Geek-Guy.com

Tag: actors

Endpoint, Exploits, Global Security News

Simplify security management with CIS SecureSuite Platform

New operating systems prioritize usability, a reality which threat actors use to exploit security gaps. Every misconfiguration creates an opportunity for compromise, and lean teams struggle in their security management efforts to harden hundreds or thousands of endpoints. CIS SecureSuite Membership simplifies the process with tools, benefits, and resources for implementing the secure recommendations of…

Read more →

AI, Endpoint, Exploits, Global Security News, malware

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware. “The campaign abused trusted endpoint management infrastructure to deliver malware across managed endpoints,” Arctic Wolf said. “Threat actors disguised the credential stealer payload as a Fortinet endpoint

Read more →

AI, Apps, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management

TeamPCP Compromised LiteLLM in AI Supply Chain Attack

A supply chain attack targeting the open-source AI ecosystem shows how threat actors are increasingly abusing developer tools and AI infrastructure to steal credentials and compromise cloud environments.  Researchers found that TeamPCP compromised LiteLLM, a widely used open-source Python library that connects applications to more than 100 LLM providers through OpenAI-compatible APIs.   The attack reportedly…

Read more →

AI, Exploits, Global Security News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost’s Content API that could allow an unauthenticated attacker to read…

Read more →

AI, Global Security News

GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials

In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. “Every existing tag in the repository has been moved to point to an imposter commit that does not appear in the action’s normal…

Read more →

AI, Endpoint, Exploits, Global Security News

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of public disclosure. The vulnerability in question is CVE-2026-44338 (CVSS score: 7.3), a case of missing authentication that exposes sensitive endpoints to anyone, potentially allowing an attacker to invoke the

Read more →

Exploits, Global Security News, Network Security

PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage

Palo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully exploit a recently disclosed critical security flaw as early as April 9, 2026. The vulnerability in question is CVE-2026-0300 (CVSS score: 9.3/8.7), a buffer overflow vulnerability in the User-ID Authentication Portal service of Palo Alto Networks PAN-OS software that could allow an…

Read more →

AI, Exploits, Global Security News

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could result in arbitrary code execution. “MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated…

Read more →

AI, Exploits, Global Security News

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI’s LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge. The vulnerability, tracked as CVE-2026-42208 (CVSS score: 9.3), is an SQL injection that could…

Read more →

china, Global Security News, Network Security

Compromised everyday devices power Chinese cyber espionage operations

China-linked threat actors have shifted from individually procured infrastructure to large-scale covert networks, botnets built from compromised routers and other edge devices, the National Cyber Security Centre (NCSC) warns. To help organizations address this threat, the NCSC, together with the Cyber League and partner agencies, has issued an advisory. The advisory includes guidance for organizations…

Read more →

Global Security News, malware, Network Security

SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation

Threat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy a known proxy malware called SystemBC. According to new research published by Check Point, the command-and-control (C2 or C&C) server linked to SystemBC has led to the discovery of a botnet of more than 1,570 victims. “SystemBC establishes SOCKS5 network…

Read more →

AI, Data Breaches, Global Security News

Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials

Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to “certain” internal Vercel systems. The incident stemmed from the compromise of Context.ai, a third-party artificial intelligence (AI) tool, that was used by an employee at the company. “The attacker used that access to take over the employee’s…

Read more →

AI, Exploits, Global Security News, Network Security

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR devices has been found to exploit CVE-2024-3721 (CVSS score: 6.3), a medium-severity command injection vulnerability…

Read more →

AI, Exploits, Global Security News

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and UnDefend, all of which were released as zero-days by a researcher known as Chaotic Eclipse (

Read more →

AI, china, Data Breaches, Global Security News, malware, Russia

CPUID watering hole attack spreads STX RAT malware

Threat actors compromised the CPUID website and spread STX RAT through fake CPU-Z and HWMonitor downloads. Attackers breached the website CPUID and replaced download links for CPU-Z and HWMonitor with malicious files for several hours. Users who downloaded them got infected with the STX RAT, giving attackers remote access to their systems. The short attack…

Read more →

Global Security News

CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads

Unknown threat actors compromised CPUID (“cpuid[.]com”), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan called STX RAT. The incident lasted from approximately April 9, 15:00 UTC, to about April 10, 10:00 UTC, with

Read more →

AI, china, Data Breaches, Global Security News, Network Security, Risk Management

Alleged 10 Petabyte Data Theft From China’s Tianjin Supercomputing Hub

Threat actors are claiming responsibility for what could be one of the largest data breaches in China’s history — allegedly stealing more than 10 petabytes of data from a key national supercomputing facility tied to scientific and defense research. “The reports that hackers with the alias of FlamingChina stole 10 petabytes of data containing Chinese…

Read more →

AI, Global Security News

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a popular WordPress slider plugin with more than 800,000 active installations across…

