Geek-Guy.com

Category: malware

Stay ahead of cyber threats with the latest malware news, ransomware alerts, and virus analysis. Geek-Guy tracks emerging infections and removal trends.

AI, Exploits, Global Security News, malware, Network Security

Masjesu botnet targets IoT devices while evading high-profile networks

Masjesu is a stealthy DDoS-for-hire botnet targeting IoT devices, active since 2023 and designed to stay hidden by avoiding high-profile networks. Masjesu is a stealthy botnet active since 2023, advertised as a DDoS-for-hire service. It targets IoT devices like routers and gateways, spanning multiple architectures. Designed for persistence, it executes carefully, avoiding high-profile IP ranges…

Read more →

AI, Endpoint, Exploits, Global Security News, malware, Network Security

Datto RMM Exploited in Phishing Attack, Researchers Warn

Security researchers have uncovered an active phishing campaign that abuses Datto’s remote monitoring and management platform, CentraStage, as a command-and-control channel, giving attackers full interactive control over compromised systems while flying under the radar of traditional security defenses. Phishing campaign delivers remote access trojan via fake files The campaign, tracked by the Fortra Intelligence and…

Read more →

AI, APAC, Exploits, Global Security News, malware

Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197)

In the latest demonstration of how AI assistants can help with bug hunting, Horizon3.ai researcher Naveen Sunkavally used Claude to unearth CVE-2026-34197, a remote code execution vulnerability in Apache ActiveMQ that’s been introduced in the codebase 13 years ago. The vulnerability was patched in late March 2026 and there’s currently no indication that it is…

Read more →

AI, Compliance, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, Politics, Risk Management

How Phishing Is Targeting Germany’s Economy: Active Threats from Finance to Manufacturing

Germany’s economy is a precision machine: finance fuels it, manufacturing builds it, telecom connects it, IT optimizes it, and healthcare sustains it. The country sits at the crossroads of industrial power and digital transformation, making it irresistibly attractive to attackers. In this article, we explore real-world attacks targeting five critical German industries, analyzed by ANY.RUN’s analysts using Interactive…

Read more →

Global Security News, malware, Network Security, Risk Management

Advenica’s File Scanner Kiosk scans USB media for malware

Advenica announced the File Scanner Kiosk, a system that scans USB media for malware and helps businesses reduce infection risk. With the reliance on external media for file transfers, organisations face increased vulnerability to malware. The File Scanner Kiosk addresses this challenge by providing an automated, reliable, and efficient way to scan USB media for…

Read more →

AI, Europe, Exploits, Global Security News, malware, Network Security, Risk Management

Internet-Exposed ICS Devices Raise Alarm for Critical Sectors

Exposed ICS devices and insecure protocols like Modbus increase risks to critical infrastructure, enabling disruption, data access, and potential sabotage. Malware targeting industrial control systems (ICS) poses a serious risk to critical infrastructure, with threats like Stuxnet, Industroyer, Triton, Havex, and BlackEnergy already demonstrating the ability to disrupt operations, cause outages, and even inflict physical…

Read more →

AI, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia

Russia-linked APT28 uses PRISMEX to infiltrate Ukraine and allied infrastructure with advanced tactics

APT28 targets Ukraine and allies with PRISMEX malware, using stealthy techniques for espionage and command-and-control. Russia-linked group APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) is running a spear-phishing campaign against Ukraine and its allies, deploying a new malware suite called PRISMEX. Active since September 2025, the campaign uses advanced stealth techniques like steganography and…

Read more →

AI, Cybersecurity, Global Security News, malware

New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy

Cybersecurity researchers have flagged a new variant ofmalware called Chaosthat’scapable of hitting misconfigured cloud deployments, marking an expansion of the botnet’s targeting infrastructure. “Chaos malware is increasingly targeting misconfigured cloud deployments, expanding beyond its traditional focus on routers and edge devices,” Darktrace said in a new report.

