Geek-Guy.com

Category: malware

Stay ahead of cyber threats with the latest malware news, ransomware alerts, and virus analysis. Geek-Guy tracks emerging infections and removal trends.

AI, Apps, Endpoint, Exploits, Global Security News, Government & Policy, malware, Risk Management

Phishing campaign exploits OAuth redirection to bypass defenses

Microsoft researchers warn that threat actors abuse OAuth redirects to target government users and deliver malware. Microsoft has warned of phishing campaigns targeting government and public-sector organizations by abusing OAuth URL redirection. Instead of stealing credentials or exploiting software flaws, attackers leverage OAuth’s legitimate by-design behavior to bypass email and browser defenses. The tactic redirects…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management

Expanding Phishing Detection at Scale with Automatic SSL Decryption

90% of modern cyberattacks start with phishing and it’s getting worse. The volume of compromise attempts keeps surging, leaving companies more exposed to credential theft and heavy financial hits.  As phishing evolves, we focus on countering the core tactics that make it effective. That’s why ANY.RUN is upgrading the threat detection capabilities of the Interactive Sandbox across all subscription tiers with the new SSL decryption technology.  By extracting encryption keys directly from process memory, it increases the detection rate of phishing inside the sandbox, helping every user and SOC team…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

Epic Fury introduces new layer of enterprise risk

Operation Epic Fury — the US administration’s sustained kinetic pressure on core Iranian regime assets — introduces a new layer of operational risk for every multinational with people, assets, or dependencies in the Middle East region and beyond. The immediate briefings from Washington — early damage assessments, stated intent, geopolitical framing, and situational updates and…

Read more →

AI, Compliance, Europe, Global Security News, malware

Climb Global Execs on European Expansion, Acquisition Efforts

Climb Global Solutions has acquired Greece-based cloud distributor interworks.cloud for approximately €8.0 million ($9.4 million), expanding its cloud distribution footprint in Southeastern Europe and deepening its position in the Microsoft Cloud Solution Provider (CSP) ecosystem. The transaction, announced Feb. 24, brings more than 600 cloud reseller and MSP relationships into Climb’s European channel portfolio, along…

Read more →

AI, Global Security News, Government & Policy, malware

SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains

The threat activity cluster known as SloppyLemming has been attributed to a fresh set of attacks targeting government entities and critical infrastructure operators in Pakistan and Bangladesh. The activity, per Arctic Wolf, took place between January 2025 and January 2026. It involves the use of two distinct attack chains to deliver malware families tracked as…

Read more →

AI, Apps, Data Breaches, Global Security News, malware, Network Security, Risk Management

South Korean Tax Agency Leak Leads to $4.8M Crypto Theft

A public press release intended to highlight a tax enforcement victory instead exposed millions in confiscated cryptocurrency.  South Korea’s National Tax Service (NTS) inadvertently revealed the mnemonic seed phrase of a seized Ledger hardware wallet, enabling an unknown actor to transfer approximately $4.8 million in digital assets.  “The thief first deposited a small amount of…

Read more →

AI, Apps, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management

Chrome Extension Hijacked to Push ClickFix Malware

A once-trusted Chrome extension with thousands of users was quietly transformed into a malware delivery vehicle, exposing how quickly browser add-ons can become security liabilities.  QuickLens – Search Screen with Google Lens was removed from the Chrome Web Store after researchers discovered it had been updated to deploy ClickFix attacks and steal cryptocurrency wallet data. …

Read more →

AI, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security

APT37 combines cloud storage and USB implants to infiltrate air-gapped systems

North Korea-linked APT 37 used Zoho WorkDrive and USB malware to breach air-gapped networks in the Ruby Jumper campaign. North Korean group ScarCruft (aka APT37, Reaper, and Group123) deployed new tools in a campaign dubbed Ruby Jumper, using a backdoor that leverages Zoho WorkDrive for C2 and a USB-based implant to breach air-gapped systems. Zscaler ThreatLabz…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware, Network Security

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 86

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Technical Deep Dive: The Monero Mining Campaign Operation Olalampo: Inside MuddyWater’s Latest Campaign   VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)   Operation MacroMaze: new APT28 campaign using basic tooling and legit…

