Geek-Guy.com

Category: Russia

Auto Added by WPeMatico

AI, china, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management, Russia

Security Leaders Warn of Cyber Risks Tied to Iran Conflict

The escalating confrontation between the United States and Iran is raising concerns among cybersecurity agencies and security leaders, who have warned businesses to be on alert for a potential increase in cyberattacks from the region. Governments warn of increased cyber activity linked to Iran conflict Official warnings from cybersecurity centers in the United States, the…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management, Russia

How AI Assistants are Moving the Security Goalposts

AI-based assistants or “agents” — autonomous programs that have access to the user’s computer, files, online services and can automate virtually any task — are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive new tools are rapidly shifting…

Read more →

AI, Apps, Global Security News, malware, Russia

Massive GitHub malware operation spreads BoryptGrab stealer

Trend Micro found BoryptGrab stealer spreading through 100+ GitHub repositories, stealing browser data, crypto wallets, system information, and user files. Trend Micro uncovered a campaign distributing the BoryptGrab information stealer through more than 100 GitHub repositories. BoryptGrab is designed to collect browser and cryptocurrency wallet data, system details, and common files. Some variants also deploy…

Read more →

AI, Apps, Europe, Global Security News, Government & Policy, malware, Network Security, privacy, Russia

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 87

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Malware Reverse Engineering is no longer a human problem!   StegaBin: 26 Malicious npm Packages Use Pastebin Steganography to Deploy Multi-Stage Credential Stealer   Inside a fake Google security check that becomes a browser RAT   SloppyLemming…

Read more →

AI, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, privacy, Risk Management, Russia, Venture

Security Affairs newsletter Round 566 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. FBI probing intrusion into a system managing sensitive surveillance information Reading White House President Trump’s Cyber…

Read more →

AI, china, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management, Russia

Zero-day exploits hit enterprises faster and harder

Google tracked 90 vulnerabilities exploited as zero-days last year, with Chinese cyberespionage groups doubling their count from 2024 and commercial surveillance vendors overtaking state-sponsored hackers for the first time. Nearly half of the recorded zero-days targeted enterprise technologies such as security appliances, VPNs, networking devices, and enterprise software platforms. “Increased exploitation of security and networking…

Read more →

AI, Europe, Exploits, Global Security News, Government & Policy, Russia

The Coruna exploit: Why iPhone users should be concerned

A new iPhone-hacking exploit has exposed the uncomfortable truth that when governments build offensive attacks, they eventually come for all of us. Revealed by Google’s Threat Intelligence Group (GTIG) and iVerify, the Coruna exploit can compromise iPhones running iOS 13 through to iOS 17.2.1, though Apple has secured its systems against this threat in iOS 26. What Coruna does Coruna…

Read more →

AI, Global Security News, Network Security, Russia

Phobos ransomware leader pleads guilty, faces up to 20 years in prison

Russian national Evgenii Ptitsyn pleaded guilty to running the Phobos ransomware outfit that extorted more than $39 million from more than 1,000 victims globally, the Justice Department said Wednesday. Ptitsyn assumed a leadership role in the Phobos ransomware group in January 2022, yet his criminal activities began by April 2019, according to court records. He…

Read more →

AI, china, Data Breaches, Exploits, Global Security News, Government & Policy, Politics, privacy, Russia

Congress Is Considering Abolishing Your Right to Be Anonymous Online

Sen. Marsha Blackburn, R-Tenn., speaks at a rally in support of the Kids Online Safety Act on Dec. 10, 2024, in Washington, D.C. Photo: Jemal Countess/Getty Images for Accountable Tech In August 2024, the Biden administration hosted hundreds of influencers at the White House for the first-ever Creator Economy Conference. Neera Tanden, a senior Biden adviser,…

Read more →

AI, Global Security News, Government & Policy, malware, Russia

Russian APT targets Ukraine with BadPaw and MeowMeow malware

Researchers uncovered a Russian campaign targeting Ukrainian entities with new malware families BadPaw and MeowMeow delivered through phishing emails. Researchers reported a phishing campaign linked to Russia that targets Ukrainian organizations using two new malware families, BadPaw and MeowMeow. The attack chain begins with a phishing email carrying a link to a ZIP archive. When…