Read more →

AI, APAC, Compliance, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, malware

TeamPCP Supply Chain Campaign: Update 007 – Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory, (Wed, Apr 8th)

This is the seventh update to the TeamPCP supply chain campaign threat intelligence report, “When the Security Scanner Became the Weapon” (v3.0, March 25, 2026). Update 006 covered developments through April 3, including the CERT-EU European Commission breach disclosure, ShinyHunters’ confirmation of credential sharing, Sportradar breach details, and Mandiant’s quantification of 1,000+ compromised SaaS environments. This update consolidates five…

Read more →

AI, Apps, Cybersecurity, Global Security News, Government & Policy, malware

Hack-for-hire spyware campaign targets journalists in Middle East, North Africa

An apparent hack-for-hire campaign from a group with suspected Indian government connections targeted Middle Eastern and North African journalists and activists using spyware, three collaborating organizations said in reports published Wednesday. The attacks shared infrastructure that pointed to the advanced persistent threat group known as Bitter, which most frequently targets government, military, diplomatic and critical…

Read more →

AI, Global Security News, malware, Russia

APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies

The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite codenamed PRISMEX. “PRISMEX combines advanced steganography, component object model (COM) hijacking, and legitimate cloud service abuse for command-and-control,” Trend Micro

Read more →

AI, Compliance, Endpoint, Global Security News, malware, Network Security, privacy, Risk Management

10 ChatGPT Prompts L1 SOC Analysts Can Use in Their Daily Work

Security operations center (SOC) analysts are expected to process a constant stream of alerts — often under tight response timelines.  At the same time, they are expected to investigate accurately, document clearly, and communicate findings to both technical and non-technical stakeholders. This is where generative artificial intelligence (GenAI) tools such as ChatGPT can be helpful.…

Read more →

AI, Cybersecurity, Global Security News, Government & Policy, malware, Network Security

Iran‑linked PLC attacks cause real‑world disruption at critical US infra sites

As the US and Iran agreed to a ceasefire on Tuesday, six US federal agencies have warned that Iran-affiliated threat actors have compromised internet-exposed programmable logic controllers at critical infrastructure facilities in the US. The attacks, which the agencies linked to escalating hostilities between Iran and the US and Israel, targeted Rockwell Automation and Allen-Bradley…

Read more →

AI, Compliance, Cybersecurity, Data Breaches, Global Security News, malware, Risk Management

Building Phishing Detection That Works: 3 Steps for CISOs 

90% of attacks start with phishing. For CISOs, the real pain begins when the SOC cannot quickly tell whether a suspicious alert is just noise or the start of credential theft, account compromise, malware delivery, or wider business disruption.  Modern phishing campaigns are designed to create exactly that uncertainty. QR codes, redirect chains, CAPTCHAs, phishing kits, and AI-generated lures can all hide the real objective until late…

Read more →

AI, Compliance, Cybersecurity, Data Breaches, Global Security News, malware, Risk Management

Building Phishing Detection That Works: 3 Steps for CISOs 

90% of attacks start with phishing. For CISOs, the real pain begins when the SOC cannot quickly tell whether a suspicious alert is just noise or the start of credential theft, account compromise, malware delivery, or wider business disruption.  Modern phishing campaigns are designed to create exactly that uncertainty. QR codes, redirect chains, CAPTCHAs, phishing kits, and AI-generated lures can all hide the real objective until late…

Read more →

AI, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia

Forest Blizzard leverages router compromises to launch AiTM attacks, target Outlook sessions

Russian threat actor Forest Blizzard has been exploiting unsecured home and small-office internet equipment, such as routers, to redirect traffic through attacker-controlled DNS servers. The group has leveraged this DNS hijacking activity to support post-compromise adversary-in-the-middle (AiTM) attacks on Transport Layer Security (TLS) connections, targeting Microsoft Outlook on the web domains, according to a Microsoft…

Read more →

AI, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia

Forest Blizzard leverages router compromises to launch AiTM attacks, target Outlook sessions

Russian threat actor Forest Blizzard has been exploiting unsecured home and small-office internet equipment, such as routers, to redirect traffic through attacker-controlled DNS servers. The group has leveraged this DNS hijacking activity to support post-compromise adversary-in-the-middle (AiTM) attacks on Transport Layer Security (TLS) connections, targeting Microsoft Outlook on the web domains, according to a Microsoft…

