Geek-Guy.com

How To Brainwash AI Browsers Into Stealing Secrets

For decades, cybersecurity has largely been defined by software exploitation. Attackers discovered vulnerabilities in operating systems, web browsers, network protocols, authentication mechanisms, or applications, then abused those weaknesses to gain unauthorized access. Whether exploiting a stack buffer overflow, a race condition, or a misconfigured identity provider, the attacker’s objective was always to violate a technical…

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

Ubiquiti has shipped updates to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation and arbitrary command execution. The list of vulnerabilities is as follows – CVE-2026-50746 (CVSS score: 10.0) – An improper access control vulnerability in UniFi Connect Application that…

Attackers using Langflow flaw for credential harvesting (CVE-2026-55255)

The US Cybersecurity and Infrastructure Security Agency (CISA) is warning about yet another Langflow vulnerability (CVE-2026-55255) leveraged by attackers in the wild. The flaw was added to the agency’s Known Exploited Vulnerabilities catalog on Tuesday, July 7, nearly two weeks after the Sysdig Threat Research Team observed it being actively targeted. CVE-2026-55255 exploited Langflow is…

First Recon AI Security Runtime helps enterprises govern AI with audit-ready evidence

First Recon AI has announced the public launch and general availability of First Recon’s AI Security Runtime, a security platform that both governs and secures how enterprises use artificial intelligence across an organization. First Recon’s runtime inspects every AI interaction (human to model, agent to tool, and agent to agent), applies policy inline before data…

FalconStor Cloud Clean Room enables validated recovery without dedicated infrastructure

FalconStor has announced FalconStor Cloud Clean Room, an on-demand infrastructure platform designed to let organizations perform validated recovery testing in a persistent secure enclave. Each test starts from a known state, reducing the risk of carrying issues over from previous recovery exercises. Built on FalconStor’s patent-pending zero trust secure enclave (ZTSE) technology, the Cloud Clean…

What Customers Expect from MSPs in 2026

What does it take to be a successful managed service provider in 2026? After hundreds of conversations with MSPs, vendors, enterprise IT leaders, and channel executives, one trend has become clear: customers aren’t looking for IT support alone. They’re looking for strategic business partners. In this video, Channel Insider Managing Editor Victoria Durgin breaks down…

SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users

A new banking fraudulent operation is targeting customers of Mexican banks, fintech, payment processors, and cryptocurrency exchanges using ClickFix lures. The activity cluster, tracked by Elastic Security Labs under the moniker REF6045, involves infecting victims through fake CAPTCHA verification pages that deceive them into running a malicious command that installs a PowerShell toolkit dubbed

DNSFilter makes its DNS threat protection available to OEM partners

DNSFilter has launched an Original Equipment Manufacturing (OEM) program that lets external ISPs, cybersecurity firms, device makers, and other consumer app developers to embed their DNS threat protection, domain analysis, and privacy solutions into their own platforms and solutions. Partners can choose between two product paths: DNSFilter Protective DNS, for DNS-layer filtering and threat blocking,…

Attestiv DeepScan combines AI and forensic analysis for file validation

Attestiv announced the launch of DeepScan, a new platform built to help organizations automatically validate submitted files before they drive critical business decisions. DeepScan represents a major architectural shift for Attestiv and its customers: moving from detecting fake or manipulated media in isolation to validating whether submitted photos, documents, audio, and video can be inherently…

GitHub AI agent leaks private repositories via prompt injection attack

A prompt injection attack can trick GitHub’s preview Agentic Workflows into retrieving content from private repositories and publishing it publicly, exposing a broader risk as enterprises deploy AI agents with privileged access to software development environments, according to new research from Noma Security. The AI security company detailed the attack, dubbed GitLost, in a blog…

Your next car could be watching your face

To reduce traffic incidents, all new cars sold in the EU must now include driver-monitoring technology, including Driver Drowsiness and Attention Warning (DDAW) systems and, on newer vehicles, Advanced Driver Distraction Warning (ADDW) systems. Similar requirements are expected in the US, where the National Highway Traffic Safety Administration (NHTSA) has been directed to develop rules…

NIST CSF 2.0 Practical Guide to the Six Core Functions: Building a Modern Security Program for Risk Management

Cybersecurity programs often grow over time through new policies, controls, and technologies. The challenge for CISOs is making sure these pieces work together and support the risks that matter most to the business.  NIST CSF 2.0 provides a practical structure for doing that. It helps organizations understand their current security posture, define clear priorities, and improve…

A brewing battle: More IT workers want unions. The industry doesn’t.

