Geek-Guy.com

Category: Exploits

Explore the latest software exploits, zero-day vulnerabilities, and security PoCs. Geek-Guy provides expert analysis on emerging threats and how to stay protected.

AI, APAC, china, Compliance, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

CVE-2026-22769: Critical Dell RecoveryPoint Zero-Day Exploited in the Wild

SOC Prime has recently covered a wave of actively exploited zero-days across major ecosystems, including Apple’s CVE-2026-20700 and Microsoft’s CVE-2026-20805, alongside a fresh Chrome zero-day case. But the avalanche of threats keeps marching into 2026. Recently, researchers from Mandiant and Google Threat Intelligence Group (GTIG) detailed the active exploitation of CVE-2026-22769, a maximum-severity hardcoded-credential vulnerability…

Read more →

AI, Endpoint, Exploits, Global Security News, Risk Management

From Shadow APIs to Shadow AI: How the API Threat Model Is Expanding Faster Than Most Defenses

The shadow technology problem is getting worse.  Over the past few years, organizations have scaled microservices, cloud-native apps, and partner integrations faster than corporate governance models could keep up, resulting in undocumented or shadow APIs.  We’re now seeing this pattern all over again with AI systems. And, even worse, AI introduces non-deterministic behavior, autonomous actions,…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

U.S. CISA adds Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws…

Read more →

china, Exploits, Global Security News

Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024

A maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024, according to a new report from Google Mandiant and Google Threat Intelligence Group (GTIG). The activity involves the exploitation of CVE-2026-22769 (CVSS score: 10.0), a case of hard-coded…

Read more →

AI, Exploits, Global Security News, malware

Tracking Malware Campaigns With Reused Material, (Wed, Feb 18th)

A few days ago I wrote a diary called “Malicious Script Delivering More Maliciousness”[1]. In the malware infection chain, there was a JPEG picture that embedded the last payload delimited with “BaseStart-” and “-BaseEnd” tags. Today, I discovered anoher campaign that relies exactly on the same technique. It started with an attachment called “TELERADIO_IB_OBYEKTLRIN_BURAXILIS_FORMASI.xIs” (SHA256:1bf3ec53ddd7399cdc1faf1f0796c5228adc438b6b7fa2513399cdc0cb865962).…

Read more →

AI, china, Exploits, Global Security News, malware

Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware

Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software update mechanism to selectively deliver malware to targets of interest. The version 8.9.2 update incorporates what maintainer Don Ho calls a “double lock” design that aims to make the update process “robust…

Read more →

Cybersecurity, Exploits, Global Security News

CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows – CVE-2026-2441 (CVSS score: 8.8) – A use-after-free vulnerability in Google Chrome that could allow a remote attacker to…

Read more →

AI, APAC, Apps, china, Cybersecurity, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security

Chinese hackers exploited a Dell zero-day for 18 months before anyone noticed

Researchers uncovered more worrying details about a long-running cyber espionage campaign suspected to be backed by the Chinese government, exemplifying how such attacks often go undetected until they’ve already caused significant damage. Google Threat Intelligence Group and Mandiant said the Chinese threat group UNC6201 has been exploiting a zero-day vulnerability in Dell RecoverPoint for Virtual…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

OpenClaw Flaw Enables AI Log Poisoning Risk

A vulnerability has been identified in OpenClaw’s AI assistant that could allow attackers to insert crafted content into system logs.  The flaw stems from how certain WebSocket headers were logged, creating a potential log poisoning risk in AI-assisted workflows. “This issue is primarily an indirect prompt injection risk and depends on downstream log consumption behavior.…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security

Cyber attacks enabled by basic failings, Palo Alto analysis finds

Cyberattacks are moving faster, shrinking the gap between initial compromise and bad consequences, and the advent of AI is accelerating their timelines in a way that human defenders can no longer keep up with. That’s the broad and perhaps unsurprising finding of Palo Alto Networks’ 2026 Global Incident Response Report, which analyzed 750 incidents in…