Read more →

AI, Apps, china, Exploits, Global Security News, malware, Network Security, Risk Management, Russia

Coruna iOS exploit kit moved from spy tool to mass criminal campaign in under a year

Google’s threat intelligence researchers have identified a sophisticated exploit kit targeting iPhones that was first used by a commercial surveillance vendor’s customer before being repurposed by a suspected Russian espionage group and then by Chinese cybercriminals, highlighting what researchers describe as an active secondary market for high-end zero-day exploits. “How this proliferation occurred is unclear,…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management, Russia

Coruna iOS Exploit Kit Compromises Thousands of iPhones

An iOS exploit framework has revealed how advanced mobile attack tools can move rapidly from surveillance operations to espionage and financial crime.  Google’s Threat Intelligence Group (GTIG) identified Coruna, a powerful exploit kit containing 23 vulnerabilities across five exploit chains that were used to compromise thousands of iPhones throughout 2025. “The core technical value of…

Read more →

AI, Cybersecurity, Global Security News, malware, Russia

APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine

Cybersecurity researchers have disclosed details of a new Russian cyber campaign that has targeted Ukrainian entities with two previously undocumented malware families named BadPaw and MeowMeow. “The attack chain initiates with a phishing email containing a link to a ZIP archive. Once extracted, an initial HTA file displays a lure document written in Ukrainian concerning…

Read more →

AI, china, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia

State-affiliated hackers set up for critical OT attacks that operators may not detect

Several state-linked threat groups known for breaking into operational technology (OT) networks have shifted their focus over the past year from gaining and maintaining access to actively mapping out ways to disrupt physical industrial processes. The shift poses a significant threat because fewer than one in 10 OT networks have monitoring in place to detect…

Read more →

AI, Apps, Exploits, Global Security News, malware, Network Security, Russia

Microsoft leads takedown of Tycoon2FA phishing service infrastructure

The infrastructure hosting the Tycoon2FA service, which Europol said was among the largest phishing operations worldwide, has been taken down by a coalition of IT companies and law enforcement agencies. At least temporarily, this removes access to one more tool for evading multifactor authentication defenses from threat actors. Europol, which coordinated the operation, said Wednesday…

Read more →

AI, Compliance, Cybersecurity, Endpoint, Exploits, Global Security News, Government & Policy, Network Security, privacy, Risk Management, Russia

How a cybersecurity boss framed his own employee

When a top cybersecurity firm discovered it had a leak, you would expect the FBI to be called. Instead, the person put in charge of the investigation was the actual leaker… who promptly sent an innocent colleague into a career-ending ambush. In this episode, we unravel the jaw-dropping tale of a defence contractor caught selling…

Read more →

AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Network Security, Risk Management, Russia

AI-powered attack kits go open source, and CyberStrikeAI may be just the beginning

AI is making it ever easier for bad actors to launch attacks, and a newly-identified open source platform, CyberStrikeAI, seems to be lowering the bar even further. The platform packages end-to-end attack automation into a single AI-native orchestration engine, and is linked to the threat actor behind the recent campaign that breached hundreds of Fortinet…

Read more →

AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Network Security, Risk Management, Russia

AI-powered attack kits go open source, and CyberStrikeAI may be just the beginning

AI is making it ever easier for bad actors to launch attacks, and a newly-identified open source platform, CyberStrikeAI, seems to be lowering the bar even further. The platform packages end-to-end attack automation into a single AI-native orchestration engine, and is linked to the threat actor behind the recent campaign that breached hundreds of Fortinet…

Read more →

AI, china, Cybersecurity, Exploits, Global Security News, Government & Policy, Russia

Possible U.S.-developed exploits linked to first known ‘mass’ iOS attack

An exploit kit that may have originated from a leaked U.S. government framework is behind what researchers are calling the first mass-scale attack on iOS, the operating system for Apple’s iPhones. Traces of the exploits, found in the work of Chinese cybercriminals, also have been spotted in Russian attacks on Ukraine and used by a…

