Geek-Guy.com

Tag: users

Global Security News, Risk Management

1Password Users API for Partners helps automate identity response during incidents

1Password has announced the public preview of Users API for Partners, which allows security teams to respond to incidents faster during active security events. Launch partners like CrowdStrike, in addition to BlinkOps, Elastic, Sumo Logic, Tines, and Torq enable mutual customers to automatically suspend or restore users in 1Password Enterprise Password Manager when risk is…

Read more →

AI, Apps, Exploits, Global Security News, malware

From Windows to macOS: ClickFix attacks shift tactics with ChatGPT-based lures

ClickFix campaigns are evolving, with attackers increasingly targeting macOS users and deploying more advanced infostealers, according to Sophos researchers. ClickFix is a growing social engineering technique that tricks users into manually executing malicious commands, bypassing traditional protections. Once mainly targeting Windows, it is now increasingly affecting macOS, with recent campaigns deploying infostealers like AMOS and…

Read more →

AI, Global Security News, malware

Storm-2561 lures victims to spoofed VPN sites to harvest corporate logins

Attackers linked to Storm-2561 use SEO-poisoned search results to lure users to fake Ivanti, Cisco, and Fortinet VPN sites that steal corporate login credentials. In mid-January 2026, Microsoft Defender Experts uncovered a credential-theft campaign attributed to Storm-2561. Threat actor is spreading fake enterprise VPN clients impersonating Ivanti, Cisco, and Fortinet software. By poisoning search engine…

Read more →

AI, Cybersecurity, Global Security News, malware

Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays

Cybersecurity researchers have disclosed details of a new banking malware targeting Brazilian users that’s written in Rust, marking a significant departure from other known Delphi-based malware families associated with the Latin American cybercrime ecosystem. The malware, which is designed to infect Windows systems and was first discovered last month, has been codenamed VENON by Brazilian

Read more →

AI, Global Security News

Meta turns to AI to sniff out scams on Facebook, Messenger and WhatsApp

Meta’s new tools on Facebook, Messenger, and WhatsApp protect users from scams. They use advanced AI systems to analyze text, images, and surrounding context and identify sophisticated scam patterns. Facebook alerts for suspicious friend requests (Source: Meta) The systems detect impersonation of celebrities, public figures, and brands. They also identify deceptive links and domain impersonation…

Read more →

Global Security News, malware

Messenger can warn you about sketchy links without knowing what you clicked

Meta’s Advanced browsing protection (ABP) helps Messenger identify and warn users about potentially harmful websites they open from a chat. Malicious sites can try to steal passwords, collect personal information, or install malware. Advanced browsing protection (Source: Meta) “In its standard setting, Safe Browsing uses on-device models to analyze malicious links shared in chats. But…

Read more →

AI, Apps, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management, Russia

CleanMyMac Imposter Site Installs SHub Stealer on Macs

A fake version of the popular Mac utility CleanMyMac is being used to trick users into installing data-stealing malware. The campaign uses a fraudulent website that instructs visitors to manually run a command in Terminal, which secretly installs a macOS infostealer known as SHub Stealer.  This malware steals “… sensitive data including saved passwords, browser…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management, Russia

How AI Assistants are Moving the Security Goalposts

AI-based assistants or “agents” — autonomous programs that have access to the user’s computer, files, online services and can automate virtually any task — are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive new tools are rapidly shifting…

Read more →

AI, Global Security News

Facebook is experiencing a global outage

Facebook is experiencing a global outage since 4:15 PM ET, with users reporting they cannot access their accounts. Facebook users worldwide report problems while attempting to access their accounts. The outage started around 4:15 PM ET. Upon attempting to access their account, users are presented the following message: “Account Temporarily Unavailable. Your account is currently unavailable due…

Read more →

AI, Global Security News, Network Security, Risk Management

Chrome security flaw enabled spying via Gemini Live assistant

A Google Chrome vulnerability lets malicious extensions hijack Gemini Live to spy on users and steal sensitive files. Researchers at Palo Alto Networks found a Chrome vulnerability, tracked as CVE-2026-0628, that could let malicious extensions take control of the Gemini Live AI assistant. By abusing the flaw, attackers could spy on users and exfiltrate sensitive…

Read more →

AI, Apps, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management

Chrome Extension Hijacked to Push ClickFix Malware

A once-trusted Chrome extension with thousands of users was quietly transformed into a malware delivery vehicle, exposing how quickly browser add-ons can become security liabilities.  QuickLens – Search Screen with Google Lens was removed from the Chrome Web Store after researchers discovered it had been updated to deploy ClickFix attacks and steal cryptocurrency wallet data. …

Read more →

AI, Global Security News

Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms

Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan (RAT). “A malicious downloader staged a portable Java runtime and executed a malicious Java archive (JAR) file named jd-gui.jar,” the Microsoft Threat Intelligence team said in a post on X.…

