Geek-Guy.com

Tag: largescale

AI, Compliance, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management

CrowdStrike Disrupts Glassworm Supply Chain Botnet 

CrowdStrike announced the coordinated takedown of the Glassworm botnet, a large-scale operation that targeted software developers through compromised open-source packages, malicious VSCode extensions, and poisoned GitHub repositories.  The operation, conducted alongside Google and the Shadowserver Foundation, disrupted the botnet’s infrastructure and severed communication between the operators and infected systems. “In collaboration with Google and the…

Read more →

Global Security News, AI, malware

GitHub Actions abused by Megalodon attack to slip malicious commits into 5,500 repos

A large-scale automated GitHub backdooring campaign was caught pushing thousands of malicious commits into public repositories while posing as routine CI/CD upkeep. Researchers at SafeDep observed the campaign, Megalodon, touching more than five thousand repositories over a six-hour window on May 18. The attack was in the form of a malicious commit, “acac5a9,” targeting GitHub…

Read more →

AI, Compliance, Cybersecurity, Endpoint, Global Security News, Government & Policy, malware, Network Security, privacy, Risk Management

New Phishing Campaign Targets US with Credential Theft: What CISOs Need to Know

A new large-scale phishing campaign is targeting U.S. organizations with fake event invitations that lead to credential theft, OTP interception, or RMM tool installation. ANY.RUN researchers found that the campaign uses a repeatable phishing framework to create event-themed lure pages at scale. Some pages steal email credentials and OTP codes, while others deliver legitimate remote…

Read more →

AI, Global Security News

Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries

Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens. The multi-stage campaign, observed between April 14 and 16, 2026, targeted more than 35,000 users across over 13,000 organizations in 26…

Read more →

china, Global Security News, Network Security

Compromised everyday devices power Chinese cyber espionage operations

China-linked threat actors have shifted from individually procured infrastructure to large-scale covert networks, botnets built from compromised routers and other edge devices, the National Cyber Security Centre (NCSC) warns. To help organizations address this threat, the NCSC, together with the Cyber League and partner agencies, has issued an advisory. The advisory includes guidance for organizations…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Global Security News, malware, Network Security, Risk Management

Global Magecart Campaign Puts Banks Under Pressure, Leveraging Redsys Payment Mimicry and Hijacking 

A large-scale magecart operation remained active for over 24 months, leveraging an infrastructure of 100+ domains. While the targeted victims are e-commerce websites, the actual pressure falls on banks and payment systems. As ANY.RUN’s analysis shows, threat actors applied multi-step checkout hijacking, payment page mimicry, and WebSocket-based exfiltration of card data.  This report provides both executive-level insights and technical analysis of the campaign.  Key Takeaways  The campaign demonstrates long-term persistence…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Global Security News, malware, Network Security, Risk Management

Active Magecart Campaign Targets Spain, Steals Card Data via Hijacked eStores for Bank Fraud 

A large-scale magecart operation remained active for over 24 months, leveraging an infrastructure of 100+ domains. While the targeted victims are e-commerce websites, the actual pressure falls on banks and payment systems. As ANY.RUN’s analysis shows, threat actors applied multi-step checkout hijacking, payment page mimicry, and WebSocket-based exfiltration of card data.  This report provides both executive-level insights and technical analysis of the campaign.  Key Takeaways  The campaign demonstrates long-term persistence…

Read more →

AI, Global Security News

Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR

A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bring your own vulnerable driver (BYOVD) technique. “The campaign abuses Google Ads to serve rogue ScreenConnect (

Read more →

AI, Global Security News, malware

GitHub-hosted malware campaign uses split payload to evade detection

A large-scale malware delivery campaign has been targeting developers, gamers, and general users through fake tools hosted on GitHub, Netskope researchers have warned. These “lures” are highly polished and appear legitimate, occasionally mimicking real projects, thus making them difficult to distinguish from safe software. A dual-component trojan is delivered Netskope threat researchers first discovered a…

Read more →

AI, Apps, china, Compliance, Exploits, Global Security News, Risk Management

Anthropic alleges large-scale distillation campaigns targeting Claude

Anthropic has accused three Chinese AI developers of running large-scale campaigns to illicitly extract capabilities from its Claude model to improve their own systems. The company claims DeepSeek, Moonshot, and MiniMax used a distillation technique, where a less capable model is trained on the outputs of a more advanced one. More than 16 million interactions…

Read more →

AI, Apps, Cloud, Cloud Security, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, News, Risk Management, Threats

TeamPCP and the Rise of Cloud-Native Cybercrime

Flare researchers have identified a threat actor known as TeamPCP behind a large-scale campaign targeting cloud-native infrastructure by abusing exposed orchestration and management interfaces.  First observed in late 2025, the activity reflects a broader shift away from endpoint-focused attacks toward systematic exploitation of cloud control planes. “The campaign reflects a dark mirror of legitimate markets.…

Read more →