Read more →

AI, Exploits, Global Security News, malware, Risk Management

Hackers have been exploiting an unpatched Adobe Reader vulnerability for months

Adobe Reader vulnerabilities have been exploited for decades by threat actors taking advantage of the universal use of the utility to fool employees into downloading infected PDF documents through phishing lures. Now a security researcher says a Reader hole has been quietly exploited by malware for as long as four months, fingerprinting computers to gather…

Read more →

AI, Exploits, Global Security News

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2025. The finding, detailed by EXPMON’s Haifei Li, has been described as a highly-sophisticated PDF exploit. The artifact (“Invoice540.pdf”) first appeared on the VirusTotal platform on November 28, 2025. A second 

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

U.S. agencies alert: Iran-linked actors target critical infrastructure PLCs

U.S. agencies warn Iran-linked threat actors are targeting internet-exposed PLCs used in critical infrastructure networks. U.S. agencies, including the FBI and CISA, warn that Iran-linked hackers are targeting internet-exposed Rockwell/Allen-Bradley PLCs used in critical infrastructure. The agencies published a joint advisory involving multiple federal organizations. “Iran-affiliated advanced persistent threat (APT) actors are conducting exploitation activity…

Read more →

Cybersecurity, Global Security News

Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs

Iran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across critical infrastructures in the U.S., including programmable logic controllers (PLCs), cybersecurity and intelligence agencies warned Tuesday. “These attacks have led to diminished PLC functionality, manipulation of display data and, in some cases, operational disruption and financial

Read more →

AI, Exploits, Global Security News

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

Threat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) platform, according to new findings from VulnCheck. The vulnerability in question is CVE-2025-59528 (CVSS score: 10.0), a code injection vulnerability that could result in remote code execution. “The CustomMCP node allows users to input configuration settings for connecting

Read more →

AI, Apps, Exploits, Global Security News, malware, Network Security

North Korean hackers abuse LNKs and GitHub repos in ongoing campaign

DPRK-linked threat actors are preferring stealth over sophistication in their targeting of South Korean organizations, as researchers report use of weaponized Windows shortcut (.LNK) files and GitHub-based command-and-control (C2) channels in a new campaign. According to new Fortinet findings, a series of attacks that began in 2024 were found using a multi-stage scripting process and…

Read more →

AI, Global Security News, Government & Policy, malware, Russia

Threat actor UAC-0255 impersonate CERT-UA to spread AGEWHEEZE malware via phishing

Threat actors impersonated CERT-UA to send phishing emails with AGEWHEEZE malware, tricking victims into installing a fake “security tool.” A threat actor, tracked as UAC-0255, impersonated CERT-UA in a phishing campaign, sending emails to about 1 million users. The messages urged victims to download a password-protected archive from Files.fm and install a fake “specialized software,”…

Read more →

Global Security News

Android developers just got a new verification layer

To help prevent malicious actors from spreading harmful apps while hiding behind anonymity, Google is rolling out developer verification to all Android developers. The company is also introducing app registration, which links apps to verified developer identities. Developers can still choose where to distribute their apps (Source: Google) Developers can begin completing verification now through…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security

Hackers Didn’t Hack the FBI Network — They Did Something Smarter

A threat operation attributed to actors aligned with Iran’s Ministry of Intelligence and Security (MOIS) has compromised the personal email account of FBI Director Kash Patel, exposing historical communications and personal data in a campaign that blends espionage, disruption, and information operations. The activity is being conducted under the “Handala Hack Team” persona, which serves…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Russia

TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign

Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices. The activity has been attributed with high confidence to the Russian state-sponsored threat group known as TA446, which is also tracked by the broader cybersecurity community…

Read more →

AI, Global Security News, malware

AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion

Threat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security. Business accounts associated with social media platforms are a lucrative target, as they can be weaponized by bad actors for malvertising and distributing malware. “TikTok has been historically…

Read more →

AI, Exploits, Global Security News, malware

GitHub phishers use fake OpenClaw tokens to drain crypto wallets

Threat actors are actively exploiting OpenClaw’s viral popularity to run a phishing campaign that targets developers on GitHub with lures of free crypto tokens. According to a disclosure by OX Security, the campaign involves fake “CLAW” token airdrops that promise thousands of dollars in rewards. Developers are being tricked into malicious GitHub repositories and discussions,…

Read more →

AI, Global Security News, malware

North Korea-linked threat actors abuse VS Code auto-run to spread StoatWaffle malware

North Korea-linked threat actors use VS Code auto-run tasks to spread StoatWaffle malware via malicious projects that execute on folder open. North Korea-linked threat actor Team 8 behind the Contagious Interview campaign is spreading StoatWaffle malware through malicious Microsoft Visual Studio Code projects. Since late 2025, they have abused the “tasks.json” auto-run feature in Microsoft…

Read more →

AI, Global Security News, malware

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that’s distributed via malicious Microsoft Visual Studio Code (VS Code) projects. The use of VS Code “tasks.json” to distribute malware is a relatively new tactic adopted by the threat actor since…