Read more →

AI, china, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia

NCSC Warns UK Organisations to Prepare for Potential Iran-Linked Cyber Activity

Geopolitical conflict rarely stays confined to physical battlefields. Increasingly, it spills into the digital domain. The latest escalation of tensions in the Middle East has prompted the UK’s National Cyber Security Centre (NCSC) to issue a warning to organisations to review their cyber security posture and prepare for possible cyber activity linked to Iran. While…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, Network Security, Russia

Ariomex, Iran-based crypto exchange, suffers data leak

Resecurity says Iran’s Ariomex crypto exchange suffered a data leak exposing user and transaction data from 2022 to 2025. Resecurity (USA) reports that Ariomex’s database, one of Iran’s cryptocurrency exchange platforms, suffered a data leak. The report published by the cybersecurity company presents the findings of a structured analysis of the leaked database, which contains…

Read more →

AI, Cybersecurity, Global Security News, Risk Management, Russia

Middle east crisis prompts UK NCSC warning on potential Iranian cyber activity

UK’s NCSC warns of potential Iranian cyberattacks as Middle East tensions rise, urging vigilance from exposed organizations. The UK’s National Cyber Security Centre (NCSC) has warned organizations of a potential increase in Iranian cyber threats amid the escalating Middle East conflict. While it sees no immediate shift in the direct threat to Britain, officials stress…

Read more →

AI, Exploits, Global Security News, Russia

Russia-linked APT28 exploited MSHTML zero-day CVE-2026-21513 before patch

Russia-linked APT28 reportedly exploited MSHTML zero-day CVE-2026-21513 before Microsoft patched it, a high-severity bypass flaw. Akamai reports that Russia-linked APT28 may have exploited CVE-2026-21513 CVSS score of 8.8), a high-severity MSHTML vulnerability (CVSS 8.8), before Microsoft patched it in February 2026. The vulnerability is an Internet Explorer security control bypass that can lead to code…

Read more →

AI, Exploits, Global Security News, Russia

APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday

A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai. The vulnerability in question is CVE-2026-21513 (CVSS score: 8.8), a high-severity security feature bypass affecting the MSHTML Framework. “Protection mechanism failure in MSHTML Framework allows an unauthorized

Read more →

AI, china, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia

Security Affairs newsletter Round 565 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Canadian Tire 2025 data breach impacts 38 million users Iran ’s Internet near-totally blacked out amid…

Read more →

AI, Compliance, Exploits, Global Security News, Government & Policy, Network Security, privacy, Risk Management, Russia

MY TAKE: The Pentagon punished Anthropic for red lines it accepted from OpenAI hours later

KINGSTON, Wash. — On Friday afternoon, President Trump ordered every federal agency to stop using Anthropic’s AI technology. Defense Secretary Pete Hegseth followed by designating the company a “supply-chain risk to national security,” a label the government typically reserves for companies like Huawei. Related: Claude’s memory vs. ChatGpt’s Anthropic’s offense: refusing to remove contract provisions…

Read more →

AI, APAC, Cloud Security, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Network Security, privacy, Risk Management, Russia

Zero-Days, Data Breaches, and AI Risks Define This Week’s Cybersecurity Landscape

Major Threats & Vulnerabilities Zero-Day Exploits and Critical CVEs Cisco SD-WAN Zero-Day Grants Root Access has been actively exploited since 2023, allowing attackers to bypass authentication and gain root privileges. Cisco urges administrators to patch immediately, secure management planes, and monitor for rogue peers. ServiceNow AI Platform Vulnerability could allow unauthenticated remote code execution through…

Read more →

AI, Exploits, Global Security News, Government & Policy, Russia

US authorities punish sellers of malware and spyware

The US authorities have made it clear that they will have no truck with any individuals trying to by-pass regulations on trading cyberweapons with hostile powers. Selling sensitive cyber-exploit components to a Russian company landed Australian citizen Peter Williams with an 87-month prison sentence from the US District Court for the District of Columbia on…

Read more →

AI, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, Network Security, Risk Management, Russia

