Geek-Guy.com

Tag: Phishing

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

Silent Ransom Group Targets Law Firms With IT Impersonation Attacks 

Silent Ransom Group is escalating attacks on U.S. law firms by posing as IT staff through phishing emails, phone calls, and in-person visits.  The group, also tracked as Luna Moth, Chatty Spider, and UNC3753, is focusing on data theft and extortion rather than traditional ransomware encryption, making its activity more difficult for organizations to detect…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware, Risk Management, Russia

Security experts caution MFA alone can no longer stop threat actors

Cybersecurity experts are warning enterprise admins about an increasing number of phishing campaigns aimed at stealing Microsoft 365 (M365) access tokens to bypass multifactor authentication login protection. Phishing kits aimed at capturing M365 tokens aren’t new; some reports say these kits have been around since 2021. One of the latest is EvilTokens, which researchers at…

Read more →

AI, Exploits, Global Security News, Government & Policy, malware

UAC-0057 Attack Detection: OYSTERFRESH, OYSTERSHUCK, and OYSTERBLUES Fuel Phishing Campaigns Against Ukrainian State Organizations

Phishing remains one of the most effective tools in the cybercriminal arsenal, especially when threat actors abuse trusted identities, compromised legitimate accounts, and familiar online services to increase victim interaction. Europol notes that phishing techniques remain a main distribution vector for data-stealing malware, while CERT-UA’s latest advisory shows that the same social engineering logic continues…

Read more →

AI, Exploits, Global Security News, Government & Policy, malware, Russia

Ghostwriter Is Back, Using a Ukrainian Learning Platform as Bait to Hit Government Targets

Ghostwriter targeted Ukrainian government agencies with phishing emails delivering malware and Cobalt Strike payloads. The Belarus-nexus APT group Ghostwriter (also tracked as UAC-0057 and UNC1151) has resurfaced with a new phishing campaign targeting Ukrainian government organizations. This time the lure is Prometheus, a legitimate Ukrainian online learning platform that many government employees actually use. Using…

Read more →

AI, APAC, Compliance, Cybersecurity, Endpoint, Global Security News, malware, Network Security, Risk Management

Top 5 Phishing-Driven Social Engineering Attacks on Companies in 2026

Your employees are not falling for “bad grammar” phishing anymore. They are being pulled into fake Microsoft logins, banking pages, AI tool instructions, real OAuth flows, and event invitations that look close enough to daily work to pass without alarm.  For CISOs, that is the real social engineering problem in 2026: attacks are no longer…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

Device Code Phishing Targets Microsoft 365 Users  

Cybercriminals are adopting device code phishing as a new way to bypass traditional phishing defenses and compromise enterprise Microsoft 365 accounts.  According to Proofpoint, threat actors are abusing legitimate Microsoft authentication workflows to steal authentication tokens without using traditional phishing pages.   “The spike in device code phishing coincides with publicly released criminal toolkits, and the…

Read more →

AI, Apps, Exploits, Global Security News, Network Security, Risk Management

Illicit Enterprise: An Anatomy of the Modern Underground Phishing Marketplace

Just as cyber threats have grown more complex and foreboding, the underground phishing marketplace which makes such attacks possible has profoundly evolved.  No longer a Craigslist-styled hodgepodge of products and services, marketplace forums have emerged as complete criminal ecosystems that function as not only distribution points for resources, but as labor exchanges to recruit and…

Read more →

AI, Global Security News

Cofense adds AI-powered campaign detection to stop phishing attacks

Cofense has announced new advancements to its Phishing Defense Platform aimed at improving detection and response to AI-powered phishing attacks. The updates include AI-driven phishing detection, enhanced triage automation, and AI-assisted training campaign creation designed to strengthen protection across the phishing lifecycle. Phishing threats are no longer one-off emails. Attackers launch coordinated, polymorphic campaigns that…

Read more →

AI, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security

Iranian cyber espionage disguised as a Chaos Ransomware attack

Iran-linked APT MuddyWater used ransomware-style tactics to mask espionage, combining phishing, credential theft, data exfiltration, and extortion without encryption. A newly discovered cyber intrusion attributed to the Iran-linked APT MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) reveals how state-sponsored attackers are increasingly leveraging ransomware tactics to disguise espionage operations. The campaign, uncovered by security researchers at Rapid7, blended…

