Geek-Guy.com

Tag: actors

AI, Apps, Endpoint, Exploits, Global Security News, Government & Policy, malware, Risk Management

Resumés with malicious ISO attachments are circulating, says Aryaka

Threat actors are still having success tricking human resources staff into opening malware-infected phishing emails. The latest example is detailed by researchers at Aryaka, who this week described a campaign by an unnamed threat actor who is distributing resumés containing a malicious ISO file to HR departments. It’s delivered through recruitment channels, and hosted on…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security

FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials

Cybersecurity researchers are calling attention to a new campaign where threat actors are abusing FortiGate Next-Generation Firewall (NGFW) appliances as entry points to breach victim networks.  The activity involves the exploitation of recently disclosed security vulnerabilities or weak credentials to extract configuration files containing service account credentials and network topology

Read more →

AI, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

Fake Claude Code Install Pages Spread Infostealer Malware

Threat actors are exploiting a common developer habit — copying installation commands directly from websites — to distribute malware through fake software installation pages.  Security researchers at Push Security recently uncovered a campaign targeting users of Anthropic’s Claude Code, a popular command-line AI coding assistant.  The attackers are using cloned websites and malicious search advertisements…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

Iran-linked hackers target IP cameras across Israel and Gulf states for military intelligence

Researchers observed Iran-linked actors targeting IP cameras across Israel and Gulf countries, likely to support military intelligence and battle damage assessment. According to the Check Point Cyber Security Report 2026, cyber operations are increasingly used to support military activity and battle damage assessment (BDA). During the Israel-Iran tensions, researchers from Check Point Software Technologies observed…

Read more →

AI, Cybersecurity, Endpoint, Global Security News, malware, Network Security, Risk Management

ClickFix attackers using new tactic to evade detection, says Microsoft

Threat actors are trying a different tactic to sucker employees into falling for ClickFix phishing attacks that install malware, says Microsoft. Rather than asking potential victims to copy and paste a (malicious) command into the Run dialog, launched by hitting the Windows button plus the letter R, they are being told to use the Windows…

Read more →

AI, Cybersecurity, Endpoint, Global Security News, malware, Network Security, Risk Management

ClickFix attackers using new tactic to evade detection, says Microsoft

Threat actors are trying a different tactic to sucker employees into falling for ClickFix phishing attacks that install malware, says Microsoft. Rather than asking potential victims to copy and paste a (malicious) command into the Run dialog, launched by hitting the Windows button plus the letter R, they are being told to use the Windows…

Read more →

AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Network Security, Risk Management, Russia

AI-powered attack kits go open source, and CyberStrikeAI may be just the beginning

AI is making it ever easier for bad actors to launch attacks, and a newly-identified open source platform, CyberStrikeAI, seems to be lowering the bar even further. The platform packages end-to-end attack automation into a single AI-native orchestration engine, and is linked to the threat actor behind the recent campaign that breached hundreds of Fortinet…

Read more →

AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Network Security, Risk Management, Russia

AI-powered attack kits go open source, and CyberStrikeAI may be just the beginning

AI is making it ever easier for bad actors to launch attacks, and a newly-identified open source platform, CyberStrikeAI, seems to be lowering the bar even further. The platform packages end-to-end attack automation into a single AI-native orchestration engine, and is linked to the threat actor behind the recent campaign that breached hundreds of Fortinet…

Read more →

AI, Exploits, Global Security News

Coruna: Spy-grade iOS exploit kit powering financial crime

A powerful iOS exploit kit has circulated among multiple threat actors over the past year, moving from a commercial surveillance operation to state-linked espionage campaigns and, ultimately, ended into the hands of financially motivated hackers, according to new research from Google’s Threat Intelligence Group (GTIG). “The exploit kit, named ‘Coruna’ by its developers, contained five…

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, Government & Policy, malware, Risk Management

Phishing campaign exploits OAuth redirection to bypass defenses

Microsoft researchers warn that threat actors abuse OAuth redirects to target government users and deliver malware. Microsoft has warned of phishing campaigns targeting government and public-sector organizations by abusing OAuth URL redirection. Instead of stealing credentials or exploiting software flaws, attackers leverage OAuth’s legitimate by-design behavior to bypass email and browser defenses. The tactic redirects…

Read more →

AI, Global Security News

Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms

Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan (RAT). “A malicious downloader staged a portable Java runtime and executed a malicious Java archive (JAR) file named jd-gui.jar,” the Microsoft Threat Intelligence team said in a post on X.…

Read more →

AI, Exploits, Global Security News

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patched by Microsoft following responsible disclosure. “Attackers can craft hidden instructions inside a