Treasury Sanctions Russian Exploit Brokerage

The U.S. government has imposed sanctions on a foreign exploit brokerage accused of purchasing and reselling stolen government cyber tools under the Protecting American Intellectual Property Act (PAIPA).  This action targets Operation Zero, a Russia-linked exploit broker, and signals a tougher stance against markets that monetize zero-day vulnerabilities tied to national security systems.  “If you…

Read more →

Exploits, Global Security News, Russia

Ex-L3Harris executive sentenced to 87 months for selling stolen cyber-exploit trade secrets

Peter Williams, a former executive of Trenchant, L3Harris’ cyber division, has been sentenced to 87 months in prison by a federal judge in Washington, D.C., after pleading guilty to stealing and selling sensitive cyber-exploit trade secrets to a Russian broker. Williams admitted his actions caused the defense contractor an estimated $35 million in losses. The…

Read more →

AI, Apps, Exploits, Global Security News, Government & Policy, Russia

Former U.S. Defense contractor executive sentenced for selling zero-day exploits to Russian broker Operation Zero

A former employee at U.S. defense contractor L3Harris got over 7 years in prison for selling eight zero-days to a Russian broker. Peter Williams, a 39-year-old Australian former L3Harris employee, received a prison sentence of just over seven years for selling eight zero-day exploits to the Russian broker Operation Zero for millions. Williams pleaded guilty…

Read more →

AI, china, Global Security News, Government & Policy, Russia

Chinese group’s ChatGPT use reveals worldwide harassment campaign against critics

A Chinese law enforcement official attempted to use ChatGPT to review its reports on cyber operations, subsequently revealing details of a worldwide online harassment and silencing campaign of China’s critics at home and abroad. In a new threat report released Wednesday, OpenAI said the activity concerned a single account that regularly used ChatGPT to review…

Read more →

AI, Exploits, Global Security News, Russia

Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker

A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of dollars. Peter Williams pleaded guilty to two counts of theft of trade secrets in October…

Read more →

AI, APAC, Cybersecurity, Data Breaches, Global Security News, Risk Management, Russia

Boards don’t need cyber metrics — they need risk signals

Security teams live in a world of numbers. Dashboards depict counts of blocked attacks, phishing clicks, vulnerabilities discovered, patches applied, alerts triaged, and incidents closed. Over the past decade, the cybersecurity industry has become adept at measuring activity with increasing precision. Experts say what remains far less consistent is whether those measurements help boards govern…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Russia

Ex-L3Harris executive sentenced to 87 months in prison for selling zero-day exploits to Russian broker

An ex-L3 Harris executive was sentenced to over seven years in prison Tuesday after pleading guilty to selling eight zero-day exploits to a Russian broker in exchange for millions of dollars. Williams, 39, admitted to two counts of theft of trade secrets in U.S. District Court in Washington, D.C., last year, acknowledging he took at…

Read more →

AI, Europe, Global Security News, Russia

UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware

A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible expansion of the threat actor’s targeting beyond Ukraine and into entities supporting the war-torn nation. The activity, which targeted an unnamed entity involved in regional

Read more →

AI, Endpoint, Europe, Exploits, Global Security News, Government & Policy, malware, Russia

Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration

Russia-linked APT28 targeted European entities with a webhook-based macro malware campaign called Operation MacroMaze. Russia-linked APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) launched Operation MacroMaze, targeting select entities in Western and Central Europe from September 2025 to January 2026. The campaign used webhook-based macro malware, leveraging simple tools and legitimate services for infrastructure and data…

Read more →

AI, china, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security, Russia

The rise of the evasive adversary

Since the earliest days of the internet, there has never been a let-up in adversarial activity. According to CrowdStrike’s just-released 12th annual Global Threat Report, malicious activity in cyberspace continues to not only accelerate but also expand its scale and increasingly abuse the trust of targeted organizations. The good news is that, despite discussion of…

Read more →

AI, Europe, Exploits, Global Security News, Russia

APT28 Targeted European Entities Using Webhook-Based Macro Malware

The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe. The activity, per S2 Grupo’s LAB52 threat intelligence team, was active between September 2025 and January 2026. It has been codenamed Operation MacroMaze. “The campaign relies on basic tooling and the exploitation…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management, Russia

