Geek-Guy.com

Category: malware

Stay ahead of cyber threats with the latest malware news, ransomware alerts, and virus analysis. Geek-Guy tracks emerging infections and removal trends.

AI, Apps, china, Endpoint, Exploits, Global Security News, malware, Network Security, Network Security, Security

DKnife targets network gateways in long running AitM campaign

A previously undocumented China-linked adversary-in-the-middle (AitM) framework known as “DKnife” has been identified operating at network gateways, where it intercepts and manipulates in-transit traffic. According to Cisco Talos’ findings, the framework has been active since at least 2019 and remains operational as of early 2026. Rather than targeting endpoints directly, DKnife is deployed at the…

Read more →

AI, Artificial Intelligence (AI), china, Cloud Security, Commentary, Data Breaches, Exploits, Global Security News, malware, Network Security, op-ed, privacy, Risk Management

AI security’s ‘Great Wall’ problem

The Great Wall of China was built to slow northern raiders and prevent steppe armies from riding straight into the empire’s heart. Yet in 1644, its most impregnable fortress fell without a siege. At Shanhai Pass, where the wall meets the Bohai Sea, General Wu Sangui commanded the eastern gate. Behind him: a rebel army…

Read more →

AI, Artificial Intelligence (AI), china, Cloud Security, Commentary, Data Breaches, Exploits, Global Security News, malware, Network Security, op-ed, privacy, Risk Management

AI security’s ‘Great Wall’ problem

The Great Wall of China was built to slow northern raiders and prevent steppe armies from riding straight into the empire’s heart. Yet in 1644, its most impregnable fortress fell without a siege. At Shanhai Pass, where the wall meets the Bohai Sea, General Wu Sangui commanded the eastern gate. Behind him: a rebel army…

Read more →

AI, Breaking News, cyber crime, Cybersecurity, data breach, Global Security News, malware, Network Security, Security

Romania’s national oil pipeline firm Conpet reports cyberattack

Romania’s national oil pipeline operator Conpet said a cyberattack disrupted its business systems and temporarily knocked its website offline. Conpet is a state-controlled company that owns and operates the country’s crude oil, condensate, and liquid petroleum product pipeline network. Its main role is to transport oil from domestic production fields and import points to refineries…

Read more →

AI, Breaking News, cyber crime, Cybersecurity, data breach, Global Security News, malware, Network Security, Security

Romania’s national oil pipeline firm Conpet reports cyberattack

Romania’s national oil pipeline operator Conpet said a cyberattack disrupted its business systems and temporarily knocked its website offline. Conpet is a state-controlled company that owns and operates the country’s crude oil, condensate, and liquid petroleum product pipeline network. Its main role is to transport oil from domestic production fields and import points to refineries…

Read more →

AI, Breaking News, cyber crime, Cybersecurity, data breach, Global Security News, malware, Network Security, Security

Romania’s national oil pipeline firm Conpet reports cyberattack

Romania’s national oil pipeline operator Conpet said a cyberattack disrupted its business systems and temporarily knocked its website offline. Conpet is a state-controlled company that owns and operates the country’s crude oil, condensate, and liquid petroleum product pipeline network. Its main role is to transport oil from domestic production fields and import points to refineries…

Read more →

AI, Breaking News, cyber crime, Cybersecurity, data breach, Global Security News, malware, Network Security, Security

Romania’s national oil pipeline firm Conpet reports cyberattack

Romania’s national oil pipeline operator Conpet said a cyberattack disrupted its business systems and temporarily knocked its website offline. Conpet is a state-controlled company that owns and operates the country’s crude oil, condensate, and liquid petroleum product pipeline network. Its main role is to transport oil from domestic production fields and import points to refineries…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management

Software developers: Prime cyber targets and a rising risk vector for CISOs

Threats against corporate software developers are increasing and diversifying, challenging security leaders to develop more agile defenses against this growing attack vector. Attackers are increasingly targeting the tools, access, and trusted channels used by software developers rather than simply exploiting application bugs. The threats blend technical compromise — malicious packages, development pipeline abuse, etc. —…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management

