As telecom networks become the foundation for banking, healthcare, and government services, should telecom operators be regulated as critical national infrastructure everywhere? #TheSundayCISO #CyberSecurity #InfoSec #DigitalTrust #CyberLeadership #RiskManagement #AfricaTech #CyberAfrica #SecurityAwareness #TrustThursday #TelecomSecurity #GSMA #MobileNetworks #DigitalInfrastructure #CyberResilience

Whether you're a telecom security expert, a CTF veteran, or completely new to the world of telecom networks, we've got a challenge waiting for you. Learn. Explore. Compete. The Telecom Village CTF is coming to DEF CON 34. #DEFCON34 #TelecomVillage #CTF #TelecomSecurity

As threats span SMS, Voice, Flash Calls, and authentication flows, operators need intelligence beyond traditional filtering. ArmourX is enabling innovations #ei with smarter, cross-channel fraud protection.​ #TelecomSecurity #FraudManagement #AI #GTSTechlabs

PTA has extended the disown period for newly activated SIMs from 60 days to 365 days, preventing users from disowning or transferring SIMs within the first year. The move is aimed at stopping illegal SIM issuance, fake registrations, and security threats. Citizens are advised to regularly check their registered SIMs and ensure biometric verification is handled carefully. #fetchpakistan #PTA #SIMPolicy #TelecomSecurity #DigitalSafety Disclaimer: This post is based on verified announcements by PTA and credible news outlets.

Keynote Speaker Announcement – c0c0n 2026 We are excited to announce Karsten Nohl as one of the keynote speakers for c0c0n 2026! A globally recognized cryptographer, security researcher, and technology leader, Karsten has played a significant role in advancing security research across mobile communications, payment systems, and embedded technologies. From telecom infrastructure to embedded security research, Karsten’s work has influenced security evolution and cyber resilience initiatives globally. Join us at c0c0n 2026 to hear insights from one of the most respected voices in cybersecurity research and innovation. #c0c0n2026 #CyberSecurity #Infosec #TelecomSecurity #Cryptography #HackingConference #kerala #koc

🇻🇪 Alleged Digitel Venezuela Customer Database Leak: 394K Active User Records Exposed A threat actor associated with L4TAMFUCK3RS is claiming to have breached systems belonging to Digitel, allegedly obtaining a database containing approximately 393,815 active customer records. According to the post, the exposed data may include: • Customer IDs and account identifiers • First and last names • Mobile phone numbers • Service type information • Subscription plans • Account balances • Account status information • Email addresses • National identification numbers • Document type information • Customer account references • Payment authorization indicators • Customer retention program status The sample data shared by the threat actor appears to contain: • Subscriber profile records • Mobile service plan details • Account status and balance information • Contact information including phone numbers and email addresses • National identification-related fields • Internal customer identifiers and service metadata The dataset appears to be: • A customer subscriber database associated with a telecommunications provider • Focused on active user accounts • Containing both personal and account-management information • Claimed to be current and up to date at the time of posting If authentic, potential risks may include: • Identity theft and account fraud • SIM-swap and telecom-related social engineering attacks • Targeted phishing and smishing campaigns • Unauthorized account access attempts • Customer profiling and privacy violations • Increased risk of credential-stuffing attacks when combined with other leaked datasets The exposure of subscriber information, contact details, account status information, and identification-related data could significantly increase the effectiveness of fraud and impersonation campaigns targeting affected customers. At this time, the authenticity and full scope of the alleged dataset have not been independently verified, and claims made by threat actors should be treated with caution until validated by the affected organization or through independent analysis. #CyberSecurity #DataBreach #Digitel #Venezuela #ThreatIntel #TelecomSecurity #DataLeak #InfoSec #Privacy #CyberThreats #OSINT #DarkWebMonitoring #LatinAmerica #Telecommunications

