Geek-Guy.com

Author: admin

AI, china, Cybersecurity, Endpoint, Europe, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

Ivanti customers confront yet another actively exploited zero-day

Attackers are hitting Ivanti customers yet again — circling back to a common target and consistently susceptible vendor in the network edge space — by exploiting a zero-day vulnerability in one of the company’s most besieged products.  Ivanti warned customers that attackers have successfully exploited CVE-2026-6973, an improper input validation defect in Ivanti Endpoint Manager…

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, Network Security, Risk Management

Ollama vulnerability highlights danger of AI frameworks with unrestricted access

A critical vulnerability in Ollama poses a direct risk of sensitive information leaks to more than 300,000 internet-exposed servers, researchers have found. The flaw, tracked as CVE-2026-7482, stems from an out-of-bounds heap read in Ollama’s model quantization pipeline. Ollama is one of the most popular frameworks for running AI models on local hardware. The flaw…

Read more →

AI, china, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management

Nation-state actors exploit Palo Alto PAN-OS zero-day for weeks

Palo Alto says hackers exploited PAN-OS zero-day CVE-2026-0300 for weeks, gaining root access to exposed firewalls and hiding traces. Palo Alto Networks warned that suspected state-sponsored hackers have been exploiting the critical PAN-OS zero-day CVE-2026-0300 for nearly a month. After exploiting the flaw, attackers deployed tunneling tools such as EarthWorm and ReverseSocks5, used stolen credentials…

Read more →

AI, Data Breaches, Global Security News, privacy

LinkedIn illegally blocking free accounts from seeing ‘who’s viewed your profile’ data, group alleges

A LinkedIn feature that allows paid subscribers to view a list of visitors to their profile should be made available to all EU users free of charge to comply with the region’s General Data Protection Regulation (GDPR), a legal complaint launched by the None of Your Business (NOYB) digital rights group has claimed. Filed this…

Read more →

AI, Data Breaches, Global Security News, privacy

LinkedIn illegally blocking free accounts from seeing ‘who’s viewed your profile’ data, group alleges

A LinkedIn feature that allows paid subscribers to view a list of visitors to their profile should be made available to all EU users free of charge to comply with the region’s General Data Protection Regulation (GDPR), a legal complaint launched by the None of Your Business (NOYB) digital rights group has claimed. Filed this…

Read more →

AI, Cybersecurity, Funding, Global Security News, Government & Policy

Trump officials are steering a cybersecurity scholarship program toward AI

The Trump administration is redirecting a cybersecurity scholarship program that requires recipients to work in government service toward artificial intelligence, leaving some current program scholars dismayed and bewildered. In an email to participating school program coordinators obtained by CyberScoop, the Office of Personnel Management and National Science Foundation said the CyberCorps Scholarship For Service program…

Read more →

AI, APAC, Apps, Cloud Security, Compliance, Endpoint, Global Security News, Network Security, Risk Management, Venture

ICYMI: April 2026 @AWS Security

Read all about the latest AWS security features, compliance updates, and hands-on resources in our new, monthly digest posts. You’ll find expert blog posts, new service capabilities, code samples, and workshops. AWS Security Blog posts This month’s AWS Security Blog posts covered AI security, identity and access management, threat intelligence, data protection, and multicloud operations.…

Read more →

AI, Apps, china, Compliance, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management, Russia

Inside the World of Laptop Farms: How They Help Foreign Remote Workers Look U.S.-Based to Earn More Money

The expansion of remote work fundamentally altered enterprise security models. Organizations that once relied on tightly controlled office environments suddenly began shipping pre-configured corporate laptops to workers they would never physically meet. VPN enrollment, SaaS identity platforms, remote onboarding systems, and cloud collaboration tools rapidly became the new trust perimeter. Criminal organizations and state-sponsored operators…

Read more →

AI, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management

U.S. CISA adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-6973 (CVSS score of 7.1), to its Known Exploited Vulnerabilities (KEV) catalog. Ivanti warns customers…

Read more →

Endpoint, Global Security News

Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access

Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild. The high-severity vulnerability, CVE-2026-6973 (CVSS score: 7.2), is a case of improper input validation affecting EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1. It allows “a remotely authenticated user with administrative access to achieve…

Read more →

AI, APAC, Cloud Security, Compliance, Cybersecurity, Global Security News, Network Security, Risk Management