Read more →

AI, APAC, Compliance, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

CVE-2026-25903 Impacts Apache NiFi Users

A vulnerability has been disclosed that potentially impacts organizations using Apache NiFi to manage data pipelines. The issue could allow lower-privileged users to modify restricted components within a data flow due to missing authorization checks. “The missing authorization requires a more privileged user to add a restricted component to the flow configuration, but permits a…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management

Infostealers Target OpenClaw AI Configuration Files

Infostealer malware is expanding beyond traditional browser and banking credential theft to target personal AI assistant environments. Researchers at Hudson Rock recently identified a live infection in which attackers exfiltrated a victim’s OpenClaw configuration files, including authentication tokens, cryptographic keys, and stored contextual data used by the AI agent. “While the malware may have been…

Read more →

AI, Endpoint, Exploits, Global Security News, Network Security

Palo Alto Networks intends to acquire Koi, advancing agentic endpoint security

Palo Alto Networks has entered into a definitive agreement to acquire Koi, giving enterprises the power to finally see and protect the AI-native ecosystem that defines modern work. The new imperative: Agentic endpoint security Traditional security was built to stop malicious files, but AI agents and tools can actively read, write, and move data. Attackers…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management

Inside Modern API Attacks: What We Learn from the 2026 API ThreatStats Report

API security has been a growing concern for years. However, while it was always seen as important, it often came second to application security or hardening infrastructure.  In 2025, the picture changed. Wallarm’s 2026 API ThreatStats Report revealed that APIs are now the primary attack surface for digital business, and not because bad actors discovered…

Read more →

AI, Apps, Exploits, Global Security News, malware

ZeroDayRAT spyware targets Android and iOS devices via commercial toolkit

A new cross-platform spyware sold openly through Telegram is lowering the barrier for hackers seeking remote access to mobile devices. Called “ZeroDayRAT” by its developer, the toolkit is being marketed through Telegram channels as a ready-to-deploy remote access solution. iVerify researchers traced its first activity to 2nd February, with the spyware being distributed as an…

Read more →

AI, Data Breaches, Exploits, Global Security News, malware

South Korea slaps $25M fine on Dior, Louis Vuitton, Tiffany over Salesforce breach

South Korea fined Dior, Louis Vuitton, and Tiffany $25M after hackers breached their Salesforce systems, exposing customer data. South Korea’s Personal Information Protection Commission fined luxury brands including Dior, Louis Vuitton, and Tiffany & Co. a total of 36 billion Korean won ($25 million) after hackers compromised their Salesforce systems. The attack, linked to Scattered…

Read more →

AI, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Network Security

Unit 42: Nearly two-thirds of breaches now start with identity abuse

Identity is still the primary entry point for cyberattacks, according to Palo Alto Networks’ threat intelligence firm Unit 42. In its annual incident response report released Tuesday, Unit 42 found that identity-based techniques accounted for nearly two-thirds of all initial network intrusions last year.  Social engineering was the leading attack method, accounting for one-third of…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware, Risk Management

Hackers steal OpenClaw configuration in emerging AI agent threat

Researchers found an infostealer stole a victim’s OpenClaw configuration, marking a shift toward targeting personal AI agents. Cybersecurity researchers have uncovered a new information stealer that exfiltrated a victim’s OpenClaw configuration environment, previously known as Clawdbot and Moltbot. According to cybersecurity firm Hudson Rock, the case highlights a new shift in infostealer activity, moving beyond…

Read more →

AI, Apps, Cybersecurity, Exploits, Funding, Global Security News, Network Security, Risk Management

Why 2025’s agentic AI boom is a CISO’s worst nightmare

By late 2025, the enterprise AI landscape had shifted. Standard RAG systems are failing at a rate of 80%, forcing a pivot to autonomous agents. But while “agentic RAG” solves the reliability problem, it introduces a terrifying new one: the autonomous execution of malicious instructions. If 2023 was the year of the chatbot and 2024…

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, Risk Management

Exploit available for new Chrome zero-day vulnerability, says Google

Threat actors now have the ability to exploit a new zero-day vulnerability in the Chrome browser, Google has advised IT administrators. The warning comes after Google released a patch for Chrome to plug a use after free memory vulnerability (CVE-2026-2441) in cascading style sheets (CSS), which means the browser’s CSS engine isn’t properly managing memory…

