Geek-Guy.com

Tag: malicious

Cybersecurity, Global Security News

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors. The Rust packages, published to crates.io, are listed below – chrono_anchor dnp3times time_calibrator time_calibrators time-sync The crates, per Socket, impersonate timeapi.io and were published between late February and early March

Read more →

AI, Apps, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management

Fake OpenClaw npm Package Installs GhostClaw Malware

A malicious npm package is targeting developers by posing as a legitimate command-line tool while secretly deploying an infostealer and a remote access trojan (RAT).  The package, @openclaw-ai/openclawai, masquerades as an OpenClaw Installer utility but instead initiates a multi-stage malware operation.  Once executed, it attempts to steal credentials, cryptocurrency wallets, SSH keys, browser data, and…

Read more →

AI, Apps, Global Security News, malware

Devs looking for OpenClaw get served a GhostClaw RAT

A malicious npm package posing as an OpenClaw Installer has been caught deploying a remote access trojan (RAT) on victim machines, according to new JFrog research. The package, published under the name “@openclaw-ai/openclawai”, pretends to be an installer for the legitimate CLI tool but instead launches a multi-stage infection chain that steals system credentials, browser…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Global Security News, malware, Network Security, privacy, Risk Management

Malicious Chrome Extension Targets imToken Wallet Users

A malicious Chrome extension disguised as a harmless color visualization tool is quietly redirecting users to phishing pages designed to steal cryptocurrency wallet credentials.  Socket researchers warn that the extension impersonates the popular imToken wallet brand and tricks victims into entering their seed phrases or private keys. The “… extension automatically opens a threat actor-controlled…

Read more →

AI, Cybersecurity, Global Security News

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and steal sensitive data from compromised hosts. The package, named “@openclaw-ai/openclawai,” was uploaded to the registry by a user named “openclaw-ai” on March 3, 2026. It has been downloaded 178 times to date. The…

Read more →

AI, Global Security News, malware

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer, offering attackers a way to push malware to downstream customers, inject arbitrary code, and harvest sensitive data. The extensions in question, both originally associated with a developer named “akshayanuonline@gmail.com” (BuildMelon), are listed below – QuickLens – Search Screen…

Read more →

AI, Data Breaches, Global Security News, Risk Management

Push Security adds malicious browser extension detection to block threats in employee browsers

Push Security has announced new malicious browser extension detection and blocking capabilities within its browser-based security platform. The feature enables organizations to automatically block known-bad extensions from running in employee browsers. Attackers are increasingly turning to malicious browser extensions as a preferred method of compromise. Recent campaigns such as ShadyPanda, ZoomStealer, and GhostPoster, along with…

Read more →

Cybersecurity, Global Security News

Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux

Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that’s functional on Windows, macOS, and Linux systems. The names of the packages are listed below – nhattuanbl/lara-helper (37 Downloads) nhattuanbl/simple-queue (29 Downloads) nhattuanbl/lara-swagger (49 Downloads)

Read more →

AI, Global Security News, Network Security, Risk Management

Chrome security flaw enabled spying via Gemini Live assistant

A Google Chrome vulnerability lets malicious extensions hijack Gemini Live to spy on users and steal sensitive files. Researchers at Palo Alto Networks found a Chrome vulnerability, tracked as CVE-2026-0628, that could let malicious extensions take control of the Gemini Live AI assistant. By abusing the flaw, attackers could spy on users and exfiltrate sensitive…

Read more →

AI, Global Security News

ClawJacked flaw exposed OpenClaw users to data theft

“ClawJacked” flaw let malicious sites hijack OpenClaw AI agents to steal data; patch released in version 2026.2.26. A high-severity vulnerability called ClawJacked in OpenClaw allowed malicious websites to brute-force and take control of local AI agent instances. Oasis Security discovered the flaw, which enabled silent data theft. OpenClaw addressed the issue with version 2026.2.26, released…

Read more →

AI, Cybersecurity, Global Security News

Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor

Cybersecurity researchers have disclosed details of a malicious Go module that’s designed to harvest passwords, create persistent access via SSH, and deliver a Linux backdoor named Rekoobe. The Go module, github[.]com/xinfeisoft/crypto, impersonates the legitimate “golang.org/x/crypto” codebase, but injects malicious code that’s responsible for exfiltrating secrets entered via terminal password

Read more →

AI, Global Security News, Risk Management

New Malicious npm Package Highlights the Speed at Which Supply Chain Risks Propagate

GUEST RESEARCH:  Tenable Research investigated a malicious package in the npm public registry named “amber-src” that underscores the rapid nature of modern supply chain attacks. The package, which was downloaded approximately 50,000 times before its removal, was designed to mimic a popular package “ember-source”, to infect developers’ systems across Windows, macOS, and Linux.