Software developers: Prime cyber targets and a rising risk vector for CISOs

Threats against corporate software developers are increasing and diversifying, challenging security leaders to develop more agile defenses against this growing attack vector. Attackers are increasingly targeting the tools, access, and trusted channels used by software developers rather than simply exploiting application bugs. The threats blend technical compromise — malicious packages, development pipeline abuse, etc. —…

Read more →

AI, Breaking News, data breach, Data Breaches, Endpoint, Global Security News, hacking, malware, privacy, Security

Flickr moves to contain data exposure, warns users of phishing

Flickr says a flaw at a third-party email provider may have exposed users’ names, email addresses, IPs, and account activity. Flickr is a photo-sharing platform owned by SmugMug. It has over 100 million registered users and millions of active photographers. Flickr warned users about a possible data breach caused by a flaw in a third-party…

Read more →

AI, Breaking News, data breach, Data Breaches, Endpoint, Global Security News, hacking, malware, privacy, Security

Flickr moves to contain data exposure, warns users of phishing

Flickr says a flaw at a third-party email provider may have exposed users’ names, email addresses, IPs, and account activity. Flickr is a photo-sharing platform owned by SmugMug. It has over 100 million registered users and millions of active photographers. Flickr warned users about a possible data breach caused by a flaw in a third-party…

Read more →

AI, Breaking News, data breach, Data Breaches, Endpoint, Global Security News, hacking, malware, privacy, Security

Flickr moves to contain data exposure, warns users of phishing

Flickr says a flaw at a third-party email provider may have exposed users’ names, email addresses, IPs, and account activity. Flickr is a photo-sharing platform owned by SmugMug. It has over 100 million registered users and millions of active photographers. Flickr warned users about a possible data breach caused by a flaw in a third-party…

Read more →

AI, Breaking News, data breach, Data Breaches, Endpoint, Global Security News, hacking, malware, privacy, Security

Flickr moves to contain data exposure, warns users of phishing

Flickr says a flaw at a third-party email provider may have exposed users’ names, email addresses, IPs, and account activity. Flickr is a photo-sharing platform owned by SmugMug. It has over 100 million registered users and millions of active photographers. Flickr warned users about a possible data breach caused by a flaw in a third-party…

Read more →

AI, Breaking News, china, Cybercrime, data breach, Global Security News, hacking, malware, Network Security

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 83

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter ClawHavoc: 341 Malicious Clawed Skills Found by the Bot They Were Targeting   ù APT28 Leverages CVE-2026-21509 in Operation Neusploit Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia   Analyzing Dead#Vax: Analyzing Multi-Stage VHD…

Read more →

AI, Breaking News, china, Cybercrime, data breach, Global Security News, hacking, malware, Network Security

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 83

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter ClawHavoc: 341 Malicious Clawed Skills Found by the Bot They Were Targeting   ù APT28 Leverages CVE-2026-21509 in Operation Neusploit Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia   Analyzing Dead#Vax: Analyzing Multi-Stage VHD…

Read more →

AI, Breaking News, china, Cybercrime, data breach, Global Security News, hacking, malware, Network Security

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 83

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter ClawHavoc: 341 Malicious Clawed Skills Found by the Bot They Were Targeting   ù APT28 Leverages CVE-2026-21509 in Operation Neusploit Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia   Analyzing Dead#Vax: Analyzing Multi-Stage VHD…

Read more →

AI, Breaking News, china, Cybercrime, Cybersecurity, data breach, Data Breaches, Exploits, Global Security News, Government & Policy, hacking, malware, Network Security, Risk Management, Russia, Security

Security Affairs newsletter Round 562 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Italian university La Sapienza still offline to mitigate recent cyber attack CISA pushes Federal agencies to…

Read more →

AI, Breaking News, china, Cybercrime, Cybersecurity, data breach, Data Breaches, Exploits, Global Security News, Government & Policy, hacking, malware, Network Security, Risk Management, Russia, Security

