@MeridianEU profile picture
Meridian Group @MeridianEU

Beyond Cyber Security | Defensive, Offensive, and Investigative core of Cyber Digital Intelligence.

Joined November 2016
  • Tweets 590
  • Following 11
  • Followers 59
363 Photos and videos
CVE-2026-41615 (CVSS 9.6) in Microsoft Authenticator enables disclosure of authentication tokens via social engineering. Successful exploitation allows threat actors to bypass #MFA and gain unauthorized access to enterprise resources.
17
#INTERPOL and Algerian authorities, with Group-IB support, dismantled #SniperDz PhaaS after nine years of operation. Infrastructure included 20,000 domains and 80 multilingual phishing templates impersonating 30 global organizations. Estimated 3,800 victims worldwide.
7
#ShinyHunters compromised 100 orgs, primarily universities, via custom Oracle PeopleSoft exploit chains. Credential spraying and SSH brute-force for lateral movement; MeshCentral agents for persistence. Financial and student data exfiltrated for extortion.
13
Aggiornamento settimanale sul conflitto Israele-Iran. 30 maggio - 5 giugno: la pressione cyber si mantiene elevata, ma la discontinuità più rilevante è nella distribuzione Analisi completa: linkedin.com/posts/meridiang…
20
Unattributed actor hijacked a French Ministry of Education account via social engineering to breach #Tchap. 13.5 GB exfiltrated: 650K messages, 73K user accounts, restricted internal documents, and hardcoded LDAP credentials. E2E encryption for private channels unaffected.
55
#HarborWatch Agent #RAT distributed via fake Amazon security alerts using #ClickFix PowerShell commands for user-driven self-infection. Post-execution, malware establishes C2 communications for data collection and exfiltration. No traditional attachments involved.
43
Meridian Group × @TST7v7 · The Soccer Tournament 2026 closes today. Three editions in a row for @CagliariCalcio at the world's biggest 7v7 tournament in Cary, NC. Our brand on every jersey — matchday, training, staff. #TST2026 #CagliariCalcio
47
CVE-2026-26980 (CVSS 9.4) in #GhostCMS exploited across 700 domains. Stolen Admin API keys inject a #ClickFix loader into published articles, tricking visitors into executing PowerShell. Payloads served via Adspect cloaking based on env fingerprinting.
107
Financially motivated actors use SEO poisoning to impersonate Gemini CLI, Claude Code, Node.js, and KeePassXC. Victims execute a PowerShell command that deploys a fileless infostealer disabling ETW and AMSI, harvesting session tokens and credentials. C2 via fake Microsoft domains
73
Aggiornamento settimanale sul conflitto Israele-Iran. 15-22 maggio: il repertorio si estende lungo una direttrice transnazionale. Il targeting si allontana dal perimetro israeliano verso piattaforme globali. Analisi completa: linkedin.com/posts/meridiang…
53
Four malicious #npm packages via #typosquatting embed Shai-Hulud clones and #PhantomBot, a Golang DDoS botnet with cross-platform persistence. Developer credentials, app secrets, and crypto wallet data exfiltrated before ~2,600 downloads detected.
147
#MiniPlasma PoC targets #Windows Cloud Filter driver (cldflt.sys) via undocumented CfAbortHydration API to create arbitrary registry keys and escalate to SYSTEM. Works on fully patched Windows 11 as of May 2026. Incomplete fix of CVE-2020-17103, originally patched December 2020.
107
CVE-2026-31431 "Copy Fail" in Linux kernel allows local root escalation via controlled write into page cache through AF_ALG, splice(), and page cache interaction. No disk artifacts; only real-time memory analysis detects it. Affects standard configs across distros since 2017.
95
#MustangPanda targets #APAC and #Japan with FDMTP #backdoor v3.2.5.1 since September 2025. DLL sideloading via Sogou Pinyin and Windows Update; CDN impersonation of Apple and Yahoo for evasion. Persistence via scheduled tasks and custom polling domains.
1
173
Suspected Iran-linked actors accessed US gas station Automatic Tank Gauge systems exploiting internet-exposed ATG devices with no authentication. Attackers manipulated displayed fuel level data; no physical damage reported. Concealment of fuel leaks flagged as safety implication.
30
Aggiornamento settimanale sul conflitto Israele-Iran. 8-15 maggio: il repertorio si stratifica ulteriormente. La discontinuità più rilevante non è quantitativa, è nell'ampliamento del perimetro di targeting. Analisi completa: linkedin.com/posts/meridiang…
31
"Il confine tra hacktivismo, guerra psicologica e operazioni di influenza diventa sempre meno netto." Su @Agenparl un'analisi basata sui nostri Threat Intelligence Report sull'evoluzione dell'hacktivismo nel conflitto Israele-Iran. agenparl.eu/2026/05/14/cyber…

Cyberwar Israele-Iran, Pietro Di Maria: “L’hacktivismo sta assumendo dinamiche sempre più vicine...

Nel pieno dell’escalation tra Israele, Iran e Stati Uniti, il cyberspazio si conferma sempre più un vero e proprio teatro parallelo del conflitto. Accanto alle operazioni militari tradizionali,...

agenparl.eu
34
First documented #AI-developed #zeroday: Python script exploited a semantic logic flaw in a web admin tool to bypass #2FA. AI origin attributed via academic code structure and fabricated CVSS references. PROMPTSPY, CANFAIL, LONGSTREAM also referenced.
45
TeamPCP resurfaces: Checkmarx Jenkins AST plugin compromised via GitHub, distributing malicious v2026.5.09 on Jenkins Marketplace. Payload Shai Hulud targets CI/CD environments for SSH keys, cloud credentials, and Kubernetes tokens.
Meridian Group@MeridianEU
May 1
VECT 2.0 RaaS targets Windows, Linux, and VMware ESXi. Flawed ChaCha20-IETF implementation permanently destroys the first three-quarters of files over 128 KB, making recovery impossible even after ransom payment. Credentials sourced from supply chain attacks on developer tools.
1
127
Aggiornamento settimanale sul conflitto Israele-Iran. 30 aprile - 8 maggio: il volume delle rivendicazioni si mantiene elevato, ma il dato più rilevante è la ricomposizione interna del repertorio. Analisi completa: linkedin.com/posts/meridiang…
28
Load more