Best MSP Certifications to Grow Services in 2026

To stay ahead in today’s competitive channel landscape, managed service providers (MSPs) need relevant certifications that validate their expertise and strengthen their credibility across key areas such as cybersecurity, cloud services, and artificial intelligence (AI). With the growing number of role-based and vendor-specific certifications available in 2026, choosing the right ones to expand your service…

Read more →

AI, Cybersecurity, Global Security News

PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems

Cybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any artifacts linked to TeamPCP from the environments. “The toolset harvests credentials from cloud, container, developer, productivity, and financial services, then exfiltrates the data through attacker-controlled infrastructure while attempting

Read more →

AI, Cloud Security, Compliance, Global Security News, privacy, Risk Management

AWS achieves SNI 27017, SNI 27018, and SNI 9001 certifications for the AWS Asia Pacific (Jakarta) Region

Amazon Web Services (AWS) achieved three Standar Nasional Indonesia (SNI) certifications for the AWS Asia Pacific (Jakarta) Region: SNI ISO/IEC 27017:2015, SNI ISO/IEC 27018:2019, and SNI ISO 9001:2015. SNI represents Indonesia’s national standards framework, comprising standards that are broadly applicable across industries within the country. These certifications further demonstrate that AWS services meet nationally recognized…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Risk Management

Deepfakes Are Exposing Gaps in Cyber Insurance Policies

Deepfakes are creating new cybersecurity risks that many organizations — and their cyber insurance policies — may not be fully prepared to address.  As attackers increasingly use AI-generated voice, video, and identity impersonation in fraud and ransomware attacks, cybersecurity experts warn businesses must reassess both security strategies and cyber insurance coverage.   During a recent Channel…

Read more →

AI, Compliance, Europe, Global Security News, Politics, Risk Management

EU lawmakers strike provisional deal to soften AI Act

European Union member states and the European Parliament agreed early Thursday to push back the toughest deadlines under the bloc’s AI Act, giving enterprises more time to prepare for high-risk compliance. Under the provisional deal between negotiators for the European Parliament and European Council, high-risk AI systems will face new deadlines of Dec. 2, 2027…

Read more →

GeekGuyBlog, Uncategorized

Top Tech Toys for May 2026

Top Tech Toys for May in 2026, including detailed descriptions of their key features and practical benefits. The tech landscape of 2026 has moved past the era of empty vaporware, pivoting instead toward gadgets that offer tangible, everyday utility. From AI-driven wellness monitors to precision hobbyist tools, the current market prioritizes seamless integration and sophisticated…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

CloudZ RAT Abuses Windows Phone Link to Steal OTPs

A malware campaign is exploiting a built-in Windows feature to intercept sensitive data — without ever touching the victim’s phone.  Cisco Talos researchers identified the CloudZ remote access trojan (RAT) using a custom plugin to monitor Microsoft’s Phone Link application and potentially capture SMS-based one-time passwords (OTPs). “MFA bypass is becoming a bigger and bigger…

Read more →

AI, Data Breaches, Global Security News, Network Security

World Password Day 2026: Passwords Still Matter (Whether We Like It or Not)

World Password Day 2026: Passwords Still Matter (Whether We Like It or Not) Every year, World Password Day comes around and we all pretend we’ve moved beyond passwords. We haven’t. Passwords are still everywhere. Still fragile. Still one of the easiest ways into an environment. And despite all the talk about passkeys and passwordless futures,…

Read more →

AI, Exploits, Global Security News, Network Security

Cisco patches high-severity flaws enabling SSRF, code execution attacks

Cisco fixed several high‑severity flaws in its enterprise products, including SSRF bugs in Unity Connection that could enable code execution or service disruption. Cisco released patches for multiple high‑severity vulnerabilities affecting its enterprise products. Successful exploitation could allow code execution, server‑side request forgery (SSRF), or denial‑of‑service attacks. Two notable flaws, CVE‑2026‑20034 and CVE‑2026‑20035, impact Cisco…

Read more →

AI, Apps, Global Security News, Network Security

American duo sentenced for hosting laptop farms for North Korean IT workers

Two U.S. nationals were sentenced to 18 months in prison for running laptop farms that facilitated North Korea’s expansive remote IT workers scheme, the Justice Department said Wednesday. Matthew Issac Knoot and Erick Ntekereze Prince both received and hosted laptops at their residences to dupe U.S. companies into thinking remote IT workers they hired were…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Global Security News, Risk Management

