Geek-Guy.com

Tag: been

AI, Apps, Global Security News

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findings from Socket. “The affected package version appears to be @bitwarden/cli@2026.4.0, and the malicious code was published in ‘bw1.js,’ a file included in the package contents,” the application security company said. “The attack appears to…

Read more →

AI, Cybersecurity, Global Security News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens. The supply chain worm has been detected by both Socket and StepSecurity, with the companies tracking the activity under the name CanisterSprawl owing to the use of…

Read more →

AI, Global Security News, malware, Network Security

Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia. “The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses,” the…

Read more →

AI, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

News alert: BreachLock’s integrated attack validation platform debuts in Gartner AEV category

NEW YORK, Apr. 21, 2026, CyberNewswire—BreachLock, a global leader in offensive security, today announced it has been named a representative vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation. This recognition marks the first time BreachLock has been identified in the Adversarial Exposure Validation (AEV) category since launching its agentic AI-powered Adversarial Exposure Validation platform in 2025. Not only has the company gained recognition in the AEV market quickly, but BreachLock has also emerged as the only vendor offering adversarial exposure validation, Penetration Testing…

Read more →

AI, Global Security News

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system. “Sandbox escape vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal,” according…

Read more →

Global Security News, malware, Network Security

SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation

Threat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy a known proxy malware called SystemBC. According to new research published by Check Point, the command-and-control (C2 or C&C) server linked to SystemBC has led to the discovery of a botnet of more than 1,570 victims. “SystemBC establishes SOCKS5 network…

Read more →

AI, china, Cloud Security, Compliance, Endpoint, Europe, Global Security News, Network Security, Risk Management

How to clone an AWS CloudHSM cluster across Regions

Important: As of January 1, 2025, Client SDK 3 tools (CMU and KMU) are no longer supported. This guide has been updated to use Client SDK 5 commands exclusively. Ensure you’re using the latest Client SDK 5 version (5.17 or later) for the most recent features and security improvements. You can use AWS CloudHSM to…

Read more →

AI, Cybersecurity, Global Security News

Anthropic releases Claude Opus 4.7 with automated cybersecurity safeguards

Software teams building agentic AI workflows have been pushing frontier models toward longer, unsupervised task runs. Claude Opus 4.7, now generally available from Anthropic, is aimed squarely at that demand, with particular gains in software engineering, multimodal processing, and the kind of instruction fidelity that matters when a model is running tasks autonomously over multiple…

Read more →

AI, Apps, Global Security News

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

A “novel” social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and cryptocurrency sectors. Dubbed REF6598 by Elastic Security Labs, the activity has been found to leverage

Read more →

AI, Cybersecurity, Europe, Exploits, Global Security News

EU regulators largely denied access to Anthropic Mythos

European regulators have largely been frozen out of early access to Anthropic’s new Mythos model, Politico reports. The AI technology, aimed at cybersecurity use cases, is said to be able to identify and exploit technical vulnerabilities at a level that surpasses most humans — signaling a structural shift for CISOs and the cybersecurity industry. For security…

Read more →

AI, Exploits, Global Security News

New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released

Two high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could result in arbitrary command execution. The vulnerabilities have been described as command injection flaws affecting the Perforce VCS (version control software) driver. Details of the two flaws are below – CVE-2026-40176 (CVSS

Read more →

AI, Global Security News

akto Achieves Boomi Platinum Partner Status to Support AI-Ready Foundations

akto today announced it has been recognised as a Boomi Platinum Partner, reflecting the company’s long‑standing capability delivering integration solutions that enable organisation-wide connectivity, automation and scale on the Boomi Enterprise Platform. The recognition highlights akto’s consistent delivery of business outcomes for clients and growing demand for AI‑ready foundations.

Read more →

AI, Global Security News

Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads

A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,000 accounts on Facebook, Instagram, Messenger, and Threads through advertisements on Meta. “Mirax integrates advanced Remote Access Trojan (RAT) capabilities, allowing threat actors to fully interact with compromised devices in real

Read more →

AI, Global Security News

$12 million frozen, 20,000 victims identified in crypto scam crackdown

More than $12 million has been frozen, and over 20,000 victims have been identified in an international law enforcement operation targeting cryptocurrency and investment scammers. Authorities also uncovered more than $45 million in suspected cryptocurrency fraud losses worldwide. One UK victim identified during the operation is thought to have lost more than £52,000 to the…

Read more →

AI, Global Security News

North Korea’s APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware

The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delivery channel for a remote access trojan called RokRAT. “The threat actor used…