AWS Threat Intel Finds 600+ FortiGate Devices Hit 

A financially motivated cybercriminal has used commercial generative AI tools to compromise more than 600 FortiGate devices across 55 countries — without exploiting specific software vulnerabilities. This “… campaign succeeded by exploiting exposed management ports and weak credentials with single-factor authentication, fundamental security gaps that AI helped an unsophisticated actor exploit at scale,” said CJ…

Read more →

AI, china, Exploits, Global Security News, Network Security, Russia

AI-powered campaign compromises 600 FortiGate systems worldwide

A Russian-speaking cybercriminal used commercial generative AI tools to hack over 600 FortiGate devices across 55 countries. Amazon Threat Intelligence reports that a Russian-speaking, financially motivated threat actor used commercial generative AI services to compromise more than 600 FortiGate devices in 55 countries. The activity, observed between January 11 and February 18, 2026, highlights how…

Read more →

AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, Russia

Security Affairs newsletter Round 564 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog PayPal discloses extended data…

Read more →

AI, Exploits, Global Security News, Russia

AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries

A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries. That’s according to new findings from Amazon Threat Intelligence, which said it observed the activity between January 11 and February 18, 2026. “No exploitation of FortiGate

Read more →

AI, Compliance, Europe, Exploits, Global Security News, Network Security, Russia

AI-augmented threat actor accesses FortiGate devices at scale

Commercial AI services are enabling even unsophisticated threat actors to conduct cyberattacks at scale—a trend Amazon Threat Intelligence has been tracking closely. A recent investigation illustrates this shift: Amazon Threat Intelligence observed a Russian-speaking financially motivated threat actor leveraging multiple commercial generative AI services to compromise over 600 FortiGate devices across more than 55 countries…

Read more →

AI, Europe, Global Security News, Government & Policy, Russia

Germany’s national rail operator Deutsche Bahn hit by a DDoS attack

Germany’s national rail operator, Deutsche Bahn, suffered a major DDoS attack that disrupted booking and information systems for several hours. Germany’s rail operator Deutsche Bahn was hit by a large-scale DDoS attack that disrupted information and booking systems for several hours. The cyberattack affected IT operations, causing delays and service interruptions. At this time, the…

Read more →

AI, Global Security News, Network Security, Russia

Public mobile networks are being weaponized for combat drone operations

On June 1, 2025, Ukraine launched a coordinated drone strike on five airfields inside Russia, disabling or destroying aircrafts. The attack involved more than 100 drones carrying explosive payloads and targeting aircraft on the ground. The drones used mobile networks to transmit telemetry, receive instructions, and send back images during the operation, highlighting the integration…

Read more →

AI, Apps, Endpoint, Global Security News, malware, Network Security, Risk Management, Russia

Keenadu: Android malware that comes preinstalled and can’t be removed by users

There’s too little a user can do when hit with a complex Android malware that comes preinstalled on their new smartphone or tablet. Security researchers at Kaspersky have flagged a multifaceted Android malware dubbed Keenadu that can ship preinstalled via device firmware, compromising users before they even complete setup. “Keenadu serves as a reminder that…

Read more →

AI, Global Security News, malware, Russia

Keenadu backdoor found preinstalled on Android devices, powers Ad fraud campaign

Kaspersky uncovered Keenadu, an Android backdoor used for ad fraud that can even take full control of devices. Kaspersky has identified a new Android malware called Keenadu. It can be preinstalled in device firmware, hidden inside system apps, or even distributed via official stores like Google Play. Currently used for ad fraud by turning infected…

Read more →

AI, Cybersecurity, Global Security News, Russia

Keenadu Firmware Backdoor Infects Android Tablets via Signed OTA Updates

A new Android backdoor that’s embedded deep into the device firmware can silently harvest data and remotely control its behavior, according to new findings from Kaspersky. The Russian cybersecurity vendor said it discovered the backdoor, dubbed Keenadu, in the firmware of devices associated with various brands, including Alldocube, with the compromise occurring during the firmware…