World Password Day 2026: Why Strong Passwords Alone Are No Longer Enough

Every year, World Password Day reminds individuals and organizations to create stronger passwords, avoid password reuse, and enable multi-factor authentication (MFA).  While these practices remain important, new research from Proton suggests that traditional password security advice is no longer enough to protect modern businesses from cyber threats. Key Takeaways Despite 92% of small businesses investing…

Read more →

AI, Global Security News, Network Security

$250 million cryptocurrency heist funded luxury fashion, nightclub parties, and private jets

20-year-old California resident Marlon Ferro, known online as “GothFerrari,” was sentenced to 78 months in prison for his role in a cryptocurrency theft operation tied to more than $250 million in stolen digital assets. Federal prosecutors said Ferro participated in a criminal network active between late 2023 and early 2025. Members of the group, based…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News

One Click, Total Shutdown: The “Patient Zero” Webinar on Killing Stealth Breaches

The hardest part of cybersecurity isn’t the technology, it’s the people. Every major breach you’ve read about lately usually starts the same way: one employee, one clever email, and one “Patient Zero” infection. In 2026, hackers are using AI to make these “first clicks” nearly impossible to spot. If a single laptop gets compromised on…

Read more →

Exploits, Global Security News, Network Security

PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage

Palo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully exploit a recently disclosed critical security flaw as early as April 9, 2026. The vulnerability in question is CVE-2026-0300 (CVSS score: 9.3/8.7), a buffer overflow vulnerability in the User-ID Authentication Portal service of Palo Alto Networks PAN-OS software that could allow an…

Read more →

AI, Compliance, Cybersecurity, Global Security News, Risk Management

Bots in translation: Can AI really fix SIEM rule sprawl across vendors?

Enterprises migrating between SIEM platforms often have to manually rewrite detection rules because vendors such as Splunk, Microsoft Sentinel, IBM QRadar, and Google Chronicle use different query languages and data models. Researchers now say AI may be able to automate much of that work, though security experts remain divided over whether the problem really requires…

Read more →

AI, Data Security, Exploits, Global Security News, privacy

WWDC 2026: How Apple can take a great leap in AI

Apple’s Worldwide Developer Conference (WWDC) takes place in just a few weeks. Everyone expects the company to explain its approach to AI deployment on its platforms. With that in mind, here’s what several months of speculation suggest Apple will announce, though the details remain to be disclosed. Apple is investing billions of dollars in these plans; R&D spending…

Read more →

Exploits, Global Security News, Network Security

State-sponsored hackers likely behind zero-day attacks on Palo Alto firewalls

Palo Alto Networks believes the in-the-wild exploitation of a zero-day vulnerability (CVE-2026-0300) in its firewalls is likely the work of state-sponsored threat actors. A flaw with no patch (yet) CVE-2026-0300 is a buffer overflow vulnerability in the User-ID Authentication Portal service of Palo Alto Networks PAN-OS software, and can be exploited by unauthenticated attackers sending…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security

Critical Palo Alto Networks software bug hits exposed firewalls

Palo Alto Networks is warning customers about a critical buffer overflow vulnerability affecting its PAN-OS user-ID authentication portal that is already being exploited in the wild. The flaw allows attackers to execute arbitrary code with root privileges on exposed firewalls, the company said in a security advisory. PAN-OS is the software that runs all Palo…

Read more →

AI, Exploits, Global Security News, malware, Risk Management

From Android TVs to routers: the xlabs_v1 Mirai-based botnet built for DDoS attacks

A new Mirai‑based botnet, xlabs_v1, hijacks ADB‑exposed IoT devices for powerful DDoS attacks, with 21 flooding methods and DDoS‑for‑hire use. A new Mirai‑derived botnet called xlabs_v1 is hijacking internet‑exposed devices running Android Debug Bridge (ADB) and using them for large‑scale DDoS attacks. Hunt.io discovered the bot on an unsecured server, it includes 21 flood techniques…