Read more →

AI, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Risk Management

CVE-2025-64328 exploitation impacts 900 Sangoma FreePBX instances

About 900 Sangoma FreePBX systems were infected with web shells after attackers exploited a command injection flaw. Hundreds of Sangoma FreePBX instances are still infected with web shells following attacks that began in December 2025. Sangoma FreePBX is an open-source, web-based platform for managing Asterisk-powered VoIP phone systems. Maintained by Sangoma Technologies, it allows businesses…

Read more →

AI, Apps, Exploits, Global Security News, malware

Week in review: Self-spreading npm malware hits developers, Cisco SD-WAN 0-day exploited since 2023

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Identity verification systems are struggling with synthetic fraud Fake and expired IDs keep showing up in routine customer transactions, from alcohol purchases to credit card applications. The problem shows up most often in industries that depend on fast onboarding and…

Read more →

AI, china, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia

Security Affairs newsletter Round 565 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Canadian Tire 2025 data breach impacts 38 million users Iran ’s Internet near-totally blacked out amid…

Read more →

AI, Global Security News, malware

Microsoft warns of RAT delivered through trojanized gaming utilities

Attackers spread trojanized gaming tools to deliver a stealthy RAT using PowerShell, LOLBins, and Defender evasion tactics. Threat actors are tricking users into running trojanized gaming utilities shared through browsers and chat platforms to deploy a remote access trojan. “Microsoft Defender researchers uncovered a campaign that lured users into running trojanized gaming utilities (Xeno.exe or…

Read more →

AI, Apps, Endpoint, Global Security News, malware, Network Security

Aeternum botnet hides commands in Polygon smart contracts

Aeternum botnet uses Polygon blockchain smart contracts for C&C, making its infrastructure harder to detect and disrupt. Qrator Labs researchers uncovered Aeternum, a botnet that runs its command-and-control infrastructure through smart contracts on the Polygon blockchain. By decentralizing its C2, the malware avoids traditional server-based takedowns and becomes far harder to disrupt or shut down,…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

Trend Micro Patches Critical Apex One RCE Flaws

Trend Micro has released patches for two high-severity vulnerabilities in its Apex One endpoint security platform. The flaws impact the Apex One management console and could allow remote code execution on unpatched systems. One of the vulnerabilities, CVE-2025-71210, “… could allow a remote attacker to upload malicious code and execute commands on affected installations,” said…

Read more →

AI, Data Breaches, Global Security News, malware, Network Security

ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks

The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks. The campaign, codenamed Ruby Jumper by Zscaler ThreatLabz, involves…

Read more →

AI, Global Security News, malware

Varist Hybrid Detection Engine protects against AI-assisted malware

Varist launched the Hybrid Detection Engine, creating an AI-scale malware detection solution that detects both known and zero-day threats. Built on proven technology used to perform more than 500 billion file scans per day for global customers, the Varist solution surpasses conventional detection by scanning every file and simulating suspicious components in real time. By…

Read more →

AI, Cybersecurity, Global Security News, malware

UAT-10027 campaign hits U.S. education and healthcare with stealthy Dohdoor backdoor

UAT-10027 campaign is targeting U.S. education and healthcare sectors to deploy a new Dohdoor backdoor. Cisco Talos has identified a new threat cluster, tracked as UAT-10027, targeting U.S. education and healthcare organizations since at least December 2025 to deploy a previously unseen backdoor named Dohdoor. Initial access likely occurs through phishing, triggering a PowerShell script…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware

Hacker kompromittieren immer schneller

Der Einsatz von KI-Tools macht Cyberangriffe nicht nur schneller, sondern erhöht auch die Taktzahl. Color4260 / Shutterstock Crowdstrike hat die aktuelle Ausgabe seines Global Threat Report veröffentlicht – mit mehreren bemerkenswerten Erkenntnissen. So benötigte ein Angreifer im Jahr 2025 im Schnitt nur noch 29 Minuten, um sich vollständigen Zugriff auf ein Netzwerk zu verschaffen. Damit…

Read more →

AI, Apps, china, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security

China-linked hackers used Google Sheets to spy on telecoms and governments across 42 countries