Read more →

AI, Data Breaches, Global Security News, Government & Policy, malware, Network Security, Russia

Polish cybercrime Police arrest man linked to Phobos ransomware operation

Officers from Poland’s Central Bureau of Cybercrime Control (CBZC) police arrested a 47-year-old man linked to the Phobos ransomware operation. Polish authorities arrested a 47-year-old man suspected of involvement in cybercrime and linked him to the Phobos ransomware operation. Police said they discovered evidence of illegal activities on his seized devices. “Officers from the Central…

Read more →

AI, APAC, china, Cybersecurity, Funding, Global Security News, Network Security, Risk Management, Russia

Why ‘secure-by-design’ systems are non-negotiable in the AI era

Moody’s recently reported that global investment in data centers will surpass $3 trillion over the next five years, driven by AI capacity growth and hyperscaler demand. As big tech companies, banks, and institutional investors pour capital into these projects, data center developers and their financial sponsors must prioritze cybersecurity. Moody’s said that data center investments…

Read more →

AI, Global Security News, malware, Russia

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 84

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT Breaking Down ZeroDayRAT – New Spyware Targeting Android and iOS Old-School IRC, New Victims: Inside the Newly Discovered SSHStalker Linux Botnet   Reynolds: Defense Evasion Capability…

Read more →

AI, china, Cybersecurity, Data Breaches, Endpoint, Europe, Exploits, Global Security News, malware, Russia

Security Affairs newsletter Round 563 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Fintech firm Figure disclosed data breach after employee phishing attack U.S. CISA adds a flaw in…

Read more →

AI, Apps, Global Security News, Government & Policy, malware, Russia

Suspected Russian hackers deploy CANFAIL malware against Ukraine

A new alleged Russia-linked APT group targeted Ukrainian defense, government, and energy groups, with CANFAIL malware. Google Threat Intelligence Group identified a previously undocumented threat actor behind attacks on Ukrainian organizations using CANFAIL malware. The group is possibly linked to Russian intelligence services and has targeted defense, military, government, and energy entities at both regional…

Read more →

AI, Apps, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management, Russia

Malicious Chrome Extensions Hijack 500,000 VK Accounts in Stealth Campaign

More than 500,000 VKontakte users had their accounts silently manipulated by Chrome extensions that appeared to offer simple interface customization.  Koi researchers found the extensions delivered multi-stage malware that forced group subscriptions, reset account settings, and interfered with VK’s security protections.  Because “… the extensions update automatically, the attacker can push new malicious code to…

Read more →

AI, Global Security News, Government & Policy, malware, Russia

Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs

A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group (GTIG) described the hack group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have targeted defense, military, government, and energy organizations within the Ukrainian regional and

Read more →

AI, china, Data Breaches, Global Security News, Risk Management, Russia

Hackers Try to Clone Google’s Gemini With 100,000+ AI Probes

Google built Gemini to answer questions. Now attackers are using questions as lockpicks. In a surge of more than 100,000 carefully engineered prompts, threat actors have been hammering Google’s Gemini chatbot in what the company calls “model extraction” or “distillation” attacks. By systematically probing the system, adversaries attempt to reverse engineer the model’s underlying logic,…

Read more →

AI, china, Global Security News, Russia

Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations

Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base (DIB) sector, according to findings from Google Threat Intelligence Group (GTIG). The tech giant’s threat intelligence division said the adversarial targeting of the sector is centered around four key themes: striking…

Read more →

AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Risk Management, Russia

Google fears massive attempt to clone Gemini AI through model extraction

Google detected and blocked a campaign involving more than 100,000 prompts that it claimed were designed to copy the proprietary reasoning capabilities of its Gemini AI model, according to a quarterly threat report released by Google Threat Intelligence Group. The prompts looked like a coordinated attempt to perform model extraction or distillation, a machine-learning process…

Read more →

AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Risk Management, Russia

Google fears massive attempt to clone Gemini AI through model extraction

Google detected and blocked a campaign involving more than 100,000 prompts that it claimed were designed to copy the proprietary reasoning capabilities of its Gemini AI model, according to a quarterly threat report released by the company’s Threat Intelligence Group. The prompts looked like a coordinated attempt to perform model extraction or distillation, a machine-learning…