Read more →

AI, Global Security News

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

A “coordinated developer-targeting campaign” is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish persistent access to compromised machines. “The activity aligns with a broader cluster of threats that use job-themed lures to blend into routine developer workflows and increase the likelihood of code

Read more →

AI, Cybersecurity, Global Security News

Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens

Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library from financial services firm Stripe in an attempt to target the financial sector. The package, codenamed StripeApi.Net, attempts to masquerade as Stripe.net, a legitimate library from Stripe that has over 75 million downloads. It was uploaded by…

Read more →

AI, Apps, Cybersecurity, Global Security News

Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal sensitive data. The campaign, discovered by Socket, exfiltrates ASP.NET Identity data, including user accounts, role assignments, and permission mappings, as well as manipulates authorization rules to create persistent backdoors in victim applications.

Read more →

AI, Exploits, Global Security News, malware

Tracking Malware Campaigns With Reused Material, (Wed, Feb 18th)

A few days ago I wrote a diary called “Malicious Script Delivering More Maliciousness”[1]. In the malware infection chain, there was a JPEG picture that embedded the last payload delimited with “BaseStart-” and “-BaseEnd” tags. Today, I discovered anoher campaign that relies exactly on the same technique. It started with an attachment called “TELERADIO_IB_OBYEKTLRIN_BURAXILIS_FORMASI.xIs” (SHA256:1bf3ec53ddd7399cdc1faf1f0796c5228adc438b6b7fa2513399cdc0cb865962).…

Read more →

AI, Apps, Data Breaches, Global Security News, Network Security, privacy, Risk Management

Meta Business Admins Exposed by 2FA-Harvesting Chrome Extension

A malicious Google Chrome extension masquerading as a productivity tool for Meta Business users has been found stealing two-factor authentication secrets and sensitive business data, enabling silent takeover of Facebook and Instagram assets.  The extension, CL Suite by @CLMasters, advertises itself as a way to streamline Meta Business workflows, but Socket researchers say it quietly…

Read more →

AI, Cybersecurity, Global Security News, malware, Risk Management

Malicious npm and PyPI packages linked to Lazarus APT fake recruiter campaign

Researchers found malicious npm and PyPI packages tied to a fake recruitment campaign linked to North Korea’s Lazarus Group. ReversingLabs researcher uncovered new malicious packages on npm and PyPI connected to a fake job recruitment campaign attributed to the North Korea-linked Lazarus Group. The campaign uses deceptive hiring themes to trick developers into downloading infected…

Read more →

Cybersecurity, Global Security News

Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History

Cybersecurity researchers have discovered a malicious Google Chrome extension that’s designed to steal data associated with Meta Business Suite and Facebook Business Manager. The extension, named CL Suite by @CLMasters (ID: jkphinfhmfkckkcnifhjiplhfoiefffl), is marketed as a way to scrape Meta Business Suite data, remove verification pop-ups, and generate two-factor authentication (2FA) codes.

