Geek-Guy.com

Tag: campaigns

AI, Cybersecurity, Global Security News

Election threats are focused on campaign systems, not voting machines

Cybersecurity threats to the 2026 midterm elections are targeting the accounts and platforms that campaigns, donors and voters use to communicate, according to a security report released Monday by Check Point Software Technologies. So far in this election cycle, threats are not aimed at voting machines or ballot-counting systems. Instead, threat actors are going after…

Read more →

AI, Europe, Global Security News, malware

Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users

Latin America and Europe become the target of two banking trojan campaigns that are designed to infect Windows and Android devices with Grandoreiro and BTMOB malware, respectively. That’s according to new findings from WatchGuard and ESET, which have observed the two malware families being used to single out companies in Spain, Portugal, and Mexico, as…

Read more →

AI, china, Cybersecurity, Exploits, Global Security News, Network Security

Surveillance campaigns use commercial surveillance tools to exploit long-known telecom vulnerabilities

Campaigns employing commercial surveillance vendors tracked targets by exploiting mobile phone network vulnerabilities in what researchers said Thursday was the first-ever linking of “real-world attack traffic to mobile operator signalling infrastructure.” The two unknown parties behind the campaigns mimicked the identities of mobile phone operators with customized surveillance tools, and manipulated signaling protocols and steered…

Read more →

AI, Exploits, Global Security News, malware

AI platform n8n abused for stealthy phishing and malware delivery

Attackers abuse AI automation platform n8n to run phishing campaigns, deliver malware, and evade security by using trusted infrastructure. Threat actors are exploiting the popular AI workflow automation platform n8n to launch advanced phishing campaigns, deliver malware, and collect device data through automated emails. By using trusted infrastructure, they can bypass traditional security controls and…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

When Trust Becomes a Weapon: Google Cloud Storage Phishing Deploying Remcos RAT

Modern phishing campaigns increasingly abuse legitimate services. Cloud platforms, file-sharing tools, trusted domains, and widely used SaaS applications are now part of the attacker’s toolkit. Instead of breaking trust, attackers borrow it.  This shift creates a dangerous asymmetry. Security controls often whitelist or inherently trust these services, while users are far less likely to question them. The…

Read more →

AI, Global Security News, Government & Policy, malware

UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns

A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations (NGOs) and suspected universities to deploy a new Lua-based malware called LucidRook. “LucidRook is a sophisticated stager that embeds a Lua interpreter and Rust-compiled libraries within a dynamic-link library (DLL) to download and

Read more →

AI, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, Russia

Russia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing wave

Russia-linked TA446 is using the DarkSword iOS exploit kit in targeted phishing campaigns to compromise iPhone users. Russia-linked APT group TA446 (aka SEABORGIUM, ColdRiver, Callisto, and Star Blizzard) is using the DarkSword exploit kit in targeted spear-phishing campaigns against iOS devices. The attacks rely on malicious emails to compromise iPhones, highlighting a growing threat from…

Read more →

AI, Apps, Cybersecurity, Global Security News, Russia

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) said Friday. “The campaign

Read more →

AI, Exploits, Global Security News, Government & Policy, malware, Risk Management, Russia

DarkSword emerges as powerful iOS exploit tool in global attacks

DarkSword, a new iOS exploit kit, is used by multiple actors to steal data in campaigns targeting Saudi Arabia, Turkey, Malaysia, and Ukraine. Lookout Threat Labs discovered a new iOS exploit kit called DarkSword that has been used since late 2025 by multiple threat actors, including surveillance vendors and likely nation-state actors. The toolkit enables…

Read more →

AI, Apps, Exploits, Global Security News, malware

From Windows to macOS: ClickFix attacks shift tactics with ChatGPT-based lures

ClickFix campaigns are evolving, with attackers increasingly targeting macOS users and deploying more advanced infostealers, according to Sophos researchers. ClickFix is a growing social engineering technique that tricks users into manually executing malicious commands, bypassing traditional protections. Once mainly targeting Windows, it is now increasingly affecting macOS, with recent campaigns deploying infostealers like AMOS and…