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, Risk Management

Exploit available for new Chrome zero-day vulnerability, says Google

Threat actors now have the ability to exploit a new zero-day vulnerability in the Chrome browser, Google has advised IT administrators. The warning comes after Google released a patch for Chrome to plug a use after free memory vulnerability (CVE-2026-2441) in cascading style sheets (CSS), which means the browser’s CSS engine isn’t properly managing memory…

Read more →

AI, Apps, Cloud Security, Compliance, Endpoint, Exploits, Global Security News, Network Security, Risk Management

Building an AI-powered defense-in-depth security architecture for serverless microservices

Enterprise customers face an unprecedented security landscape where sophisticated cyber threats use artificial intelligence to identify vulnerabilities, automate attacks, and evade detection at machine speed. Traditional perimeter-based security models are insufficient when adversaries can analyze millions of attack vectors in seconds and exploit zero-day vulnerabilities before patches are available. The distributed nature of serverless architectures…

Read more →

AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management

Fake Winter Olympics 2026 Stores Target Fans With Data-Theft Scams

As excitement builds at the Milano Cortina 2026 Winter Olympics, cybercriminals have launched convincing fake merchandise stores to steal payment details and personal data from eager fans.  The campaign focuses heavily on high-demand mascot items that are sold out on the official site. In the “… past week alone, we’ve identified nearly 20 lookalike domains…

Read more →

AI, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

BeyondTrust RCE Exploited for Domain Control

Attackers are actively exploiting a vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) to remotely run commands and escalate to full domain control in some environments.  The flaw affects self-hosted deployments and can be triggered without authentication. We “… observed attempts to deploy the SimpleHelp RMM tool for persistence, along with discovery…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

Phishing Evolves Into Multi-Platform Fraud Systems

Phishing no longer announces itself with obvious red flags or clumsy impersonations.  New research from Bolster AI shows today’s most effective scams are engineered to blend into routine digital interactions, hiding in search results, paid ads, document workflows, and online marketplaces rather than obvious spoofed emails.  “Attackers are designing scams that look and feel real…

Read more →

AI, Compliance, Endpoint, Exploits, Global Security News, malware, Risk Management

CVE-2026-2441: Google Patches Chrome Zero-Day Exploited in the Wild

Right after Apple’s CVE-2026-20700 zero-day under active exploitation made headlines, Google released security updates for Chrome to address the first actively exploited Chrome zero-day of 2026. CVE-2026-2441 Analysis The high-severity flaw, tracked as CVE-2026-2441, is a use-after-free vulnerability in Chrome’s CSS component. NIST’s NVD description notes that the issue could allow a remote attacker to…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

ClickFix Campaign Uses Fake CAPTCHA Pages to Deliver StealC Malware on Windows

A new social engineering campaign is abusing fake CAPTCHA verification pages to trick Windows users into launching StealC information-stealing malware.  The attack relies on compromised websites that display convincing Cloudflare-style security checks, prompting victims to manually execute malicious PowerShell commands under the guise of routine verification.  “StealC exfiltrates browser credentials, cryptocurrency wallets, Steam accounts, Outlook…

Read more →

AI, Exploits, Global Security News

Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware

This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question. Another signal: attackers are mixing old and new methods. Legacy botnet tactics, modern cloud abuse, AI assistance, and supply-chain exposure are being…

Read more →

AI, Exploits, Global Security News

Google fixes first actively exploited Chrome zero-day of 2026

Google patched Chrome zero-day CVE-2026-2441, a high-severity CSS use-after-free flaw actively exploited in the wild. Google has released urgent security updates to address a high-severity zero-day vulnerability, tracked as CVE-2026-2441, in Chrome that is already being exploited in real-world attacks. The flaw is a use-after-free bug in the browser’s CSS component. This is the first…

Read more →

AI, Exploits, Global Security News

Google patches Chrome vulnerability with in-the-wild exploit (CVE-2026-2441)

Google released a security update for Chrome to address a high-severity zero‑day vulnerability (CVE-2026-2441) on Friday. “Google is aware that an exploit for CVE-2026-2441 exists in the wild,” the company said. About CVE-2026-2441 CVE-2026-2441 is a use-after-free bug in the CSS processing component of Google Chrome, which allows a remote attacker “to execute arbitrary code…