Read more →

AI, Compliance, Cybersecurity, Endpoint, Global Security News, Government & Policy, malware, Network Security, privacy, Risk Management

New Phishing Campaign Targets US with Credential Theft: What CISOs Need to Know

A new large-scale phishing campaign is targeting U.S. organizations with fake event invitations that lead to credential theft, OTP interception, or RMM tool installation. ANY.RUN researchers found that the campaign uses a repeatable phishing framework to create event-themed lure pages at scale. Some pages steal email credentials and OTP codes, while others deliver legitimate remote…

Read more →

AI, Global Security News

Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

An active phishing campaign has been observed targeting multiple vectors since at least April 2025, with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts. The activity, codenamed VENOMOUS#HELPER, has impacted over 80 organizations, most of which are in the U.S., according to Securonix. It shares…

Read more →

AI, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, malware, Russia

Signal Phishing Campaign Targets German Officials in Suspected Russian Operation

Suspected Russian phishing via Signal targeted German officials, exploiting trust to access accounts and sensitive political communications. A new wave of cyber operations targeting European political leadership is once again highlighting how modern espionage increasingly relies on deception rather than technical exploits. Recent investigations by German authorities point to a large-scale phishing campaign conducted via…

Read more →

AI, Apps, china, Compliance, Global Security News, Government & Policy

Chinese spy posed as researcher in spear-phishing campaign targeting NASA to steal defense software

A Chinese national posed as a U.S. researcher, tricking NASA staff in a phishing campaign to steal sensitive data tied to defense software and exports. A Chinese national ran a spear-phishing campaign by posing as a U.S. researcher and tricked NASA employees into sharing sensitive information. The NASA Office of Inspector General (OIG) and federal…

Read more →

AI, Cybersecurity, Endpoint, Europe, Exploits, Global Security News, Government & Policy, Risk Management, Russia

Signal phishing campaign targets Germany’s Bundestag President Julia Klöckner

Germany’s Bundestag President Klöckner was targeted in a Signal phishing attack via a fake CDU group chat. Germany’s Bundestag President Julia Klöckner has reportedly become the latest European political figure targeted through a Signal-based phishing attack, reported Der Spiegel. The incident is another reminder that even trusted messaging apps can become entry points when attackers…

Read more →

AI, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

Inside agenteV2: How Brazilian Attackers Use Fake Court Summons to Steal Banking Credentials in Real Time 

A new phishing campaign targeting Brazilian users demonstrates how modern financial malware has evolved from simple credential theft into full-scale, operator-driven fraud platforms. Disguised as a judicial summons, this campaign leverages social engineering, multi-stage malware delivery, and real-time remote access capabilities to compromise victims and actively assist attackers in financial theft.   For organizations, the implications extend beyond individual users. Employees accessing corporate…

Read more →

AI, Apps, Exploits, Global Security News

Phishing reclaims the top initial access spot, attackers experiment with AI tools

Phishing returned as the leading method attackers used to break into organizations in the first quarter of 2026, accounting for over a third of engagements where initial access could be determined, according to Cisco Talos. It is the first quarter phishing has led the category since Q2 2025, when exploitation of public-facing applications took over…

Read more →

AI, Global Security News, Network Security, Russia

Scottish man pleads guilty to attack spree that created Scattered Spider’s notoriety

A core leader of the hacker subset of The Com responsible for a series of high-profile phishing attacks and cryptocurrency thefts from September 2021 to April 2023 pleaded guilty to federal charges, the Justice Department said Friday.  Tyler Robert Buchanan of Dundee, Scotland, pleaded guilty to conspiracy to commit wire fraud and aggravated identity theft.…

Read more →

AI, Exploits, Global Security News, malware

AI platform n8n abused for stealthy phishing and malware delivery

Attackers abuse AI automation platform n8n to run phishing campaigns, deliver malware, and evade security by using trusted infrastructure. Threat actors are exploiting the popular AI workflow automation platform n8n to launch advanced phishing campaigns, deliver malware, and collect device data through automated emails. By using trusted infrastructure, they can bypass traditional security controls and…

Read more →

AI, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

UAC-0247 Attack Detection: AGINGFLY Malware Targets Hospitals, Local Governments, and FPV Operators in Ukraine