Google has disrupted a China-linked espionage group that used Google’s spreadsheet application as a covert spy tool to compromise telecom providers and government agencies across 42 countries, sending commands and receiving stolen data through it, Google’s Threat Intelligence Group (GTIG) said on Thursday. Working with Mandiant, GTIG confirmed intrusions at 53 organizations across 42 countries,…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, malware, Network Security, Risk Management

ANY.RUN & Splunk Enterprise: Stronger Detection, Faster Response in Your SOC

Security teams don’t lack alerts, they lack fast, reliable context for decision-making. When threat analysis and intelligence are not an integrated part of the SOC workflow, investigations slow down, MTTR grows, and the risk of missed incidents increases. Adding behavioral analysis and live intelligence directly into SIEM closes this gap, turning monitoring, triage, and response…

Read more →

AI, Global Security News, malware, Network Security

Wireshark 4.6.4 resolves dissector flaws, plugin compatibility issue

Packet inspection remains a routine activity across enterprise networks, incident response workflows, and malware investigations. Continuous use places long-term stability and parsing accuracy at the center of daily operations. Wireshark version 4.6.4 addresses two vulnerabilities affecting protocol dissectors and resolves a plugin compatibility issue within the 4.6 release series. Dissector vulnerabilities resolved The update fixes…

Read more →

AI, APAC, china, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware

Google GTIG disrupted China-linked APT UNC2814 halting attacks on 53 orgs in 42 countries

Google and partners disrupted UNC2814, a suspected China-linked group that hacked 53 organizations across 42 countries. Google, with industry partners, disrupted the infrastructure of UNC2814, a suspected China-linked cyber espionage group that breached at least 53 organizations in 42 countries. The group has been active since at least 2017, and was spotted targeting governments and…

Read more →

AI, Apps, Cloud Security, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management

5 trends that should top CISO’s RSA 2026 agendas

RSA 2026 is still weeks away and the hype machine is humming. This year’s theme, “The Power of Community,” is somewhat ironic as the overwhelming chatter at the Moscone Center in San Francisco from March 23 to March 26 will be about AI agents, not humans. Welcome to the cybersecurity community, agents, automatons, and robots!…

Read more →

AI, Apps, Cybersecurity, Global Security News, malware

Hottest cybersecurity open-source tools of the month: February 2026

This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Pompelmi: Open-source secure file upload scanning for Node.js Software teams building services in JavaScript are adding more layers of defense to handle untrusted file uploads. An open-source project called Pompelmi aims to insert malware scanning and policy…

Read more →

AI, APAC, Cybersecurity, Exploits, Global Security News, malware, Network Security

Finding Signal in the Noise: Lessons Learned Running a Honeypot with AI Assistance [Guest Diary], (Tue, Feb 24th)

[This is a Guest Diary by Austin Bodolay, an ISC intern as part of the SANS.edu BACS program] Over the past several months, I have gained practical insight into the challenges of deploying and operating a honeypot, even within a relatively simple environment. This work highlighted how varying hardware, software, and network design—can significantly alter…

Read more →

AI, Global Security News, malware

Fake Zoom meeting leads to silent install of surveillance software

Malwarebytes researchers have uncovered a fake (but convincing) Zoom meeting page that downloads surveillance software on Windows computers and tricks users into running it. According to Microsoft MVP Steven Lim, the page has claimed nearly 1,500 victims in 12 days. The trick Potential victims likely visit the page (at uswebzoomus[.]com/zoom/) after getting a meeting invite/link…

Read more →

AI, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

Microsoft warns of job‑themed repo lures targeting developers with multi‑stage backdoors

Microsoft says it has uncovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessments. The campaign employs carefully crafted lures to blend into routine workflows, such as cloning repositories, opening projects, and running builds, thereby allowing the malicious code to execute undetected. Telemetry collected during an incident…

Read more →

AI, APAC, china, Cybersecurity, Europe, Funding, Global Security News, Government & Policy, malware, Network Security, Risk Management

Across party lines and industry, the verdict is the same: CISA is in trouble

“Decimated.”  “Amateur hour.” “Pretty much fallen apart.” “It’s really hard to find something positive to say right now.” It’s been a little more than one year into the second Trump administration, and there’s a large consensus, if not total unanimity, among those who have worked with and for the Cybersecurity and Infrastructure Security Agency: It…