Read more →

AI, Global Security News, Network Security, privacy

Little Snitch for Linux shows what your apps are connecting to

Network monitoring on Linux has long been a gap for users who want per-process visibility into outbound connections. Existing tools either operate at the command line or were designed for server security rather than desktop privacy. Objective Development, the Austrian company behind the macOS firewall utility Little Snitch, released a Linux version of the tool.…

Read more →

Global Security News, Network Security, privacy

Product showcase: Session, a messenger without phone numbers or metadata

Instant messaging has been around for decades, but it became widely adopted with the emergence of smartphones. Earlier, communication was limited to basic text messages. Messaging expanded to include photos, videos, and video calls without relying on telecom networks, as long as there is a reliable data connection. Privacy and metadata concerns With the growth…

Read more →

AI, Exploits, Global Security News, malware, Risk Management

Hackers have been exploiting an unpatched Adobe Reader vulnerability for months

Adobe Reader vulnerabilities have been exploited for decades by threat actors taking advantage of the universal use of the utility to fool employees into downloading infected PDF documents through phishing lures. Now a security researcher says a Reader hole has been quietly exploited by malware for as long as four months, fingerprinting computers to gather…

Read more →

AI, Global Security News, Government & Policy, malware

UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns

A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations (NGOs) and suspected universities to deploy a new Lua-based malware called LucidRook. “LucidRook is a sophisticated stager that embeds a Lua interpreter and Rust-compiled libraries within a dynamic-link library (DLL) to download and

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management, Russia

Adobe Acrobat Reader Zero Day Exploited in Active PDF Attacks

Attackers have been exploiting a zero-day vulnerability in Adobe Acrobat Reader for months, using malicious PDF files to silently steal data and potentially take over victim systems. Active since at least Dec. 2025, the campaign highlights how a seemingly routine document can serve as an effective entry point for system compromise. This exploit “allows the…

Read more →

Global Security News

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

Thursday. Another week, another batch of things that probably should’ve been caught sooner but weren’t. This one’s got some range — old vulnerabilities getting new life, a few “why was that even possible” moments, attackers leaning on platforms and tools you’d normally trust without thinking twice. Quiet escalations more than loud zero-days, but the kind that matter more…

Read more →

AI, Exploits, Global Security News

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2025. The finding, detailed by EXPMON’s Haifei Li, has been described as a highly-sophisticated PDF exploit. The artifact (“Invoice540.pdf”) first appeared on the VirusTotal platform on November 28, 2025. A second 

Read more →

AI, Cybersecurity, Global Security News, privacy

Smashing Security podcast #462: LinkedIn is spying on you, and you agreed to nothing

LinkedIn has been secretly scanning your browser for over 6,000 installed extensions — on every single click you make. It can tell if you’re job hunting, what religion you are, and whether you have ADHD. And none of this is mentioned anywhere in their privacy policy. Meanwhile, California’s crypto millionaires are learning that no amount…

Read more →

AI, Compliance, Cybersecurity, Global Security News, Government & Policy, Network Security, privacy, Russia

LinkedIn is spying on you, and you agreed to nothing

LinkedIn has been secretly scanning your browser for over 6,000 installed extensions — on every single click you make. It can tell if you’re job hunting, what religion you are, and whether you have ADHD. And none of this is mentioned anywhere in their privacy policy. Meanwhile, California’s crypto millionaires are learning that no amount…

Read more →

AI, Global Security News, malware, Russia

APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies

The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite codenamed PRISMEX. “PRISMEX combines advanced steganography, component object model (COM) hijacking, and legitimate cloud service abuse for command-and-control,” Trend Micro

Read more →

AI, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia

Forest Blizzard leverages router compromises to launch AiTM attacks, target Outlook sessions

Russian threat actor Forest Blizzard has been exploiting unsecured home and small-office internet equipment, such as routers, to redirect traffic through attacker-controlled DNS servers. The group has leveraged this DNS hijacking activity to support post-compromise adversary-in-the-middle (AiTM) attacks on Transport Layer Security (TLS) connections, targeting Microsoft Outlook on the web domains, according to a Microsoft…

Read more →

AI, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia

Forest Blizzard leverages router compromises to launch AiTM attacks, target Outlook sessions

Russian threat actor Forest Blizzard has been exploiting unsecured home and small-office internet equipment, such as routers, to redirect traffic through attacker-controlled DNS servers. The group has leveraged this DNS hijacking activity to support post-compromise adversary-in-the-middle (AiTM) attacks on Transport Layer Security (TLS) connections, targeting Microsoft Outlook on the web domains, according to a Microsoft…