Rajasthan bans Pakistani SIM cards along international border in Jaisalmer yespunjab.com/?p=260727 #RajasthanNews #Jaisalmer #BorderSecurity #IndiaPakistanBorder #SIMCardBan #NationalSecurity #BreakingNews #SecurityAlert #RajasthanGovernment #IndiaNews #Pakistan #Espionage #BorderDistricts #Jodhpur #SecurityMeasures #TelecomSecurity #IndianArmy #LatestNews #PublicSafety #GovernmentOrder

Sébastien Dudek breaks down 5G, and it’s clear this isn’t a single system, it’s a layered attack surface. A grounded look at where telecom security is heading, and where it’s already exposed. #HardwearIO #HardwearUSA2026 #5GSecurity #HardwareSecurity #TelecomSecurity #Infosec

A zero-day in telecom routing infrastructure caused three hours of nationwide outages in Luxembourg. 10 months later: no public CVE and no patch confirmation. Finite State's Matt Wyckhouse and Sharon Hagi weigh in on the visibility defenders need today. iotm2mcouncil.org/iot-librar… #TelecomSecurity #FirmwareSecurity

As #telecom networks evolve with 5G, IoT, and cloud, traditional perimeter-based security models are no longer sufficient. In this whitepaper, Ashish Mishra ☁, Group Manager, Service Delivery, CSRM at @tech_mahindra, explores how Zero Trust architecture is becoming essential to secure increasingly distributed and converged network environments. The paper highlights the shift from inherited trust to continuous verification, with a focus on identity-driven security, micro-segmentation, and #AI-powered monitoring to protect both legacy and next-generation networks without compromising performance or scalability. Discover how telecom leaders can operationalize Zero Trust to build resilient, adaptive, and future-ready networks. Know more: techmahindra.com/insights/wh… #ScaleAtSpeed #TechMahindra #TelecomSecurity #ZeroTrust #Cybersecurity #5G #DigitalTrust

Discover the new Showboat Linux malware framework uncovered by Black Lotus Labs. Learn how PRC threat actors target telecommunications networks. #Cybersecurity #LinuxMalware #Showboat #ThreatIntel #TelecomSecurity #infosec securityonline.info/showboat…

Perimeter security is a thing of the past. Nation-state attackers, AI & billions of IoT devices demand a new playbook. Joe Constantine of Ericsson Americas lays out 5 pillars to build resilient, future-ready networks. 📶 m.eric.sn/hGGP50YySM6 #TelecomSecurity

State-backed Red Lamassu cyber espionage operations weaponize Showboat and JFMBackdoor malware to quietly penetrate and control telecom network infrastructure. #RedLamassu #CyberEspionage #MalwareAnalysis #TelecomSecurity #Infosec2026 #ThreatIntel meterpreter.org/red-lamassu-…

🇨🇴 A threat actor is claiming to expose and sell access related to CONTACTMASTER BPO, described in the underground post as a strategic partner of Claro Colombia. According to the forum listing, the actor alleges discovery of internal SAP-related connection information and access tied to: • SAP SuccessFactors HCM • HR/customer status inquiry systems • MFA-related applications • Internal enterprise portals • SAP infrastructure components The post specifically references: • Internal SAP server connectivity • Enterprise application access • HR-related environments • Authentication infrastructure If authentic, this type of exposure is significantly more serious than a standard consumer database leak because enterprise SAP ecosystems frequently contain: • Employee records • Payroll information • HR workflows • Identity/access management data • Internal operational processes • Enterprise authentication logic • Customer service operations SAP environments are highly attractive targets for cybercriminals and state-aligned actors because they often sit at the center of: • Enterprise identity systems • Financial operations • HR operations • Supply chain management • Customer service infrastructure One notable aspect is the mention of SAP SuccessFactors HCM. Compromise involving HCM platforms can potentially expose: • Employee identities • Organizational structure • Internal roles • Corporate hierarchy • HR workflows • Authentication metadata • Sensitive personnel records This becomes particularly valuable for: • Social engineering • Business email compromise • Insider targeting • Credential attacks • Privilege escalation operations The underground actor also references MFA-related applications, which raises additional concern because adversaries increasingly target: • Authentication infrastructure • MFA enrollment systems • Identity federation platforms • SSO environments • Helpdesk workflows rather than directly attacking endpoints alone. Telecommunications ecosystems remain a high-priority target sector due to their access to: • Massive customer datasets • SIM-related operations • Identity verification systems • Call routing infrastructure • Enterprise connectivity services Third-party vendors and BPO providers are especially attractive because they often: • Maintain privileged access • Handle sensitive customer workflows • Operate with weaker security controls than primary telecom providers • Create indirect access paths into larger enterprises From a threat intelligence perspective, this reflects a continuing trend: attackers increasingly target the broader enterprise ecosystem around major telecom brands rather than the telecom provider directly. Even partial access to: • HR systems • Internal admin portals • MFA workflows • SAP integrations can enable lateral movement and deeper enterprise compromise. At this stage, the underground claims remain unverified. However, organizations operating SAP and enterprise identity ecosystems should view incidents like this as another reminder that: • Third-party access governance • Identity segmentation • MFA hardening • Privileged access monitoring • Vendor-risk management • SAP-specific security controls are becoming increasingly critical. #DDW #CyberSecurity #DarkWeb #ThreatIntelligence #SAP #Claro #TelecomSecurity #IdentitySecurity #DataBreach #CyberThreats