Read more →

AI, Global Security News, malware, Network Security

Chaos malware expands from routers to Linux cloud servers

Chaos, Go-based malware first documented by Lumen’s Black Lotus Labs, has historically targeted routers and edge devices. A new variant observed in March 2026 shows the malware operating against misconfigured Linux cloud servers, a category of infrastructure the botnet had not previously prioritized. Darktrace’s malware research team documented the compromise through its CloudyPots program, a…

Read more →

AI, Global Security News, malware

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

The North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, Rust, and PHP ecosystems. “The threat actor’s packages were designed to impersonate legitimate developer tooling […], while quietly functioning as malware loaders, extending Contagious Interview’s established playbook into a coordinated

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

U.S. agencies alert: Iran-linked actors target critical infrastructure PLCs

U.S. agencies warn Iran-linked threat actors are targeting internet-exposed PLCs used in critical infrastructure networks. U.S. agencies, including the FBI and CISA, warn that Iran-linked hackers are targeting internet-exposed Rockwell/Allen-Bradley PLCs used in critical infrastructure. The agencies published a joint advisory involving multiple federal organizations. “Iran-affiliated advanced persistent threat (APT) actors are conducting exploitation activity…

Read more →

AI, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, Russia

Feds quash widespread Russia-backed espionage network spanning 18,000 devices

Russian state-sponsored attackers compromised more than 18,000 routers spread across more than 120 countries to gain deeper access to sensitive networks for a large-scale espionage campaign before it was recently neutralized, researchers and authorities said Tuesday. Forest Blizzard, also known as APT28 and Fancy Bear, exploited known vulnerabilities to steal credentials for thousands of TP-Link…

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

5 ways to strengthen identity security and improve attack resilience

Identity compromise has become one of the most effective ways for attackers to infiltrate business systems. Firewalls, endpoint protection, and monitoring tools mean little once an attacker logs in using valid credentials. For MSPs and corporate IT teams, strengthening identity security and enforcing least privilege access are two of the most powerful ways to reduce…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, malware

Iranian hackers launching disruptive attacks at U.S. energy, water targets, feds warn

Iranian government hackers are launching disruptive cyberattacks on American energy and water infrastructure, U.S. government agencies “urgently” warned Tuesday. The hackers are taking aim at devices and systems that control industrial processes, and have harmed victims in the last month following the onset of U.S.-Israel strikes against Iran, according to the joint alert from the…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management

NomShub Vulnerability Chain Exposes Hidden Risks in AI Coding Tools

A vulnerability chain in an AI-powered code editor is raising alarms about how autonomous developer tools can be turned against their users.  Dubbed NomShub, the flaw allows attackers to gain persistent shell access simply by luring a developer into opening a malicious repository — no traditional exploit required. “When an AI agent can execute shell…

Read more →

AI, Exploits, Global Security News, Government & Policy, malware, Network Security, Russia

Russia Hacked Routers to Steal Microsoft Office Tokens

Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code. Microsoft…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware

Cybercrime losses jumped 26% to $20.9 billion in 2025

Cybercrime remains a booming business.  Annual cybercrime losses amounted to almost $20.9 billion last year, reflecting a 26% increase from 2024, the FBI’s Internet Crime Complaint Center (IC3) said in its annual report Tuesday. The comprehensive study exposes a worsening digital crime environment that is driving financial losses, with momentum moving in the wrong direction…

Read more →

AI, APAC, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Risk Management

ClickFix Meets AI: A Multi-Platform Attack Targeting macOS in the Wild

For years, macOS environments carried an aura of relative safety. Not immunity, but lower priority in the threat landscape. That perception has aged about as well as an unpatched server.  The reality in 2026 is very different. Apple devices now make up a significant share of corporate endpoints. And they sit in the hands of the people attackers most want…

Read more →

AI, APAC, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Risk Management

ClickFix Meets AI: A Multi-Platform Attack Targeting macOS in the Wild

For years, macOS environments carried an aura of relative safety. Not immunity, but lower priority in the threat landscape. That perception has aged about as well as an unpatched server.  The reality in 2026 is very different. Apple devices now make up a significant share of corporate endpoints. And they sit in the hands of the people attackers most want…