Read more →

AI, Apps, china, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management, Venture

10 years later, Bangladesh Bank cyberheist still offers cyber-resiliency lessons

Ten years on, the Bangladesh Bank cyberheist — a landmark cybersecurity incident that rewrote the rules of nation state–sponsored hacking — continues to offer lessons for the cybersecurity community. Cyberspies hacked into Bangladesh Bank internal network and SWIFT (Society for Worldwide Interbank Financial Telecommunication) messaging environment before sending 35 fraudulent SWIFT payment instructions that attempted…

Read more →

AI, Exploits, Global Security News

New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released

Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS score: 8.8), has been described as a use-after-free bug in CSS. Security researcher Shaheen Fazim has been credited with discovering and reporting the shortcoming…

Read more →

AI, china, Cybersecurity, Data Breaches, Endpoint, Europe, Exploits, Global Security News, malware, Russia

Security Affairs newsletter Round 563 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Fintech firm Figure disclosed data breach after employee phishing attack U.S. CISA adds a flaw in…

Read more →

AI, Exploits, Global Security News, Risk Management

Week in review: Exploited newly patched BeyondTrust RCE, United Airlines CISO on building resilience

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: United Airlines CISO on building resilience when disruption is inevitable In this Help Net Security interview, Deneen DeFiore, VP and CISO at United Airlines, explains how the company approaches modernization without compromising safety-critical environments, why resilience and continuity matter as…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

U.S. CISA adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an BeyondTrust RS and PRA vulnerability, tracked as CVE-2026-1731 (CVSS score of 9.9), to its Known Exploited Vulnerabilities (KEV) catalog. This week BeyondTrust released security updates to…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

U.S. CISA adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an BeyondTrust RS and PRA vulnerability, tracked as CVE-2026-1731 (CVSS score of 9.9), to its Known Exploited Vulnerabilities (KEV) catalog. This week BeyondTrust released security updates to…

Read more →

AI, APAC, Apps, Compliance, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security

FTC digs deeper into Microsoft’s bundling and licensing practices

The US Federal Trade Commission (FTC) seems to be doubling down on its investigation of Microsoft and the tech giant’s potentially shady bundling and licensing practices. According to a Bloomberg report, the federal agency has been issuing civil investigative demands (CIDs) to companies that compete with Microsoft in the business software and cloud computing markets.…

Read more →

AI, APAC, Apps, Compliance, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security

FTC digs deeper into Microsoft’s bundling and licensing practices

The US Federal Trade Commission (FTC) seems to be doubling down on its investigation of Microsoft and the tech giant’s potentially shady bundling and licensing practices. According to a Bloomberg report, the federal agency has been issuing civil investigative demands (CIDs) to companies that compete with Microsoft in the business software and cloud computing markets.…

Read more →

AI, Endpoint, Exploits, Global Security News, Risk Management

Fake AI Chrome Extensions Exposed 260,000 Users, Targeting Gmail

More than 260,000 Chrome users installed what appeared to be helpful AI productivity tools… only to unknowingly grant remote servers deep access to their browser activity.  LayerX researchers identified a coordinated campaign of 30 fake AI assistant extensions that used embedded iframes and backend-controlled logic to extract data and maintain persistent access. “We found over…

Read more →

AI, Exploits, Global Security News, Network Security

Critical BeyondTrust RS vulnerability exploited in active attacks

Researchers warn that a critical vulnerability patched this week in BeyondTrust Remote Support is being exploited in the wild to compromise self-hosted deployments, including Bomgar remote support appliances, which included affected versions of the impacted software. Bomgar, a provider of privileged identity and access management products, acquired BeyondTrust in 2018, adopting the latter’s brand name.…

Read more →

AI, APAC, Exploits, Global Security News, malware, Network Security

New threat actor UAT-9921 deploys VoidLink against enterprise sectors

A new threat actor, UAT-9921, uses the modular VoidLink framework to target technology and financial organizations, Cisco Talos reports. Cisco Talos spotted a previously unknown threat actor, tracked as UAT-9921, using a new modular attack framework called VoidLink. The group targets organizations in the technology and financial services sectors. The flexible design of VoidLink suggests…

