Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks

11/10/2025 CyberGeek 0 Comments 0 tags

Threat actors are abusing Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in connection with ransomware attacks likely orchestrated by Storm-2603 (aka CL-CRI-1040 or Gold Salem), which is

Read More

Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers

10/10/2025 CyberGeek 0 Comments 0 tags

Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js’ Single Executable Application (SEA) feature as a way to distribute its payloads. According to

Read More

Microsoft Warns of ‘Payroll Pirates’ Hijacking HR SaaS Accounts to Steal Employee Salaries

10/10/2025 CyberGeek 0 Comments 0 tags

A threat actor known as Storm-2657 has been observed hijacking employee accounts with the end goal of diverting salary payments to attacker-controlled accounts. “Storm-2657 is actively targeting a range of

Read More

From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation

10/10/2025 CyberGeek 0 Comments 0 tags

Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security flaw in GoAnywhere Managed File Transfer (MFT) that’s assessed to have come under active exploitation since

Read More

The AI SOC Stack of 2026: What Sets Top-Tier Platforms Apart?

10/10/2025 CyberGeek 0 Comments 0 tags

The SOC of 2026 will no longer be a human-only battlefield. As organizations scale and threats evolve in sophistication and velocity, a new generation of AI-powered agents is reshaping how

Read More

175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign

10/10/2025 CyberGeek 0 Comments 0 tags

Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to facilitate credential harvesting attacks as part of an unusual campaign.

Read More

From LFI to RCE: Active Exploitation Detected in Gladinet and TrioFox Vulnerability

10/10/2025 CyberGeek 0 Comments 0 tags

Cybersecurity company Huntress said it has observed active in-the-wild exploitation of an unpatched security flaw impacting Gladinet CentreStack and TrioFox products. The zero-day vulnerability, tracked as CVE-2025-11371 (CVSS score: 6.1),

Read More

CL0P-Linked Hackers Breach Dozens of Organizations Through Oracle Software Flaw

10/10/2025 CyberGeek 0 Comments 0 tags

Dozens of organizations may have been impacted following the zero-day exploitation of a security flaw in Oracle’s E-Business Suite (EBS) software since August 9, 2025, Google Threat Intelligence Group (GTIG)

Read More

From HealthKick to GOVERSHELL: The Evolution of UTA0388’s Espionage Malware

09/10/2025 CyberGeek 0 Comments 0 tags

A China-aligned threat actor codenamed UTA0388 has been attributed to a series of spear-phishing campaigns targeting North America, Asia, and Europe that are designed to deliver a Go-based implant known

Read More

New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps

09/10/2025 CyberGeek 0 Comments 0 tags

A rapidly evolving Android spyware campaign called ClayRat has targeted users in Russia using a mix of Telegram channels and lookalike phishing websites by impersonating popular apps like WhatsApp, Google

Read More