Read more →

AI, Exploits, Global Security News, malware, Network Security

Phishing LNK files and GitHub C2 power new DPRK cyber attacks

DPRK-linked hackers use GitHub C2s, starting attacks via phishing LNK files that drop a PDF and PowerShell script in South Korea. North Korea-linked threat actors target South Korean organizations using GitHub as C2 servers. The attack chain starts with phishing emails carrying obfuscated LNK files that drop a decoy PDF and a PowerShell script to…

Read more →

AI, Cybersecurity, Global Security News, malware, Russia

BKA unmasks two REvil Ransomware operators behind 130+ German attacks

German police BKA identified two key REvil ransomware members, linking them to over 130 attacks in Germany. Germany’s Federal Criminal Police (BKA) has identified two key figures behind the REvil ransomware group, linking them to more than 130 attacks in the country. The first suspect is Daniil Maksimovich Shchukin (31), a Russian national known online…

Read more →

AI, Apps, Exploits, Global Security News, malware, Network Security

North Korean hackers abuse LNKs and GitHub repos in ongoing campaign

DPRK-linked threat actors are preferring stealth over sophistication in their targeting of South Korean organizations, as researchers report use of weaponized Windows shortcut (.LNK) files and GitHub-based command-and-control (C2) channels in a new campaign. According to new Fortinet findings, a series of attacks that began in 2024 were found using a multi-stage scripting process and…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Risk Management

6 ways attackers abuse AI services to hack your business

Attackers are starting to exploit AI systems to mount attacks in the same way they once relied on built-in enterprise tools such as PowerShell. Instead of relying on malware, cybercriminals are increasingly abusing AI tools enterprises depend on — a trend some experts describe as living off the AI land. “We’re seeing it in things…

Read more →

AI, Cybersecurity, Global Security News, Government & Policy, malware, Network Security, Russia

Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab

An elusive hacker who went by the handle “UNKN” and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across…

Read more →

AI, Exploits, Global Security News, Government & Policy, malware, Network Security

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 91

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka   Converging Interests: Analysis of Threat Clusters Targeting a Southeast Asian Government RoadK1ll: A WebSocket Based Pivoting Implant    axios Compromised: npm Supply Chain Attack via Dependency Injection  …

Read more →

AI, china, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, privacy, Risk Management, Russia, Venture

Security Affairs newsletter Round 571 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Qilin ransomware group claims the hack of German political party Die Linke U.S. CISA adds a…

Read more →

AI, Data Breaches, Global Security News, malware, Network Security, Risk Management, Russia

Qilin ransomware group claims the hack of German political party Die Linke

Qilin ransomware claims it stole data from Germany’s Die Linke and threatens to leak it; the party confirmed the incident, but not a breach. The Qilin ransomware group claims it stole data from Die Linke, a German political party, and is threatening to release it. Die Linke is a left-wing political party in Germany. Its…

Read more →

AI, Cybersecurity, Data Breaches, Europe, Global Security News, malware, Network Security, Risk Management

European Commission breach exposed data of 30 EU entities, CERT-EU says

CERT-EU says a European Commission cloud hack exposed data from 30 EU entities and links the breach to the TeamPCP group. CERT-EU attributed a European Commission cloud breach to the TeamPCP threat group, revealing that data from at least 30 EU entities was exposed. The incident was publicly disclosed on March 27 after inquiries confirmed…

Read more →

AI, Data Breaches, Europe, Exploits, Global Security News, malware, Network Security

CERT-EU blames Trivy supply chain attack for Europa.eu data breach

The European Union’s Computer Emergency Response Team, CERT-EU, has traced last week’s theft of data from the Europa.eu platform to the recent supply chain attack on Aqua Security’s Trivy open-source vulnerability scanner. The attack on the AWS cloud infrastructure hosting the Europa.eu web hub on March 24 resulted in the theft of 350 GB of…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

High-Severity Vulnerabilities, Supply Chain Breaches, and AI Threats Redefine Cybersecurity This Week