Read more →

AI, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management

260K Users Exposed in AI Extension Scam

More than 260,000 Chrome users installed what appeared to be helpful AI productivity tools — only to unknowingly grant remote servers deep access to their browser activity.  LayerX researchers identified a coordinated campaign of 30 fake AI assistant extensions that used embedded iframes and backend-controlled logic to extract data and maintain persistent access.  “We found…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security

1,800+ Windows Servers Hit by BADIIS SEO Malware

More than 1,800 Windows servers have been quietly compromised in a sprawling malware campaign that turns legitimate websites into tools for search engine manipulation.  The operation leverages a sophisticated strain known as BADIIS to infect Microsoft Internet Information Services (IIS) environments, allowing threat actors to monetize trusted infrastructure without disrupting normal operations. We found “……

Read more →

AI, Apps, Exploits, Global Security News, Network Security

Researchers unearth 30-year-old vulnerability in libpng library

Developers have resolved a legacy flaw in the widely used libpng open-source library that existed since the software was released nearly 30 years ago. The heap buffer overflow in libpng would cause applications on unpatched systems to crash when presented with maliciously crafted PNG graphic images. In worse case scenarios, the CVE-2026-25646 vulnerability could be…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware, Risk Management

Four new reasons why Windows LNK files cannot be trusted

The number of ways that Windows shortcut (.LNK) files can be abused just keeps growing: A cybersecurity researcher has documented four new techniques to trick Windows users into running malicious actions through innocent-looking shortcuts. Wietze Beukema demonstrated how to spoof the visible LNK destination, hide command-line arguments, and execute a different program than the one…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware, Risk Management

Four new reasons why Windows LNK files cannot be trusted

The number of ways that Windows shortcut (.LNK) files can be abused just keeps growing: A cybersecurity researcher has documented four new techniques to trick Windows users into running malicious actions through innocent-looking shortcuts. Wietze Beukema demonstrated how to spoof the visible LNK destination, hide command-line arguments, and execute a different program than the one…

Read more →

AI, Exploits, Global Security News, Government & Policy

Attackers exploit BeyondTrust CVE-2026-1731 within hours of PoC release

Attackers quickly targeted BeyondTrust flaw CVE-2026-1731 after a PoC was released, enabling unauthenticated remote code execution. Threat actors rapidly began exploiting a newly patched BeyondTrust vulnerability, tracked as CVE-2026-1731 (CVSS score of 9.9), soon after a proof-of-concept exploit became public. This week BeyondTrust released security updates to address the critical flaw in its Remote Support…

Read more →

AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Risk Management, Russia

Google fears massive attempt to clone Gemini AI through model extraction

Google detected and blocked a campaign involving more than 100,000 prompts that it claimed were designed to copy the proprietary reasoning capabilities of its Gemini AI model, according to a quarterly threat report released by Google Threat Intelligence Group. The prompts looked like a coordinated attempt to perform model extraction or distillation, a machine-learning process…

Read more →

AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Risk Management, Russia

Google fears massive attempt to clone Gemini AI through model extraction

Google detected and blocked a campaign involving more than 100,000 prompts that it claimed were designed to copy the proprietary reasoning capabilities of its Gemini AI model, according to a quarterly threat report released by the company’s Threat Intelligence Group. The prompts looked like a coordinated attempt to perform model extraction or distillation, a machine-learning…

Read more →

AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Risk Management, Russia

Google: state-backed hackers exploit Gemini AI for cyber recon and attacks

Google says nation-state actors used Gemini AI for reconnaissance and attack support in cyber operations. Google DeepMind and GTIG report a rise in model extraction or “distillation” attacks aimed at stealing AI intellectual property, which Google has detected and blocked. While APT groups have not breached frontier models, private firms and researchers have tried to…

Read more →

AI, Exploits, Global Security News

Hackers probe, exploit newly patched BeyondTrust RCE flaw (CVE-2026-1731)

