Geek-Guy.com

Tag: malware

AI, Exploits, Global Security News, Government & Policy, malware, Network Security, Russia

Russia’s FSB Says Foreign Spies Infected Officials’ Phones With Malware

Russia’s FSB claims foreign intelligence planted malware on senior officials’ phones to intercept calls and activate cameras. No technical evidence, no country named. On June 2, 2026, Russia’s Federal Security Service (FSB) published a statement claiming it had uncovered and documented a large-scale foreign intelligence operation targeting the mobile devices of senior Russian officials. The…

Read more →

AI, Apps, Global Security News, malware, Network Security

GoDaddy found malware on 1,980 WordPress sites using Steam as C2 infrastructure

Malware on approximately 2,000 WordPress sites hid C2 instructions in Steam profile comments using invisible Unicode. GoDaddy researchers spotted a command-and-control infrastructure for a malware campaign abusing Valve’s Steam gaming platform. The experts discovered malware on approximately 1,980 WordPress sites that fetches its instructions by reading Steam Community profile comments, where the actual payload is…

Read more →

AI, Europe, Exploits, Global Security News, malware, Network Security

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 99

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ghost CMS Mass Compromised via CVE-2026-26980, Now Fueling ClickFix Attacks   TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages and Hundreds of Versions Across npm, PyPI, and Crates.io   RemotePE: The Lazarus RAT that lives…

Read more →

AI, Apps, Endpoint, Global Security News, malware, Risk Management

GlassWorm falls, but the repo problem is far from solved

Taking down a sprawling malware operation once signaled progress in securing the open-source ecosystem. Now, it barely registers. The GlassWorm campaign disruption comes at a moment when attackers can quickly reconstitute, and defenders are increasingly grappling with a new challenge: distinguishing real threats from automated noise. “I think coordinated actions, like GlassWorm, can sever control,…

Read more →

AI, Compliance, Cybersecurity, Global Security News, malware, Risk Management

Inside ANY.RUN’s 10-Year Evolution: An Interview with CEO Aleksey Lapshin

What happens when a malware analyst decides to build a product he always wished he had? The case of ANY.RUN tells us that ten years later it may turn into an industry-standard solution, adopted by 74 Fortune 100 companies.  Celebrating a decade of ANY.RUN, CEO Aleksey Lapshin shared his perspective on the evolution of the company,…

Read more →

AI, Cybersecurity, Europe, Exploits, Global Security News, malware

Nimbus Manticore Expanded Attacks With AI-Assisted Malware and Fake Zoom Installers

Nimbus Manticore accelerated cyberattacks during wartime, using AI-assisted malware, fake Zoom installers, and SEO poisoning. When the United States launched Operation Epic Fury against Iran at the end of February 2026, most analysts expected the country’s cyber apparatus to hunker down and weather the storm. That’s not what happened. Instead, researchers at Check Point have…

Read more →

AI, Cybersecurity, Global Security News, malware

Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms

Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and cryptocurrency organizations. RemotePE, per NCC Group subsidiary Fox-IT, is part of a multi-stage attack chain that involves two loaders tracked as DPAPILoader and RemotePELoader. “DPAPILoader decrypts and

Read more →

AI, Global Security News, malware, Network Security

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 98

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Popular node-ipc npm Package Infected with Credential Stealer  New Actors Deploy Shai-Hulud Clones: TeamPCP Copycats Are Here Active Supply Chain Attack Compromises @antv Packages on npm actions-cool/issues-helper GitHub Action Compromised: All Tags Point to…

Read more →

AI, Exploits, Global Security News, Government & Policy, malware, Russia

Ghostwriter Is Back, Using a Ukrainian Learning Platform as Bait to Hit Government Targets

Ghostwriter targeted Ukrainian government agencies with phishing emails delivering malware and Cobalt Strike payloads. The Belarus-nexus APT group Ghostwriter (also tracked as UAC-0057 and UNC1151) has resurfaced with a new phishing campaign targeting Ukrainian government organizations. This time the lure is Prometheus, a legitimate Ukrainian online learning platform that many government employees actually use. Using…

Read more →

AI, Cybersecurity, Endpoint, Exploits, Global Security News, malware

Microsoft patches two zero-day flaws in Defender

Microsoft released emergency fixes for two zero-day vulnerabilities in the malware protection components of Microsoft Defender. The flaws allow local attackers to gain system-level privileges or cause the anti-malware service to stop working correctly. Both conditions are valuable in a malware attack, first to prevent detection if the system relies only on Microsoft endpoint protection…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware

Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor

Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since at least mid-2022. “Showboat is a modular post-exploitation framework designed for Linux systems, capable of spawning a remote shell, transferring files, and functioning as a…

Read more →

AI, Apps, Europe, Global Security News, malware

Microsoft disrupts malware code-signing service used by ransomware gangs

Microsoft has disrupted the infrastructure powering the largest malware code-signing service used to help ransomware groups and other cybercriminals make malicious programs harder to detect on Windows. The threat actors behind the service used stolen identities and impersonated legitimate organizations to obtain more than 1,000 code-signing certificates. Microsoft seized the group’s website, signspace[.]cloud, revoked the…