Security Affairs newsletter Round 562 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Italian university La Sapienza still offline to mitigate recent cyber attack CISA pushes Federal agencies to…

Read more →

AI, Apps, Breaking News, china, Endpoint, Exploits, Global Security News, hacking, malware, Mobile, Network Security, Security

DKnife toolkit abuses routers to spy and deliver malware since 2019

DKnife is a Linux toolkit used since 2019 to hijack router traffic and deliver malware in cyber-espionage attacks. Cisco Talos found DKnife, a powerful Linux toolkit that threat actors use to spy on and control network traffic through routers and edge devices. It inspects and alters data in transit and installs malware on PCs, phones,…

Read more →

AI, Breaking News, cyber crime, Cybersecurity, Data Breaches, Europe, Global Security News, hacking, malware, Network Security, Russia, Security

Italian university La Sapienza still offline to mitigate recent cyber attack

Rome’s La Sapienza University was hit by a cyberattack that disrupted IT systems and caused widespread operational issues. Since February 2, Rome’s La Sapienza University, one of the most important Italian universities, has been offline due to a cyberattack. For days, students have been unable to book exams, check tuition payments, or access faculty contacts.…

Read more →

AI, Apps, Cloud, Cloud Security, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, News, Risk Management, Threats

TeamPCP and the Rise of Cloud-Native Cybercrime

Flare researchers have identified a threat actor known as TeamPCP behind a large-scale campaign targeting cloud-native infrastructure by abusing exposed orchestration and management interfaces.  First observed in late 2025, the activity reflects a broader shift away from endpoint-focused attacks toward systematic exploitation of cloud control planes. “The campaign reflects a dark mirror of legitimate markets.…

Read more →

AI, Exploits, Global Security News, malware, Network Security

Pretend Disk Format: PDFs harbor new dangers

A particularly insidious phishing campaign is disguising malware pretending to be ordinary PDF documents behind links to virtual hard disks. Because workers are used to receiving purchase orders or invoices in the PDF format, they are likely to open the malicious files unthinkingly, enabling the malware they contain — in this case AsyncRAT, a remote-access…

Read more →

AI, Exploits, Global Security News, malware, Network Security

Pretend Disk Format: PDFs harbor new dangers

A particularly insidious phishing campaign is disguising malware pretending to be ordinary PDF documents behind links to virtual hard disks. Because workers are used to receiving purchase orders or invoices in the PDF format, they are likely to open the malicious files unthinkingly, enabling the malware they contain — in this case AsyncRAT, a remote-access…

Read more →

AI, Breaking News, china, cyber crime, Global Security News, Government & Policy, hacking, malware, Network Security, Security

Record-breaking 31.4 Tbps DDoS attack hits in November 2025, stopped by Cloudflare

AISURU/Kimwolf botnet hit a record 31.4 Tbps DDoS attack lasting 35 seconds in Nov 2025, which Cloudflare automatically detected and blocked. The AISURU/Kimwolf botnet was linked to a record-breaking DDoS attack that peaked at 31.4 Tbps and lasted just 35 seconds. Cloudflare said the November 2025 incident was part of a surge in hyper-volumetric HTTP…

Read more →

AI, Cloud Security, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Newsletter Roundup, Risk Management, Threats, Venture, Weekly Roundup

AI Threats, Botnets, and Cloud Exploits Define This Week’s Cyber Risks

Major Threats & Vulnerabilities Critical Vulnerabilities in AI and Automation Platforms A severe flaw in the n8n automation platform allows authenticated users to execute arbitrary commands, potentially exposing cloud credentials and AI workflows. With a CVSS score of 10.0, this vulnerability has been patched and requires immediate update by users. OpenClaw AI agents continue to…

Read more →

AI, china, Cybersecurity, Global Security News, malware

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle (AitM) framework dubbed DKnife that’s operated by China-nexus threat actors since at least 2019. The framework comprises seven Linux-based implants that are designed to perform deep packet inspection, manipulate traffic, and deliver malware via routers and edge devices. Its primary targets seem to

