Geek-Guy.com

Security Hub adds AI workload protection and multicloud support for Microsoft Azure

Security Hub is our foundation for full-stack enterprise security across clouds. It centralizes your security operations and turns raw signals into prioritized insights, so your team spends its time managing real risk instead of stitching tools together. Today that foundation grows in two directions our customers asked for most. We are adding purpose-built protection for…

Microsoft Patch Tuesday July 2026 – The AI Acopolypse is Here , (Tue, Jul 14th)

This patch Tuesday includes a staggering 622 vulnerabilities, not including another 427 vulnerabilities in Chromium, affecting Microsoft’s Edge browser. 62 of the vulnerabilities are rated critical. One was disclosed before today, and two have already been exploited. Given the large number of vulnerabilities, it is difficult to point out “noteworthy” issues.  Already exploited vulnerabilities: CVE-2026-56155 : Active Directory…

RecordPoint Launches Global Partner Program

RecordPoint, a global data and AI governance platform, has announced the launch of its Global Partner Program. RecordPoint’s channel-first approach to AI data governance The program indicates a shift to a channel-first business model that enables partners to resell, co-sell, and refer RecordPoint’s technology to their customers. “Every regulated organization deploying AI right now is…

SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410)

SonicWall has fixed two actively exploited vulnerabilities (CVE-2026-15409, CVE-2026-15410) affecting its Secure Mobile Access (SMA) 1000 Series appliances, and is urging customer organizations to upgrade to a fixed firmare version and search for evidence of potential compromise. If the outlined indicators of compromise are present on the system, the company advises re-imaging (hardware) or re-deploying…

LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts

Cybersecurity researchers have flagged a previously undocumented Rust-based remote access trojan (RAT) codenamed LabubaRAT that masquerades as NVIDIA software to blend into target environments. “LabubaRAT creates a reusable foothold for hands-on activity,” Blackpoint Cyber researchers Sam Decker and Nevan Beal said in an analysis published today. “Once deployed, it can profile the host,

Cribl Set to Acquire CardinalOps

Cribl, an AI platform for telemetry, has recently acquired CardinalOps, an Agentic Detection Engineering solution. Expanding its Cribl AI platform into SecOps The acquisition extends Cribl’s platform into security operations to add detection engineering capabilities. This extension will help customers improve threat coverage, lower data costs, and enhance SIEM, data lake, and XDR environments, creating…

Treasury sanctions First VPN Service, others for abetting ransomware gangs

The Treasury Department is slapping sanctions on First VPN and its administrator for allegedly selling services to ransomware operators, as well as another person aiding ransomware gangs. First VPN Services, or 1VPNS, was “deeply embedded in the cybercriminal ecosystem” and appeared in virtually every Europol investigation in recent years, the law enforcement body said after…

Authenticate legitimate AI agent traffic with AWS WAF Bot Control

As AI agents and automated tools increasingly access web applications, distinguishing legitimate bot traffic from malicious attempts has become a critical security challenge. Traditional approaches such as IP-based filtering and reverse DNS lookups fail in multi-tenant systems (such as Amazon Bedrock AgentCore) where thousands of distinct workloads share the same IP space. Attackers can easily…

Q2 2026 Cyber Attacks Statistics

Q2 2026 brought 578 recorded cyber incidents worldwide, with financially-motivated cyber crime accounting for over 71% of the total. Malware remained the attacker’s weapon of choice, exploiting public-facing applications as the leading entry point. Information & Communication stood out as the hardest-hit sector.

RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata

Cybersecurity researchers have disclosed details of two access control-related flaws impacting the RabbitMQ message broker service that could allow attackers to leak OAuth client secrets, expose enterprise messaging infrastructure to takeover risks, and bypass tenant boundaries. Miggo’s security team, which discovered and reported the flaws, said one “leaks the broker’s confidential OAuth

New macOS malware steals passwords by posing as Apple’s crash-reporting tool

Jamf Threat Labs has uncovered a new macOS infostealer named CrashStealer that disguises itself as Apple’s crash-reporting tool to steal passwords, Keychain data, and cryptocurrency wallets. The malware was first spotted in May while it was still under development. By early July, Jamf was seeing in-the-wild detections, indicating it had moved into active use. “Unlike…