Read more →

AI, Apps, Global Security News, malware, Risk Management

Iran-linked actors use Telegram as C2 in malware attacks on dissidents

Iran-linked actors use Telegram as C2 to spread malware targeting dissidents and journalists, enabling surveillance and data theft. The FBI warns that Iran’s Ministry of Intelligence and Security (MOIS) runs cyber campaigns using Telegram as a command-and-control infrastructure to deliver malware. Threat actors target Iranian dissidents, journalists, and opposition groups worldwide. Once deployed, the malware…

Read more →

AI, Cybersecurity, Exploits, Global Security News

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to Arctic Wolf. The cybersecurity company said it observed malicious activity starting the week of March 9, 2026, in customer environments that’s consistent with the exploitation of CVE-2025-32975 on unpatched SMA systems exposed to the internet.…

Read more →

AI, Apps, Exploits, Global Security News, Government & Policy, malware, Risk Management, Russia

Russia-linked actors target WhatsApp and Signal in phishing campaign

Russia-linked actors target WhatsApp and Signal accounts of officials and journalists via phishing, gaining access to messages and contacts. Threat actors linked to Russian Intelligence Services are running phishing campaigns to hijack high-value accounts on messaging apps like WhatsApp and Signal, the FBI warns. “The FBI has identified cyber actors associated with Russian Intelligence Services targeting…

Read more →

AI, Apps, Cybersecurity, Global Security News, Russia

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) said Friday. “The campaign

Read more →

AI, china, Data Breaches, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

The espionage reality: Your infrastructure is already in the collection path

Threat actors have always sought advantage over their targets. Recently we’ve seen two efforts designed for long-term intelligence gain. This activity surfaced right where you would expect inside the enterprise. Enterprises now sit directly in the adversary’s collection path. They don’t have to be the target; they are on the board and in play because…

Read more →

AI, Exploits, Global Security News, Government & Policy, malware, Risk Management, Russia

DarkSword emerges as powerful iOS exploit tool in global attacks

DarkSword, a new iOS exploit kit, is used by multiple actors to steal data in campaigns targeting Saudi Arabia, Turkey, Malaysia, and Ukraine. Lookout Threat Labs discovered a new iOS exploit kit called DarkSword that has been used since late 2025 by multiple threat actors, including surveillance vendors and likely nation-state actors. The toolkit enables…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management

Ransomware’s Opening Play: Target Identity First

For years, ransomware attacks followed a familiar script.  Threat actors gained entry through a vulnerable server, a phishing email, or malicious software on an endpoint. Once inside, they moved laterally through the network, then encrypted systems and demanded payment. That playbook has changed. Today’s ransomware operators increasingly target identity infrastructure as their first objective.  Active…

Read more →

AI, Apps, Global Security News

Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware

North Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim’s KakaoTalk desktop application to distribute malicious payloads to certain contacts. The activity has been attributed by South Korean threat intelligence firm Genians to a hacking group referred to as Konni. “Initial access was achieved through a spear-phishing…

Read more →

AI, Global Security News, malware, Russia

Russia-linked APT uses DRILLAPP backdoor to spy on Ukrainian targets

Russia-linked threat actors target Ukrainian entities with DRILLAPP backdoor and use Edge debugging for stealth. A new DRILLAPP backdoor campaign targets Ukrainian organizations, abusing Microsoft Edge debugging to evade detection. Observed in February 2026, it shows links to previous Russian-aligned operations by Laundry Bear APT group (aka UAC-0190, Void Blizzard) using the PLUGGYAPE malware family…

Read more →

AI, Exploits, Global Security News, malware, Network Security

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are abusing extension dependency relationships in the Open VSX registry to indirectly deliver malware in a new phase of the GlassWorm supply-chain campaign. Researchers at Socket said they have identified at least 72 additional malicious Open VSX extensions linked to the campaign since January 31, 2026. The extensions appear to target developers by…

Read more →

AI, Global Security News, malware, Russia

DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage

Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 Grupo’s LAB52 threat intelligence team. The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted by Laundry Bear (aka UAC-0190 or Void Blizzard)…

Read more →

AI, Endpoint, Exploits, Global Security News, Network Security, Risk Management

Google warns of two actively exploited Chrome zero days

Threat actors are exploiting two high severity zero day vulnerabilities in the Chrome browser that experts say IT teams must patch immediately. Google has issued emergency patches for the two holes, CVE-2026-3909 and CVE-2026-3910. This comes just days after the release of 29 fixes for holes as part of March Patch Tuesday, and a zero day…

Read more →

AI, Endpoint, Exploits, Global Security News, Network Security, Risk Management

Google warns of two actively exploited Chrome zero days

Threat actors are exploiting two high severity zero day vulnerabilities in the Chrome browser that experts say IT teams must patch immediately. Google has issued emergency patches for the two holes, CVE-2026-3909 and CVE-2026-3910. This comes just days after the release of 29 fixes for holes as part of March Patch Tuesday, and a zero day…

Read more →