Read more →

AI, Compliance, Cybersecurity, Endpoint, Endpoint Protection, Network Security, Security, Exploits, Global Security News, malware, Network Security, Risk Management

CISA gives federal agencies 18 months to purge unsupported edge devices

The Cybersecurity and Infrastructure Security Agency has given federal agencies 18 months to remove all end-of-support edge devices from their networks, escalating its response to what security researchers describe as a fundamental shift in nation-state attack tactics, where attackers exploit network infrastructure rather than endpoints. The binding operational directive, BOD 26-02, requires Federal Civilian Executive…

Read more →

AI, Apps, Breaking News, CISA, Cybersecurity, Endpoint, Exploits, Global Security News, hacking, hacking news, malware, Network Security, Risk Management, Security

U.S. CISA adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2025-11953 React Native…

Read more →

AI, Apps, Global Security News, malware, Network Security, Politics, Risk Management

OpenClaw: The AI agent that’s got humans taking orders from bots

Well, that escalated quickly.  I’m talking, of course, about OpenClaw (a.k.a. Moltbot a.k.a. Clawdbot), which not only represents a headlong rush into unchecked agentic AI, but also an emerging ecosystem that reads like every dystopian cautionary cyberpunk novel ever written.  As my colleague and friend Steven Vaughan-Nichols detailed earlier this week, it’s a “security nightmare.” …

Read more →

AI, Apps, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

New APT group breached gov and critical infrastructure orgs in 37 countries

A new cyberespionage group that operates out of Asia has compromised 70 government and critical infrastructure organizations across 37 countries over the past year using a sophisticated toolset that combines phishing, exploitation kits, custom malware, Linux rootkits, web shells, and a variety of other tunneling and proxy tools. Researchers believe the group is expanding its…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, News, Risk Management, Russia, Threats

10,000+ Active Infections Traced to SystemBC Botnet

Security researchers at Silent Push identified more than 10,000 unique IPs infected with SystemBC, a proxy malware commonly used as an early foothold in ransomware attacks. Using a custom SystemBC tracking fingerprint, analysts mapped a globally distributed botnet that includes compromised systems supporting government infrastructure.  “SystemBC proxies traffic through compromised systems and acts as a…

Read more →

AI, ANYRUN, APAC, Compliance, Cybersecurity, Cybersecurity Lifehacks, Data Breaches, Global Security News, malware, Risk Management

How Threat Intelligence Helps Protect Financial Organizations from Business Risk

The financial sector resembles a treasure vault under constant siege. Banks, insurers, and fintech firms are not just custodians of money. They are guardians of irreplaceable personal and corporate data, payment flows, transactional integrity, and trust itself.   When cybercriminals strike, the ripple effects cascade outward, threatening individual savings, corporate balance sheets, national infrastructures, and broader economic confidence.  The Biggest…

Read more →

AI, Endpoint, Endpoint Protection, Security, Vulnerabilities, Windows Security, Exploits, Global Security News, malware

Attackers exploit decade‑old Windows driver flaw to shut down modern EDR defenses

In a recent incident, attackers abused a legitimate but vulnerable Windows kernel driver to shut down endpoint security tools during an ongoing incident response. According to a Huntress report, the activity was observed during a customer investigation in early 2026 and involved the use of an old EnCase forensic driver (by Guidance Software) as part…

Read more →

cyberattack, Don't miss, Endpoint, Global Security News, Hot stuff, malware, News

Why a decade-old EnCase driver still works as an EDR killer

Attackers are leaning on a new EDR killer malware that can shut down 59 widely used endpoint security products by misusing a kernel driver that once shipped with Guidance Software’s EnCase digital forensics tool, Huntress researchers warn. This particular driver is legitimate but its certificate expired and was revoked more than ten years ago. Even…