Read more →

AI, Global Security News, Government & Policy, Politics

One House Democrat is pressing Commerce on the government’s spyware use

A House Democrat who’s been at the forefront of congressional efforts to scrutinize the federal government’s use of commercial spyware wants the Commerce Department to brief Capitol Hill amid apprehension that the Trump administration might further embrace the technology. Rep. Summer Lee, D-Pa., sent a letter to the department Thursday seeking a briefing on several…

Read more →

Cybersecurity, Global Security News, malware

PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems. “While these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files,” Kaspersky 

Read more →

AI, APAC, Compliance, Cybersecurity, Data Breaches, Global Security News, Network Security, Risk Management

CISOs: Align cyber risk communication with boardroom psychology

By now, executive boards across industries understand that cyberattacks can be costly. What they often lack, however, is a clear view of which risks pose the biggest threat to their business and why certain investments need to rise to the top. Many security leaders lose traction at that point. The challenge is less about sounding…

Read more →

AI, Compliance, Global Security News

Kloudfuse 4.0 delivers AI-governed observability and scalable workload isolation

Kloudfuse has announced the general availability of Kloudfuse 4.0. The release helps enterprises meet rising compliance requirements, adopt AI-driven observability with production-grade governance, and scale their observability infrastructure without platform bottlenecks, while keeping every byte of telemetry data inside their own cloud environment. Kloudfuse 4.0 addresses three converging pressures: the FIPS 140-2 sunset on September…

Read more →

AI, Apps, china, Compliance, Cybersecurity, Data Breaches, Data Security, Europe, Global Security News, Government & Policy, privacy, Risk Management

Ten years later, has the GDPR fulfilled its purpose?

This year marks the 10th anniversary of the EU’s adoption of the General Data Protection Regulation, which became mandatory for all companies beginning on May 25, 2018. The aim of the GDPR was simple, but important: to improve individuals’ control over their personal data. This regulation replaced Directive 95/46/EC with the clear purpose of unifying data…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

U.S. CISA adds a flaw in Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Palo Alto Networks PAN-OS, tracked as CVE-2026-0300 (CVSS score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. The flaw is a buffer…

Read more →

AI, Compliance, Cybersecurity, Endpoint, Exploits, Global Security News, Risk Management

Mythos AI: What Security Leaders Should Do Next

The recent discussion around Anthropic’s Claude Mythos Preview and Project Glasswing has caught the attention of the cybersecurity industry for good reason. Mythos is not just another AI announcement. It is being positioned as a frontier model with advanced cybersecurity capability, particularly around finding and exploiting software vulnerabilities. Anthropic has stated that Project Glasswing is…

Read more →

AI, Apps, Global Security News

Multi-model AI is creating a routing headache for enterprises

Application teams are moving AI inference into production systems that support business operations. Enterprises are expanding traffic management, identity controls, observability, and routing systems for multiple AI models and environments. F5’s 2026 State of Application Strategy Report found that 78% of organizations operate their own inference services and 77% identify inference as their primary AI…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

US government agency to safety test frontier AI models before release

The Center for AI Standards and Innovation (CAISI), a division of the US Department of Commerce, has signed agreements with Google DeepMind, Microsoft, and xAI that would give the agency the ability to vet AI models from these organizations and others prior to their being made publicly available. According to a release from CAISI, which…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

US government agency to safety test frontier AI models before release

The Center for AI Standards and Innovation (CAISI), a division of the US Department of Commerce, has signed agreements with Google DeepMind, Microsoft, and xAI that would give the agency the ability to vet AI models from these organizations and others prior to their being made publicly available. According to a release from CAISI, which…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News

An Adaptive Cyber Analytics UI for Web Honeypot Logs [Guest Diary], (Wed, May 6th)

[This is a Guest Diary by Eric Roldan, an ISC intern as part of the SANS.edu BACS program] Through the expansion of Large Language Models (LLMs), cybersecurity has exploded with a variety of tools for both offensive and defensive purposes. A majority of software and cyber tools are integrating Artificial Intelligence (AI) solutions into their…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security

Taiwan High-Speed Rail Emergency Braking Hack: How a Student Stopped the Trains and Exposed a Major Security Gap

Taiwan high‑speed rail was disrupted after a 23‑year‑old student spoofed signals and triggered an emergency alarm, stopping four trains for nearly an hour. Taiwan high‑speed rail system, one of the most important pieces of national infrastructure, was thrown into chaos during the Qingming Festival holiday when several trains suddenly came to an unexpected halt. Experts…

Read more →