Until recently, many tech professionals viewed themselves as a special and respected worker class: highly educated, hard-working, well paid, and in demand. “They considered themselves above unions,” says Zak Thompson, senior software engineer at Kickstarter and union steward at Kickstarter United. Big Tech issued aspirational mission statements that motivated workers, workplaces were seen as meritocracies,…

Crusoe brings serverless fine-tuning to AI model development

Crusoe has announced Serverless Fine-Tuning and Self-Serve Deployments in Crusoe Intelligence Foundry, the managed AI platform for Crusoe Cloud. These capabilities give data scientists and ML engineers a complete path from proprietary data to production-ready models, on purpose-built AI infrastructure, without the overhead of managing it. Fine-tuning is now a standard part of building with…

Automox MCP Server adds visual reviews and AI-driven patch policy creation

Automox has released Automox MCP Server 2.2, adding interactive review surfaces, first-class Patch by Severity policy creation, and live capability discovery to its governed agentic interface for endpoint operations. The release advances Automox MCP beyond natural-language access alone, giving IT teams new ways to review, approve, and act on endpoint operations in context. “AI agents…

Found fast, fixed slow: The gap the AI clearinghouse must close

The AI-focused executive order President Donald Trump signed last month gave the Treasury Department, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency (CISA) 30 days to establish a new “AI cybersecurity clearinghouse.” The deadline passed last week. The clearinghouse is meant to coordinate the scanning, discovery, and validation of software vulnerabilities in…

ScienceLogic adds geographic service visibility to Skylar One

ScienceLogic has released the “Kyoto” update for Skylar One, the core observability offering in its AI Platform. The release adds geographic service visibility, simplified location and device management, enhanced relationship mapping, and platform updates aimed at improving observability across hybrid IT environments. The Kyoto update is designed for organizations managing hybrid infrastructure, cloud environments, and…

U.S. CISA adds Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added [1, 2] Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder flaws to its Known Exploited Vulnerabilities (KEV) catalog.…

Codenotary launches AI security platform that learns from AI agent behavior

Codenotary has announced AgentMon 3, the latest generation of its enterprise AI security platform, introducing adaptive runtime security policies. These continuously evolve as AI agents operate across an organization by learning from customer-specific workflows, observed behavioral patterns, and newly emerging threats. The company also announced that AgentMon is now available through AWS Marketplace, making enterprise…

Google Cloud, Accenture Partner on Mid-Market AI Agents

Moving an AI project from a cool proof-of-concept to actual, everyday business production is notoriously difficult, and it is about to get a lot easier for mid-sized companies. Accenture and Google Cloud have announced a new collaboration aimed at helping mid-market organizations deploy AI-powered agents faster through pre-built, industry-focused solutions. Accenture Edge: new mid-market business…

Why More MSPs Are Becoming Selective About Clients

As AI accelerates the pace and sophistication of cyberattacks, managed service providers are rethinking growth strategies that once prioritized customer acquisition above all else.  In this Q&A, CyberSentriq CEO Myles Bray explains why more MSPs are tightening onboarding standards, focusing on higher-quality customer relationships, and viewing portfolio discipline as a competitive advantage rather than a…

CISA Deploys Anthropic’s Mythos AI to Hunt Vulnerabilities in U.S. Government Code

CISA is using Anthropic’s Mythos AI to scan federal code for vulnerabilities, aiming to find flaws before hackers and foreign intelligence services. Three sources familiar with the matter told Reuters that CISA, the U.S. government’s civilian cyber defense agency, is running Anthropic’s Mythos AI model against federal code repositories to find vulnerabilities before foreign intelligence…

15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros

Researchers at Nebula Security have disclosed GhostLock (CVE-2026-43499), a 15-year-old Linux kernel flaw that lets any logged-in user take full root control of a machine that has not been patched. The vulnerable code has shipped by default in essentially every mainstream distribution since 2011. The flaw needs no special permission, no unusual settings, and no network

Orbia CISO Miranda Ritchie on building security into sustainable infrastructure

In this interview with Help Net Security, industrial cybersecurity, CISO at Orbia, talks about protecting industrial systems where software runs water, chemical and manufacturing processes. She explains why a cyber incident in these settings can harm people, equipment and the environment, and how spread-out sites and aging control hardware widen the risk. Ritchie describes tying…

CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities are listed below – CVE-2026-48282 (CVSS score: 10.0) – A path traversal vulnerability in Adobe ColdFusion that could lead to arbitrary code execution in the context of…

20 open-source cybersecurity tools to keep your team ready for anything

AI is changing how security teams find vulnerabilities, analyze code, test applications, and protect infrastructure. Developers are building tools to secure AI systems themselves, from coding agents and memory protection to model exposure discovery. This roundup covers recent open-source releases for vulnerability research, application security testing, container security, endpoint protection, AI security, and penetration testing.…

Modern Digital Security Practices Using Octo Browser

In this post, I will discuss the modern digital security practices using Octo Browser. Online security is no longer just about strong passwords and antivirus software. Today, websites and apps “recognize” you using many subtle signals—device behavior, browser characteristics, network patterns, and even timing patterns. If you understand how these signals work, you can protect…