Read more →

AI, Cybersecurity, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management

Turn Your SOC Into a Detection Engine: Rethinking Threat Monitoring

Threat monitoring is treated as one capability among many. Something that sits alongside incident response and threat hunting on an org chart. That framing undersells how central it actually is.  Monitoring is the connective tissue of the entire security operation. Every other SOC function depends on it working well.  For SOC and MSSP leaders, building effective threat monitoring is not about “more alerts.” It…

Read more →

AI, APAC, Global Security News, Government & Policy, malware

Lazarus APT group deployed Medusa Ransomware against Middle East target

North Korea’s Lazarus Group used Medusa ransomware in an attack on an unnamed Middle East organization, researchers report. The North Korea-linked Lazarus APT Group, also known as Diamond Sleet and Pompilus, has been spotted deploying Medusa ransomware against an unnamed organization in the Middle East, according a new report from the Symantec and Carbon Black…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

New Serv-U bugs extend SolarWinds’ run of high-severity disclosures

SolarWinds continues to be besieged by security issues, this time in its Serv-U managed file transfer server. The software company has released four patches for critical Serv-U remote code execution (RCE) vulnerabilities that could allow attackers to gain root (administrator) access to unpatched servers. These four common vulnerabilities and exposures (CVEs) are rated “critical,” the…

Read more →

AI, Apps, Global Security News, malware, Network Security

Fake Zoom meeting silently installs surveillance software, says Malwarebytes

The latest fake Zoom meeting scam silently pushes surveillance software onto the Windows computers of unwitting employees. That’s according to researchers at Malwarebytes, who warn that staff falling for the scam land in a convincing imitation of a Zoom video call. Moments later, an automatic “Update Available” countdown downloads a malicious installer, without asking permission.…

Read more →

AI, Global Security News, Government & Policy, malware, Network Security

What does business email compromise look like?

Business email compromise (BEC) is the digital con dressed to impress. It’s clean, calculated, and ready to fool even the sharpest eyes. These scammers don’t tell on themselves with sloppy hacks. They whisper in familiar voices, posing as your CEO, HR, or a trusted vendor. And, unlike phishing, they’re a precision strike built on inside…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Network Security

What are the types of ransomware attacks?

Ransomware isn’t an isolated, potential cyber threat—it’s like a living organism that can shapeshift with multiple strains, tactics, and targets. The cybercriminals behind ransomware attacks run these operations like a business and are motivated to keep up profits at any cost.  Their tactics range from quickly locking down an entire network to slowly leaking sensitive…

Read more →

AI, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

Take control: Locking down common endpoint vulnerabilities

Attackers are constantly on the prowl, scoping out vulnerabilities of network-connected devices in your systems. These devices—laptops, desktops, servers, IoT, and more—are like unlocked doors waiting for threat actors to stroll through. And here’s the kicker: many of these vulnerabilities are shockingly common and easily preventable. Let’s break down the weaknesses we most frequently track…

Read more →

AI, Compliance, Endpoint, Global Security News, malware, Risk Management

How to prevent business email compromise

Business email compromise (BEC) is the cyber equivalent of an expertly forged handwritten note—no malware fireworks, no flashing warnings, just a convincing request that tricks someone into wiring money or handing over sensitive data. Knowing how to prevent BEC should sit at the top of every security to‑do list because even one fraudulent email can…

Read more →

AI, Apps, Cloud Security, Cybersecurity, Endpoint, Global Security News, malware, Risk Management

Cyber defense: From reactive to proactive

When systems are attacked, we should respond. But how much better would it be if we could anticipate attacks before they strike and stop them with a proactive defense? Faced with today’s cybersecurity challenges, that is no simple task. “It’s a cat-and-mouse situation. AI is changing the speed and sophistication of attacks, and AI is…

Read more →

AI, Global Security News, malware

Self-spreading npm malware targets developers in new supply chain attack

Security researchers have uncovered another supply chain attack targeting developers: 19 typosquatting npm packages published on npmjs.com that steal credentials, infect projects, and propagate themselves across developer environments. The operation, dubbed “SANDWORM_MODE,” represents a (still) rare example of worm-like malware designed to spread through software supply chains rather than traditional end-user systems. New npm worm…