Read more →

AI, APT, china, Cyber warfare, Exploits, Global Security News, Government & Policy, hacking, intelligence, malware

China-linked Amaranth-Dragon hackers target Southeast Asian governments in 2025

China-linked hackers tracked as Amaranth-Dragon targeted government and law enforcement agencies across Southeast Asia in 2025. CheckPoint says China-linked threat actors, tracked as Amaranth-Dragon, carried out cyber-espionage campaigns in 2025 targeting government and law enforcement agencies across Southeast Asia. The activity is linked to the APT41 ecosystem and affected countries including Thailand, Indonesia, Singapore, and…

Read more →

AI, Compliance, Cybersecurity, Global Security News, Government & Policy, malware, Network Security, privacy

The Epstein Files didn’t hide this hacker very well

Supposedly redacted Jeffrey Epstein files can still reveal exactly who they’re talking about – especially when AI, LinkedIn, and a few biographical breadcrumbs do the heavy lifting. Sloppy redaction leads to explosive claims, and difficult reputational consequences for cybersecurity vendors, and we learn how trust – once cracked – can be almost impossible to fully…

Read more →

Breaking News, cyber crime, Exploits, Global Security News, malware, Security

CVE-2025-22225 in VMware ESXi now used in active ransomware attacks

Ransomware groups now exploit VMware ESXi vulnerability CVE-2025-22225, patched by Broadcom in March 2025. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirms that ransomware gangs are exploiting the VMware ESXi sandbox escape flaw CVE-2025-22225. The vulnerability is an arbitrary write issue in VMware ESXi. An attackers with privileges within the VMX process may trigger an arbitrary…

Read more →

Breaking News, cyber crime, Cybercrime, Global Security News, malware, Security

Microsoft: Info-Stealing malware expands from Windows to macOS

Microsoft warns info-stealing attacks are expanding from Windows to macOS, using cross-platform languages like Python and abusing trusted platforms. Microsoft warns info-stealing attacks are rapidly expanding from Windows to macOS, using cross-platform languages like Python and abusing trusted platforms. Since late 2025, Microsoft has seen a surge in macOS infostealer attacks using social engineering, fake…

Read more →

AI, Cybersecurity, data breach, Data Breaches, Endpoint, Exploits, Global Security News, hacking, Information Security, malware, Network Security

Inside the Iron Mountain Breach: What the Extortion Gang Didn’t Want You to Know

Iron Mountain Incorporated is a global information management company with a long history in data storage, records management, backup and recovery, and secure shredding, serving a massive worldwide customer base. In early February 2026, a cybercrime group calling itself Everest claimed on its dark web leak site that it had stolen approximately 1.4 TB of…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Global Security News, malware, Network Security, News, Risk Management, Threats, trends

Flare Report: Infostealers Are Fueling Enterprise Identity Attacks

Once largely associated with consumer credential theft, infostealer malware is increasingly impacting enterprises.  New research from Flare shows that a rising percentage of infections now expose enterprise Single Sign-On (SSO) and identity provider credentials, creating direct risk for corporate systems, cloud environments, and SaaS platforms. “We’re seeing fewer infections overall, but far higher yield per…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Global Security News, malware, Network Security, News, Risk Management, Threats, trends

Flare Report: Infostealers Are Fueling Enterprise Identity Attacks

Once largely associated with consumer credential theft, infostealer malware is increasingly impacting enterprises.  New research from Flare shows that a rising percentage of infections now expose enterprise Single Sign-On (SSO) and identity provider credentials, creating direct risk for corporate systems, cloud environments, and SaaS platforms. “We’re seeing fewer infections overall, but far higher yield per…

Read more →

AI, Apps, Artificial Intelligence, Cybersecurity, Data Breaches, Endpoint, Global Security News, malware, Network Security, News, Risk Management, Threats, trends

Hundreds of Malicious Skills Found in OpenClaw’s ClawHub

A routine question about trust exposed a far more serious problem when researchers discovered hundreds of malicious skills hidden inside a widely used AI agent marketplace.  Koi researchers analyzed ClawHub, the third-party skill repository for OpenClaw, and found that threat actors had quietly turned the ecosystem into a large-scale malware distribution channel. We found “……