Attackers are exploiting a recently patched critical vulnerability (CVE-2026-1731) in internet-facing BeyondTrust Remote Support and Privileged Remote Access instances. “Attackers are abusing get_portal_info to extract the x-ns-company value before establishing a WebSocket channel,” Ryan Dewhurst, Head of Threat Intelligence at watchTowr, confirmed on Thursday. Rapid7 researchers published a technical analysis and proof-of-concept (PoC) exploit for…

Read more →

AI, Apps, Compliance, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

Why key management becomes the weakest link in a post-quantum and AI-driven security world

When people talk about cryptography, they usually talk about algorithms. RSA versus ECC. Classical versus post quantum. Encryption strength measured in bits and curves. In practice, none of that matters unless keys are created, stored, rotated and retired correctly. Key management is the discipline that governs the entire lifecycle of cryptographic keys, from generation to…

Read more →

AI, Exploits, Global Security News

Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability

Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products, according to watchTowr. “Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors,” Ryan Dewhurst, head of threat intelligence at watchTowr, said in a post on X. “Attackers are abusing

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

U.S. CISA adds SolarWinds Web Help Desk, Notepad++, Microsoft Configuration Manager, and Apple devices flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SolarWinds Web Help Desk, Notepad++, Microsoft Configuration Manager, and Apple devices flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SolarWinds Web Help Desk, Notepad++, Microsoft Configuration Manager, and Apple devices flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Russia

AI-Powered Knowledge Graph Generator & APTs, (Thu, Feb 12th)

Unstructured text to interactive knowledge graph via LLM & SPO triplet extraction Courtesy of TLDR InfoSec Launches & Tools again, another fine discovery in Robert McDermott’s AI Powered Knowledge Graph Generator. Robert’s system takes unstructured text, uses your preferred LLM and extracts knowledge in the form of Subject-Predicate-Object (SPO) triplets, then visualizes the relationships as an interactive knowledge graph.[1]…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management

Hackers turn bossware against the bosses

A threat actor is abusing an employee monitoring application and a remote monitoring and management platform in an attempt to deploy ransomware and steal cryptocurrency. According to researchers at Huntress, the unknown threat actor is leveraging NetworkLookout’s Net Monitor for Employees Professional – which, despite its name, includes remote access tools – and SimpleHelp, a…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management

Hackers turn bossware against the bosses

A threat actor is abusing an employee monitoring application and a remote monitoring and management platform in an attempt to deploy ransomware and steal cryptocurrency. According to researchers at Huntress, the unknown threat actor is leveraging NetworkLookout’s Net Monitor for Employees Professional – which, despite its name, includes remote access tools – and SimpleHelp, a…

Read more →

AI, Apple, Apps, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Threats

Apple discloses first actively exploited zero-day of 2026

Apple disclosed a zero-day vulnerability Wednesday that the vendor warned was previously “exploited in an extremely sophisticated attack against specific targeted individuals,” the company said in a security update. The memory-corruption vulnerability — CVE-2026-20700 — affects iPhones and iPads and was exploited on devices running versions of iOS before iOS 26. The Cybersecurity and Infrastructure…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, News, Threats

macOS Infostealers Fuel Growing Cybercrime Market

For years, some Mac users believed their devices were largely insulated from the malware plaguing Windows environments. That perception is rapidly eroding.  Flare researchers found a growing underground economy is now centered on macOS Infostealers — malware designed to extract browser credentials, Apple Keychain data, and cryptocurrency wallet seed phrases at scale. “I remember that…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Mobile, Network Security, News, Risk Management, Threats

Apple Patches Actively Exploited Zero-Day Flaw

Apple is urging users to update immediately after patching a zero-day vulnerability that was exploited in what it described as “extremely sophisticated” attacks against specific individuals.  The flaw, which impacts multiple Apple operating systems, allowed attackers to execute arbitrary code on vulnerable devices. “An attacker with memory write capability may be able to execute arbitrary…

Read more →

AI, Apps, Blog, Compliance, CVE, CVEs, Cybersecurity, Exploits, Global Security News, Risk Management, vulnerability

