Geek-Guy.com

Tag: ongoing

AI, Global Security News, Russia

New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks

A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025. GREYVIBE, per WithSecure, is assessed to be a Russian-speaking group operating broadly in the Russian time zone, with the activities aligning with Kremlin state interests, specifically when it comes to

Read more →

AI, Data Breaches, Global Security News, Government & Policy

Canvas Breach Disrupts Schools & Colleges Nationwide

An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service’s login page with a ransom demand that threatened to leak data from 275 million students and faculty across nearly 9,000 educational institutions.…

Read more →

AI, Global Security News

Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack

Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web. “Based on current evidence, we believe this data originated from Checkmarx’s GitHub repository, and that access to that repository was facilitated through the initial supply…

Read more →

AI, Apps, Global Security News

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findings from Socket. “The affected package version appears to be @bitwarden/cli@2026.4.0, and the malicious code was published in ‘bw1.js,’ a file included in the package contents,” the application security company said. “The attack appears to…

Read more →

AI, Global Security News

Prove Identity Platform connects verification, authentication, and fraud prevention

Prove has launched the Prove Identity Platform, turning identity verification into an ongoing, real-time process for users, businesses, and AI agents. AI agents are already initiating real transactions on behalf of real people. OpenAI and Stripe launched the Agentic Commerce Protocol in September. Visa named Anthropic, OpenAI, and Perplexity as agentic commerce partners. As that…

Read more →

AI, Cybersecurity, Global Security News, Government & Policy, Network Security

Iranian cyber activity hits US energy, water, and government networks

U.S. government agencies on Tuesday warned American organizations about ongoing cyber activity targeting OT and PLC devices, including those manufactured by Rockwell Automation and Allen-Bradley, across multiple critical infrastructure sectors. The activity has been attributed to Iranian-affiliated APT actors seeking to disrupt operations in the United States. Disruptions across critical sectors The advisory, issued by…

Read more →

AI, china, Global Security News, Government & Policy, Network Security

China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks

A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks. The strategic positioning activity, which involves implanting and maintaining stealthy access mechanisms within critical environments, has been attributed to Red Menshen, a threat cluster that’s also tracked as Earth Bluecrow,

Read more →

AI, Data Breaches, Exploits, Global Security News, Risk Management

Experts warn of a ‘loud and aggressive’ extortion wave following Trivy hack

SAN FRANCISCO — Mandiant is responding to a major, ongoing supply-chain attack involving the compromise of Trivy, a widely used open-source tool from Aqua Security that’s designed to find vulnerabilities and misconfigurations in code repositories. The fallout from the attack spree, which was first detected March 19, is extensive and poses substantial risk for follow-on…

Read more →

AI, Apps, china, Europe, Global Security News, Government & Policy, Network Security, Russia

Data Centers Are Military Targets Now

In retaliation for the ongoing U.S.–Israeli war, Iran responded with a novel form of counterattack. For the first time in military history, private sector data centers came under deliberate attack. In an era when companies known for e-commerce, social networks, and search engines have also become close collaborators with militaries, is bombing their servers fair…

Read more →

AI, Global Security News, malware

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. “The attack targets Python projects — including Django apps, ML research code, Streamlit dashboards, and PyPI packages — by appending obfuscated code to files like setup.py, main.py, and app.py,”…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management

Teams Social Engineering Campaign Drops A0Backdoor Malware

Microsoft Teams impersonation and social engineering tactics are being used in an ongoing campaign to deliver a stealthy malware payload known as A0Backdoor.  Researchers at BlueVoyant report that the operation combines social engineering techniques, malicious installers, and covert command-and-control (C2) communications to gain persistent access within targeted networks. “The malware’s loader exhibits anti-sandbox evasion, and…

Read more →

AI, Global Security News, Government & Policy, malware

Threat actors weaponize OAuth redirection logic to deliver malware

An ongoing phishing campaign is abusing the OAuth authentication redirection mechanism to avoid triggering conventional email and browser defenses, Microsoft researchers have revealed. The attackers are targeting government and public-sector organizations, and redirecting unsuspecting users from trusted login pages to their own infrastructure, to serve malware or capture login credentials. The attack, from the victim’s…

Read more →

AI, Cybersecurity, Global Security News

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have published a set of 26 malicious packages to the npm registry. The packages masquerade as developer tools, but contain functionality to extract the actual command-and-control (C2) by using seemingly harmless Pastebin content as a dead…

Read more →

AI, Amazon GuardDuty, APAC, Compliance, Cybersecurity, Endpoint, Global Security News, Network Security, Security, Identity, & Compliance

GuardDuty Extended Threat Detection uncovers cryptomining campaign on Amazon EC2 and Amazon ECS

Amazon GuardDuty and our automated security monitoring systems identified an ongoing cryptocurrency (crypto) mining campaign beginning on November 2, 2025. The operation uses compromised AWS Identity and Access Management (IAM) credentials to target Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Compute Cloud (Amazon EC2). GuardDuty Extended Threat Detection was able to correlate signals…

Read more →