Geek-Guy.com

AI Control Platform vs. AI Firewall vs. AI Gateway: Clearing Up The Terminology

Editor’s note: This article was originally published by Tim Erlin on LinkedIn. It has been republished here with the author’s permission. https://www.linkedin.com/pulse/ai-control-platform-vs-firewall-gateway-clearing-up-tim-erlin-ypodc It seems like every security vendor now sells “AI security.” The WAF companies, the API gateway companies, the cloud platforms, the proxy startups: all of them have an AI story, and most of…

States are building their own election defense networks as federal support evaporates 

The Trump administration’s abrupt firing of Election Assistance Commission commissioners last week and a Department of Justice warning threatening states with criminal prosecution have created new legal peril for officials who run, administer and secure elections. The EAC is an obscure but important agency that oversees testing and standards for voting machines, including around security.…

Akamai Chosen as WWT Security Partner

Cybersecurity and cloud computing company, Akamai, has been selected as a strategic security partner for World Wide Technology’s (WWT) AI Readiness Model for Operational Resilience (ARMOR). This selection positions Akamai as a foundational security architecture for AI factories that are being built by WWT and accelerated by NVIDIA. Akamai’s software intelligence will integrate directly with…

U.S. CISA adds a Cisco IOS flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Cisco IOS flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco IOS flaw, tracked as CVE-2008-4128, to its Known Exploited Vulnerabilities (KEV) catalog. Cisco IOS 12.4 running on Cisco 871 Integrated Services Routers contains multiple CSRF flaws in…

CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks

Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that’s capable of harvesting sensitive data from compromised systems. Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in native C++, according to Jamf Threat Labs. “It validates the victim’s login password locally before

AI is killing low cost smartphones

Except for the second user/refurbished smartphone markets, AI means the days of cheap phones are over, with huge price pressures putting low-end vendors out of business.  Omdia data confirms that Apple and Samsung are undisputed kings of the hill, combining for 42% of the market even as smartphone sales overall have seen a 4% average decline.  The…

Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found

Google and Microsoft have pulled ModHeader, a popular header-editing extension with roughly 1.6 million installs across Chrome and Edge, after researchers found a hidden browsing-history collector built into its official store version. The collector was dormant. An empty allow-list kept it switched off, and no proof has emerged that it ever gathered or sent a…

Europe strikes out against Russia’s Turla over espionage, ‘destructive attacks’

European governments sanctioned Russian individuals and organizations Monday over what they said was a years-long campaign of cyberespionage from Turla and other Russian government-led “destructive attacks” against the bloc. Monday’s confrontation of Moscow included action from the European Union, its individual member governments and the United Kingdom. It mostly took aim at Center 16 of…

Officials once again warn defenders that Russian hackers are targeting network devices

Russian state-sponsored hackers are breaking into critical infrastructure around the world by exploiting poorly configured and vulnerable networking devices, authorities from the United States and 12 additional countries said in a joint cybersecurity advisory Monday. Officials once again urged defenders to take more preventative measures to thwart attacks from the Russian Federal Security Service Center…

EU and UK blacklist Russia’s cyber operators over efforts to destabilize Europe

The EU and the UK jointly sanctioned dozens of Russian individuals and entities, accusing Moscow of coordinating a malicious cyber ecosystem targeting Europe, its member states, and international partners. The UK sanctioned 24 individuals and entities, while the EU imposed restrictive measures on nine individuals and four entities. “Cybercriminals, self-proclaimed hacktivists and private companies linked…

Why cloud security is mission-critical for federal civilian and defense agencies

Beyond IT compliance, cloud security is now the backbone of civilian agency resilience, national defense, and warfighter safety, as cloud environments become increasingly complex. Key takeaways For the Department of War (DoW), cloud security is an IT concern and a requirement for operational readiness and national security. Achieving a mature zero trust architecture requires deep,…

Tidal Cyber connects assets, vulnerabilities, and threats through Threat-Led Defense

Tidal Cyber has announced Threat-Led Asset Visibility and Vulnerability Prioritization, new innovations extending the company’s Threat-Led Defense platform. The announcement marks a significant advancement in defensive security, shifting the industry beyond static asset inventories, CVSS scoring, and disconnected exposure management toward an execution-centric model built on how adversaries actually execute attacks across the kill chain.…