Read more →

AI, Exploits, Global Security News, malware, Risk Management

Shai-Hulud-style NPM worm hits CI pipelines and AI coding tools

A massive Shai-Hulud-style npm supply chain worm is hitting the software ecosystem, burrowing through developer machines, CI pipelines, and AI coding tools. Socket researchers uncovered the active attack campaign and called it SANDWORM_MODE,  derived from the “SANDWORM_*” environment variable switches embedded in the malware’s runtime control logic.” At least 19 typosquatted packages were published under…

Read more →

AI, Global Security News, malware

Arkanix Stealer: AI-assisted info-stealer shuts down after brief campaign

Arkanix Stealer surfaced in late 2025 as a short-lived info-stealer, likely built as an AI-assisted experiment and quickly abandoned. Arkanix Stealer emerged in late 2025 as a short-lived information-stealing malware promoted on dark web forums. Researchers believe it was likely created as an AI-assisted experiment, suggesting the operators were testing automated development techniques rather than…

Read more →

AI, Apps, Cybersecurity, Endpoint, Global Security News, malware, Risk Management

Moonrise RAT: A New Low-Detection Threat with High-Cost Consequences

Security professionals rely on early detection signals to prioritize and contain incidents. But what happens when a fully capable RAT generates none?  In a recent investigation, the ANY.RUN experts uncovered a new Go-based remote access trojan we named Moonrise. At the time of analysis, it wasn’t detected on VirusTotal and had no vendor signatures tied to it.  That’s the problem teams can’t ignore: credential theft, remote command execution, and persistence…

Read more →

AI, Endpoint, Europe, Exploits, Global Security News, Government & Policy, malware, Russia

Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration

Russia-linked APT28 targeted European entities with a webhook-based macro malware campaign called Operation MacroMaze. Russia-linked APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) launched Operation MacroMaze, targeting select entities in Western and Central Europe from September 2025 to January 2026. The campaign used webhook-based macro malware, leveraging simple tools and legitimate services for infrastructure and data…

Read more →

AI, china, Cybersecurity, Exploits, Global Security News, malware, Network Security

CrowdStrike says attackers are moving through networks in under 30 minutes

Cyberattacks reached victims faster and came from a wider range of threat groups than ever last year, CrowdStrike said in its annual global threat report released Tuesday, adding that cybercriminals and nation-states increasingly relied on predictable tactics to evade detection by exploiting trusted systems. The average breakout time — how long it took financially-motivated attackers…

Read more →

AI, china, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security, Russia

The rise of the evasive adversary

Since the earliest days of the internet, there has never been a let-up in adversarial activity. According to CrowdStrike’s just-released 12th annual Global Threat Report, malicious activity in cyberspace continues to not only accelerate but also expand its scale and increasingly abuse the trust of targeted organizations. The good news is that, despite discussion of…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management

Ad Tech Firm Optimizely Investigates Vishing Incident

Ad tech firm Optimizely is notifying customers after a voice phishing attack led to unauthorized access to some of its internal systems.  The company says threat actors obtained limited business contact information but did not access sensitive customer data or disrupt operations. “The threat actor gained access to Optimizely’s systems through a sophisticated voice-phishing attack,…

Read more →

AI, Exploits, Global Security News, malware

Wormable XMRig campaign leverages BYOVD and timed kill switch for stealth

A wormable cryptojacking campaign spreads via pirated software, using BYOVD and a time-based logic bomb to deploy a custom XMRig miner. Researchers uncovered a wormable cryptojacking campaign that spreads through pirated software bundles to deploy a custom XMRig miner. The attack uses a BYOVD exploit and a time-based logic bomb to evade detection and maximize…

Read more →

AI, Global Security News, malware

Fake troubleshooting tip on ClawHub leads to infostealer infection

A new malware delivery campaign has hit ClawHub, the official online repository for “skills” that augment the capabilities of the popular OpenClaw AI agent. Unlike previous ones, this campaign does not aim to trick users into downloading a bogus, malicious skill. Instead, the threat actor is leaving this particular comment on popular legitimate skills published…