Read more →

AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Risk Management, Russia

Google: state-backed hackers exploit Gemini AI for cyber recon and attacks

Google says nation-state actors used Gemini AI for reconnaissance and attack support in cyber operations. Google DeepMind and GTIG report a rise in model extraction or “distillation” attacks aimed at stealing AI intellectual property, which Google has detected and blocked. While APT groups have not breached frontier models, private firms and researchers have tried to…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Russia

AI-Powered Knowledge Graph Generator & APTs, (Thu, Feb 12th)

Unstructured text to interactive knowledge graph via LLM & SPO triplet extraction Courtesy of TLDR InfoSec Launches & Tools again, another fine discovery in Robert McDermott’s AI Powered Knowledge Graph Generator. Robert’s system takes unstructured text, uses your preferred LLM and extracts knowledge in the form of Subject-Predicate-Object (SPO) triplets, then visualizes the relationships as an interactive knowledge graph.[1]…

Read more →

AI, APT, china, Cybersecurity, Global Security News, Government & Policy, malware, Russia, Technology

Google finds state-sponsored hackers use AI at ‘all stages’ of attack cycle 

A new report from Google found evidence that state-sponsored hacking groups have leveraged AI tool Gemini at nearly every stage of the cyber attack cycle. The research underscores how AI tools have matured in their cyber offensive capabilities, even as it doesn’t reveal novel or paradigm shifting uses of the technology. John Hultquist, chief analyst…

Read more →

AI, Compliance, Cybersecurity, Global Security News, Network Security, privacy, Russia

AI was not plotting humanity’s demise. Humans were

AI bots are having existential crises, inventing religions, and allegedly plotting against humanity… or so the internet would have you believe. We dig into Moltbook, the “AI-only” social network that sent Twitter into a meltdown, attracted breathless talk of the singularity, and turned out to be far less Terminator and far more humans role-playing as…

Read more →

AI, Cybersecurity, Denial of Service, Global Security News, Law & order, Network Security, Podcast, Russia, Security threats

Smashing Security podcast #454: AI was not plotting humanity’s demise. Humans were

AI bots are having existential crises, inventing religions, and allegedly plotting against humanity… or so the internet would have you believe. We dig into Moltbook, the “AI-only” social network that sent Twitter into a meltdown, attracted breathless talk of the singularity, and turned out to be far less Terminator and far more humans role-playing as…

Read more →

AI, Apps, Compliance, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management, Russia

Global Group ransomware gang running new campaign using Windows shortcut files

When Microsoft patched a vulnerability last summer that allowed threat actors to use Windows’ shortcut (.lnk) files in exploits, defenders might have hoped use of this tactic would decline. They were wrong. According to researchers at Forcepoint, a new high-volume phishing campaign spreading the Global Group ransomware has been detected that hopes to sucker employees…

Read more →

AI, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Geopolitics, Global Security News, Government, Government & Policy, malware, Research, Russia

After major Poland energy grid cyberattack, CISA issues warning to U.S. audience

A recent attempt at a destructive cyberattack on Poland’s power grid has prompted the Cybersecurity and Infrastructure Security Agency to publish a warning for U.S. critical infrastructure owners and operators. Tuesday’s alert follows a Jan. 30 report from Poland’s Computer Emergency Response Team concluded the December attack overlapped significantly with infrastructure used by a Russian…

Read more →

AI, ai safety, china, Cybersecurity, Europe, Exploits, Geopolitics, Global Security News, Government, Government & Policy, Politics, privacy, Risk Management, Russia

Critics warn America’s ‘move fast’ AI strategy could cost it the global market

The Trump administration has made U.S. dominance in artificial intelligence a national priority, but some critics say a light-touch approach to regulating security and safety in U.S. models is making it harder to promote adoption in other countries. White House officials have said since taking office that Trump intended to move away from predecessor Joe…

Read more →

AI, Exploits, Global Security News, Russia

Quick Howto: Extract URLs from RTF files, (Mon, Feb 9th)