Read more →

AI, Apps, Artificial Intelligence, Cybersecurity, Data Breaches, Endpoint, Global Security News, malware, Network Security, News, Risk Management, Threats, trends

Hundreds of Malicious Skills Found in OpenClaw’s ClawHub

A routine question about trust exposed a far more serious problem when researchers discovered hundreds of malicious skills hidden inside a widely used AI agent marketplace.  Koi researchers analyzed ClawHub, the third-party skill repository for OpenClaw, and found that threat actors had quietly turned the ecosystem into a large-scale malware distribution channel. We found “……

Read more →

APT, Exploits, Global Security News, hacking, intelligence, malware, Security

APT28 exploits Microsoft Office flaw in Operation Neusploit

Russia-linked APT28 is behind Operation Neusploit, exploiting a newly disclosed Microsoft Office vulnerability in targeted attacks. Russia-linked group APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) is behind Operation Neusploit, a campaign that exploits a newly disclosed Microsoft Office vulnerability. The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, hacking, malware, Security

Notepad++ infrastructure hack likely tied to China-nexus APT Lotus Blossom

Rapid7 researchers say the Notepad++ hosting breach is likely linked to the China-nexus Lotus Blossom APT group. Recently, the Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, redirecting update traffic to malicious servers. The attack did not exploit flaws in Notepad++ code but intercepted updates before they reached users. “According to the…

Read more →

Artificial Intelligence, Breaking News, cyber crime, Exploits, Global Security News, malware, Security

MoltBot Skills exploited to distribute 400+ malware packages in days

Over 400 malicious OpenClaw packages were uploaded in days, using MoltBot skills to spread password-stealing malware. Researchers uncovered a large malware campaign abusing AI skills for Claude Code and Moltbot users. Between late January and early February 2026, more than 400 malicious skills were published on ClawHub and GitHub, posing as crypto trading tools. OpenClaw…

Read more →

Artificial Intelligence, Breaking News, cyber crime, Exploits, Global Security News, malware, Security

MoltBot Skills exploited to distribute 400+ malware packages in days

Over 400 malicious OpenClaw packages were uploaded in days, using MoltBot skills to spread password-stealing malware. Researchers uncovered a large malware campaign abusing AI skills for Claude Code and Moltbot users. Between late January and early February 2026, more than 400 malicious skills were published on ClawHub and GitHub, posing as crypto trading tools. OpenClaw…

Read more →

Artificial Intelligence, Breaking News, cyber crime, Exploits, Global Security News, malware, Security

MoltBot Skills exploited to distribute 400+ malware packages in days

Over 400 malicious OpenClaw packages were uploaded in days, using MoltBot skills to spread password-stealing malware. Researchers uncovered a large malware campaign abusing AI skills for Claude Code and Moltbot users. Between late January and early February 2026, more than 400 malicious skills were published on ClawHub and GitHub, posing as crypto trading tools. OpenClaw…

Read more →

Artificial Intelligence, Breaking News, cyber crime, Exploits, Global Security News, malware, Security

MoltBot Skills exploited to distribute 400+ malware packages in days

Over 400 malicious OpenClaw packages were uploaded in days, using MoltBot skills to spread password-stealing malware. Researchers uncovered a large malware campaign abusing AI skills for Claude Code and Moltbot users. Between late January and early February 2026, more than 400 malicious skills were published on ClawHub and GitHub, posing as crypto trading tools. OpenClaw…

Read more →

AI, Apps, Artificial Intelligence, Cybersecurity, Exploits, Global Security News, malware, News, Risk Management, Threats

AI Threats in 2026: A SecOps Playbook

As we enter 2026, the cybersecurity landscape is shifting into unfamiliar territory.  Headlines about “deepfake fear” and “AI chaos” reflect a growing recognition that artificial intelligence is no longer just accelerating traditional attack methods. It is opening a new category of threats that were not meaningfully part of the security equation even a few years…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, International, malware, Network Security, News, Risk Management, Threats