Major Threats & Vulnerabilities High-Severity Flaws A newly disclosed Cisco IMC vulnerability (CVSS 9.8) allows unauthenticated attackers to gain full administrative access to UCS servers. Cisco has issued patches, and while no active exploitation has been observed, immediate updates are strongly advised. In another critical discovery, a GIGABYTE Control Center flaw enables remote code execution…

Read more →

AI, Global Security News, malware, Russia

CrystalX RAT: new MaaS malware combines spyware, stealer, and remote access

CrystalX RAT, a new sophisticated MaaS malware, combines spyware, data theft, and remote access, allowing attackers to monitor victims. In March 2026, Kaspersky researchers uncovered a Telegram-based campaign promoting a previously unknown malware sold as a MaaS with three subscription tiers. The Trojan offers a wide range of features, including RAT capabilities, data theft, keylogging,…

Read more →

Cybersecurity, Exploits, Global Security News, malware

Claude Code source leak exploited to spread malware

A source code leak involving Anthropic’s Claude Code tool quickly escalated into a cybersecurity threat, as attackers seized on the exposed files to lure developers into downloading malware disguised as “unlocked” versions of the software. Leaked Claude Code source code used as lure On March 31, 2026, Anthropic accidentally exposed online the source code of…

Read more →

Cybersecurity, Global Security News, malware

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems. The malware has been found to conceal itself within seemingly benign apps, such as enterprise messengers and food delivery services, while

Read more →

AI, Data Breaches, Global Security News, malware

Pro-Iran Handala group breached Israeli defence contractor PSK Wind Technologies

Iran-linked hackers claim to have breached Israeli air defence contractor PSK Wind, which develops command and control systems. Pro-Iran Handala group announced on April 2 that it breached PSK Wind Technologies, an Israeli engineering and IT firm specializing in integrated systems for defense and critical communications, including command and control solutions. Handala appears as a…

Read more →

AI, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

Crowdstrike 2026 Global Threat Report: Adversaries Use AI to Bypass Defenses

Attackers are moving faster, blending in better, and increasingly using AI to stay ahead of defenders. The Crowdstrike 2026 Global Threat Report highlights a shift toward stealthy, identity-driven attacks that are harder to detect and quicker to execute. “This is an AI arms race. Breakout time is the clearest signal of how intrusion has changed.…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

Claude Code Leak Exposes AI Supply Chain Threats

A leak involving Anthropic’s Claude Code has drawn attention from the cybersecurity and developer communities, exposing internal components of the AI coding agent and introducing potential risks for organizations. “The significance of this leak is in what the code reveals about AI agent architecture. The leak exposed approximately 512,000 lines of TypeScript across roughly 1,900…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware, Network Security

Cisco fixed critical and high-severity flaws

Cisco fixed critical flaws that could allow attackers to bypass authentication, run code, and gain access to sensitive data. Cisco released patches for two critical and six high-severity vulnerabilities. These flaws could let attackers bypass authentication, execute malicious code, escalate privileges, and access sensitive information. One of these critical flaws is CVE-2026-20093 (CVSS score of…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware

Akira ransomware group can achieve initial access to data encryption in less than an hour

The Akira ransomware group has compromised hundreds of victims over the past year with a well-honed attack lifecycle that has whittled down the time from initial access to encryption of data in less than four hours, according to cybersecurity firm Halcyon. Akira has been active since 2023, racking up at least $245 million in ransom…

Read more →

AI, Compliance, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, privacy

Jamf warns of massive app insecurities

“Be wary then; best safety lies in fear,” said Laertes to sister Ophelia in William Shakespeare’s Hamlet. That’s a quote that should be on the desk of every business professional, as the digital environment is full of danger.  Jamf provides us with a good look at what’s becoming a dangerous environment for Mac and iOS…

Read more →

AI, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

Hasbro Cyberattack: Timeline, Impact, and Industry Implications

Hasbro, the Rhode Island-based toy and game company that owns brands like Monopoly, Play-Doh, Peppa Pig, and Transformers, said in late March 2026 that someone had broken into its network without permission. On March 28, the intrusion was found, and Hasbro had to take parts of its systems offline while investigators and cybersecurity experts worked…