Read more →

AI, china, Global Security News, Government & Policy, malware, Network Security

Microsoft dismantled malware-signing network Fox Tempest

Microsoft disrupted Fox Tempest, a malware-signing-as-a-service (MSaaS) that allowed attackers to sign malware with fake trusted certificates. Microsoft said it disrupted a cybercrime operation run by a threat actor named Fox Tempest, which helped threat actors sign malware with short-lived certificates to make malicious software appear legitimate. The service abused Microsoft Artifact Signing and supported…

Read more →

Global Security News, malware

Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations

A new analysis of the Lua-based fast16 malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations. According to Broadcom-owned Symantec and Carbon Black teams, the pre-Stuxnet tool was engineered to corrupt uranium-compression simulations that are central to nuclear weapon design. “Fast16’s hook engine is selectively interested…

Read more →

AI, Exploits, Global Security News, malware

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter JDownloader site hacked to replace installers with Python RAT malware     New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps   Threat Actor Mr_Rot13 Actively Exploits CVE-2026-41940 for Backdoor Deployment   Operation…

Read more →

AI, Cybersecurity, Data Breaches, Endpoint, Europe, Global Security News, Government & Policy, malware, Network Security, Russia

Russian APT Turla builds long-term access tool with Kazuar Botnet evolution

Russia-linked APT group Turla turned its Kazuar malware into a stealthy P2P botnet for long-term access to compromised systems. Russia-linked APT group Turla upgraded its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access to infected systems. Microsoft researchers say the malware allows attackers to maintain long-term control while making detection…

Read more →

Global Security News, malware, Risk Management

What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface

In Your Biggest Security Risk Isn’t Malware — It’s What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild — the same trusted utilities your IT team uses every day are also the preferred…

Read more →

AI, Apps, Exploits, Global Security News, malware, Network Security

‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack

A rapidly spreading malware campaign has infected hundreds of software packages across major open-source registries, embedding credential-stealing code into development tools downloaded millions of times a week. The attack, referred to as “mini Shai-Hulud,” targeted prominent software libraries, including TanStack, UiPath, and MistralAI. TanStack’s React Router package alone accounts for more than 12 million weekly…

Read more →

AI, Global Security News, malware

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 96

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter CloudZ RAT potentially steals OTP messages using Pheno plugin   Backdoored PyTorch Lightning package drops credential stealer A rigged game: ScarCruft compromises gaming platform in a supply-chain attack Muddying the Tracks: The State-Sponsored Shadow Behind…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

CloudZ RAT Abuses Windows Phone Link to Steal OTPs

A malware campaign is exploiting a built-in Windows feature to intercept sensitive data — without ever touching the victim’s phone.  Cisco Talos researchers identified the CloudZ remote access trojan (RAT) using a custom plugin to monitor Microsoft’s Phone Link application and potentially capture SMS-based one-time passwords (OTPs). “MFA bypass is becoming a bigger and bigger…

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, malware, Risk Management

Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs

A newly identified malware campaign is abusing Microsoft’s Phone Link feature to intercept SMS-based one-time passwords and other sensitive mobile data directly from Windows systems. The activity, first observed by Cisco Talos in January 2026, involves a remote access trojan dubbed CloudZ and a custom plugin named Pheno that together allow attackers to harvest credentials…

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, malware, Risk Management

Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs

A newly identified malware campaign is abusing Microsoft’s Phone Link feature to intercept SMS-based one-time passwords and other sensitive mobile data directly from Windows systems. The activity, first observed by Cisco Talos in January 2026, involves a remote access trojan dubbed CloudZ and a custom plugin named Pheno that together allow attackers to harvest credentials…

Read more →

AI, Global Security News, malware, Russia

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 95

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet  73 Open VSX Sleeper Extensions Linked to GlassWorm Show New Malware Activations   An alarm clock you can’t ignore: How CapFix attacks…

Read more →

AI, Global Security News, malware, Network Security

Fast16: Pre-Stuxnet malware that targeted precision engineering software

Fast16 is a pre-Stuxnet malware that tampered with precision software and spread itself. Evidence suggests links to U.S. operations during early cyber tensions. SentinelOne uncovered Fast16, a sabotage malware used in 2005, years before Stuxnet. The malicious code is written in Lua and targeted high-precision calculation software, altering results and spreading across systems. The malware…

Read more →

AI, china, Global Security News, Government & Policy, malware

GopherWhisper: new China-linked APT targets Mongolia with Go-based malware

ESET found a new China-linked APT, tracked as GopherWhisper, targeting Mongolia using Go-based malware, loaders, and backdoors. ESET researchers uncovered a new China-aligned APT group called GopherWhisper, targeting government institutions in Mongolia. The group’s arsenal includes a range of tools mainly written in Go, such as loaders and injectors, which are used to deploy multiple…

Read more →

AI, Cybersecurity, Global Security News, malware

Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software

Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran’s nuclear program by destroying uranium enrichment centrifuges. According to a new report published by SentinelOne, the previously undocumented cyber sabotage framework dates back to 2005, primarily targeting high-precision calculation software to tamper

Read more →

AI, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

Inside agenteV2: How Brazilian Attackers Use Fake Court Summons to Steal Banking Credentials in Real Time 

A new phishing campaign targeting Brazilian users demonstrates how modern financial malware has evolved from simple credential theft into full-scale, operator-driven fraud platforms. Disguised as a judicial summons, this campaign leverages social engineering, multi-stage malware delivery, and real-time remote access capabilities to compromise victims and actively assist attackers in financial theft.   For organizations, the implications extend beyond individual users. Employees accessing corporate…

Read more →

AI, china, Cybersecurity, Exploits, Global Security News, malware, Network Security

Dragos: Despite AI use, new malware targeting water plants is ‘hype’

One day AI may be capable of creating malware that threatens critical infrastructure. But that day was not earlier this month, when reports surfaced of a new piece of malware seemingly configured to search for and sabotage Israeli water infrastructure, according to industrial cybersecurity firm Dragos.  The malware, called ZionSiphon, was first identified by AI…

Read more →

AI, Cybersecurity, Global Security News, malware, Network Security

New Mirai variants target routers and DVRs in parallel campaigns

Hidden inside newly discovered botnet malware is an unusual message from its creator: “AI.NEEDS.TO.DIE”. Dubbed “tuxnokill” by researchers at Akamai, the malware is one of two fresh Mirai botnet variants documented this month by major cybersecurity firms and, judging by the aforementioned hard-coded string, this particular variant might have been coded the old-fashioned way. “Tuxnokill”…

Read more →

Cybersecurity, Global Security News, malware

Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that’s distributed via a theme related to India’s banking sector. “The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports remote shell access, file operations, and session management, indicating a continued espionage-focused capability set rather than

Read more →

AI, Apps, Cybersecurity, Global Security News, malware

NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs

Cybersecurity researchers have discovered a new iteration of an Android malware family calledNGate that has been found to abuse a legitimate application called HandyPay instead of NFCGate. “The threat actors took the app, which is used to relay NFC data, and patched it with malicious code that appears to have been AI-generated,” ESET security researcher Lukáš…

Read more →

AI, Apps, Europe, Exploits, Global Security News, malware, Network Security, Risk Management

Cyberattack That Could Have Poisoned a City’s Water Supply by Manipulating Chlorine Levels

In mid-April 2026, researchers at Darktrace published a detailed breakdown of a malware sample that occupies a narrow but alarming niche in the threat landscape: a Windows-based OT weapon apparently designed from the ground up to sabotage Israeli water treatment and desalination infrastructure. The malware identifies itself internally as ZionSiphon — the name appears in a core…

Read more →

Cybersecurity, Global Security News, malware

Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems

Cybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target Israeli water treatment and desalination systems. The malware has been codenamed ZionSiphon by Darktrace, highlighting its ability to set up persistence, tamper with local configuration files, and scan for operational technology (OT)-relevant services on the local subnet.

Read more →

AI, Exploits, Global Security News, Government & Policy, malware, Network Security

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 93

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape CPU-Z / HWMonitor watering hole infection – a copy-pasted attack   Fake Claude site installs malware that gives attackers access to your computer   Malware Analysis Static SKILL for Codex   JanelaRAT: a financial threat targeting users in Latin…

Read more →

AI, Endpoint, Exploits, Global Security News, malware, Network Security

Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware

Attackers abuse QEMU to hide malware in virtual machines, bypass detection, steal data, and deploy ransomware without leaving any trace. Sophos researchers report a rise in attackers abusing QEMU, an open-source emulator, to hide malicious activity inside virtual machines. By running malware in a VM, attackers avoid endpoint security controls and leave minimal traces on…

Read more →

AI, Global Security News, malware, Network Security

Inside ZionSiphon: politically driven malware aims at Israeli water systems

New ZionSiphon malware targets water systems, and allows attackers to alter pressure and chlorine levels. A flaw makes it ineffective for now. Darktrace analyzed ZionSiphon, a new malware designed to target water treatment and desalination systems, which aims to disrupt operations by altering hydraulic pressure and increasing chlorine levels to unsafe levels. The malware combines…

Read more →

AI, Exploits, Global Security News, malware

AI platform n8n abused for stealthy phishing and malware delivery

Attackers abuse AI automation platform n8n to run phishing campaigns, deliver malware, and evade security by using trusted infrastructure. Threat actors are exploiting the popular AI workflow automation platform n8n to launch advanced phishing campaigns, deliver malware, and collect device data through automated emails. By using trusted infrastructure, they can bypass traditional security controls and…

Read more →

AI, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

From clinics to government: UAC-0247 expands cyber campaign across Ukraine

CERT-UA reports UAC-0247 targeting Ukrainian clinics and government bodies with malware stealing data from Chromium browsers and WhatsApp. CERT-UA has revealed a cyber campaign by the threat actor UAC-0247 targeting Ukrainian government entities and municipal healthcare facilities, including clinics and emergency hospitals. The operation between March and April 2026, used malware designed to steal sensitive…

Read more →