🇮🇷 A threat actor is advertising what appears to be internal infrastructure and developer-related documentation allegedly associated with MCI Iran (Mobile Communication Company of Iran), one of Iran’s largest telecommunications operators. According to the underground post, the leaked information allegedly includes: • Internal IP addresses • Network topology/maps • Developer assets • Infrastructure documentation • Service architecture details • Internal technology stack information • Server/application inventory • Data center-related infrastructure references The screenshot appears to show: • Internal asset inventory tables • Service/application names • Linux server versions • Node.js and Java environments • High-availability (HA) systems • E-commerce/service platforms • Geographic infrastructure references (Tehran) Unlike ordinary customer database leaks, infrastructure and architecture disclosures are particularly dangerous because they can significantly accelerate: • Reconnaissance operations • Vulnerability discovery • Initial access attempts • Lateral movement planning • Supply-chain targeting • Telecom infrastructure attacks • Nation-state cyber operations Telecommunications providers are strategic targets because they operate: • Massive subscriber ecosystems • National communications infrastructure • SMS and authentication channels • Internet routing environments • Identity-linked telecom services • Critical backend systems The alleged exposure of: • Internal IP mappings • Application/service relationships • Technology stack visibility • Server/version information can dramatically reduce the time required for adversaries to identify: • Misconfigurations • Unpatched systems • Legacy infrastructure • Exposed administrative services • Weak segmentation points The references to: • HA environments • GraphQL services • Ticket/order services • Geo-service nodes • Product-service architecture suggest the actor may be exposing internal microservice or enterprise application infrastructure documentation. This type of information is extremely valuable to: • Advanced persistent threat (APT) actors • Telecom-focused espionage groups • Initial access brokers • Ransomware operators • Supply-chain attackers because infrastructure intelligence enables highly targeted exploitation instead of opportunistic scanning. Another major concern is the potential linkage between: • Developer environments • Production systems • Internal APIs • Network segmentation Poor separation between these environments frequently becomes a pivot point during major intrusions. Telecommunications and critical infrastructure operators should immediately review: • Internal documentation exposure • Publicly accessible developer assets • Network segmentation • IP exposure policies • Asset inventory visibility • Infrastructure hardening • Version disclosure risks • API security • CI/CD pipeline exposure • Privileged access management This incident also reinforces the growing underground market for: • Infrastructure intelligence • Architecture documentation • Developer environment leaks • Network topology data which are increasingly traded as high-value reconnaissance assets prior to larger cyber operations. #DDW #Iran #CyberSecurity #DarkWeb #ThreatIntelligence #TelecomSecurity #CyberCrime #CriticalInfrastructure #Infosec #OSINT