Read more →

AI, Global Security News, Government & Policy, malware, Russia

Threat actor UAC-0255 impersonate CERT-UA to spread AGEWHEEZE malware via phishing

Threat actors impersonated CERT-UA to send phishing emails with AGEWHEEZE malware, tricking victims into installing a fake “security tool.” A threat actor, tracked as UAC-0255, impersonated CERT-UA in a phishing campaign, sending emails to about 1 million users. The messages urged victims to download a password-protected archive from Files.fm and install a fake “specialized software,”…

Read more →

AI, Compliance, Cybersecurity, Global Security News, malware, Network Security, Risk Management

From Reactive to Proactive: 5 Steps to SOC Maturity with Threat Intelligence 

Reaching a higher level of SOC maturity takes better, more consistent decision-making during malware and phishing investigation.  This requires a shift in how threat intelligence is used: not as a reference point, but as a core layer in the decision process.  Moving from reactive to confidently proactive security means establishing a threat intelligence workflow that: Solve key challenges, from alert fatigue to blind spots  Integrate across SOC workflows, supporting them  Deliver compounding…

Read more →

AI, Compliance, Cybersecurity, Global Security News, malware, Network Security, Risk Management

From Reactive to Proactive: 5 Steps to SOC Maturity with Threat Intelligence 

Reaching a higher level of SOC maturity takes better, more consistent decision-making during malware and phishing investigation.  This requires a shift in how threat intelligence is used: not as a reference point, but as a core layer in the decision process.  Moving from reactive to confidently proactive security means establishing a threat intelligence workflow that: Solve key challenges, from alert fatigue to blind spots  Integrate across SOC workflows, supporting them  Deliver compounding…

Read more →

AI, Apps, china, Exploits, Global Security News, Government & Policy, malware, Network Security

TrueConf zero-day vulnerability exploited to target government networks

Suspected China-nexus attackers have leveraged a zero-day vulnerability (CVE-2026-3502) in the TrueConf client application to distribute malware within government networks in Southeast Asia, Check Point researchers discovered. Malicious client update attack chain (Source: Check Point) Trusted update mechanism turned into attack vector TrueConf is a videoconferencing platform designed to run on private local networks (LANs)…

Read more →

AI, Apps, Endpoint, Global Security News, malware

HYCU Expands R-Shield With Halcyon Ransomware Defense

HYCU has expanded its R-Shield cyber resilience platform through a new integration with Halcyon, adding advanced ransomware prevention and data exfiltration protection.  The update aims to address persistent gaps in enterprise security strategies, particularly the fragmentation of tools that limits organizations’ ability to detect, stop, and recover from modern ransomware attacks across hybrid and multi-cloud…

Read more →

AI, china, Europe, Global Security News, Government & Policy, malware, Russia

European-Chinese geopolitical issues drive renewed cyberespionage campaign

A Chinese cyberespionage group has shifted its gaze back to Europe after years of focusing on other parts of the world, Proofpoint research published Wednesday found. The surge began in mid-2025, with a bevy of issues bubbling up between China and Europe, the company said. Proofpoint labels the government-linked group TA416, but other companies track…

Read more →

AI, Exploits, Global Security News, malware

Google links Axios npm supply chain attack to North Korea-linked APT UNC1069

Google links the Axios npm supply chain attack to North Korean threat group UNC1069, targeting financial gain. Google has attributed the recent Axios npm supply chain compromise to a North Korean threat group tracked as UNC1069. The attack, aimed at financial gain, exploited the package to target developers and organizations relying on Axios. John Hultquist…

Read more →

AI, Apps, Cybersecurity, Global Security News, Government & Policy, malware, Network Security, Russia

UAC-0255 Attack Detection: Threat Actors Impersonate CERT-UA to Infect Ukrainian Public and Private Sector Organizations With AGEWHEEZE RAT

Phishing remains one of the most effective tools in the cybercriminal arsenal, especially when threat actors abuse the credibility of trusted institutions and familiar digital services to increase victim interaction. In late March 2026, CERT-UA revealed a phishing campaign tracked as UAC-0255 in which attackers impersonated the agency and attempted to infect organizations across Ukraine’s…

