Geek-Guy.com

Tag: attributed

AI, Apps, Exploits, Global Security News, malware, Russia

Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine

The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per Sekoia, the activity involves the weaponization of CVE-2025-8088, a path traversal flaw in WinRAR, to launch an HTML Application payload dubbed GammaPhish, which is then…

Read more →

AI, Global Security News, Russia

New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks

A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025. GREYVIBE, per WithSecure, is assessed to be a Russian-speaking group operating broadly in the Russian time zone, with the activities aligning with Kremlin state interests, specifically when it comes to

Read more →

AI, Global Security News, Government & Policy

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine. Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring countries, particularly Ukraine. It’s also tracked under the monikers FrostyNeighbor, PUSHCHA, Storm-0257, TA445, UAC‑0057

Read more →

AI, Exploits, Global Security News

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager (WHM) that could result in an authentication bypass and allow remote attackers to gain elevated control of…

Read more →

china, Europe, Exploits, Global Security News, Government & Policy, malware

China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions

A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. The activity is being tracked by Cisco Talos under the moniker UAT-8302, with post-exploitation involving the deployment of custom-made malware families that have…

Read more →

AI, Exploits, Global Security News, Russia

PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks

A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running TrueConf video conferencing software in Russia since September 2025. That’s according to a report published by Positive Technologies, which found the threat actors to be leveraging an exploit chain comprising three vulnerabilities to execute commands remotely on susceptible

Read more →

AI, Global Security News, malware, Network Security

Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia. “The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses,” the…

Read more →

AI, Global Security News

North Korea’s APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware

The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delivery channel for a remote access trojan called RokRAT. “The threat actor used…

Read more →

AI, Global Security News, Government & Policy, malware

UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns

A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations (NGOs) and suspected universities to deploy a new Lua-based malware called LucidRook. “LucidRook is a sophisticated stager that embeds a Lua interpreter and Rust-compiled libraries within a dynamic-link library (DLL) to download and

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security

Hackers Didn’t Hack the FBI Network — They Did Something Smarter

A threat operation attributed to actors aligned with Iran’s Ministry of Intelligence and Security (MOIS) has compromised the personal email account of FBI Director Kash Patel, exposing historical communications and personal data in a campaign that blends espionage, disruption, and information operations. The activity is being conducted under the “Handala Hack Team” persona, which serves…

Read more →

AI, Global Security News, Russia

Bearlyfy Hits 70+ Russian Firms with Custom GenieLocker Ransomware

A pro-Ukrainian group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since it first surfaced in the threat landscape in January 2025, with recent attacks leveraging a custom Windows ransomware strain codenamed GenieLocker. “Bearlyfy (also known as Labubu) operates as a dual-purpose group aimed at inflicting maximum damage upon…

Read more →

AI, china, Global Security News, Government & Policy, Network Security

China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks

A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks. The strategic positioning activity, which involves implanting and maintaining stealthy access mechanisms within critical environments, has been attributed to Red Menshen, a threat cluster that’s also tracked as Earth Bluecrow,

Read more →

AI, Global Security News, Government & Policy, malware

Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware

A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country’s Ministry of Foreign Affairs to deliver a set of never-before-seen malware. Zscaler ThreatLabz, which observed the activity in January 2026, is tracking the cluster under the name Dust Specter. The attacks, which manifest in the…

Read more →

AI, Apps, Exploits, Global Security News, Government & Policy, malware, Risk Management

UAC-0252 Attack Detection: SHADOWSNIFF and SALATSTEALER Fuel Phishing Campaigns in Ukraine

Since January 2026, CERT-UA has been tracking a series of intrusions attributed to UAC-0252 and built around SHADOWSNIFF and SALATSTEALER infostealers. The campaigns rely on well-crafted phishing lures, payload staging on legitimate infrastructure, and user-driven execution of disguised EXE files. Detect UAC-0252 Attacks Covered in CERT-UA#20032 According to the Phishing Trends Q2 2025 research by…

Read more →

AI, Global Security News, Government & Policy, malware

SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains

The threat activity cluster known as SloppyLemming has been attributed to a fresh set of attacks targeting government entities and critical infrastructure operators in Pakistan and Bangladesh. The activity, per Arctic Wolf, took place between January 2025 and January 2026. It involves the use of two distinct attack chains to deliver malware families tracked as…

Read more →

AI, Data Breaches, Global Security News, malware, Network Security

ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks

The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks. The campaign, codenamed Ruby Jumper by Zscaler ThreatLabz, involves…

Read more →

AI, Europe, Exploits, Global Security News, Russia

APT28 Targeted European Entities Using Webhook-Based Macro Malware

The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe. The activity, per S2 Grupo’s LAB52 threat intelligence team, was active between September 2025 and January 2026. It has been codenamed Operation MacroMaze. “The campaign relies on basic tooling and the exploitation…

Read more →

AI, Global Security News, Government & Policy, malware, Russia

Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs

A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group (GTIG) described the hack group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have targeted defense, military, government, and energy organizations within the Ukrainian regional and

Read more →