Read more →

AI, Apps, Compliance, Cybersecurity, Endpoint, Exploits, Global Security News

Fortinet releases emergency hotfix for FortiClient EMS zero-day flaw

Hackers have been exploiting a critical vulnerability in FortiClient Endpoint Management Server (FortiClient EMS) since at least the end of March. Fortinet has published an advisory and released an emergency hotfix that can be applied to affected deployments until a patched version can be released. The vulnerability, now tracked as CVE-2026-35616, allows unauthenticated attackers to…

Read more →

AI, Exploits, Global Security News, Russia

Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign

The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under their control as part of a cyber espionage campaign since at least May 2025. The large-scale exploitation campaign has been codenamed 

Read more →

Global Security News

Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access

A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The vulnerability, tracked as CVE-2026-34040 (CVSS score: 8.8), stems from an incomplete fix for CVE-2024-41110, a maximum-severity vulnerability in the same component that came to light in July 2024. “

Read more →

AI, Exploits, Global Security News

Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign

An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet. “A purpose-built Python scanner continuously sweeps major cloud IP ranges for vulnerable targets, automatically installing malicious nodes via ComfyUI-Manager if no exploitable node is already

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

The rise of proactive cyber: Why defense is no longer enough

For more than two decades, cybersecurity has been built on a reactive model: detect intrusions, patch vulnerabilities, respond to incidents, and repeat. That model is now under sustained pressure from a threat environment that is faster, more coordinated, and increasingly automated. Two recent developments illustrate how quickly that model is breaking down. Earlier this month,…

Read more →

china, Global Security News

China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate “high-velocity” attacks and break into susceptible internet-facing systems. “The threat actor’s high operational tempo and proficiency in identifying exposed perimeter assets have proven successful, with recent

Read more →

APAC, Global Security News

CIS Benchmarks March 2026 Update

The following CIS Benchmarks and CIS Build Kits have been updated or recently released. The Center for Internet Security has highlighted the major updates below. Each Benchmark and Build Kit includes a changelog that references all changes. Updated CIS Benchmarks overview CIS Microsoft Windows 11 Enterprise Benchmark v5.0.0 CIS Oracle Cloud Infrastructure Foundations Benchmark v3.1.0…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Funding, Global Security News, malware, Network Security, Risk Management

Security awareness is not a control: Rethinking human risk in enterprise security

Organizations have been responding to phishing, business email compromise, and credential theft in essentially the same manner for over ten years. They essentially follow a playbook that involves investing in awareness training, running phishing simulations, and requiring employees to complete annual security modules. The reason behind this is simple and the reasoning behind these efforts…

Read more →

AI, Apps, Exploits, Global Security News, Government & Policy

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos. The vulnerability in question is CVE-2026-3502 (CVSS score: 7.8), a lack of integrity check when fetching application update code, allowing an attacker…

Read more →

AI, Cybersecurity, Global Security News, malware

Researchers say credential-stealing campaign used AI to build evasion ‘at every stage’

A new malware-based credential-stealing campaign, which researchers are calling “DeepLoad,” has been infecting enterprise business IT environments over the past In a report released Monday, ReliaQuest AI researchers Thassanai McCabe and Andrew Currie say the most relevant feature of this attack is the way it uses artificial intelligence and other engineering “to defeat the controls…

Read more →

AI, Data Breaches, Global Security News

TeamPCP’s attack spree slows, but threat escalates with ransomware pivot

TeamPCP’s destructive run of supply chain breaches has stopped, for now: it has been three days since the group published malicious versions of Telnyx’s SDK on PyPI, and there haven’t been reports of new open-source project compromises. Partnership with emerging RaaS operation “The prior operational cadence was aggressive – a new target every 1-3 days…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Global Security News, Risk Management

CISO Spotlight: Dimitris Georgiou on Building Security that Serves People First

Dimitris Georgiou has been a self-professed computer geek since the early 80s. At university, he studied the convergence of educational technology with computer science as part of his psychology MA – finding, to his disbelief, that systems were perilously insecure.  Since then, he’s always worked in and around cybersecurity. He’s had roles as a computer…

Read more →

AI, Cybersecurity, Data Breaches, Europe, Global Security News

ShinyHunters claims the hack of the European Commission

The European Commission has allegedly been breached by ShinyHunters, with reported data dumps including content from mail servers. The European Commission has allegedly been breached by ShinyHunters, with reported data dumps including content from mail servers and internal communications systems. The cybercrime group added the Commission to its Tor data leak site, claiming the theft…

