Geek-Guy.com

Tag: engineering

Cybersecurity, Data Breaches, Global Security News

Over 70% of organizations hit by identity breaches

Attackers rely on stolen credentials, compromised service accounts, and social engineering attacks targeting employees, according to Sophos’ The State of Identity Security 2026 survey. What do you estimate to be the overall cost to your organization to rectify the identity breach? Base: organization could not stop the security breach. n=510. (Source: Sophos) Identity attack trends…

Read more →

AI, Cybersecurity, Endpoint, Exploits, Global Security News, malware

ClickFix finds a backup plan in PySoxy proxy chains

ClickFix, a one-shot social engineering technique that tricks victims into executing malicious workflows disguised as fixes to technical issues in their systems, has got a persistence upgrade. In a one-off instance, ReliaQuest researchers have spotted an intrusion chain using scheduled tasks, PowerShell-based command-and-control (C2), and a unique abuse of the decade-old open-source proxy tool PySoxy.…

Read more →

AI, Exploits, Global Security News, malware

Patch Tuesday, May 2026 Edition

Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers — including Apple, Google, Microsoft, Mozilla and Oracle — fixing near…

Read more →

AI, Data Breaches, Global Security News, malware

DigiCert breached via malicious screensaver file

A targeted social engineering attack against DigiCert’s support channel led to the compromise of internal systems and the unauthorized issuance of EV Code Signing certificates. DigiCert is a global Certificate Authority (CA) providing digital trust services, specializing in TLS/SSL certificates, PKI management, and IoT security. According to DigiCert’s incident report, a threat actor contacted the…

Read more →

AI, Apps, Global Security News

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

A “novel” social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and cryptocurrency sectors. Dubbed REF6598 by Elastic Security Labs, the activity has been found to leverage

Read more →

AI, Global Security News

As AI Accelerates Software Complexity, Thoughtworks Technology Radar Urges a Return to Engineering Fundamentals to Combat Cognitive Debt

Thoughtworks, a global technology consultancy that integrates design, engineering and AI to drive digital innovation, today released volume 34 of the Technology Radar, a biannual report informed by the organisations’ experiences with clients. This edition spotlights a critical inflection point in the industry; while AI-assisted software development represents a radical transformation, it is also actively…

Read more →

AI, APAC, Global Security News

Australia’s architecture, engineering, and construction industry leads world on digital transformation yet faces new data control and AI governance challenges

GUEST RESEARCH: Australia’s architecture, engineering, and construction (AEC) sector is emerging as one of the most digitally advanced markets globally. New research from Revizto, the leading global integrated collaboration platform for AEC, reveals Australia is now confronting a new generation of challenges around data governance, artificial intelligence (AI), regulation, and the capacity to implement new technologies at scale.

Read more →

AI, Endpoint, Exploits, Global Security News, Risk Management

Hybrid Vishing Campaigns Abuse Online Services to Evade Anti-Spam Filters

Phone-based fraud never went away. It evolved. Vishing, or voice phishing, is a social engineering technique that uses phone calls to extract money or sensitive information from victims. A few years ago, these attacks typically arrived as unsolicited calls from criminals impersonating the IRS, the FBI, or Microsoft support. The approach was simple and high…

Read more →

AI, Global Security News, malware

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad. “It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captures passwords and sessions even if the primary loader is blocked,” ReliaQuest researchers…

Read more →

Global Security News

A nearly undetectable LLM attack needs only a handful of poisoned samples

Prompt engineering has become a standard part of how large language models are deployed in production, and it introduces an attack surface most organizations have not yet addressed. Researchers have developed and tested a prompt-based backdoor attack method, called ProAttack, that achieves attack success rates approaching 100% on multiple text classification benchmarks without altering sample…

Read more →

AI, Global Security News

AiStrike cuts alert noise with Continuous Detection Engineering

AiStrike has launched Continuous Detection Engineering, a capability that transforms how security operations teams manage detections, shifting from reactive alert triage to proactive, intelligence-driven optimization. The detection quality gap Security teams today are overwhelmed by alerts, but the root cause is not volume, it’s detection quality. AiStrike’s analysis across enterprise environments revealed that: More than…

Read more →

Global Security News

Betterleaks: Open-source secrets scanner

Secrets scanning has become standard practice across engineering organizations, and Gitleaks has been one of the most widely used tools in that space. The author of that project has now released a new tool called Betterleaks, which is designed to scan git repositories, directories, and standard input for leaked credentials, API keys, tokens, and passwords.…

