Geek-Guy.com

Author: admin

AI, APAC, Compliance, Europe, Global Security News, Risk Management

AWS, Microsoft, & Google Cloud Converge Around AI-Led Growth

The “big three” hyperscalers, Amazon Web Services (AWS), Microsoft, and Google Cloud, have been especially active over the past 12 months, operating both as suppliers of in-demand data center capacity for AI model developers and as builders of their own models, services, and tools. While each has historically leaned into distinct strengths and target markets,…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management

SAP npm Supply Chain Attack Targets Developer Credentials 

A supply chain attack targeting SAP npm packages is putting enterprise development environments at risk.  Aikido researchers discovered malicious code designed to steal credentials and secrets from developer systems and CI/CD pipelines.  The attack “… harvests local developer credentials, GitHub and npm tokens, GitHub Actions secrets, and cloud secrets from AWS, Azure, GCP, and Kubernetes,”…

Read more →

AI, Apps, Compliance, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

How Criminals Created SMS Blasters to Fake Cellphone Towers and Hack Thousands of Phones in Canada

Canadian authorities have dismantled what appears to be one of the most technically sophisticated financially motivated telecom attacks publicly documented in North America after arresting three suspects accused of operating vehicle-mounted “SMS blaster” systems that impersonated legitimate cellular towers, induced nearby mobile devices into attaching to rogue infrastructure, delivered phishing messages to those devices—likely through…

Read more →

AI, Cybersecurity, Global Security News, privacy

Agent’s claims on WhatsApp access spark security concerns

A US agent claimed WhatsApp encryption is fake and Meta can access messages; the probe was abruptly shut, raising security concerns. A US agent claimed WhatsApp encryption is fake, alleging Meta accesses all unencrypted messages, but Commerce Department abruptly shut the probe, leaving leaders questioning if consumer apps are safe for sensitive business decisions. In…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

AI Adoption Fuels Rise in Identity Attack Path Risk 

Identity security is one of the most urgent priorities for enterprises as AI adoption expands the attack surface and introduces new complexity.  The SpecterOps Trends in Identity Attack Path Management 2026 report highlights how organizations are increasing investment in identity security while struggling to turn visibility into consistent risk reduction. “As identity becomes the control…

Read more →

AI, Apps, Cybersecurity, Global Security News

SHARED INTEL Q&A: PKI’s unfinished business—’digital passports’ for content, models and agents

As if keeping track of machine identities wasn’t hard enough. AI agents are now arriving by the thousands — and most enterprises are just handing them borrowed credentials and hoping for the best. Meanwhile, the cryptographic infrastructure asked to absorb these threats faces a hard regulatory countdown requiring digital certificates — the credentials securing every…

Read more →

AI, Data Breaches, Exploits, Global Security News, Network Security

Two new extortion crews are speedrunning the Scattered Spider playbook

A pair of persistent and problematic threat groups affiliated with The Com are actively targeting organizations across multiple critical infrastructure sectors for rapid data theft and extortion attacks, according to CrowdStrike. The financially-motivated attackers, which CrowdStrike tracks as Cordial Spider and Snarky Spider, have used voice-phishing and social engineering attacks to break into victims’ identity…

Read more →

AI, Data Breaches, Global Security News, malware, Network Security

Anti-DDoS Firm Heaped Attacks on Brazilian ISPs

A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The firm’s chief executive says the malicious activity resulted from a security breach and was likely the work…

Read more →

AI, Apps, Compliance, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

Cisco Introduces Model Provenance Kit to Strengthen AI Supply Chain Security

Organizations are rapidly adopting AI models, but many still lack visibility into where those models come from or how they’ve been modified along the way.  Cisco is aiming to close that gap with the release of its open-source Model Provenance Kit, a tool designed to verify the origins of AI models and improve trust across…

Read more →

AI, Global Security News

Apple reportedly abandons Vision Pro

It was only this month that incoming Apple CEO John Ternus said of the Vision Pro, “I think we’re still very much in the early innings of spatial computing. We’re super excited about it.” Now, we’re hearing Apple has stopped working on the headset following lackluster sales of the only slightly upgraded M5 chip-powered model introduced in October, which retained…

Read more →

AI, Exploits, Global Security News

cPanel zero-day exploited for months before patch release (CVE-2026-41940)

A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, a popular web-based control panel for managing web hosting accounts, is being exploited by attackers in the wild. What’s more, attackers didn’t have to wait for watchTowr security researchers to release technical details about the vulnerability – they have been spotted exploiting CVE-2026-41940 since February 23, and…

Read more →

AI, Apps, Exploits, Global Security News, malware, Risk Management

CVE-2026-41940: Critical cPanel & WHM Authentication Bypass Exposes Hosting Servers to Admin Takeover

A newly disclosed CVE-2026-41940 vulnerability in cPanel & WHM has put internet-facing hosting infrastructure under urgent scrutiny. The flaw carries a CVSS score of 9.8 and can let an unauthenticated remote attacker bypass authentication and gain administrative access, while cPanel’s advisory says the issue affects cPanel software, including DNSOnly, across all versions after 11.40. For…