Read more →

AI, Apps, Compliance, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

12.4 Million Accounts Exposed in CarGurus Leak

Millions of CarGurus users may have had their personal and financial data exposed after a notorious threat actor group published a massive dataset allegedly stolen from the automotive marketplace.  Attributed to the ShinyHunters extortion group, the leak includes 12.4 million records with about 70% of those being new data. “The ShinyHunters extortion group has published…

Read more →

AI, Cybersecurity, Global Security News

Banana Gun Hits One Million Users: Inside the Crypto Trading Platform That Grew by Putting Execution and Safety First

In the latest development, Banana Gun hits one million users. Crypto trading has changed. The days of logging into a centralized exchange, placing a market order, and waiting are giving way to something faster, more direct, and more demanding. On-chain trading – buying and selling tokens directly on the blockchain without a middleman – now…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Risk Management

Compromised npm package silently installs OpenClaw on developer machines

A new security bypass has users installing AI agent OpenClaw — whether they intended to or not. Researchers have discovered that a compromised npm publish token pushed an update for the widely-used Cline command line interface (CLI) containing a malicious postinstall script. That script installs the wildly popular, but increasingly condemned, agentic application OpenClaw on…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News

Anthropic rolls out embedded security scanning for Claude 

Anthropic is rolling out a new security feature for Claude Code that can scan a user’s software codebases for vulnerabilities and suggest patching solutions. The company announced Friday that Claude Code Security will initially be available to a limited number of enterprise and team customers for testing. That follows more than a year of stress-testing…

Read more →

AI, APAC, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

Apache Tomcat Vulnerability Circumvents Access Rules

A vulnerability in Apache Tomcat enables users to bypass certain access controls by leveraging legacy HTTP/0.9 requests.  Under specific configurations, the issue could allow attackers to circumvent defined security constraints. “If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET…

Read more →

AI, china, Global Security News, malware, Network Security

SmartLoader hackers clone Oura MCP project to spread StealC malware

Hackers used a fake Oura MCP server to trick users into downloading malware that installs the StealC info-stealer. Straiker’s AI Research (STAR) Labs team uncovered a SmartLoader campaign in which attackers cloned a legitimate MCP server linked to Oura Health to spread the StealC information stealer. The fake project appeared credible, complete with bogus forks…

Read more →

AI, Global Security News

Design weaknesses in major password managers enable vault attacks, researchers say

Can cloud-based password managers that claim “zero-knowledge encryption” keep users’ passwords safe even if their encrypted-vault servers are compromised? Researchers at ETH Zurich and Università della Svizzera italiana set out to answer that question, and the answer is (unfortunately) no. Attack paths against encrypted vaults Cloud-based password managers store users’s passwords in a password vault,…

Read more →

AI, Apps, Data Breaches, Global Security News, Network Security, privacy, Risk Management

Meta Business Admins Exposed by 2FA-Harvesting Chrome Extension

A malicious Google Chrome extension masquerading as a productivity tool for Meta Business users has been found stealing two-factor authentication secrets and sensitive business data, enabling silent takeover of Facebook and Instagram assets.  The extension, CL Suite by @CLMasters, advertises itself as a way to streamline Meta Business workflows, but Socket researchers say it quietly…

Read more →

AI, Global Security News, malware, Network Security

Microsoft alerts on DNS-based ClickFix variant delivering malware via nslookup

Microsoft warns of a new ClickFix variant that tricks users into running DNS commands to fetch malware via nslookup. Microsoft has revealed a new ClickFix variant that deceives users into running a malicious nslookup command through the Windows Run dialog to retrieve a second-stage payload via DNS. ClickFix typically uses fake CAPTCHA or error messages…

Read more →

AI, Global Security News, Risk Management

ChatGPT gets new security feature to fight prompt injection attacks

OpenAI has introduced Lockdown Mode and Elevated Risk labels in ChatGPT to help users and organizations reduce the risk of prompt injection attacks and other advanced security threats, particularly when using features that interact with external systems. Limiting tool access to prevent data exfiltration Lockdown Mode in ChatGPT is an optional, advanced security setting for…

Read more →

AI, Endpoint, Exploits, Global Security News, Risk Management

Fake AI Chrome Extensions Exposed 260,000 Users, Targeting Gmail

More than 260,000 Chrome users installed what appeared to be helpful AI productivity tools… only to unknowingly grant remote servers deep access to their browser activity.  LayerX researchers identified a coordinated campaign of 30 fake AI assistant extensions that used embedded iframes and backend-controlled logic to extract data and maintain persistent access. “We found over…

Read more →

AI, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management

260K Users Exposed in AI Extension Scam

More than 260,000 Chrome users installed what appeared to be helpful AI productivity tools — only to unknowingly grant remote servers deep access to their browser activity.  LayerX researchers identified a coordinated campaign of 30 fake AI assistant extensions that used embedded iframes and backend-controlled logic to extract data and maintain persistent access.  “We found…