CVE-2026-20700: Apple Patches Zero-Day Exploited in Sophisticated Cyber Attacks

SOC Prime previously highlighted Apple’s actively exploited WebKit zero-day CVE-2025-14174, a case that showed how quickly weaponized iOS flaws can move from targeted activity to real operational risk for organizations and high-value users. That same case later led to additional fixes, with CVE-2025-14174 and CVE-2025-43529 both issued in response to it, reinforcing a familiar pattern…

Read more →

AI, Cybercrime, Europe, Exploits, Global Security News, hacking, hacking news, information security news, malware, Uncategorized

LummaStealer activity spikes post-law enforcement disruption

Bitdefender reports a surge in LummaStealer activity, showing the MaaS infostealer rebounded after 2025 law enforcement disruption. Bitdefender observed renewed LummaStealer activity, proving the MaaS infostealer recovered after 2025 takedowns. Active since 2022, it relies on affiliates, social engineering, fake cracked software, and fake CAPTCHA “ClickFix” lures. CastleLoader plays a key role in spreading it.…

Read more →

AI, Don't miss, Exploits, Global Security News, Hot stuff, News, PoC, Social Engineering

Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841)

Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be exploited by attackers to achieve remote code execution on targets’ Windows system. About CVE-2026-20841 For many, many years, Windows Notepad was a simple text editor and a staple tool…

Read more →

AI, Exploits, Global Security News, malware, Malware, Phishing, Security, Risk Management

Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection

Fortinet researchers have disclosed a new phishing campaign delivering the commercially available XWorm malware, chaining a years-old Microsoft Office vulnerability with fileless execution to escape detection. The campaign, which uses multi-themed phishing emails and a malicious Excel add-in, ultimately deploys the modular remote access trojan (RAT) capable of encrypted command-and control (C2) and plugin-based expansion.…

Read more →

AI, Apps, Exploits, Global Security News, Risk Management

Is Apple slowing the rollout of its smarter Siri chatbot?

Last-minute problems might have cropped up that will require Apple to slow the rollout of its Google Gemini-boosted Siri; though the improved smart assistant will still ship this year, it might not arrive as expected this spring. These claims come from the eerily accurate fingers of Bloomberg’s Mark Gurman, and mean Apple will have to continue to do…

Read more →

AI, Exploits, Global Security News

ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories

Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of trusted tools, familiar workflows, and overlooked exposures that sit in plain sight. Another shift is how access is gained versus how it’s used. Initial entry…

Read more →

AI, Apple, Don't miss, Exploits, Global Security News, Hot stuff, News

Apple fixes zero-day flaw exploited in targeted attacks (CVE-2026-20700)

Apple has released fixes for a zero-day vulnerability (CVE-2026-20700) exploited in targeted attacks last year. CVE-2026-20700 is a memory corruption issue in dyld, the Dynamic Link Editor component of Apple’s operating systems, and may allow attackers with memory write capability to execute arbitrary code. “Apple is aware of a report that this issue may have…

Read more →

AI, Apple, Apps, Breaking News, Exploits, Global Security News, hacking, hacking news, Security

Apple fixed first actively exploited zero-day in 2026

Apple fixed an exploited zero-day in iOS, macOS, and other devices that allowed attackers to run code via a memory flaw. Apple released updates for iOS, iPadOS, macOS, watchOS, tvOS, and visionOS to address an actively exploited zero-day tracked as CVE-2026-20700. The flaw is a memory corruption issue in Apple’s Dynamic Link Editor (dyld) that…

Read more →

AI, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

The ephemeral infrastructure paradox: Why short-lived systems need stronger identity governance

In my experience leading engineering projects, I have encountered the same pattern repeatedly. We obsess over deployment speed. We measure success in commit velocity and uptime. But we rarely pause to ask the most uncomfortable question in the room: Who actually owns the identities we just spun up? This silence isn’t malicious; it’s structural. We…

Read more →

AI, Endpoint, Exploits, Global Security News

83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure

A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to a single IP address on bulletproof hosting infrastructure offered by PROSPERO. Threat intelligence firm GreyNoise said it recorded 417 exploitation sessions from 8 unique source IP addresses between February 1 and…

Read more →

AI, Apps, china, Cloud Security, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