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, malware, Network Security

New Arkanix stealer blends rapid Python harvesting with stealthier C++ payloads

A newly uncovered infostealer, suspected to be built with the help of a large language model, is targeting victims with Python and C++ variants, each tailored for a different stage of data theft. Kaspersky researchers discovered a stealer dubbed “Arkanix,” which is capable of harvesting credentials, browser data, cryptocurrency, and banking assets from infected machines.…

Read more →

AI, Global Security News, malware

MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP

The Iranian hacking group known as MuddyWater (aka Earth Vetala, Mango Sandstorm, and MUDDYCOAST) has targeted several organizations and individuals mainly located across the Middle East and North Africa (MENA) region as part of a new campaign codenamed Operation Olalampo. The activity, first observed on January 26, 2026, has resulted in the deployment of new…

Read more →

AI, Exploits, Global Security News, malware

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 85

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ninja Browser & Lumma Infostealer   Ghost Tapped: Tracking the Rise of Chinese Tap-to-pay Android Malware   Hudson Rock Identifies Real-World Infostealer Infection Targeting OpenClaw Configurations   Divide and conquer: how the new Keenadu backdoor exposed links…

Read more →

AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, Russia

Security Affairs newsletter Round 564 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog PayPal discloses extended data…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Risk Management

Compromised npm package silently installs OpenClaw on developer machines

A new security bypass has users installing AI agent OpenClaw — whether they intended to or not. Researchers have discovered that a compromised npm publish token pushed an update for the widely-used Cline command line interface (CLI) containing a malicious postinstall script. That script installs the wildly popular, but increasingly condemned, agentic application OpenClaw on…

Read more →

AI, Apps, Data Breaches, Global Security News, malware, Network Security, Risk Management

Over 41% of Popular OpenClaw Skills Found to Contain Security Vulnerabilities

As AI agents become more widely adopted, new research is highlighting security gaps within their supporting ecosystems.  A large-scale audit of the OpenClaw skill registry by ClawSecure found that 41.7% of widely used skills contain substantive vulnerabilities, including issues such as command injection and credential exposure. “We audited 2,890+ of the most popular OpenClaw skills…

Read more →

AI, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

Don’t trust TrustConnect: This fake remote support tool only helps hackers

After breaking into a system, crooks often install legitimate remote admin tools to keep a foothold on the network — with the risk that the tool’s vendor spots them and locks them out. Now they have a new option: a fake remote monitoring and management (RMM) tool, complete with serious-looking online storefront, built just for…

Read more →

AI, Global Security News, malware

Criminals create business website to sell RAT disguised as RMM tool

A RAT masquerading as legitimate remote monitoring and management (RMM) software is being sold to cybercriminals as a service, Proofpoint researchers recently discovered. The fake RMM tool, called TrustConnect, was being marketed via an LLM-created website parked on trustconnectsoftware[.]com, supposedly belonging to “TrustConnect Software PTY LTD”. “The malware creator uses the domain as the ‘business…

Read more →

Global Security News, malware

Global Threat Map: Open-source Real-time Situational Awareness Platform

Global Threat Map is an open-source project offering security teams a live view of reported cyber activity across the globe, pulling together open data feeds into a single interactive map. It visualizes indicators such as malware distribution, phishing activity, and attack traffic by geographic region. The post Global Threat Map: Open-source Real-time Situational Awareness Platform…

Read more →

AI, Exploits, Global Security News, malware, Network Security

PromptSpy abuses Gemini AI to gain persistent access on Android

PromptSpy is the first Android malware to abuse Google’s Gemini AI, enabling persistence and advanced spying features. Security researchers at ESET have uncovered PromptSpy, the first known Android malware to exploit Google’s Gemini AI to maintain persistence. The malware can capture lockscreen data, block uninstallation attempts, collect device information, take screenshots, and record screen activity…

Read more →

AI, Cybersecurity, Global Security News, malware

PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence

Cybersecurity researchers have discovered what they say is the first Android malware that abuses Gemini, Google’s generative artificial intelligence (AI) chatbot, as part of its execution flow and achieves persistence. The malware has been codenamed PromptSpy by ESET. The malware is equipped to capture lockscreen data, block uninstallation efforts, gather device information, take screenshots,