Read more →

AI, Apps, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management, Russia

Malicious Chrome Extensions Hijack 500,000 VK Accounts in Stealth Campaign

More than 500,000 VKontakte users had their accounts silently manipulated by Chrome extensions that appeared to offer simple interface customization.  Koi researchers found the extensions delivered multi-stage malware that forced group subscriptions, reset account settings, and interfered with VK’s security protections.  Because “… the extensions update automatically, the attacker can push new malicious code to…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, News, Threats

macOS Infostealers Fuel Growing Cybercrime Market

For years, some Mac users believed their devices were largely insulated from the malware plaguing Windows environments. That perception is rapidly eroding.  Flare researchers found a growing underground economy is now centered on macOS Infostealers — malware designed to extract browser credentials, Apple Keychain data, and cryptocurrency wallet seed phrases at scale. “I remember that…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Mobile, Network Security, News, Risk Management, Threats

Apple Patches Actively Exploited Zero-Day Flaw

Apple is urging users to update immediately after patching a zero-day vulnerability that was exploited in what it described as “extremely sophisticated” attacks against specific individuals.  The flaw, which impacts multiple Apple operating systems, allowed attackers to execute arbitrary code on vulnerable devices. “An attacker with memory write capability may be able to execute arbitrary…

Read more →

AI, Cybersecurity, data protection, Global Security News, Google, News, privacy

Google Search introduces new ways to remove sensitive personal information and explicit images

Google expanded its “Results about you” tool to give users more control over sensitive personal information and added a way to request removal of non-consensual explicit images from Search. Manage and limit sensitive personal information in Search Users can request the removal of Search results that contain sensitive personal information, such as driver’s license numbers,…

Read more →

AI, Artificial Intelligence, Global Security News, News, privacy

DuckDuckGo enables AI voice chat without saving voice data

DuckDuckGo has added voice chat to Duck.ai, allowing users to speak to an AI assistant while keeping audio private, unrecorded, and excluded from AI training. Voice chat is available in the DuckDuckGo browser and most third-party browsers, with support for Mozilla listed as coming soon. According to the company’s help page, “DuckDuckGo limits access to…

Read more →

AI, Breaking News, data breach, Data Breaches, Endpoint, Global Security News, hacking, malware, privacy, Security

Flickr moves to contain data exposure, warns users of phishing

Flickr says a flaw at a third-party email provider may have exposed users’ names, email addresses, IPs, and account activity. Flickr is a photo-sharing platform owned by SmugMug. It has over 100 million registered users and millions of active photographers. Flickr warned users about a possible data breach caused by a flaw in a third-party…

Read more →

AI, Breaking News, data breach, Data Breaches, Endpoint, Global Security News, hacking, malware, privacy, Security

Flickr moves to contain data exposure, warns users of phishing

Flickr says a flaw at a third-party email provider may have exposed users’ names, email addresses, IPs, and account activity. Flickr is a photo-sharing platform owned by SmugMug. It has over 100 million registered users and millions of active photographers. Flickr warned users about a possible data breach caused by a flaw in a third-party…

Read more →

AI, Breaking News, data breach, Data Breaches, Endpoint, Global Security News, hacking, malware, privacy, Security

Flickr moves to contain data exposure, warns users of phishing

Flickr says a flaw at a third-party email provider may have exposed users’ names, email addresses, IPs, and account activity. Flickr is a photo-sharing platform owned by SmugMug. It has over 100 million registered users and millions of active photographers. Flickr warned users about a possible data breach caused by a flaw in a third-party…

Read more →

AI, Breaking News, data breach, Data Breaches, Endpoint, Global Security News, hacking, malware, privacy, Security

Flickr moves to contain data exposure, warns users of phishing

Flickr says a flaw at a third-party email provider may have exposed users’ names, email addresses, IPs, and account activity. Flickr is a photo-sharing platform owned by SmugMug. It has over 100 million registered users and millions of active photographers. Flickr warned users about a possible data breach caused by a flaw in a third-party…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, News, privacy, Risk Management, Threats

Flickr Notifies Users of Potential Third-Party Data Exposure

Flickr has begun notifying users about a potential data exposure tied to a vulnerability in a third-party email service provider.  The incident highlights the security considerations associated with third-party services, even when a platform’s core systems are not directly affected. “On February 5, 2026, we were alerted to a vulnerability in a system operated by…

Read more →

AI, Android, android security, Apps, Global Security News, Network Security, privacy, Risk Management

Advanced Protection: Google’s Strongest Security for Mobile Devices

Posted by Il-Sung Lee, Group Product Manager, Android Security Protecting users who need heightened security has been a long-standing commitment at Google, which is why we have our Advanced Protection Program that provides Google’s strongest protections against targeted attacks. To enhance these existing device defenses, Android 16 extends Advanced Protection with a device-level security setting…

Read more →