🇵🇰 A threat actor is advertising the sale of an alleged database linked to “EGADGETS PAKISTAN,” described in the post as a Pakistan government agency-related dataset containing extremely large-scale mobile device and customer records. According to the forum listing, the dataset allegedly contains: • 80 million records • Approximately 2 TB of data • Device IMEI/serial information • Device make and model • Customer names • CNIC numbers (Pakistan national identity numbers) • Cell phone numbers • Shop owner details • Store addresses and phone numbers • Customer and shopkeeper photographs • Transaction and purchase metadata • Device category/type information • Comments/internal notes The screenshots suggest this may involve a large-scale device registration, retail, or telecom-adjacent ecosystem where device ownership and customer identity records are centrally aggregated. If authentic, this exposure would be highly sensitive because IMEI-linked datasets create strong correlations between: • Physical devices • National identity records • Phone numbers • Retail channels • Ownership history • Geographic locations This type of intelligence is particularly valuable for: • SIM swap operations • Identity fraud • Telecom fraud • Device tracking • Account takeover attacks • Black-market device operations • Social engineering campaigns • Surveillance and profiling The inclusion of CNIC numbers significantly increases the severity because CNICs are foundational identity elements in Pakistan and are frequently used across: • Banking • Telecom registration • Government services • Financial verification • Mobile wallet ecosystems The alleged exposure of both: • Customer photographs • Shopkeeper photographs also introduces potential risks involving: • Facial recognition abuse • Synthetic identity generation • KYC fraud • AI-enhanced impersonation • Document forgery operations Another notable concern is the scale of the claimed dataset. Large telecom/device ecosystems often serve as high-value intelligence hubs because they indirectly expose: • Consumer behavior • Device movement • Retail infrastructure • Regional demographics • Ownership chains • Mobile ecosystem patterns Threat actors can leverage this information for: • Targeted phishing • Telecom-focused fraud • Smishing campaigns • Credential correlation • Device cloning operations • Criminal marketplace enrichment Organizations operating in: • Telecom • Device registration • Mobile retail • Government identity systems • National registration ecosystems should immediately review: • IMEI database exposure • Identity verification controls • API access policies • Retail partner security • Third-party data sharing • Customer image storage • National ID handling procedures • Access logging and monitoring • Data minimization policies The convergence of: • Identity systems • Telecom ecosystems • Device intelligence • Retail infrastructure continues to create highly attractive targets for cybercriminals and fraud-focused threat actors across South Asia. #DDW #Pakistan #CyberSecurity #DarkWeb #ThreatIntelligence #DataBreach #TelecomSecurity #IdentityFraud #CyberCrime #Infosec

Advanced Persistent Threats (APTs) have permanently shifted their operational focus, moving beyond traditional host-level exploitation to execute deep, persistent compromises within global telecommunications routing and signaling infrastructure. The vulnerabilities inherent to legacy carrier protocols have transitioned telecom routing from a passive utility into an active, highly contested vector for global state-sponsored cyber operations. The core technical intelligence from CommandEleven’s latest telecommunications and cyber warfare report: HIJACKING OF THE GLOBAL SIGNALING CORE State-aligned APT groups are systematically exploiting foundational vulnerabilities within SS7 and Diameter signaling protocols to bypass standard perimeter security frameworks. By gaining unauthorized access to core telecom nodes, threat actors inject malicious routing commands, intercept high-value communications, and track target locations globally. This access allows them to operate inside the trusted core of international networks, completely invisible to traditional corporate cybersecurity defenses. PERMANENT C2 CARRIER INTEGRATION Threat actors have perfected techniques to embed their command-and-control (C2) traffic directly within legitimate, high-volume carrier data streams. By mimics authorized network protocols and routing behaviors, malicious traffic becomes indistinguishable from everyday telecom operations. This integration provides a resilient, long-term C2 channel that resists standard network segmentation, allowing persistent access to high-value government and infrastructure targets. EXPLOITATION OF CARRIER TRUST ARCHITECTURES The architecture of global telecommunications relies on implicit trust between international transit providers and regional carriers. APT networks exploit this lack of internal authentication to launch cross-network spoofing and routing attacks from jurisdictions with weaker regulatory oversight. This systemic vulnerability makes it exceptionally difficult to isolate or block malicious traffic without disrupting essential international data flows. STRATEGIC FORECAST (2026–2030): • Expect the widespread adoption of automated, carrier-level AI exploitation tools designed to rapidly identify and exploit routing anomalies across international telecom joints. • Watch for an escalation in cyber-kinetic operations where telecom infrastructure compromises are used to selectively disable localized communications during broader geopolitical crises. • While endpoint detection and response (EDR) remains critical, securing the theater requires a fundamental transition to carrier-grade Zero-Trust architectures and strict cryptographic validation of all routing signaling. #CyberIntelligence #APT #TelecomSecurity #C2Infrastructure #ZeroTrust #NetworkWarfare #ThreatIntel