Read more →

AI, Europe, Global Security News, malware

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Metamorfo) via another malware called Horabot. The activity has been attributed to a Brazilian cybercrime threat actor tracked as Augmented Marauder and Water Saci. The e-crime group was first documented by Trend…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Global Security News, Government & Policy, malware, Network Security, Risk Management

Major Cyber Attacks in March 2026: OAuth Phishing, SVG Smuggling, Magecart, and More 

March 2026 brought a wave of cyber attacks that reflected how quickly modern threats can move from subtle early signals to serious business impact. ANY.RUN analysts identified and explored several major threats this month, exposing phishing campaigns, stealthy malware, payment-skimming activity, and resilient botnet infrastructure affecting organizations across industries. From Microsoft 365 token abuse and…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Global Security News, Government & Policy, malware, Network Security, Risk Management

Major Cyber Attacks in March 2026: OAuth Phishing, SVG Smuggling, Magecart, and More 

March 2026 brought a wave of cyber attacks that reflected how quickly modern threats can move from subtle early signals to serious business impact. ANY.RUN analysts identified and explored several major threats this month, exposing phishing campaigns, stealthy malware, payment-skimming activity, and resilient botnet infrastructure affecting organizations across industries. From Microsoft 365 token abuse and…

Read more →

AI, Exploits, Global Security News, malware

WhatsApp malware campaign uses malicious VBS files to gain persistent access

Microsoft is warning WhatsApp users of a new malware campaign that tricks them into executing malicious Visual Basic Script (VBS) files, ultimately enabling persistence and remote access. In a March 31 report, Microsoft Defender Experts said attackers have been distributing malicious Visual Basic Script (VBS) files through WhatsApp since at least late February, relying on…

Read more →

AI, Cybersecurity, Global Security News, malware

3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)

For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s next. Threat actors now use malware less frequently in favor of what’s already inside your environment, including abusing trusted tools, native binaries, and legitimate admin utilities to move laterally, escalate privileges, and persist without raising…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Funding, Global Security News, malware, Network Security, Risk Management

Security awareness is not a control: Rethinking human risk in enterprise security

Organizations have been responding to phishing, business email compromise, and credential theft in essentially the same manner for over ten years. They essentially follow a playbook that involves investing in awareness training, running phishing simulations, and requiring employees to complete annual security modules. The reason behind this is simple and the reasoning behind these efforts…

Read more →

AI, Apps, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management

SentinelOne autonomous detection blocks trojaned LiteLLM triggered by Claude Code

SentinelOne AI stopped a LiteLLM supply chain attack in seconds, blocking malicious code automatically without human intervention. SentinelOne’s AI-based security detected and blocked a supply chain attack involving a compromised LiteLLM package. SentinelOne’s macOS agent detected and stopped a malicious process chain triggered by Claude Code after it unknowingly installed a compromised LiteLLM package. The…

Read more →

AI, Endpoint, Global Security News, malware

Malware detectors trained on one dataset often stumble on another

Machine learning models built to catch malware on Windows systems are typically evaluated on data that closely resembles their training set. In practice, the malware arriving on enterprise endpoints looks different, comes from different sources, and in many cases has been deliberately obfuscated to evade detection. A study from researchers at the Polytechnic of Porto…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security

The Invisible Breach: How AI Agents Became the Most Dangerous Attack Surface of 2025–2026

The Attack That Requires No Click In June 2025, Microsoft patched a critical vulnerability in Microsoft 365 Copilot — one that its discoverers at Aim Security described as something that had never been seen before. A threat actor needed only to send a carefully crafted email to any employee within a target organization. No link.…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management

Axios npm Attack Deploys Cross-Platform RAT

A brief compromise of the popular Axios npm package shows how quickly a trusted dependency can become a widespread threat.  Attackers hijacked a maintainer account and published malicious versions that silently installed a remote access trojan (RAT) during routine package installs, putting developer environments and CI/CD pipelines at risk. “While traditional risks like manual dependency…

Read more →

AI, Exploits, Global Security News, Government & Policy, malware, Risk Management

