Geek-Guy.com

Catan and Mouse

Welcome to this week’s edition of the Threat Source newsletter.   “I do not know everything; still many things I understand.” ― Madeleine L’Engle, A Wrinkle in Time  “Don’t try to comprehend with your mind. Your minds are very limited. Use your intuition.” ― Madeleine L’Engle, A Wind in the Door  The World Cup. The 4th of July as the US turns…

Microsoft Makes Billion-Dollar Investment in New Operating Business

Microsoft has announced it is investing $2.5 billion in its own AI deployment company, a new operating business called Microsoft Frontier Company. The new business structure will embed over 6,000 industry, AI, and engineering experts directly within customer organizations to co-design, deploy, and continuously improve AI systems that are tied to measurable business outcomes. Microsoft…

WHYNOT REPORT: Uber Technologies Inc.

WHYNOT REPORT: Uber Technologies Inc.

What’s a Why-Not Report? It hearkens back to the days of old. When we could read about the downside of vendors, instead of regurgitating marketing. A whynot report is a negative intelligence report focused on negative historical vendor events, weaknesses, failure patterns, and competitive disadvantages, essentially answering “why not” this vendor as a curiosity of…

Fake Google and Cloudflare verification pages spread multiple malware families

ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices. A single mistake can install malware that steals passwords and other sensitive data, gives attackers remote access to your computer, or downloads additional malware…

U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Microsoft SharePoint Server flaw, tracked as CVE-2026-45659 (CVSS score v3.1 of 8.8), to its Known Exploited Vulnerabilities (KEV) catalog. At the end of May, Microsoft released security updates…

Cloudflare changes AI crawler access rules

Cloudflare introduced new controls that let website owners manage AI traffic across three categories: Search, Agent, and Training. The feature is available to all Cloudflare customers, including those on the Free plan, and gives website owners more control over how different types of AI crawlers access their content. “Content owners still want to be able…

Microsoft 365 Copilot: Office meets genAI and agents

Initially launched in November 2023, Microsoft 365 Copilot brings a range of generative AI (genAI) features to Microsoft Office productivity apps, such as Word, Outlook, Teams, and Excel. With capabilities ranging from quick meeting summaries to in-depth data analysis, it’s available via a paid add-on license for Microsoft 365 enterprise and small-business customers. Initially hampered by underwhelming capabilities and a hefty price tag…

430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link

FortiBleed exposed 430,000 FortiGate firewalls, linked to INC Ransom and Lynx, enabling domain compromise and at least 12 ransomware attacks. SOCRadar’s Threat Research Unit has connected FortiBleed, a large-scale campaign that harvested credentials from over 430,000 FortiGate firewalls worldwide, directly to two active ransomware operations: INC Ransom and Lynx. The link isn’t circumstantial. An operator…

Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic

Adobe fixed multiple critical flaws, including max severity bugs in ColdFusion and Campaign Classic that could lead to remote code execution Adobe has released security updates for ColdFusion and Campaign Classic, fixing multiple critical vulnerabilities, including seven maximum-severity issues (CVSS score of 10.0). If exploited, the flaws could allow attackers to execute arbitrary code, escalate…

FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations

The recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-on intrusions. “An operator tied to FortiBleed’s infrastructure was found actively working negotiation panels for both groups, tying mass FortiGate credential theft directly to ransomware deployment

Opera blocks ClickFix attacks with new clipboard protection feature

Opera has launched Paste Protect, a clipboard protection feature designed to prevent clipboard-based attacks such as hijacking and pastejacking. Paste Protect includes built-in protection and warnings against ClickFix-based cyberattacks, which accounted for more than half of malware-delivery attacks in 2025. The feature is built into Opera’s desktop browsers and is enabled by default, so users…

News alert: Link11 launches faster DDoS mitigation to counter AI-driven, adaptive network attacks

FRANKFURT, July 1, 2026, CyberNewswire – Link11, a leading European provider of cloud-based cybersecurity solutions, today announced the launch of its completely rebuilt Layer 3/4 DDoS mitigation solution, designed to address the growing complexity of modern network attacks. Today’s DDoS attacks are not just simple volume or protocol attacks anymore. They can originate from compromised…

SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-45659 (CVSS score: 8.8), is a case of remote code execution arising from the deserialization of untrusted data. The issue

Review: CTRL+ALT+PWN

Hacking gear that once sat in well-funded labs now ships to anyone with a credit card and a video tutorial. Frank Riccardi builds his consumer guide, CTRL+ALT+PWN: The Hacker’s Playbook (And How to Beat It), on that one condition. He spent twenty-five years in healthcare compliance and privacy, leading the response to breaches and ransomware,…

GitHub’s new tool helps prevent costly open-source license violations

GitHub’s Open Source Program Office (OSPO) uses the new GitHub License Compliance feature, now in public preview, to manage thousands of open-source dependencies and identify dependencies whose licenses require review. The feature is available to GitHub Advanced Security customers and allows them to review new dependencies in pull requests, verify that their licenses comply with…

Sandbox bypass flaws in Cursor IDE highlight prompt injection as an RCE vector

Researchers have discovered two vulnerabilities in the widely used Cursor AI-enabled integrated development environment (IDE) that can be exploited through prompt injection to achieve remote code execution (RCE). The two flaws, tracked as CVE-2026-50548 and CVE-2026-50549, allow attackers to break out of Cursor’s command execution sandbox, the protective layer that’s supposed to prevent the internal…