Fake Dating App Delivers Android Spyware in Targeted Campaign 

ESET researchers have uncovered a targeted Android spyware campaign using a fake dating app to lure victims into installing mobile surveillance malware.  The campaign, focused on users in Pakistan, disguises spyware as a chat platform that promises access to exclusive profiles but instead quietly exfiltrates sensitive data from infected devices. “Once installed, the app silently…

Read more →

AI, Apps, Artificial Intelligence, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, News, Risk Management, Threats

Fake Clawdbot VS Code Extension Deploys ScreenConnect RAT 

A malicious Visual Studio (VS) Code extension posing as an AI-powered assistant was quietly installing remote access malware on developers’ systems.  The fake extension, called ClawdBot Agent, appeared legitimate on the surface but executed malware automatically as soon as VS Code launched. “The layering here is impressive. You’ve got a fake AI assistant dropping legitimate…

Read more →

Breaking News, Global Security News, hacking, hacking news, malware, Security

Google targets IPIDEA in crackdown on global residential proxy networks

Google disrupted IPIDEA, a major residential proxy network that enrolled users’ devices via SDKs embedded in mobile and desktop apps. Google and partners disrupted the IPIDEA residential proxy network, used by many threat actors, via legal domain takedowns, intelligence sharing on malicious SDKs, and ecosystem-wide enforcement. Google Play Protect now removes and blocks apps with…

Read more →

AI, Compliance, Cybersecurity, Global Security News, malware, privacy, Russia

The dark web’s worst assassins, and Pegasus in the dock

In episode 452, a London-based YouTuber wins a landmark court case against Saudi Arabia after his phone was hacked with Pegasus spyware — exposing how a single, seemingly harmless text message can turn a smartphone into a round-the-clock surveillance device. Plus, we go looking for professional hitmen online – only to uncover uncomfortable questions about…

Read more →

Global Security News, iOS, Law & order, malware, Podcast, privacy

Smashing Security podcast #452: The dark web’s worst assassins, and Pegasus in the dock

In episode 452, a London-based YouTuber wins a landmark court case against Saudi Arabia after his phone was hacked with Pegasus spyware — exposing how a single, seemingly harmless text message can turn a smartphone into a round-the-clock surveillance device. Plus, we go looking for professional hitmen online – only to uncover uncomfortable questions about…

Read more →

Breaking News, Exploits, Global Security News, hacking, malware, Security

Amnesia RAT deployed in multi-stage phishing attacks against Russian users

A multi-stage phishing campaign targets users in Russia with ransomware and Amnesia RAT using fake business documents as lures. FortiGuard Labs researchers uncovered a multi-stage malware campaign mainly targeting users in Russia. The attack uses fake business documents as social engineering lures to distract victims while malware runs in the background. It escalates to full…

Read more →

ANYRUN, Cybersecurity, Cybersecurity Lifehacks, Global Security News, malware, Malware Analysis

Fix Staff Shortage & Burnout in Your SOC with Better Threat Intelligence

In cybersecurity, humans occupy both ends of the vulnerability spectrum. They click what should never be clicked, reuse passwords like heirlooms, and generously donate credentials to phishing pages that look “kind of legit.”  Yet the same species becomes the strongest link once you step inside a SOC.  Cybersecurity professionals don’t fail because they are careless…

Read more →

APT, Artificial Intelligence, Global Security News, hacking, malware, Security

North Korea–linked KONNI uses AI to build stealthy malware tooling

Check Point links an active phishing campaign to North Korea–aligned KONNI, targeting developers with fake blockchain project docs and using an AI-written PowerShell backdoor. Check Point Research uncovered an active phishing campaign attributed to the North Korea–linked KONNI group (aka Kimsuky, Earth Imp, TA406, Thallium, Vedalia, and Velvet Chollima). The operation targets software developers and engineers using fake project…