5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wild

A vulnerability misclassified five months ago as a denial-of-service issue in F5 BIG-IP Access Policy Manager (APM) turned out to be a critical pre-authentication remote code execution flaw that is now under active exploitation. Hackers are using it to deploy a persistent malware program that runs with root privileges. The CVE-2025-53521 vulnerability was first disclosed…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, malware

Attack on axios software developer tool threatens widespread compromises

A hacker briefly delivered malware this week through a popular open-source project for software developers that has an estimated 100 million weekly downloads, raising the possibility of compromises spreading widely through a supply-chain attack. Axios is a JavaScript client library used in web requests. The unknown attacker hijacked the npm account — npm being a…

Read more →

AI, Apps, Exploits, Global Security News, malware, Risk Management

New Bitdefender assessment helps organizations identify and eliminate hidden internal attack paths

Bitdefender has announced the Bitdefender Internal Attack Surface Assessment, a complimentary evaluation that helps organizations identify and reduce hidden internal cyber risks caused by unnecessary user access to applications, tools, and operating system utilities commonly exploited in attacks. The assessment provides organizations with a data-driven view of their internal attack surface and offers actionable guidance…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Risk Management

Release Notes: Cross-Platform Threat Analysis with macOS, SSL Decryption, and 1,300+ New Detections 

March was a packed month for ANY.RUN. We rolled out major product improvements that help security teams investigate phishing inside encrypted traffic, expand cross-platform analysis with macOS, and bring Windows Server into the sandbox workflow. At the same time, our detection team continued to strengthen threat coverage with new behavior signatures, Suricata rules, and fresh threat intelligence reports focused on active…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Risk Management

Release Notes: Cross-Platform Threat Analysis with macOS, SSL Decryption, and 1,300+ New Detections 

March was a packed month for ANY.RUN. We rolled out major product improvements that help security teams investigate phishing inside encrypted traffic, expand cross-platform analysis with macOS, and bring Windows Server into the sandbox workflow. At the same time, our detection team continued to strengthen threat coverage with new behavior signatures, Suricata rules, and fresh threat intelligence reports focused on active…

Read more →

AI, Apps, Exploits, Global Security News, malware, Network Security

Application Control Bypass for Data Exfiltration, (Tue, Mar 31st)

In case of a cyber incident, most organizations fear more of data loss (via exfiltration) than regular data encryption because they have a good backup policy in place. If exfiltration happened, it means a total loss of control of the stolen data with all the consequences (PII, CC numbers, …). While performing a security assessment of a…

Read more →

AI, Cybersecurity, Global Security News, malware

Cybersecurity jobs available right now: March 31, 2026

Android Malware Research Director Alice | Israel | On-site – View job details As an Android Malware Research Director, you will establish operational processes, workflows, and quality standards for the team, while integrating the function into existing infrastructure. You will act as the primary client interface, managing relationships, presenting research findings, and ensuring client satisfaction.…

Read more →

AI, Cybersecurity, Global Security News, malware

Researchers say credential-stealing campaign used AI to build evasion ‘at every stage’

A new malware-based credential-stealing campaign, which researchers are calling “DeepLoad,” has been infecting enterprise business IT environments over the past In a report released Monday, ReliaQuest AI researchers Thassanai McCabe and Andrew Currie say the most relevant feature of this attack is the way it uses artificial intelligence and other engineering “to defeat the controls…

Read more →

AI, china, Data Breaches, Endpoint, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security

China-Linked groups target Southeast Asian government with advanced malware in 2025

China-linked groups hit a Southeast Asian government in 2025, deploying multiple malware families in a sophisticated cyber campaign. In 2025, three China-linked threat clusters targeted a Southeast Asian government in a complex, well-funded cyber operation. Threat actors deployed numerous malware types, including HIUPAN, PUBLOAD, EggStremeFuel/Loader, MASOL RAT, PoshRAT, TrackBak Stealer, Hypnosis Loader, and FluffyGh0st, showing…

Read more →

AI, Global Security News, malware

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad. “It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captures passwords and sessions even if the primary loader is blocked,” ReliaQuest researchers…

Read more →