Geek-Guy.com

Tag: legitimate

AI, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management

Microsoft Defender Flags DigiCert Certificates as Malware 

A recent Microsoft Defender update incorrectly flagged legitimate DigiCert root certificates as malware, triggering widespread alerts.  In some cases, it also removed trusted certificates from Windows systems, causing disruption.  “Earlier today we determined false positive alerts were mistakenly triggered and updated the alert logic,” Microsoft said, as reported by BleepingComputer.   Inside the DigiCert False Positive…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

When Trust Becomes a Weapon: Google Cloud Storage Phishing Deploying Remcos RAT

Modern phishing campaigns increasingly abuse legitimate services. Cloud platforms, file-sharing tools, trusted domains, and widely used SaaS applications are now part of the attacker’s toolkit. Instead of breaking trust, attackers borrow it.  This shift creates a dangerous asymmetry. Security controls often whitelist or inherently trust these services, while users are far less likely to question them. The…

Read more →

AI, Apps, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management

Fake OpenClaw npm Package Installs GhostClaw Malware

A malicious npm package is targeting developers by posing as a legitimate command-line tool while secretly deploying an infostealer and a remote access trojan (RAT).  The package, @openclaw-ai/openclawai, masquerades as an OpenClaw Installer utility but instead initiates a multi-stage malware operation.  Once executed, it attempts to steal credentials, cryptocurrency wallets, SSH keys, browser data, and…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security

BYOVD Turns Trusted Drivers Against Windows Security

A growing number of great actor groups are quietly abusing legitimate Windows drivers to turn endpoint defenses against themselves.  Known as Bring Your Own Vulnerable Driver (BYOVD), the technique allows attackers to load a digitally signed but flawed driver and exploit it to gain full kernel-level access.  Attackers “… load a legitimate, digitally signed, but…

Read more →

AI, Global Security News

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

A “coordinated developer-targeting campaign” is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish persistent access to compromised machines. “The activity aligns with a broader cluster of threats that use job-themed lures to blend into routine developer workflows and increase the likelihood of code

Read more →

AI, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

Don’t trust TrustConnect: This fake remote support tool only helps hackers

After breaking into a system, crooks often install legitimate remote admin tools to keep a foothold on the network — with the risk that the tool’s vendor spots them and locks them out. Now they have a new option: a fake remote monitoring and management (RMM) tool, complete with serious-looking online storefront, built just for…

Read more →

AI, Global Security News, malware

Criminals create business website to sell RAT disguised as RMM tool

A RAT masquerading as legitimate remote monitoring and management (RMM) software is being sold to cybercriminals as a service, Proofpoint researchers recently discovered. The fake RMM tool, called TrustConnect, was being marketed via an LLM-created website parked on trustconnectsoftware[.]com, supposedly belonging to “TrustConnect Software PTY LTD”. “The malware creator uses the domain as the ‘business…

Read more →

AI, Exploits, Global Security News

Scammers exploit trust in Atlassian Jira to target organizations

Threat actors have leveraged legitimate email notification feature of Atlassian Jira to deliver localized scam emails at scale. The emails From late December 2025 through late January 2026, victims were targeted with spam emails from legitimate-looking Atlassian Jira Cloud addresses. Organizations already using Jira were specifically targeted: the attackers selected domains known to have active…

Read more →

AI, Global Security News

Microsoft Finds “Summarize with AI” Prompts Manipulating Chatbot Recommendations

New research from Microsoft has revealed that legitimate businesses are gaming artificial intelligence (AI) chatbots via the “Summarize with AI” button that’s being increasingly placed on websites in ways that mirror classic search engine poisoning (AI). The new AI hijacking technique has been codenamed AI Recommendation Poisoning by the Microsoft Defender Security Research Team. The…

Read more →

AI, Cybersecurity, Global Security News

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index (PyPI) repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution. The compromised versions of the two packages are listed below – @dydxprotocol/v4-client-js (npm) – 3.4.1, 1.22.1, 1.15.2,…

Read more →

AI, Endpoint, Endpoint Protection, Security, Vulnerabilities, Windows Security, Exploits, Global Security News, malware

Attackers exploit decade‑old Windows driver flaw to shut down modern EDR defenses

In a recent incident, attackers abused a legitimate but vulnerable Windows kernel driver to shut down endpoint security tools during an ongoing incident response. According to a Huntress report, the activity was observed during a customer investigation in early 2026 and involved the use of an old EnCase forensic driver (by Guidance Software) as part…

Read more →