Read more →

AI, Cybersecurity, Global Security News

New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts. “The intrusion chain begins with execution of a batch script (‘install_obf.bat’) that disables Windows security controls, dynamically extracts an

Read more →

AI, Apps, china, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

Dismantle implicit trust in OT networks, CISA tells critical infrastructure operators

The US Cybersecurity and Infrastructure Security Agency (CISA) has asked owners and operators of operational technology to stop assuming their networks are safe, and has released joint guidance to adapt zero trust principles for industrial systems that support US power, water, transportation, building automation, and weapons-support infrastructure. OT owners should design controls on the assumption…

Read more →

AI, APAC, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management

Release Notes: Expanded Threat Intelligence Access, AI Assisted Search 1,770 New Detections and More

April brought several updates across ANY.RUN’s Threat Intelligence and detection coverage.  The biggest change is expanded access to Threat Intelligence: Free plan users now get 20 premium requests in TI Lookup and YARA Search. This gives security teams a practical way to check suspicious indicators, explore related sandbox sessions, and validate malware or phishing activity using real attack…

Read more →

AI, Exploits, Global Security News

Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431)

Security researchers at Theori have disclosed a high-severity local privilege escalation (LPE) vulnerability (CVE-2026-31431) in the Linux kernel. The flaw, nicknamed “Copy Fail”, has affected virtually every major Linux distribution shipped since 2017, and a working proof-of-concept (PoC) exploit is publicly available. About CVE-2026-31431 According to Theori researchers, CVE-2026-31431 originates from the interaction of three…

Read more →

AI, Exploits, Global Security News

Max-severity RCE flaw found in Google Gemini CLI

Security researchers are warning about a max severity vulnerability in Google Gemini CLI that could allow remote code execution (RCE) in environments where the tool processes untrusted inputs. The issue was disclosed by Novee Security researchers and affects the @google/gemini-cli package and its associated GitHub Action, widely used in CI/CD workflows. “Gemini CLI (@google/gemini-cli) and…

Read more →

AI, Global Security News

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center (TRC) in March 2026. This operation specifically targets the high-privilege professional accounts of enterprise administrators, DevOps engineers, and security analysts by impersonating administrative utilities they rely on for daily operations. By integrating Search Engine Order (SEO)

Read more →

AI, Compliance, Exploits, Global Security News

Everyone’s building AI agents. Almost nobody’s ready for what they do to identity.

Anthropic recently announced that it would not release Mythos, its most powerful AI model, to the public. The model discovered thousands of previously unknown software vulnerabilities — flaws that had sat undetected in major operating systems and web browsers for as long as nearly three decades. Anthropic said the model was too dangerous to deploy…

Read more →

AI, Apps, Cybersecurity, Global Security News, malware, Risk Management

SAP npm package attack highlights risks in developer tools and CI/CD pipelines

A supply chain attack on SAP-related npm packages has put fresh scrutiny on the developer tools and build workflows that enterprises rely on to produce software. The campaign, referred to as “mini Shai-Hulud,” affected packages used in SAP’s JavaScript and cloud application development ecosystem. The malicious versions added installation-time code that could steal developer credentials,…

Read more →

Global Security News, Network Security

Researchers develop tool to expose GPS signal spoofing in transit networks

The Oak Ridge National Laboratory (ORNL) has developed a portable detector that identifies GPS spoofing in real time, including during motion, to help protect transportation systems. Spoofing involves transmitting counterfeit signals that imitate authentic GPS transmissions and produce false information about location, time, or both. GPS jamming, another form of interference, overwhelms receivers with noise…

Read more →

AI, Cybersecurity, Global Security News

New Linux ‘Copy Fail’ Vulnerability Enables Root Access on Major Distributions

Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root. The high-severity vulnerability tracked as CVE-2026-31431 (CVSS score: 7.8) has been codenamed Copy Fail by Xint.io and Theori. “An unprivileged local user can write four controlled bytes into the page cache of…

Read more →

AI, Global Security News, Russia

Hackers arrested for stealing and reselling 600,000 Roblox accounts

Ukrainian police detained three suspects accused of hacking into Roblox accounts and reselling the data on Russian websites, with payments made in cryptocurrency. Police raid (Source: The Prosecutor General’s Office of Ukraine) “Prosecutors of the Lviv region, together with the cyber police and the Security Service of Ukraine, have stopped the activities of a group…

Read more →

AI, Compliance, Data Breaches, Europe, Exploits, Global Security News, privacy, Risk Management

Meta accused of violating DSA by failing to safeguard minors

The European Commission accuses Meta of failing to protect children, allowing users under 13 on Instagram and Facebook, in breach of the DSA rules. The European Commission has accused Meta of violating child safety rules. Instagram and Facebook allegedly failed to prevent children under 13 from accessing their platforms. According to the Commission, Meta did…

Read more →

AI, Global Security News, Russia

Large-scale Roblox hacking operation shut down by Ukrainian authorities

Ukrainian police arrested three hackers who hijacked 610,000 Roblox accounts and sold them for $225,000 in profit. Police in Ukraine arrested three suspects accused of hacking over 610,000 Roblox accounts and selling them for about $225,000. Officers carried out multiple searches in Lviv, seizing cash, phones, computers, laptops, tablets, and USB drives. The operation disrupted…