Read more →

AI, Compliance, Europe, Exploits, Global Security News, Network Security, Russia

AI-augmented threat actor accesses FortiGate devices at scale

Commercial AI services are enabling even unsophisticated threat actors to conduct cyberattacks at scale—a trend Amazon Threat Intelligence has been tracking closely. A recent investigation illustrates this shift: Amazon Threat Intelligence observed a Russian-speaking financially motivated threat actor leveraging multiple commercial generative AI services to compromise over 600 FortiGate devices across more than 55 countries…

Read more →

Exploits, Global Security News

BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration

Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide range of malicious actions, including deploying VShell and  The vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), allows attackers to execute operating system commands in the context of the

Read more →

AI, Exploits, Global Security News

Scammers exploit trust in Atlassian Jira to target organizations

Threat actors have leveraged legitimate email notification feature of Atlassian Jira to deliver localized scam emails at scale. The emails From late December 2025 through late January 2026, victims were targeted with spam emails from legitimate-looking Atlassian Jira Cloud addresses. Organizations already using Jira were specifically targeted: the attackers selected domains known to have active…

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, Risk Management

Exploit available for new Chrome zero-day vulnerability, says Google

Threat actors now have the ability to exploit a new zero-day vulnerability in the Chrome browser, Google has advised IT administrators. The warning comes after Google released a patch for Chrome to plug a use after free memory vulnerability (CVE-2026-2441) in cascading style sheets (CSS), which means the browser’s CSS engine isn’t properly managing memory…

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, Risk Management

Exploit available for new Chrome zero-day vulnerability, says Google

Threat actors now have the ability to exploit a new zero-day vulnerability in the Chrome browser, Google has advised IT administrators. The warning comes after Google released a patch for Chrome to plug a use after free memory vulnerability (CVE-2026-2441) in cascading style sheets (CSS), which means the browser’s CSS engine isn’t properly managing memory…

Read more →

AI, china, Global Security News, Russia

Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations

Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base (DIB) sector, according to findings from Google Threat Intelligence Group (GTIG). The tech giant’s threat intelligence division said the adversarial targeting of the sector is centered around four key themes: striking…

Read more →

AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Risk Management, Russia

Google: state-backed hackers exploit Gemini AI for cyber recon and attacks

Google says nation-state actors used Gemini AI for reconnaissance and attack support in cyber operations. Google DeepMind and GTIG report a rise in model extraction or “distillation” attacks aimed at stealing AI intellectual property, which Google has detected and blocked. While APT groups have not breached frontier models, private firms and researchers have tried to…

Read more →

AI, Exploits, Global Security News

Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability

Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products, according to watchTowr. “Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors,” Ryan Dewhurst, head of threat intelligence at watchTowr, said in a post on X. “Attackers are abusing

Read more →

AI, Cybersecurity, Global Security News

Attackers are moving at machine speed, defenders are still in meetings

Threat actors are using AI across the attack lifecycle, increasing speed, scale, and adaptability, according to the 2026 State of Cybersecurity report by Ivanti. The study compares perceived threat levels across common attack types with organizational readiness to respond and identifies persistent gaps between awareness and execution across security programs. Preparedness lags behind threat levels…

Read more →

AI, Don't miss, exploit, Global Security News, Hot stuff, Huntress, Network Security, News

Unpatched SolarWinds WHD instances under active attack

Internet‑exposed and vulnerable SolarWinds Web Help Desk (WHD) instances are under attack by threat actors looking to gain an initial foothold into target organizations’ networks, Microsoft and Huntress researchers have warned. Once inside, the attackers are deploying legitimate remote access and digital forensics and incident response tools, using living-off-the-land techniques, setting up a reverse SSH…

Read more →

AI, Exploits, Global Security News, Network Security

SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers

Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk (WHD) instances to obtain initial access and move laterally across the organization’s network to other high-value assets. That said, the Microsoft Defender Security Research Team said it’s not clear whether the activity weaponized recently

Read more →

AI, Artificial Intelligence, Cloud, Cloud Security, Cybersecurity, Data Breaches, Global Security News, Network Security, News, Risk Management

AI-Driven Attack Gains AWS Admin Privileges in Under 10 Minutes

Threat actors are using artificial intelligence (AI) to accelerate cloud intrusions.  In a recent incident observed by Sysdig researchers, attackers escalated from stolen credentials to full administrative access in an AWS environment in under 10 minutes, illustrating how AI can shorten cloud attack timelines. “The threat actor achieved administrative privileges in under 10 minutes, compromised…

Read more →