Geek-Guy.com

Tag: likely

AI, Cybersecurity, Global Security News

Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT

Cybersecurity researchers have disclosed details of a spear-phishing campaign likely undertaken by the Pakistan-aligned SideCopy group targeting Afghanistan’s Ministry of Finance with an open-source remote access trojan called Xeno RAT. “The campaign opens with a spear phishing delivery – a ZIP archive containing a malicious LNK file bearing a carefully crafted Pashto-language filename,”

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Risk Management

AI speeds flaw discovery, forcing rapid updates, UK NCSC warns

The UK cyber agency NCSC warns AI is speeding up vulnerability discovery, likely causing a “patch wave” of urgent software updates to fix exposed flaws. The UK’s National Cyber Security Centre (NCSC) warns that AI is rapidly accelerating the discovery of software vulnerabilities, increasing the risk of large-scale exploitation. CTO Ollie Whitehouse says skilled attackers…

Read more →

AI, Global Security News, Network Security

BlackFile actively extorting data-theft victims in retail and hospitality sector

Researchers warn that BlackFile, an extortion group likely associated with The Com, continues to impersonate IT support in voice-phishing and social engineering attacks that have impacted organizations in multiple industries, including healthcare, technology, transportation, logistics, wholesale and retail. Attackers have been actively targeting organizations in the retail and hospitality industry since February, according to Unit…

Read more →

AI, Global Security News, Government & Policy

Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region

An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA), according to findings from Access Now, Lookout, and SMEX. Two of the targets included prominent Egyptian journalists and government critics, Mostafa

Read more →

AI, Global Security News

DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea

Threat actors likely associated with the Democratic People’s Republic of Korea (DPRK) have been observed using GitHub as command-and-control (C2) infrastructure in multi-stage attacks targeting organizations in South Korea. The attack chain, per Fortinet FortiGuard Labs, involves obfuscated Windows shortcut (LNK) files acting as the starting point to drop a decoy PDF

Read more →

AI, Cybersecurity, Exploits, Funding, Global Security News

North Korea–linked hackers drain $285M from Drift in sophisticated attack

Drift lost $285M in a sophisticated attack, likely by North Korea, who used nonce-based tricks to gain control and quickly drain funds Drift suffered a $285 million cryptocurrency heist in a highly sophisticated attack likely linked to North Korea. Threat actors used durable nonce accounts to pre-sign and delay transactions, while also compromising multisig approvals…

Read more →

AI, Apps, Compliance, Global Security News, Government & Policy, Risk Management

Anthropic wins reprieve against US DoD ban, buying time for contractors to assess AI supply chains

The Pentagon’s attempt to brand Anthropic a supply chain risk was “likely both contrary to law and arbitrary and capricious,” a US federal judge wrote in a ruling halting a ban on use of Anthropic’s products in defense contracts. In granting Anthropic a preliminary injunction against the ban, US District Judge Rita Lin of the…

Read more →

AI, Data Breaches, Exploits, Global Security News, malware

Malicious LiteLLM versions linked to TeamPCP supply chain attack

TeamPCP backdoored LiteLLM v1.82.7–1.82.8, likely via Trivy CI/CD, adding tools to steal credentials, move in Kubernetes, and keep persistent access. Threat actor TeamPCP compromised LiteLLM versions 1.82.7 and 1.82.8, likely through a Trivy CI/CD breach. LiteLLM, with over 95 million monthly downloads, helps developers route LLM requests via a single API. The malicious releases, now…

Read more →

AI, Europe, Global Security News, Government & Policy, Politics, Risk Management, Russia

Tracking the Iran War: A Month of Escalation and Regional Impact

Iran war likely prolonged, increasing cyber threats, energy disruption, and instability, with companies in the Middle East facing higher risk. Resecurity (USA) released a strategic intelligence update on the war in Iran, covering nearly a month of military conflict. The conflict has shifted global attention and resources, placing other ongoing conflicts like Russia-Ukraine, Israel-Gaza, and…

Read more →

AI, Global Security News, malware, Russia

DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage

Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 Grupo’s LAB52 threat intelligence team. The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted by Laundry Bear (aka UAC-0190 or Void Blizzard)…

Read more →

AI, Global Security News, malware

Arkanix Stealer: AI-assisted info-stealer shuts down after brief campaign

Arkanix Stealer surfaced in late 2025 as a short-lived info-stealer, likely built as an AI-assisted experiment and quickly abandoned. Arkanix Stealer emerged in late 2025 as a short-lived information-stealing malware promoted on dark web forums. Researchers believe it was likely created as an AI-assisted experiment, suggesting the operators were testing automated development techniques rather than…

Read more →

AI, Cybersecurity, Global Security News

CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware

Cybersecurity researchers have disclosed details of a new campaign dubbed CRESCENTHARVEST, likely targeting supporters of Iran’s ongoing protests to conduct information theft and long-term espionage. The Acronis Threat Research Unit (TRU) said it observed the activity after January 9, with the attacks designed to deliver a malicious payload that serves as a remote access trojan…

Read more →

Don't miss, Europe, Global Security News, Hot stuff, News

State-backed phishing attacks targeting military officials and journalists on Signal

German security authorities are warning that a likely state-backed hacking group is engaged in attempts at phishing senior political figures, military officials, diplomats, and investigative journalists across Germany and Europe via Signal. The authorities also noted that while these attacks are likely perpetrated by a state-controlled cyber actor, there’s nothing stopping non-state actors and financially…

Read more →