Cloudflare Precursor uses continuous behavioral analysis to stop advanced bots

Cloudflare has announced the general availability of Precursor, a next-generation, continuous behavioral validation engine for bot management. Precursor runs seamlessly inside web browsers to monitor entire user sessions in order to detect bot automation. Unlike static CAPTCHAs, it analyzes ongoing interactions in real time to catch advanced bots, improving detection precision without interrupting legitimate users.…

Why Forward Deployed Engineers Matter to the Channel

Forward deployed engineers are becoming one of the most important roles in enterprise AI. AWS, OpenAI, Anthropic, Palantir, Databricks, Snowflake, and other technology companies are using these hybrid engineering and consulting professionals to turn AI platforms into practical customer outcomes. In this Channel Insider explainer, Victoria Durgin examines what forward deployed engineers do, why AI…

New compliance guidance available: HITRUST i1 on AWS

We are pleased to announce the publication of a new AWS compliance implementation guidance: HITRUST i1 Compliance on AWS: Customer Implementation Guidance with an Illustrative Healthcare Platform. Healthcare organizations seeking HITRUST i1 certification increasingly rely on Amazon Web Services (AWS) as their cloud foundation. The HITRUST i1 assessment covers 182 curated controls at the Implemented…

Lumen expands managed detection and response with Cortex XSIAM integration

Lumen Technologies has announced Lumen Defender Advanced Managed Detection and Response (AMDR) for Palo Alto Networks Cortex XSIAM. Attackers are increasingly operating earlier in the lifecycle while AI is accelerating threat speed. This expanded service will bring together Lumen’s managed detection and response capabilities and Lumen Defender Threat Feed powered by Lumen’s Black Lotus Labs…

13th July – Threat Intelligence Report

For the latest discoveries in cyber research for the week of 13th July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES U.S. auto insurer AssuranceAmerica has disclosed a data breach affecting approximately 7 million people. Attackers targeted an employee and used compromised credentials to access company systems, stealing names, contact information, driver’s license…

Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft

A new phishing-as-a-service (PhaaS) operation called Forg365 is using a combination of device code phishing, adversary-in-the-middle (AitM) tactics, antibot evasion, artificial intelligence (AI)-assisted lure creation, and post-compromise mailbox operations targeting Microsoft 365 accounts. Distributed via Telegram and costing $400 a month (or $3,800 per year), attack chains leverage phishing

EU Targets FSB-Linked Hackers in New Sanctions Over Cyber Sabotage

EU sanctions target nine people and four entities tied to Russia’s FSB over a 15-year cyberespionage and critical infrastructure sabotage campaign. The European Union imposed sanctions on Monday targeting nine individuals and four entities linked to a Russian cyberespionage and sabotage operation that Brussels says has been running since 2010. The targets include Russian military…

Ransomware negotiator who betrayed clients sentenced to 70 months in prison

A former ransomware negotiator at incident response firm DigitalMint has been sentenced to 70 months in prison after admitting he shared confidential client information with the BlackCat ransomware group and later helped carry out ransomware attacks. Prosecutors say Angelo Martino, 41, abused his role at DigitalMint beginning in April 2023 by providing BlackCat operators with…

RabbitMQ flaws expose OAuth secrets, risk complete takeover of the broker

RabbitMQ has patched two access control vulnerabilities affecting the widely used open-source message broker that could expose enterprise application data and, in some deployments, allow attackers to gain complete control over the messaging infrastructure. The flaws, discovered by Miggo Security, exposed OAuth secrets to unauthenticated attackers, letting low-privileged users potentially spy on other tenants. “RabbitMQ…

Security threat prompts Progress to disable ShareFile accounts, tell customers to shut down servers

A “credible external security threat” targeting Progress Software’s ShareFile Storage Zone Controllers (SZC) – the on-premises, customer-managed server components where organizations store files shared via this popular enterprise platform – has spurred the company to disable access to ShareFile accounts that are using them. The warning was sent to customers via email on July 10,…