Read more →

AI, APAC, Apps, Compliance, Global Security News, malware, Network Security, privacy, Risk Management

Keeping Google Play & Android app ecosystems safe in 2025

Posted by Vijaya Kaza, VP and GM, App & Ecosystem Trust The Android ecosystem is a thriving global community built on trust, giving billions of users the confidence to download the latest apps. In order to maintain that trust, we’re focused on ensuring that apps do not cause real-world harm, such as malware, financial fraud,…

Read more →

AI, china, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management

U.S. CISA adds Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2021-22175 (CVSS score 6.8) GitLab Server-Side Request Forgery (SSRF)…

Read more →

AI, Apps, Cybersecurity, Global Security News, malware

Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users

Cybersecurity researchers have disclosed details of a new Android trojan called Massiv that’s designed to facilitate device takeover (DTO) attacks for financial theft. The malware, according to ThreatFabric, masquerades as seemingly harmless IPTV apps to deceive victims, indicating that the activity is primarily singling out users looking for the online TV applications. “This new threat,…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

Hackers can turn Grok, Copilot into covert command-and-control channels, researchers warn

Enterprise security teams racing to enable generative AI tools may be overlooking a new risk: attackers can abuse web-based AI assistants such as Grok and Microsoft Copilot to quietly relay malware communications through domains that are often exempt from deeper inspection. The technique, outlined by Check Point Research (CPR), exploits the web-browsing and URL-fetch capabilities…

Read more →

AI, Cybersecurity, Global Security News, Government & Policy, malware, Risk Management

G2 Recognizes ANY.RUN as a Top Security Software Provider 

G2, the world’s largest and most trusted software marketplace, has recognized ANY.RUN among the Best EMEA Software Companies. In the ranking, the company was acknowledged in both Malware Analysis and Threat Intelligence categories. The ranking is based on verified reviews from companies actively using ANY.RUN’s solutions, underscoring our impact across global cybersecurity markets. Impact with…

Read more →

AI, Endpoint, Exploits, Global Security News, malware, Network Security

WatchGuard: New Malware Variants Surge 1,500% in H2 2025

A new report from WatchGuard Technologies reveals that unique malware detections on endpoints skyrocketed by 1,548% in the second half of 2025, even as overall malware volume dipped slightly.  Internet Security Report findings suggest threat actors are bypassing traditional defense The findings, published in the company’s H2 2025 Internet Security Report, highlight a sharp pivot…

Read more →

AI, Global Security News, malware

Attackers keep finding the same gaps in security programs

Attackers keep getting in, often through the same predictable weak spots: identity systems, third-party access, and poorly secured perimeter devices. A new threat report from Barracuda based on Managed XDR telemetry from 2025 shows that many successful incidents still start with basic access and configuration failures, not advanced malware. The report draws on more than…

Read more →

AI, Compliance, Cybersecurity, Europe, Global Security News, malware, privacy, Risk Management

Face off: Meta’s Glasses and America’s internet kill switch

Could America turn off Europe’s internet? That’s one of the questions that Graham and special guest James Ball will be exploring as they discuss tech sovereignty. Could Gmail, cloud services, and critical infrastructure really become geopolitical leverage? And is anyone actually building a Plan B? Plus we explore if Meta is quietly plotting to turn its…

Read more →

AI, Global Security News, Government & Policy, malware, Network Security

Nigerian man sentenced to 8 years in prison for running phony tax refund scheme

A 37-year-old Nigerian man was sentenced to eight years in prison for participating in a five-year cybercrime spree to steal money from the U.S. government through fraudulent tax returns, the Justice Department said Wednesday. Matthew Abiodun Akande was living in Mexico when he and at least four co-conspirators broke into the networks of tax preparation…

Read more →

AI, APAC, Apps, china, Endpoint, Exploits, Global Security News, malware, Network Security

Chinese hackers exploited zero-day Dell RecoverPoint flaw for 1.5 years

For the past 18 months, a Chinese cyberespionage group has been exploiting a prevously unknown vulnerability in Dell’s RecoverPoint for Virtual Machines, a VM disaster recovery solution. The flaw, patched by Dell this week, allows unauthenticated attackers to gain command execution on the underlying OS as root. The vulnerability, tracked as CVE-2026-22769, stems from hardcoded…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy, malware, Network Security, Risk Management