Download: The ultimate guide to network operations management

Modern network operations are too manual. Today’s IT and security teams are managing growing complexity across networks, infrastructure, tools, and workflows. The result? Slower response, duplicated effort, and operational friction. This guide explores how intelligent workflows help teams reduce manual work, improve visibility, and move faster across network operations. What you’ll learn: Why traditional approaches…

Polygraf AI Meeting Guard Detects Deepfakes in Video Calls

AI security company Polygraf AI has launched Meeting Guard, a real-time fraud-detection tool that joins virtual meetings as a visible participant and monitors for deepfake voices, AI-generated responses, identity impersonation, and sensitive-data exposure.  The platform is designed for enterprise and government users across Zoom, Microsoft Teams, and Google Meet. Meeting Guard targets deepfakes and identity…

11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot

Cybersecurity researchers have discovered 11 old, Microsoft-signed, Unified Extensible Firmware Interface (UEFI) applications that could be abused to bypass Secure Boot on most systems using the modern firmware standard. “An attacker exploiting one of these vulnerable applications can execute untrusted code during system boot, enabling deployment of malicious UEFI bootkits or other malware,”

Q2 2026 Cyber Attacks Statistics Infographic

Last Updated on July 14, 2026 Cyber Attacks Statistics — Q2 2026 Q2 Threat Intelligence Briefing Cyber AttacksQ2 2026 543 confirmed incidents between 1 April and 30 June 2026. Financially motivated Cyber Crime drove over 7 in 10 attacks, Malware remained the weapon of choice, and Information & Communication infrastructure absorbed the heaviest targeting. 0…

How Pentera Turns AI Security Workflows into Validation Engines

AI security agents are starting to influence real security decisions. They summarize findings, prioritize remediation, recommend next steps, and help teams move faster. But most still rely on fragmented risk signals: scanner output, severity scores, threat intelligence, configuration findings, and exposure data. That fragmentation matters because attackers do not move through environments one

OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials

At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry. The activity allows users to enumerate user accounts and validate stolen credentials in Microsoft Entra ID environments, without ever generating a successful sign-in event that would otherwise alert defenders. And bad…

​​Kratos PhaaS Targets US and EU Companies: How to Reduce Microsoft 365 Account Takeover Risk​

Kratos is a mature Phishing-as-a-Service operation targeting Microsoft 365 users across the US, Europe, and other regions. By combining trusted platforms, anti-bot checks, and convincing login pages, ithelps attackers steal credentials while delaying detection and response. For security leaders, that increases the risk of account takeover, fraud, data exposure, and higher incident response costs. ANY.RUN…

The serpent’s tongue: Luring the Python out of its den

Python’s popularity, readable syntax, and extensive third-party library ecosystem make it an attractive target for threat actors seeking to compromise developer devices and infrastructure.   Malicious packages and supply-chain attacks are increasingly common, exploiting the trust built into Python’s packaging ecosystem to execute payloads at the moment of installation, without any direct interaction from the victim.  …

Forg365 industrializes Microsoft 365 phishing with AI-generated lures

A newly documented phishing-as-a-service platform distributed through Telegram is lowering the technical barrier to Microsoft 365 account takeovers by giving less-skilled attackers automated tools to evade some authentication controls and retain access after compromise. The platform, called Forg365, uses AI-assisted lure creation alongside device-code abuse and adversary-in-the-middle techniques, according to research published by security company ZeroBEC. Forg365 was…

Phishing for dummies: Forg365 lowers barrier to M365 account takeovers

A newly documented phishing-as-a-service platform distributed through Telegram is lowering the technical barrier to Microsoft 365 account takeovers by giving less-skilled attackers automated tools to evade some authentication controls and retain access after compromise. The platform, called Forg365, uses AI-assisted lure creation alongside device-code abuse and adversary-in-the-middle techniques, according to research published by security company…

Malware Hits Japan’s Largest Taxi Company Nihon Kotsu, Services Temporarily Suspended

Japan’s largest taxi operator Nihon Kotsu shut down systems after a malware attack, disrupting dispatch and bookings. Nihon Kotsu, Japan’s largest taxi company, disclosed on July 13, 2026 that its internal systems suffered an unauthorized external access involving malware infection in the early morning hours of Saturday, July 11. The company immediately shut down systems…

U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has designated two individuals and a VPN service provider for enabling ransomware actors’ and other cybercriminals’ malicious activities, including ransomware attacks against Americans. The VPN, named First VPN Service (1VPNS), has been accused of offering its tools to ransomware groups, along with its 45-year-old Ukrainian