Read more →

AI, Global Security News

LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader

The ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an initial access method. The use of ClickFix, where users are tricked into manually running malicious commands to address non-existent errors, is a departure from relying on traditional methods for obtaining initial access, such as through stolen…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management

Teams Social Engineering Campaign Drops A0Backdoor Malware

Microsoft Teams impersonation and social engineering tactics are being used in an ongoing campaign to deliver a stealthy malware payload known as A0Backdoor.  Researchers at BlueVoyant report that the operation combines social engineering techniques, malicious installers, and covert command-and-control (C2) communications to gain persistent access within targeted networks. “The malware’s loader exhibits anti-sandbox evasion, and…

Read more →

AI, Apps, Global Security News

Komodor Launches Partner Program for AI-Driven SRE Services

Komodor, an autonomous AI site reliability engineering (SRE) platform provider for cloud-native infrastructure, has launched a new global partner program aimed at systems integrators, trusted advisors, and value-added resellers supporting enterprise Kubernetes environments. Announced on March 10, the Komodor Partner Program is designed to help partners deliver AI-driven cloud-native infrastructure reliability, incident management, and cost…

Read more →

AI, Apps, Global Security News

Thoughtworks and IDC Report Reveals Most Organisations Trapped in Costly Legacy Cycles; Only 12% Achieve True AI-Driven Operations

GUEST RESEARCH:  Thoughtworks, a global technology consultancy integrating design, engineering and AI to drive digital innovation, today released findings from its global report, titled; “Modernisation Is No Longer a Project: AI-Enabled Managed Services for Continuous Change.” The data reveals a critical disconnect between AI adoption and maturity in IT operations. The report delves into what separates…

Read more →

AI, Global Security News

Security and complexity slow the next phase of enterprise AI agent adoption

Enterprise AI agents are embedded in routine business processes, particularly inside engineering and IT operations. Many organizations report active production deployments, and agent development ranks high on strategic agendas. A new study from Docker, The State of Agentic AI Report, examines how enterprises are deploying agentic systems and the challenges emerging as deployments scale. The…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

ClickFix Campaign Uses Fake CAPTCHA Pages to Deliver StealC Malware on Windows

A new social engineering campaign is abusing fake CAPTCHA verification pages to trick Windows users into launching StealC information-stealing malware.  The attack relies on compromised websites that display convincing Cloudflare-style security checks, prompting victims to manually execute malicious PowerShell commands under the guise of routine verification.  “StealC exfiltrates browser credentials, cryptocurrency wallets, Steam accounts, Outlook…

Read more →

AI, Global Security News

Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging

Microsoft has disclosed details of a new version of the ClickFix social engineering tactic in which the attackers trick unsuspecting users into running commands that carry out a Domain Name System (DNS) lookup to retrieve the next-stage payload. Specifically, the attack relies on using the “nslookup” (short for nameserver lookup) command to execute a custom…

Read more →

AI, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

The ephemeral infrastructure paradox: Why short-lived systems need stronger identity governance

In my experience leading engineering projects, I have encountered the same pattern repeatedly. We obsess over deployment speed. We measure success in commit velocity and uptime. But we rarely pause to ask the most uncomfortable question in the room: Who actually owns the identities we just spun up? This silence isn’t malicious; it’s structural. We…

Read more →

AI, Android, android security, Apps, Cybersecurity, Global Security News, privacy

Android’s pKVM Becomes First Globally Certified Software to Achieve Prestigious SESIP Level 5 Security Certification

Posted by Dave Kleidermacher, VP Engineering, Android Security & Privacy Today marks a watershed moment and new benchmark for open-source security and the future of consumer electronics. Google is proud to announce that protected KVM (pKVM), the hypervisor that powers the Android Virtualization Framework, has officially achieved SESIP Level 5 certification. This makes pKVM the…

Read more →

AI, Android, android security, Apps, Global Security News, Government & Policy, malware, privacy, Risk Management

What’s New in Android Security and Privacy in 2025

Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy Android’s intelligent protections keep you safe from everyday dangers. Our dedication to your security is validated by security experts, who consistently rank top Android devices highest in security, and score Android smartphones, led by the Pixel 9 Pro, as leaders in anti-fraud efficacy. Android is…

Read more →