Read more →

AI, Exploits, Global Security News

ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers

Three different ClickFix campaigns have been found to act as a delivery vector for the deployment of a macOS information stealer called MacSync. “Unlike traditional exploit-based attacks, this method relies entirely on user interaction – usually in the form of copying and executing commands – making it particularly effective against users who may not appreciate…

Read more →

AI, Global Security News

Fake scandal clips on Facebook bait victims into investment scams

Bitdefender researchers uncovered hundreds of scam campaigns promoted through Facebook ads that use fake news stories, celebrity impersonation, and redirect chains to funnel victims into investment fraud schemes. The activity ran through 310 malvertising campaigns distributed on Meta platforms from February 9 to March 5, 2026. The campaigns generated more than 26,000 ad sightings with…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News

Attackers Don’t Just Send Phishing Emails. They Weaponize Your SOC’s Workload

The most dangerous phishing campaigns aren’t just designed to fool employees. Many are designed to exhaust the analysts investigating them. When a phishing investigation takes 12 hours instead of five minutes, the outcome can shift from a contained incident to a breach. For years, the cybersecurity industry has focused on the front door of phishing…

Read more →

AI, Global Security News, Government & Policy

Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets

Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. The activity, the company said, targets government and public-sector organizations with the end goal of redirecting victims to attacker-controlled infrastructure without stealing their tokens. It described

Read more →

AI, Apps, china, Compliance, Exploits, Global Security News, Risk Management

Anthropic alleges large-scale distillation campaigns targeting Claude

Anthropic has accused three Chinese AI developers of running large-scale campaigns to illicitly extract capabilities from its Claude model to improve their own systems. The company claims DeepSeek, Moonshot, and MiniMax used a distillation technique, where a less capable model is trained on the outputs of a more advanced one. More than 16 million interactions…

Read more →

AI, Global Security News

Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model

Anthropic on Monday said it identified “industrial-scale campaigns” mounted by three artificial intelligence (AI) companies, DeepSeek, Moonshot AI, and MiniMax, to illegally extract Claude’s capabilities to improve their own models. The distillation attacks generated over 16 million exchanges with its large language model (LLM) through about 24,000 fraudulent accounts in violation of its terms

Read more →

AI, Cybersecurity, Endpoint, Global Security News, malware, Network Security, privacy, Risk Management

LATAM Businesses Hit by XWorm via Fake Financial Receipts: Full Campaign Analysis 

Malware campaigns targeting Latin America (LATAM) are evolving. While the final payloads, often commodity RATs like XWorm, remain consistent, delivery mechanisms are becoming increasingly sophisticated to bypass region-specific defenses and increase the chance of reaching real business users.  In this analysis, we dissect a recent campaign targeting Brazilian users. What starts as a deceptive “banking receipt” quickly turns into a multi-stage…

Read more →

AI, Global Security News, Government & Policy, malware

APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities

Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux environments with remote access trojans capable of stealing sensitive data and ensuring continued access to infected machines.
The campaigns are characterized by the use of malware families like Geta RAT, Ares RAT, and DeskRAT, which are often

Read more →

AI, CISA, Don't miss, Exploits, Global Security News, Hot stuff, News

CISA confirms exploitation of VMware ESXi flaw by ransomware attackers

CVE-2025-22225, a VMware ESXi arbitrary write vulnerability, is being used in ransomware campaigns, CISA confirmed on Wednesday by updating the vulnerability’s entry in its Known Exploited Vulnerabilities (KEV) catalog. Researchers linked VMware ESXi zero-day trio to single exploit toolkit Broadcom fixed CVE-2025-22225, CVE-2025-22224 (a heap overflow vulnerability) and CVE-2025-22226 (an information disclosure flaw) in VMware…

Read more →