Read more →

AI, Cybersecurity, Global Security News

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group. The coordinated campaign has been codenamed graphalgo in reference to the first package published in the npm registry. It’s assessed to be active…

Read more →

AI, Cybersecurity, Global Security News

First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials

Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild.
In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associated with a now-abandoned legitimate add-in to serve a fake Microsoft login page, stealing over 4,000 credentials in the process. The activity has been

Read more →

AI, Breaking News, Exploits, FortiClientEMS, Fortinet, Global Security News, malware, Network Security, Security

Critical Fortinet FortiClientEMS flaw allows remote code execution

Fortinet warns of a critical FortiClientEMS vulnerability that lets remote attackers run malicious code without logging in. Fortinet issued an urgent advisory to address a critical FortiClientEMS vulnerability, tracked as CVE-2026-21643 (CVSS score of 9.1). The vulnerability is an improper neutralization of special elements used in an SQL Command (‘SQL Injection’) issue in FortiClientEMS. An…

Read more →

AI, Breaking News, Exploits, FortiClientEMS, Fortinet, Global Security News, malware, Network Security, Security

Critical Fortinet FortiClientEMS flaw allows remote code execution

Fortinet warns of a critical FortiClientEMS vulnerability that lets remote attackers run malicious code without logging in. Fortinet issued an urgent advisory to address a critical FortiClientEMS vulnerability, tracked as CVE-2026-21643 (CVSS score of 9.1). The vulnerability is an improper neutralization of special elements used in an SQL Command (‘SQL Injection’) issue in FortiClientEMS. An…

Read more →

AI, Breaking News, Exploits, FortiClientEMS, Fortinet, Global Security News, malware, Network Security, Security

Critical Fortinet FortiClientEMS flaw allows remote code execution

Fortinet warns of a critical FortiClientEMS vulnerability that lets remote attackers run malicious code without logging in. Fortinet issued an urgent advisory to address a critical FortiClientEMS vulnerability, tracked as CVE-2026-21643 (CVSS score of 9.1). The vulnerability is an improper neutralization of special elements used in an SQL Command (‘SQL Injection’) issue in FortiClientEMS. An…

Read more →

AI, Breaking News, Exploits, FortiClientEMS, Fortinet, Global Security News, malware, Network Security, Security

Critical Fortinet FortiClientEMS flaw allows remote code execution

Fortinet warns of a critical FortiClientEMS vulnerability that lets remote attackers run malicious code without logging in. Fortinet issued an urgent advisory to address a critical FortiClientEMS vulnerability, tracked as CVE-2026-21643 (CVSS score of 9.1). The vulnerability is an improper neutralization of special elements used in an SQL Command (‘SQL Injection’) issue in FortiClientEMS. An…

Read more →

AI, Exploits, Global Security News, Russia

Quick Howto: Extract URLs from RTF files, (Mon, Feb 9th)

Malicious RTF (Rich Text Format) documents are back in the news with the exploitation of CVE-2026-21509 by APT28. The malicious RTF documents BULLETEN_H.doc and Consultation_Topics_Ukraine(Final).doc mentioned in the news are RTF files (despite their .doc extension, a common trick used by threat actors). Here is a quick tip to extract URLs from RTF files. Use the following…

Read more →

AI, Exploits, Global Security News, Russia

Quick Howto: Extract URLs from RTF files, (Mon, Feb 9th)

Malicious RTF (Rich Text Format) documents are back in the news with the exploitation of CVE-2026-21509 by APT28. The malicious RTF documents BULLETEN_H.doc and Consultation_Topics_Ukraine(Final).doc mentioned in the news are RTF files (despite their .doc extension, a common trick used by threat actors). Here is a quick tip to extract URLs from RTF files. Use the following…

Read more →

AI, Exploits, Global Security News, Russia

Quick Howto: Extract URLs from RTF files, (Mon, Feb 9th)

Malicious RTF (Rich Text Format) documents are back in the news with the exploitation of CVE-2026-21509 by APT28. The malicious RTF documents BULLETEN_H.doc and Consultation_Topics_Ukraine(Final).doc mentioned in the news are RTF files (despite their .doc extension, a common trick used by threat actors). Here is a quick tip to extract URLs from RTF files. Use the following…

Read more →

AI, Apps, Artificial Intelligence, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, News, Risk Management, Threats

Fake Clawdbot VS Code Extension Deploys ScreenConnect RAT 

A malicious Visual Studio (VS) Code extension posing as an AI-powered assistant was quietly installing remote access malware on developers’ systems.  The fake extension, called ClawdBot Agent, appeared legitimate on the surface but executed malware automatically as soon as VS Code launched. “The layering here is impressive. You’ve got a fake AI assistant dropping legitimate…

Read more →