Voices shaping the future of cyber resilience. At the Huawei Cybersecurity Innovation Summit Qatar, industry leaders came together to exchange insights on protecting Critical National Infrastructure, strengthening operational resilience, and advancing collaborative cybersecurity ecosystems. From aviation and telecommunications to digital infrastructure, the discussions reflected a shared vision: cyber resilience can no longer be built in isolation — it is powered by innovation, trust, and ecosystem collaboration. Proud to unite experts and partners in driving secure, resilient, and intelligent digital transformation across Qatar #CyberSecurity #ZeroTrust #CyberResilience #CriticalInfrastructure #OperationalResilience #DigitalTrust #TelecomSecurity #AviationCyberSecurity #Huawei #VodafoneQatar #QatarAirways #HIAQatar #NCSAQatar #HuaweiCybersecuritSummit #Qatar

📞 Phreaking Tools on ANDRAX — Telecom Security Research Phreaking is the study of telecommunication systems, signaling, VoIP protocols, and telecom infrastructure security. 💬 Comment “PHREAK” and I’ll send more details. #Andrax #CyberSecurity #TelecomSecurity

🇮🇳 A threat actor is advertising an alleged database belonging to Indian platform “4money.in” containing approximately 4,000 user records, according to a newly observed underground forum listing. The post claims: • SQL database format • ~90 MB dataset size • User-related account and operational records • Telecom/distributor-related fields • Contact information and account metadata Based on the visible sample fields, the exposed data may allegedly include: • Names • Email addresses • Phone/retailer numbers • City and location details • Postal/PIN codes • Distributor information • Account status information • IP addresses • Telecom-related metadata The presence of fields referencing: • Airtel • Distributor • Retailer • Route/subroute identifiers suggests the platform may be associated with: • Telecom distribution • Recharge/payment operations • Retail reseller infrastructure • Financial or utility transaction ecosystems Even relatively small datasets can create meaningful downstream risks when they contain: • Contact information • Operational account metadata • IP addresses • Distribution network intelligence • Business relationship mapping Threat actors commonly use these records for: • Targeted phishing • SIM swap preparation • Telecom fraud • Credential stuffing • Distributor impersonation • Business email compromise • Social engineering against retailers and resellers One important trend in underground ecosystems is the targeting of: • Regional fintech platforms • Telecom resellers • Recharge/payment services • Retail distributor ecosystems • SME financial infrastructure because these environments often contain: • Weak authentication controls • Large distributed user bases • High credential reuse • Limited security monitoring • Sensitive customer and operational data The inclusion of IP addresses and account activity information may also assist attackers with: • Infrastructure mapping • Session analysis • Behavioral profiling • Secondary intrusion attempts Organizations operating fintech or telecom-adjacent platforms should prioritize: • MFA enforcement • Database access segmentation • API security reviews • Continuous monitoring for unusual exports • Credential exposure monitoring • Distributor account hardening • Logging and anomaly detection Users associated with the platform should consider: • Resetting reused passwords • Enabling MFA where available • Monitoring for phishing attempts • Remaining cautious of telecom-related scams • Watching for suspicious account activity At this stage, the claims remain publicly unverified, and the full authenticity and scope of the alleged dataset are unknown. 🇮🇳 #DDW #Intelligence #CyberSecurity #DarkWeb #ThreatIntelligence #DataBreach #TelecomSecurity #Fintech #Privacy #CyberCrime