Malicious RTF (Rich Text Format) documents are back in the news with the exploitation of CVE-2026-21509 by APT28. The malicious RTF documents BULLETEN_H.doc and Consultation_Topics_Ukraine(Final).doc mentioned in the news are RTF files (despite their .doc extension, a common trick used by threat actors). Here is a quick tip to extract URLs from RTF files. Use the following…

Read more →

AI, Exploits, Global Security News, Russia

Quick Howto: Extract URLs from RTF files, (Mon, Feb 9th)

Malicious RTF (Rich Text Format) documents are back in the news with the exploitation of CVE-2026-21509 by APT28. The malicious RTF documents BULLETEN_H.doc and Consultation_Topics_Ukraine(Final).doc mentioned in the news are RTF files (despite their .doc extension, a common trick used by threat actors). Here is a quick tip to extract URLs from RTF files. Use the following…

Read more →

AI, Exploits, Global Security News, Russia

Quick Howto: Extract URLs from RTF files, (Mon, Feb 9th)

Malicious RTF (Rich Text Format) documents are back in the news with the exploitation of CVE-2026-21509 by APT28. The malicious RTF documents BULLETEN_H.doc and Consultation_Topics_Ukraine(Final).doc mentioned in the news are RTF files (despite their .doc extension, a common trick used by threat actors). Here is a quick tip to extract URLs from RTF files. Use the following…

Read more →

AI, Cybersecurity, Global Security News, Russia

Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign

The threat actor known as Bloody Wolf has been linked to a campaign targeting Uzbekistan and Russia to infect systems with a remote access trojan known as NetSupport RAT. Cybersecurity vendor Kaspersky is tracking the activity under the moniker Stan Ghouls. The threat actor is known to be active since at least 2023, orchestrating spear-phishing…

Read more →

AI, Breaking News, china, Cybercrime, Cybersecurity, data breach, Data Breaches, Exploits, Global Security News, Government & Policy, hacking, malware, Network Security, Risk Management, Russia, Security

Security Affairs newsletter Round 562 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Italian university La Sapienza still offline to mitigate recent cyber attack CISA pushes Federal agencies to…

Read more →

AI, Breaking News, china, Cybercrime, Cybersecurity, data breach, Data Breaches, Exploits, Global Security News, Government & Policy, hacking, malware, Network Security, Risk Management, Russia, Security

Security Affairs newsletter Round 562 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Italian university La Sapienza still offline to mitigate recent cyber attack CISA pushes Federal agencies to…

Read more →

AI, Breaking News, cyber crime, Cybersecurity, Data Breaches, Europe, Global Security News, hacking, malware, Network Security, Russia, Security

Italian university La Sapienza still offline to mitigate recent cyber attack

Rome’s La Sapienza University was hit by a cyberattack that disrupted IT systems and caused widespread operational issues. Since February 2, Rome’s La Sapienza University, one of the most important Italian universities, has been offline due to a cyberattack. For days, students have been unable to book exams, check tuition payments, or access faculty contacts.…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, News, Risk Management, Russia, Threats

10,000+ Active Infections Traced to SystemBC Botnet

Security researchers at Silent Push identified more than 10,000 unique IPs infected with SystemBC, a proxy malware commonly used as an early foothold in ransomware attacks. Using a custom SystemBC tracking fingerprint, analysts mapped a globally distributed botnet that includes compromised systems supporting government infrastructure.  “SystemBC proxies traffic through compromised systems and acts as a…

Read more →

AI, Breaking News, Cybersecurity, DDoS, Global Security News, Government & Policy, hacking, hacktivism, information security news, Russia

Pro-Russian group Noname057(16) launched DDoS attacks on Milano Cortina 2026 Winter Olympics

Italy stopped Russian-linked cyberattacks targeting Foreign Ministry offices and Winter Olympics websites and hotels, Foreign Minister Tajani said. Italy has thwarted a series of Russian-linked cyberattacks aimed at Foreign Ministry offices, including one in Washington, as well as Winter Olympics websites and hotels in Cortina d’Ampezzo, according to Foreign Minister Antonio Tajani. “We have foiled…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →