Geek-Guy.com

Tag: more

AI, APAC, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Network Security

Ransomware groups switch to stealthy attacks and long-term access

Ransomware attackers are switching tactics in favor of more stealthy infiltration, as the threat of public exposure of sensitive corporate data is becoming the main mechanism of extortion. Picus Security’s annual red-teaming report shows attackers shifting away from loud disruption toward quiet, long-term access — or from “predatory” smash-and-grab tactics to “parasitic” silent residency. Four…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

Vulnerabilities grew like weeds in 2025, but only 1% were weaponized in attacks

Would-be attackers spent 2025 swimming in a sea of more than 40,000 newly published vulnerabilities, VulnCheck said in a report released Wednesday, but only 1% of those defects, just 422, were exploited in the wild. As the deluge of vulnerabilities grows every year, and CVSS ratings lose significance for vulnerability management prioritization, some defenders are…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management, Russia

AWS Threat Intel Finds 600+ FortiGate Devices Hit 

A financially motivated cybercriminal has used commercial generative AI tools to compromise more than 600 FortiGate devices across 55 countries — without exploiting specific software vulnerabilities. This “… campaign succeeded by exploiting exposed management ports and weak credentials with single-factor authentication, fundamental security gaps that AI helped an unsophisticated actor exploit at scale,” said CJ…

Read more →

Apps, Endpoint, Global Security News, Risk Management

How Exposed Endpoints Increase Risk Across LLM Infrastructure

As more organizations run their own Large Language Models (LLMs), they are also deploying more internal services and Application Programming Interfaces (APIs) to support those models. Modern security risks are being introduced less from the models themselves and more from the infrastructure that serves, connects and automates the model. Each new LLM endpoint expands the…

Read more →

AI, Apps, Data Breaches, Global Security News, malware, Network Security, Risk Management

Over 41% of Popular OpenClaw Skills Found to Contain Security Vulnerabilities

As AI agents become more widely adopted, new research is highlighting security gaps within their supporting ecosystems.  A large-scale audit of the OpenClaw skill registry by ClawSecure found that 41.7% of widely used skills contain substantive vulnerabilities, including issues such as command injection and credential exposure. “We audited 2,890+ of the most popular OpenClaw skills…

Read more →

AI, Global Security News, Risk Management

AI in the SOC: Why Complete Autonomy Is the Wrong Goal

Dan Petrillo, VP of Product at BlueVoyant    As artificial intelligence (AI) becomes more deeply embedded in security operations, a divide has emerged in how its role is defined. Some argue the security operations centre (SOC) should be fully autonomous, with AI replacing human analysts. Others believe that augmentation is the right path, using AI to support and extend existing teams.    Augmentation probably reflects…

Read more →

AI, china, Cybersecurity, Global Security News, Risk Management

State Dept. official says post-quantum transition plans will outlive current leadership

A cybersecurity official at the State Department called for the public and private sector to more tightly coordinate plans to transition their systems, devices and data to quantum-resistant encryption algorithms. Gharun Lacy, Deputy Assistant Secretary for the Cyber and Technology Security Directorate at the Department of State, issued a challenge for cybersecurity defenders to view…

Read more →

AI, Apps, Global Security News, malware

Pompelmi: Open-source Secure File Upload Scanning for Node.js

Software teams building services in JavaScript are adding more layers of defense to handle untrusted file uploads. An open-source project called Pompelmi aims to insert malware scanning and policy checks directly into Node.js applications before files reach storage or business logic. The post Pompelmi: Open-source Secure File Upload Scanning for Node.js appeared first on Linux…

Read more →

AI, Exploits, Global Security News, malware

Tracking Malware Campaigns With Reused Material, (Wed, Feb 18th)

A few days ago I wrote a diary called “Malicious Script Delivering More Maliciousness”[1]. In the malware infection chain, there was a JPEG picture that embedded the last payload delimited with “BaseStart-” and “-BaseEnd” tags. Today, I discovered anoher campaign that relies exactly on the same technique. It started with an attachment called “TELERADIO_IB_OBYEKTLRIN_BURAXILIS_FORMASI.xIs” (SHA256:1bf3ec53ddd7399cdc1faf1f0796c5228adc438b6b7fa2513399cdc0cb865962).…

Read more →

AI, APAC, Apps, china, Cybersecurity, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security

Chinese hackers exploited a Dell zero-day for 18 months before anyone noticed

Researchers uncovered more worrying details about a long-running cyber espionage campaign suspected to be backed by the Chinese government, exemplifying how such attacks often go undetected until they’ve already caused significant damage. Google Threat Intelligence Group and Mandiant said the Chinese threat group UNC6201 has been exploiting a zero-day vulnerability in Dell RecoverPoint for Virtual…

Read more →

AI, Endpoint, Exploits, Global Security News, Risk Management

Fake AI Chrome Extensions Exposed 260,000 Users, Targeting Gmail

More than 260,000 Chrome users installed what appeared to be helpful AI productivity tools… only to unknowingly grant remote servers deep access to their browser activity.  LayerX researchers identified a coordinated campaign of 30 fake AI assistant extensions that used embedded iframes and backend-controlled logic to extract data and maintain persistent access. “We found over…

Read more →

AI, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management

260K Users Exposed in AI Extension Scam

More than 260,000 Chrome users installed what appeared to be helpful AI productivity tools — only to unknowingly grant remote servers deep access to their browser activity.  LayerX researchers identified a coordinated campaign of 30 fake AI assistant extensions that used embedded iframes and backend-controlled logic to extract data and maintain persistent access.  “We found…

Read more →

AI, Apps, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management, Russia

Malicious Chrome Extensions Hijack 500,000 VK Accounts in Stealth Campaign

More than 500,000 VKontakte users had their accounts silently manipulated by Chrome extensions that appeared to offer simple interface customization.  Koi researchers found the extensions delivered multi-stage malware that forced group subscriptions, reset account settings, and interfered with VK’s security protections.  Because “… the extensions update automatically, the attacker can push new malicious code to…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security

1,800+ Windows Servers Hit by BADIIS SEO Malware

More than 1,800 Windows servers have been quietly compromised in a sprawling malware campaign that turns legitimate websites into tools for search engine manipulation.  The operation leverages a sophisticated strain known as BADIIS to infect Microsoft Internet Information Services (IIS) environments, allowing threat actors to monetize trusted infrastructure without disrupting normal operations. We found “……

Read more →

AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Risk Management, Russia

Google fears massive attempt to clone Gemini AI through model extraction

Google detected and blocked a campaign involving more than 100,000 prompts that it claimed were designed to copy the proprietary reasoning capabilities of its Gemini AI model, according to a quarterly threat report released by Google Threat Intelligence Group. The prompts looked like a coordinated attempt to perform model extraction or distillation, a machine-learning process…

Read more →

AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Risk Management, Russia

Google fears massive attempt to clone Gemini AI through model extraction

Google detected and blocked a campaign involving more than 100,000 prompts that it claimed were designed to copy the proprietary reasoning capabilities of its Gemini AI model, according to a quarterly threat report released by the company’s Threat Intelligence Group. The prompts looked like a coordinated attempt to perform model extraction or distillation, a machine-learning…

Read more →

AI, Global Security News, Vendor Leadership & Partner Programs

Smartsheet Channel Exec on Partners, Platforms, and 2026

As more enterprises look to streamline technology stacks and accomplish more with less, vendors and OEMs are finding themselves in an evolving market focused on bringing integrated solutions to customers through partners. We spoke with Scott Strubel, head of Americas partner sales at Smartsheet, about how market trends influence the ways vendors work with partner…

Read more →

AI, Cybersecurity, data protection, Global Security News, Google, News, privacy

Google Search introduces new ways to remove sensitive personal information and explicit images

Google expanded its “Results about you” tool to give users more control over sensitive personal information and added a way to request removal of non-consensual explicit images from Search. Manage and limit sensitive personal information in Search Users can request the removal of Search results that contain sensitive personal information, such as driver’s license numbers,…

Read more →

AI, Endpoint, Exploits, Global Security News, malware, Microsoft, Security, Vendors and Providers, privacy, Risk Management

Microsoft to roll out a ‘consent first’ model to protect Windows

Windows serves as the backbone of enterprises around the world, powering more than a billion devices and supporting millions of apps. However Microsoft acknowledges that apps are increasingly going rogue, overriding settings, installing additional components, or altering critical Windows capabilities without user awareness or approval. In response, the tech giant plans to roll out what…

Read more →

AI, Apps, Exploits, Global Security News, Network Security, Risk Management

Patch Tuesday, February 2026 Edition

Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six “zero-day” vulnerabilities that attackers are already exploiting in the wild. Zero-day #1 this month is CVE-2026-21510, a security feature bypass vulnerability in Windows Shell wherein a single click on a…

Read more →

AI, Apps, Cloud Security, Endpoint, Exploits, Global Security News, Network Security, Risk Management

Six more vulnerabilities found in n8n automation platform

Six more vulnerabilities have been discovered in the n8n workflow platform used for building LLM-powered agents to connect business processes. Four of the six are rated as critical, carrying CVSS severity scores of 9.4. “These vulnerabilities span multiple attack classes, from remote code execution and command injection to arbitrary file access and cross-site scripting, all…

Read more →

AI, Anthropic, Artificial Intelligence, Global Security News, News

Claude Opus 4.6 improves agentic performance and model safety

Claude Opus 4.6 builds on earlier releases with improved coding performance and more consistent behavior in complex tasks. Opus 4.6 finds real vulnerabilities in codebases better than any other model (Source: Anthropic) According to Anthropic, the model applies more deliberate planning during task execution, sustains agent-driven workflows over longer periods, and operates with greater consistency…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, News, Risk Management, Russia, Threats

10,000+ Active Infections Traced to SystemBC Botnet

Security researchers at Silent Push identified more than 10,000 unique IPs infected with SystemBC, a proxy malware commonly used as an early foothold in ransomware attacks. Using a custom SystemBC tracking fingerprint, analysts mapped a globally distributed botnet that includes compromised systems supporting government infrastructure.  “SystemBC proxies traffic through compromised systems and acts as a…

Read more →

AI, Global Security News, Risk Management

Q&A: How AI could transform corporate meetings — for better or worse

Rebecca Hinds has studied office meetings and collaboration efforts for more than 15 years and most recently she’s seen how AI can make corporate get-togethers better — or worsen existing problems. In a study commissioned by Read.AI, Hinds found that AI, when correctly implemented, can encourage more participation by women and lower-level employees. At the…

Read more →

AI, Apps, Artificial Intelligence, Cybersecurity, Data Breaches, Endpoint, Global Security News, malware, Network Security, News, Risk Management, Threats, trends

Hundreds of Malicious Skills Found in OpenClaw’s ClawHub

A routine question about trust exposed a far more serious problem when researchers discovered hundreds of malicious skills hidden inside a widely used AI agent marketplace.  Koi researchers analyzed ClawHub, the third-party skill repository for OpenClaw, and found that threat actors had quietly turned the ecosystem into a large-scale malware distribution channel. We found “……

Read more →

AI, API security, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management

7 Reasons to Get Certified in API Security

API security is becoming more important by the day and skilled practitioners are in high demand. Now’s the time to level up your API security skillset.  Wallarm University, our free training course, provides security analysts, engineers, and practitioners with hands-on skills you can’t get from documentation, videos, or traditional courses. Run real attacks, investigate real…

Read more →

AI, API security, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management

7 Reasons to Get Certified in API Security

API security is becoming more important by the day and skilled practitioners are in high demand. Now’s the time to level up your API security skillset.  Wallarm University, our free training course, provides security analysts, engineers, and practitioners with hands-on skills you can’t get from documentation, videos, or traditional courses. Run real attacks, investigate real…

Read more →

AI, API security, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management

7 Reasons to Get Certified in API Security

API security is becoming more important by the day and skilled practitioners are in high demand. Now’s the time to level up your API security skillset.  Wallarm University, our free training course, provides security analysts, engineers, and practitioners with hands-on skills you can’t get from documentation, videos, or traditional courses. Run real attacks, investigate real…

Read more →

AI, API security, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management

7 Reasons to Get Certified in API Security

API security is becoming more important by the day and skilled practitioners are in high demand. Now’s the time to level up your API security skillset.  Wallarm University, our free training course, provides security analysts, engineers, and practitioners with hands-on skills you can’t get from documentation, videos, or traditional courses. Run real attacks, investigate real…

Read more →

AI, API security, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management

7 Reasons to Get Certified in API Security

API security is becoming more important by the day and skilled practitioners are in high demand. Now’s the time to level up your API security skillset.  Wallarm University, our free training course, provides security analysts, engineers, and practitioners with hands-on skills you can’t get from documentation, videos, or traditional courses. Run real attacks, investigate real…

Read more →

AI, API security, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management

7 Reasons to Get Certified in API Security

API security is becoming more important by the day and skilled practitioners are in high demand. Now’s the time to level up your API security skillset.  Wallarm University, our free training course, provides security analysts, engineers, and practitioners with hands-on skills you can’t get from documentation, videos, or traditional courses. Run real attacks, investigate real…

Read more →

AI, API security, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management

7 Reasons to Get Certified in API Security

API security is becoming more important by the day and skilled practitioners are in high demand. Now’s the time to level up your API security skillset.  Wallarm University, our free training course, provides security analysts, engineers, and practitioners with hands-on skills you can’t get from documentation, videos, or traditional courses. Run real attacks, investigate real…

Read more →

AI, API security, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management

7 Reasons to Get Certified in API Security

API security is becoming more important by the day and skilled practitioners are in high demand. Now’s the time to level up your API security skillset.  Wallarm University, our free training course, provides security analysts, engineers, and practitioners with hands-on skills you can’t get from documentation, videos, or traditional courses. Run real attacks, investigate real…

Read more →

AI, API security, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management

7 Reasons to Get Certified in API Security

API security is becoming more important by the day and skilled practitioners are in high demand. Now’s the time to level up your API security skillset.  Wallarm University, our free training course, provides security analysts, engineers, and practitioners with hands-on skills you can’t get from documentation, videos, or traditional courses. Run real attacks, investigate real…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management, Russia

Best Internet Security Software

After more than a year of high-profile cyber attacks and now the threat of cyber war, businesses and even consumers are taking cybersecurity seriously. Regardless of size or sector, every company is a potential target, and cybercrime will only grow as data becomes more valuable. In light of these risks, organizations need to reevaluate their…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Global Security News, malware, Network Security, News, Reviews, Risk Management, Russia, Security, Software

Best Internet Security Software

After more than a year of high-profile cyber attacks and now the threat of cyber war, businesses and even consumers are taking cybersecurity seriously. Regardless of size or sector, every company is a potential target, and cybercrime will only grow as data becomes more valuable. In light of these risks, organizations need to reevaluate their…

Read more →