Phishing remains one of the most effective tactics in the cybercriminal playbook, particularly when attackers exploit urgent humanitarian themes, trusted online resources, and legitimate system tools to increase victim engagement. Europol also notes that phishing continues to serve as a primary delivery vector for data-stealing malware. This pattern is clearly reflected in the latest activity…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

When Trust Becomes a Weapon: Google Cloud Storage Phishing Deploying Remcos RAT

Modern phishing campaigns increasingly abuse legitimate services. Cloud platforms, file-sharing tools, trusted domains, and widely used SaaS applications are now part of the attacker’s toolkit. Instead of breaking trust, attackers borrow it.  This shift creates a dangerous asymmetry. Security controls often whitelist or inherently trust these services, while users are far less likely to question them. The…

Read more →

AI, Global Security News, Government & Policy, malware

UAT-10362 linked to LucidRook attacks targeting Taiwan-based institutions

LucidRook is Lua malware used in phishing attacks on NGOs and universities in Taiwan, linked to UAT-10362, spread via password-protected emails. LucidRook is a new Lua-based malware used in targeted phishing attacks against NGOs and universities in Taiwan. Cisco Talos links it to a skilled group tracked as UAT-10362. In Oct 2025, attackers used password-protected…

Read more →

AI, Global Security News, malware

Obfuscated JavaScript or Nothing, (Thu, Apr 9th)

I spotted an interesting piece of JavaScript code that was delivered via a phishing email in a RAR archive. The file was called “cbmjlzan.JS” (SHA256:a8ba9ba93b4509a86e3d7dd40fd0652c2743e32277760c5f7942b788b74c5285) and is only identified as malicious by 15 AV’s on VirusTotal[1]. The file is pretty big (10MB) and contains a copy of the AsmDB project lib[2]. The purpose is unknown.…

Read more →

AI, Endpoint, Exploits, Global Security News, malware, Network Security

Datto RMM Exploited in Phishing Attack, Researchers Warn

Security researchers have uncovered an active phishing campaign that abuses Datto’s remote monitoring and management platform, CentraStage, as a command-and-control channel, giving attackers full interactive control over compromised systems while flying under the radar of traditional security defenses. Phishing campaign delivers remote access trojan via fake files The campaign, tracked by the Fortra Intelligence and…

Read more →

AI, Exploits, Global Security News

AI-enabled device code phishing campaign exploits OAuth flow for account takeover

A phishing campaign that bypasses the standard 15-minute expiration window through automation and dynamic code generation, leveraging the OAuth Device Code Authentication flow to compromise organizational accounts at scale, has been observed by the Microsoft Defender Security Research team. The campaign uses AI-assisted infrastructure and end-to-end automation. Attack overview Device Code Authentication is a legitimate…

Read more →

AI, Cybersecurity, Global Security News, Risk Management

Best Phishing Simulation Platform for Cyber Security Awareness Training in India

In this post, I will talk about phishing simulation platform for cybersecurity awareness training in India. Learn how to protect employees from phishing attacks and reduce human risk with effective training. Indian businesses are rapidly adopting digital infrastructure, cloud platforms, and SaaS tools. However, with this growth comes a major cybersecurity challenge — human error.…

Read more →

AI, Global Security News, Government & Policy, malware, Russia

Threat actor UAC-0255 impersonate CERT-UA to spread AGEWHEEZE malware via phishing

Threat actors impersonated CERT-UA to send phishing emails with AGEWHEEZE malware, tricking victims into installing a fake “security tool.” A threat actor, tracked as UAC-0255, impersonated CERT-UA in a phishing campaign, sending emails to about 1 million users. The messages urged victims to download a password-protected archive from Files.fm and install a fake “specialized software,”…

Read more →

AI, Compliance, Cybersecurity, Global Security News, malware, Network Security, Risk Management

From Reactive to Proactive: 5 Steps to SOC Maturity with Threat Intelligence 

Reaching a higher level of SOC maturity takes better, more consistent decision-making during malware and phishing investigation.  This requires a shift in how threat intelligence is used: not as a reference point, but as a core layer in the decision process.  Moving from reactive to confidently proactive security means establishing a threat intelligence workflow that: Solve key challenges, from alert fatigue to blind spots  Integrate across SOC workflows, supporting them  Deliver compounding…