Read more →

APT, Breaking News, Cyber warfare, Global Security News, hacking, malware

Russia-linked Sandworm APT implicated in major cyber attack on Poland’s power grid

Russia-linked APT Sandworm launched what was described as the largest cyber attack on Poland’s power grid in Dec 2025. ESET linked a late-2025 cyberattack on Poland’s energy system to the Russia-linked Sandworm APT. “Based on our analysis of the malware and associated TTPs, we attribute the attack to the Russia-aligned Sandworm APT with medium confidence due to…

Read more →

APT, Breaking News, Cyber warfare, Global Security News, hacking, malware

Russia-linked Sandworm APT implicated in major cyber attack on Poland’s power grid

Russia-linked APT Sandworm launched what was described as the largest cyber attack on Poland’s power grid in Dec 2025. ESET linked a late-2025 cyberattack on Poland’s energy system to the Russia-linked Sandworm APT. “Based on our analysis of the malware and associated TTPs, we attribute the attack to the Russia-aligned Sandworm APT with medium confidence due to…

Read more →

Breaking News, Cybercrime, data breach, Exploits, Global Security News, hacking, malware

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 81

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter UNO reverse card: stealing cookies from cookie stealers  PDFSIDER Malware – Exploitation of DLL Side-Loading for AV and EDR Evasion   VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun  PyPI Package Impersonates…

Read more →

Breaking News, cyber crime, Global Security News, malware, Security

Osiris ransomware emerges, leveraging BYOVD technique to kill security tools

Researchers identified a new Osiris ransomware used in a November 2025 attack, abusing the POORTRY driver via BYOVD to disable security tools. Symantec and Carbon Black researchers uncovered a new ransomware strain named Osiris, used in a November 2025 attack against a major Southeast Asian food service franchise operator. The attackers deployed a malicious driver,…

Read more →

Artificial Intelligence, cyber crime, Global Security News, malware, Mobile, Security

Machine learning–powered Android Trojans bypass script-based Ad Click detection

A new Android click-fraud trojan family uses TensorFlow ML to visually detect and tap ads, bypassing traditional script-based click techniques. Researchers at cybersecurity firm Dr.Web discovered a new Android click-fraud trojan family that uses TensorFlow.js ML models to visually detect and tap ads, avoiding traditional script-based methods. The malware is distributed via Xiaomi’s GetApps, it…

Read more →

AI, Artificial Intelligence, Breaking News, cyber crime, Global Security News, malware

VoidLink shows how one developer used AI to build a powerful Linux malware

VoidLink is a cloud-focused Linux malware, likely built by one person using AI, offering loaders, implants, rootkit evasion, and modular plugins. Check Point researchers uncovered VoidLink, a cloud-focused Linux malware framework likely built by a single developer with help from an AI model. VoidLink includes custom loaders, implants, rootkit-based evasion features, and dozens of plugins…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Global Security News, Government & Policy, malware, News Alerts, Risk Management, Top Stories

News alert: Forrester study finds Airlock Digital’s app control cuts breaches to zero with 224% ROI

ATLANTA, Jan. 20, 2026, CyberNewswire — Airlock Digital, a leader in proactive application control and endpoint security, announced the release of The Total Economic Impact (TEI) of Airlock Digital, an independent study commissioned by Airlock Digital and conducted by Forrester Consulting. The study demonstrates a significant 224% return on investment (ROI) and a $3.8 million net…

Read more →

Breaking News, cyber crime, Cybercrime, Exploits, Global Security News, malware

PDFSIDER Malware – Exploitation of DLL Side-Loading for AV and EDR Evasion

Threat actors use PDFSIDER malware with social engineering and DLL sideloading to bypass AV/EDR, and ransomware gangs already abuse it. Resecurity has learned about PDFSIDER during an investigation of a network intrusion attempt that was successfully prevented by a Fortune 100 energy corporation. The threat actor contacted their staff, impersonating technical support, and used social…

Read more →