Shocking 12 Recent Major Cyber Attacks 2026 That Are Reshaping Global Security

The year 2026 has already witnessed an alarming rise in cybercrime activity worldwide. From large-scale ransomware incidents to sophisticated nation-state espionage campaigns, the recent major cyber attacks 2026 highlight a rapidly evolving digital threat landscape. Businesses, governments, healthcare systems, and even critical infrastructure have become prime targets. For a domain like CyberCrimesWatch.com, reporting on verified…

Read more →

AI, APAC, Apps, china, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

Zero-Day in Dell RecoverPoint Enables GRIMBOLT Backdoor 

A zero-day vulnerability in Dell RecoverPoint for Virtual Machines is being actively exploited to deploy backdoors and pivot deeper into enterprise networks.  The flaw has reportedly been abused since at least mid-2024 by a suspected China-linked threat cluster. “Beyond the Dell appliance exploitation, Mandiant observed the actor employing novel tactics to pivot into VMware virtual…

Read more →

AI, Apps, china, Exploits, Global Security News, Government & Policy, malware

Notepad++ patches flaw used to hijack update system

Notepad++ patched a vulnerability that attackers used to hijack its update system and deliver malware to targeted users. Notepad++ fixed a vulnerability that allowed a China-linked APT group to hijack its update mechanism and selectively push malware to chosen targets. In early February, the Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure,…

Read more →

AI, APAC, Compliance, Cybersecurity, Data Breaches, Europe, Global Security News, malware, Network Security, Risk Management

One Process, Every Metric: How Better Alert Enrichment Transforms SOC Performance

Every security alert represents a decision point. Act too slowly, and a threat becomes a breach. Act without context, and analysts drown in noise. At the center of both failure modes is a single, often underestimated process: alert enrichment.  Key Takeaways Alert enrichment is the operational multiplier. Its quality determines the effectiveness of every other SOC investment — detection tools, SIEM…

Read more →

AI, china, Exploits, Global Security News, malware, Risk Management

China-linked APT weaponized Dell RecoverPoint zero-day since 2024

A suspected Chinese state-linked group exploited a critical Dell RecoverPoint flaw (CVE-2026-22769) in zero-day attacks starting mid-2024. Mandiant and Google’s Threat Intelligence Group (GTIG) reported that a suspected China-linked APT group quietly exploited a critical zero-day flaw in Dell RecoverPoint for Virtual Machines starting in mid-2024. “Mandiant and Google Threat Intelligence Group (GTIG) have identified…

Read more →

AI, APAC, china, Compliance, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

CVE-2026-22769: Critical Dell RecoveryPoint Zero-Day Exploited in the Wild

SOC Prime has recently covered a wave of actively exploited zero-days across major ecosystems, including Apple’s CVE-2026-20700 and Microsoft’s CVE-2026-20805, alongside a fresh Chrome zero-day case. But the avalanche of threats keeps marching into 2026. Recently, researchers from Mandiant and Google Threat Intelligence Group (GTIG) detailed the active exploitation of CVE-2026-22769, a maximum-severity hardcoded-credential vulnerability…

Read more →

AI, Apps, Endpoint, Global Security News, malware, Network Security, Risk Management, Russia

Keenadu: Android malware that comes preinstalled and can’t be removed by users

There’s too little a user can do when hit with a complex Android malware that comes preinstalled on their new smartphone or tablet. Security researchers at Kaspersky have flagged a multifaceted Android malware dubbed Keenadu that can ship preinstalled via device firmware, compromising users before they even complete setup. “Keenadu serves as a reminder that…

Read more →

AI, Apps, Global Security News, malware

Pompelmi: Open-source Secure File Upload Scanning for Node.js

Software teams building services in JavaScript are adding more layers of defense to handle untrusted file uploads. An open-source project called Pompelmi aims to insert malware scanning and policy checks directly into Node.js applications before files reach storage or business logic. The post Pompelmi: Open-source Secure File Upload Scanning for Node.js appeared first on Linux…

Read more →