What CISOs need to know about the OpenClaw security nightmare

The new personal AI agent orchestration tool known as OpenClaw — formerly Clawdbot, then Moltbot — is a personal assistant that can do tasks for you without your personal supervision. It can operate across devices, interact with online services, trigger workflows — no wonder the Github repo has seen millions of visits and over 160,000…

Read more →

AI, Endpoint, Exploits, Global Security News, Uncategorized

Multiple Endpoint Manager bugs patched by Ivanti, including remote auth bypass

Ivanti patched over a dozen Endpoint Manager flaws, including a high-severity auth bypass that let attackers steal credentials remotely. Ivanti released patches for more than a dozen vulnerabilities in Endpoint Manager, including flaws disclosed in October 2025. The update addresses a high-severity authentication bypass, tracked as CVE-2026-1603 (CVSS score of 8.6), that attackers could exploit…

Read more →

AI, Exploits, Global Security News

Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices

Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks. The vulnerability, tracked as CVE-2026-20700 (CVSS score: N/A), has been described as a memory corruption issue in dyld, Apple’s Dynamic Link Editor. Successful exploitation of the vulnerability…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, malware

Entwickler werden zum Angriffsvektor

Softwareentwickler sind gefragt – auch unter kriminellen Hackern. Gorodenkoff | shutterstock.com Statt einfach “nur” Fehler in Applikationen auszunutzen, entdecken kriminelle Hacker zunehmend die Tools und Zugriffskanäle für sich, auf die sich Softwareentwickler regelmäßig verlassen. Dabei kombinieren sie längst auch unterschiedliche Cybercrime-Taktiken und beziehen auch künstliche Intelligenz (KI) ein, um an ihr Ziel zu gelangen. “Angreifer…

Read more →

AI, Exploits, Global Security News, malware, Network Security

Four Seconds to Botnet – Analyzing a Self Propagating SSH Worm with Cryptographically Signed C2 [Guest Diary], (Wed, Feb 11th)

[This is a Guest Diary by Johnathan Husch, an ISC intern as part of the SANS.edu BACS program] Weak SSH passwords remain one of the most consistently exploited attack surfaces on the Internet. Even today, botnet operators continue to deploy credential stuffing malware that is capable of performing a full compromise of Linux systems in…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, malware, Network Security

SSHStalker botnet brute-forces its way onto 7,000 Linux machines

A newly discovered botnet is compromising poorly-protected Linux servers by brute-forcing weak SSH password login authentication. Researchers at Canada-based Flare Systems, who discovered the botnet, got into its staging server and believe at least 7,000 servers had been compromised by the end of January, half of them in the US. The botnet’s weapons include exploits…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, News, Risk Management, Threats

Windows Notepad RCE Flaw Exploits Markdown Files

Microsoft has patched a vulnerability in the modern Windows Notepad app that could allow remote code execution if a user opens a specially crafted Markdown file.  The issue carries a CVSS score of 8.8 and requires user interaction to exploit. The vulnerability “… allows an unauthorized attacker to execute code over a network,” said Microsoft…

Read more →

AI, Don't miss, Enterprise, Exploits, Global Security News, Government, Hot stuff, News

Ivanti EPMM exploitation: Researchers warn of “sleeper” webshells

A massive wave of exploitation attempts has followed the disclosure of CVE-2026-1281, a critical pre-authentication Ivanti EPMM vulnerability, the Shadowserver Foundation has warned. Some of it is automated scanning for vulnerable systems, but according to Greynoise and Defused, a suspected initial access broker has been prepping unpatched instances with a “sleeper” webshell for follow-on exploitation…

Read more →

AI, Breaking News, cyber crime, Cybersecurity, Exploits, Global Security News, malware, Security

Reynolds ransomware uses BYOVD to disable security before encryption

Researchers discovered Reynolds ransomware, which uses BYOVD technique to disable security tools and evade detection before encryption. Researchers found a new ransomware, named Reynolds, that implements the Bring Your Own Vulnerable Driver (BYOVD) technique to disable security tools and evade detection before encrypting systems. Broadcom’s cybersecurity researchers initially attributed the attack to Black Basta due…

Read more →