Read more →

Global Security News

Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

Google has addressed a maximum severity security flaw in Gemini CLI — the “@google/gemini-cli” npm package and the “google-github-actions/run-gemini-cli” GitHub Actions workflow — that could have allowed attackers to execute arbitrary commands on host systems. “The vulnerability allowed an unprivileged external attacker to force their own malicious content to load as Gemini configuration,”

Read more →

AI, Global Security News

Bad bots make up 40% of internet traffic

The normalization of AI and automation within internet infrastructure is changing how organizations interpret traffic. Activity that once appeared anomalous is now treated as expected behavior. AI agents have emerged as a third category of automated traffic alongside good and bad bots, according to the Thales 2026 Bad Bot Report: Bad Bots in the Agentic…

Read more →

AI, Global Security News

Warp open sources its AI terminal client

Warp, the AI-centric terminal used by close to a million developers, has released the source code for its client on GitHub under the AGPL license, with OpenAI signed on as the founding sponsor of the repository. An agent-first contribution model Warp is steering contributions through Oz, its cloud agent orchestration platform. Agents handle the bulk…

Read more →

AI, Apps, china, Cybersecurity, Exploits, Global Security News, malware, Network Security

Researchers unearth industrial sabotage malware that predated Stuxnet by 5 years

Designed to cripple Iran’s nuclear enrichment program, the 2010 Stuxnet worm set a cybersecurity precedent as the first time a nation escalated its activities from strategic espionage to sabotage in cyberspace. Now, a new discovery suggests such operations were in full swing years before Stuxnet came to light. Researchers from SentinelOne have tracked down samples…

Read more →

AI, Compliance, Global Security News, Risk Management

Adaptive Security Leadership in an Expanding Threat Surface

Last week I joined fellow security leaders at CISO Inspire Summit North for a panel discussion on The Expanding Threat Surface: Adaptive Security Leadership for 2026 and Beyond. It was a timely discussion, because the challenge facing security leaders today is not simply more threats. It is more connections, more dependencies, and more complexity. Suppliers, SaaS, identities, automation…

Read more →

AI, Global Security News

A New Chapter in Alzheimer’s Care Begins in Australia, But Access Remains the Real Test

*]:pointer-events-auto [content-visibility:auto] supports-[content-visibility:auto]:[contain-intrinsic-size:auto_100lvh] R6Vx5W_threadScrollVars scroll-mb-[calc(var(–scroll-root-safe-area-inset-bottom,0px)+var(–thread-response-height))] scroll-mt-[calc(var(–header-height)+min(200px,max(70px,20svh)))]” dir=”auto” data-turn-id=”request-WEB:d157b42f-f595-4291-a196-6b04707088a5-6″ data-testid=”conversation-turn-8″ data-scroll-anchor=”false” data-turn=”assistant”>   This month, it has been announced that Australia is beginning to see the real world impact of its first disease modifying Alzheimer’s therapies, marking a pivotal moment in a field that for decades has struggled to move beyond symptom management.

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy

Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions

A developer at an AI startup wanted to cheat at Roblox. They downloaded a dodgy script on their work laptop. That one decision triggered a cascade of failures that ended with a $2 million data breach affecting hundreds of thousands of organisations. All for some free in-game currency. Meanwhile, there’s a 1980s phone protocol called…

Read more →

AI, Global Security News, Government & Policy, Risk Management

Australia’s Inflation Reality Check: When Policy Levers Pull in Opposite Directions

Australia’s rising inflation is being blamed on global forces and the Reserve Bank, but economists point to a deeper issue: domestic policy settings that may be working against the fight to bring prices under control. Have you wondered why the Treasurer continues to point to the Reserve Bank of Australia, the Middle East, and supply…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

cPanel Vulnerability Exposes Servers to Takeover 

An authentication vulnerability in cPanel and Web Host Manager (WHM) is putting web hosting environments at risk, prompting the company to release an emergency patch and warn administrators to act quickly.  The flaw affects multiple authentication paths and could allow attackers to gain unauthorized access to servers if left unpatched. “Let’s call this what it…

Read more →

AI, Global Security News, Network Security, Risk Management

Tines Targets Partner-Led Growth in North America

Tines is expanding its channel and technology partner ecosystem as enterprise demand grows for intelligent workflows that connect automation, AI, and human decision-making across security and IT operations. The intelligent workflow platform announced 75 new technology partners for fiscal year 2026, along with 25% growth in its channel partner network.  The company said collaborations with…

Read more →

AI, Endpoint, Exploits, Global Security News

CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure

Attackers quickly exploited a critical LiteLLM flaw (CVE-2026-42208) to access and modify sensitive database data via SQL injection. Attackers rapidly exploited a critical vulnerability in LiteLLM Python package, tracked as CVE-2026-42208, just days after it became public. The vulnerability, an SQL injection in the proxy API key verification process, lets attackers access and potentially modify database…

Read more →