Read more →

AI, Global Security News, Russia

Bearlyfy Hits 70+ Russian Firms with Custom GenieLocker Ransomware

A pro-Ukrainian group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since it first surfaced in the threat landscape in January 2025, with recent attacks leveraging a custom Windows ransomware strain codenamed GenieLocker. “Bearlyfy (also known as Labubu) operates as a dual-purpose group aimed at inflicting maximum damage upon…

Read more →

AI, china, Europe, Global Security News, Network Security

Researchers release tool to detect stealthy BPFDoor implants in critical infrastructure networks

Telecommunications providers around the world have been dealing with the burrowing efforts of the China-linked Salt Typhoon APT for many years now. To help them identify hard-to-detect implants used by the group, researchers have released a scanning script. Salt Typhoon goes deep Salt Typhoon has hit US, Canadian, European and Asian telcos. “By compromising telecom…

Read more →

AI, Compliance, Cybersecurity, Data Breaches, Global Security News, Government & Policy, malware, Risk Management

ANY.RUN Recognized for Innovations and Market Leadership at Global InfoSec Awards 2026  

ANY.RUN has been recognized at Global InfoSec Awards 2026 by Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine. The award ceremony took place during RSAC 2026 conference. We’re especially proud and grateful that our impact for the industry has been acknowledged in two categories at once:  Innovative Malware Analysis for Sandbox  Market Leader Threat Intelligence   This dual…

Read more →

AI, Compliance, Cybersecurity, Data Breaches, Global Security News, Government & Policy, malware, Risk Management

ANY.RUN Recognized for Innovations and Market Leadership at Global InfoSec Awards 2026  

ANY.RUN has been recognized at Global InfoSec Awards 2026 by Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine. We’re especially proud and grateful that our impact for the industry has been acknowledged in two categories at once:  Innovative Malware Analysis for Sandbox  Market Leader Threat Intelligence   This dual recognition reflects the approach to cybersecurity we prioritize: supporting the full SOC…

Read more →

Cybersecurity, Data Breaches, Global Security News

Enterprise Security in 2026: Why Most Organizations Are Still Getting It Wrong

Enterprise security has never been more urgent — or more misunderstood. Despite ballooning security budgets, the average cost of a data breach hit a record high in 2024, and the trend hasn’t reversed. Organizations are spending more on tools than ever before, yet the breaches keep coming. The uncomfortable truth? Spending more isn’t the problem.…

Read more →

AI, Global Security News

Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR

A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bring your own vulnerable driver (BYOVD) technique. “The campaign abuses Google Ads to serve rogue ScreenConnect (

Read more →

AI, Global Security News, malware

GitHub-hosted malware campaign uses split payload to evade detection

A large-scale malware delivery campaign has been targeting developers, gamers, and general users through fake tools hosted on GitHub, Netskope researchers have warned. These “lures” are highly polished and appear legitimate, occasionally mimicking real projects, thus making them difficult to distinguish from safe software. A dual-component trojan is delivered Netskope threat researchers first discovered a…

Read more →

AI, Global Security News, Russia

U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage

A 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years (81 months) in prison for his role in assisting major cybercrime groups, including the Yanluowang ransomware crew, in conducting numerous attacks against U.S. companies and other organizations. According to the U.S. Department of Justice (DoJ), Aleksei Olegovich Volkov facilitated dozens of ransomware…

Read more →

AI, Compliance, Cybersecurity, Data Breaches, Global Security News, malware

ANY.RUN Enters IT-Harvest’s 2026 Cyber 150 for Fast Growth and Industry Impact 

We’re thrilled to announce that ANY.RUN has once again been recognized in IT-Harvest’s 2026 Cyber 150, a list of the fastest-growing cybersecurity companies. Receiving this recognition for the second year in a row makes this moment especially meaningful and reflects the strong progress our company made over the past year.  It also points to a broader shift in the market.…

Read more →

AI, Exploits, Global Security News

DarkSword: Researchers uncover another iOS exploit kit

A powerful iPhone hacking toolkit dubbed “DarkSword” has been used since November 2025 to compromise devices by exploiting zero-day iOS vulnerabilities, Google researchers have shared. iOS vulnerabilities exploited by DarkSword Two weeks ago, Google Threat Intelligence Group (GTIG) and iVerify disclosed the existence of Coruna, a spy-grade iOS exploit kit that has been used in…

Read more →