Attacker Uses Suspected AI-Generated PowerShell Script to Map Active Directory

Cybersecurity researchers have flagged an intrusion in which an unknown threat actor leveraged a vibe-coded PowerShell script for Active Directory (AD) enumeration. “The script looked for the Domain Controller (DC) and mapped users, computers, and domains, before creating a directory and exporting out a number of files, and finally creating AD_Report.html to measure the success…

FastNetMon eliminates third-party bgp lookups with Netomics

FastNetMon is introducing Netomics, a self-hosted BGP routing intelligence platform that combines live routing data, registry information, RPKI validation, routing history and AI-assisted querying into a single application. Built for internet service providers (ISPs), cloud providers, Internet Exchange Points (IXPs) and enterprises operating large IP networks, Netomics provides complete visibility into global internet routing without…

Australia Alerts Organizations to Ongoing CMS Exploitation Attacks

Australia warns of a global campaign exploiting CMS flaws to deploy webshells on WordPress, Joomla, and other websites. Australia’s Signals Directorate has issued an alert about a large-scale exploitation campaign actively targeting content management systems (CMS) worldwide, with many small and medium-sized Australian businesses already hit. Attackers are scanning websites for known vulnerabilities, deploying webshells…

Misconfigured Server Reveals Three Evilginx Phishing Operations Targeting Microsoft 365

An attacker running a live Microsoft 365 phishing operation left a Python web server listening on a public port with directory listing switched on. The command that did it: python3 -m http.server 8080, was still sitting in the readable .bash_history. From that one lapse, French security firm Lexfo lifted the operator’s entire toolkit and pivoted through it to two…

Westcon-Comstor Sees Services-Led Growth Across APAC

The APAC channel is moving beyond transactional resale as partners build more services-led, recurring-revenue businesses around cybersecurity, AI, and hybrid IT. Westcon-Comstor APAC Executive Vice President and Chief Marketing Officer Patrick Aronson recently told Channel Insider the shift is increasing demand for distributors that can provide more than product fulfillment, particularly as partners face greater…

A week in security (July 6 – July 12)

Last week on Malwarebytes Labs: This new Windows malware can take over your PC and wipe it clean How mule betting scams recruit ordinary people Two Chrome updates in two days fix critical vulnerabilities How World Cup crypto prediction sites take your money 6.9 million driver’s license numbers stolen from AssuranceAmerica Microsoft fixes RoguePlanet zero-day…

Can AI narrow cybersecurity’s class divide?

At Amazon Web Services (AWS), artificial intelligence is already compressing security work that once took months into minutes. In the old world, human red teams would find vulnerabilities, write reports, refine those reports, and eventually hand them to defenders, who would then begin building detections or fixes, Steve Schmidt, chief security officer at AWS, tells…

Patient Data at Risk: How Healthcare Organizations Are Failing at E-Prescription & GDPR Compliance in 2026

In this post, I will show you how healthcare organizations are failing at E-Prescription & GDPR compliance in 2026. By 2026, healthcare organizations handling electronic prescriptions face a critical compliance crossroads. Germany’s telematics infrastructure (TI) and electronic patient records (ePA) have brought unprecedented efficiency—but at a hidden cost: patient data security vulnerabilities that most organizations…

iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two maximum-severity security flaws impacting iCagenda and Balbooa extensions for Joomla to its Known Exploited Vulnerabilities (KEV) catalog, following reports of zero-day exploitation in the wild. The vulnerabilities, both rated 10.0 on the CVSS scoring system, are below – CVE-2026-48939 – A vulnerability in the

Microsoft demystifies how Windows updates work

Microsoft has published a guide explaining the Windows servicing model, outlining the purpose of monthly security updates, optional preview releases, hotpatch updates, and the mechanisms used to deliver new features throughout the year. “Most individuals and organizations regularly deploy monthly security updates, released on the second Tuesday of each month. Windows also provides optional non-security…

Enterprises are rethinking where their AI applications run

Growing demand for compute capacity, power, cooling and low-latency connectivity is prompting organizations to reassess where AI applications run, according to CoreSite. Public cloud continues to support experimentation and rapid deployment, while colocation is increasingly used for workloads that require predictable performance, dedicated infrastructure or close proximity to cloud services and enterprise data. More than…