Read more →

AI, Compliance, Cybersecurity, Global Security News, malware, Network Security, Risk Management

From Reactive to Proactive: 5 Steps to SOC Maturity with Threat Intelligence 

Reaching a higher level of SOC maturity takes better, more consistent decision-making during malware and phishing investigation.  This requires a shift in how threat intelligence is used: not as a reference point, but as a core layer in the decision process.  Moving from reactive to confidently proactive security means establishing a threat intelligence workflow that: Solve key challenges, from alert fatigue to blind spots  Integrate across SOC workflows, supporting them  Deliver compounding…

Read more →

AI, Apps, Cybersecurity, Global Security News, Government & Policy, malware, Network Security, Russia

UAC-0255 Attack Detection: Threat Actors Impersonate CERT-UA to Infect Ukrainian Public and Private Sector Organizations With AGEWHEEZE RAT

Phishing remains one of the most effective tools in the cybercriminal arsenal, especially when threat actors abuse the credibility of trusted institutions and familiar digital services to increase victim interaction. In late March 2026, CERT-UA revealed a phishing campaign tracked as UAC-0255 in which attackers impersonated the agency and attempted to infect organizations across Ukraine’s…

Read more →

AI, Europe, Global Security News, malware

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Metamorfo) via another malware called Horabot. The activity has been attributed to a Brazilian cybercrime threat actor tracked as Augmented Marauder and Water Saci. The e-crime group was first documented by Trend…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Funding, Global Security News, malware, Network Security, Risk Management

Security awareness is not a control: Rethinking human risk in enterprise security

Organizations have been responding to phishing, business email compromise, and credential theft in essentially the same manner for over ten years. They essentially follow a playbook that involves investing in awareness training, running phishing simulations, and requiring employees to complete annual security modules. The reason behind this is simple and the reasoning behind these efforts…

Read more →

AI, Endpoint, Exploits, Global Security News, Risk Management

Hybrid Vishing Campaigns Abuse Online Services to Evade Anti-Spam Filters

Phone-based fraud never went away. It evolved. Vishing, or voice phishing, is a social engineering technique that uses phone calls to extract money or sensitive information from victims. A few years ago, these attacks typically arrived as unsolicited calls from criminals impersonating the IRS, the FBI, or Microsoft support. The approach was simple and high…

Read more →

AI, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, Russia

Russia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing wave

Russia-linked TA446 is using the DarkSword iOS exploit kit in targeted phishing campaigns to compromise iPhone users. Russia-linked APT group TA446 (aka SEABORGIUM, ColdRiver, Callisto, and Star Blizzard) is using the DarkSword exploit kit in targeted spear-phishing campaigns against iOS devices. The attacks rely on malicious emails to compromise iPhones, highlighting a growing threat from…

Read more →

AI, Global Security News, malware

New AITM phishing wave hijacks TikTok Business accounts

A new AITM phishing campaign targets TikTok Business accounts to hijack them for malvertising, continuing tactics seen in earlier Google-themed scams. Push Security researchers uncovered a new wave of AITM phishing pages targeting TikTok for Business accounts, aiming to hijack them for malvertising. The campaign includes TikTok and Google-themed fake pages, showing links to previous…

Read more →

AI, Global Security News, malware

AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion

Threat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security. Business accounts associated with social media platforms are a lucrative target, as they can be weaponized by bad actors for malvertising and distributing malware. “TikTok has been historically…

Read more →

AI, Exploits, Global Security News, malware

GitHub phishers use fake OpenClaw tokens to drain crypto wallets

Threat actors are actively exploiting OpenClaw’s viral popularity to run a phishing campaign that targets developers on GitHub with lures of free crypto tokens. According to a disclosure by OX Security, the campaign involves fake “CLAW” token airdrops that promise thousands of dollars in rewards. Developers are being tricked into malicious GitHub repositories and discussions,…

Read more →

AI, Cybersecurity, Global Security News

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Cybersecurity researchers are calling attention to an active device code phishing campaign that’s targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, New Zealand, and Germany. The activity, per Huntress, was first spotted on February 19, 2026, with subsequent cases appearing at an accelerated pace since then. Notably, the campaign…

Read more →