals in key urban centers. Building on the success of the first phase, this new round seeks to strengthen technical capabilities in critical infrastructure and cybersecurity domains. Participants will receive structured onboarding, training, and direct placement support in multiple cities. The program underscores growing demand for specialized deployment expertise amid rapid digital transformation.

630GB of Apple Secrets Leaked on Dark Web: WorldLeaks Breach Shatters Tata Electronics Supply Chain Security
In June 2026, the ransomware group WorldLeaks infiltrated Tata Electronics, Apple's key manufacturing partner in India, and exfiltrated 630GB of highly sensitive data comprising over 200,000 files that were subsequently posted on the dark web. The stolen materials include unreleased iPhone 18 Pro motherboard schematics, A20 Pro chip technical manuals, complete supplier lists, Tesla component designs, and employee passport copies, exposing the vulnerabilities in Apple's two-decade supply chain secrecy system built at a cost of billions of dollars. WorldLeaks, formerly known as Hunters International, employed a 'steal-only' tactic without encryption, capitalizing on the growing trend of data extortion that has proven more profitable than traditional ransomware. The breach raises serious concerns about Apple's ambitious India manufacturing expansion, which aims to increase local component sourcing from 10% to 50% within three years, and highlights broader risks to global supply chains involving companies such as Tesla, TSMC, and Qualcomm. Apple responded swiftly by deploying DMCA takedowns across platforms like X within 24 hours, yet the irreversible nature of dark web leaks underscores the need for enhanced supplier security audits, data segmentation, and proactive data loss prevention measures.

Medtronic Cyberattack Exposes Patient Data: Six-Day Breach Puts Social Security Numbers and Health Records at Risk
In April 2026, medical device giant Medtronic suffered a cyber intrusion that lasted six days, allowing unauthorized access to backend IT systems containing sensitive patient information. The breach, discovered on April 19 after beginning on April 13, exposed names, contact details, birth dates, Social Security numbers, and health treatment data linked to devices such as pacemakers, insulin pumps, and neurostimulators. Although the medical devices themselves remain unaffected and show no signs of remote tampering, the leaked data poses severe risks of identity theft, financial fraud, and targeted scams that could persist for years. Medtronic has initiated emergency response measures, engaged external experts, and notified law enforcement and regulators, while offering 24 months of free identity monitoring to affected users. The incident highlights how even large enterprises struggle with securing ordinary office IT systems that store critical patient records, underscoring the need for individuals to monitor accounts and adopt stronger security habits.

Top 10 Security Risks Facing Autonomous AI Agents: From Prompt Injection to Compliance Failures
As AI evolves from conversational large language models to autonomous agents capable of planning trips, writing reports, browsing the web, and executing purchases, a new wave of unprecedented security challenges emerges. These agents can invoke tools, access databases, run code, and autonomously chain tasks, making any vulnerability far more consequential than traditional AI systems. The article systematically outlines ten core risks, including prompt injection, excessive permissions, unsafe tool calls, data leaks, hallucinations leading to irreversible errors, supply chain attacks, multi-agent trust abuse, persistence and self-replication, session hijacking with memory poisoning, and regulatory compliance gaps. It emphasizes that agent security is no longer optional but requires immediate threat modeling, red teaming, permission audits, and adherence to frameworks like OWASP LLM Top 10 and NIST AI RMF. Developers, enterprises, and users must act swiftly to mitigate these expanding attack surfaces before autonomous capabilities outpace defensive measures.