Geek-Guy.com

Category: Exploits

Explore the latest software exploits, zero-day vulnerabilities, and security PoCs. Geek-Guy provides expert analysis on emerging threats and how to stay protected.

AI, Apps, Cloud Security, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

Anthropic’s Mythos signals a structural cybersecurity shift

Over the past week, reaction to Anthropic’s Glasswing disclosure has split along familiar lines. At one end: alarm over an AI system capable of autonomously identifying and exploiting vulnerabilities. At the other: dismissive hot takes, arguing there is nothing new here. A more grounded view comes from a new briefing by the Cloud Security Alliance…

Read more →

AI, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management

This Booking.com Breach Could Expose Your Travel Plans

Booking.com has disclosed a security incident involving unauthorized access to customer reservation data, prompting the company to reset reservation PINs tied to affected bookings. The activity, described as “suspicious access” to a subset of reservation records, did not expose payment card data but surfaced a category of information that, from an operational security standpoint, is…

Read more →

AI, Apps, Cloud Security, Compliance, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security

Here’s how cyber heavyweights in the US and UK are dealing with Claude Mythos

A joint report from the Cloud Security Alliance (CSA), the SANS Institute and the Open Worldwide Application Security Project (OWASP) concludes that in the near term, organizations are “likely to be overwhelmed” by threat actors using AI to find and exploit vulnerabilities faster than defenders can patch them. While those organizations can use AI tools…

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, Network Security

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

A critical pre-authentication remote code execution vulnerability in Marimo, an open-source Python notebook platform owned by AI cloud company CoreWeave, was exploited in the wild less than 10 hours after its public disclosure, according to the Sysdig Threat Research Team. The vulnerability, tracked as CVE-2026-39987 with a severity score of 9.3 out of 10, affects…

Read more →

AI, Data Breaches, Exploits, Global Security News

Rockstar Games receives “pay or leak” warning after cyberattack

Rockstar Games, the developer behind titles such as Grand Theft Auto and Red Dead Redemption, has confirmed a cyberattack claimed by hacking group ShinyHunters, which says it accessed the company’s Snowflake environment and obtained data. The attackers exploited Anodot, a third-party SaaS platform used for cloud cost monitoring and analytics, as the entry point and…

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, Network Security

Seven IBM WebSphere Liberty flaws can be chained into full takeover

Security researchers are warning of a set of flaws affecting IBM WebSphere Liberty, a lightweight, modular Java application server, that can be chained into a full server compromise. The flaws, a total of seven, that led to the ultimate compromise of the server were initiated by a newly discovered pre-authentication issue in the platform’s SAML…

Read more →

Exploits, Global Security News, Network Security

Your MTTD Looks Great. Your Post-Alert Gap Doesn’t

Anthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating system and browser. Palo Alto Networks’ Wendi Whitmorewarned that similar capabilities are weeks or months from proliferation. CrowdStrike’s 2026 Global Threat Report puts average eCrime breakout time at 29 minutes. Mandiant’s M-Trends 2026

Read more →

AI, Exploits, Global Security News, privacy, Risk Management

iPhone forensics expose Signal messages after app removal in U.S. case

An FBI case in Texas shows Signal messages can still be recovered from iPhones even after app uninstall, via system artifacts, challenging privacy assumptions. The recent revelations about FBI forensic access to Signal messages on an iPhone have reignited a long-standing misunderstanding about mobile privacy: the belief that disappearing messages and encrypted apps guarantee that…

Read more →

Apps, Exploits, Global Security News

Adobe issues emergency fix for Acrobat Reader flaw exploited in the wild (CVE-2026-34621)

Adobe has pushed out an emergency security update for Adobe Acrobat Reader, patching a zero-day vulnerability (CVE-2026-34621) exploited in the wild since November 2025. About CVE-2026-34621 CVE-2026-34621 is a critical prototype pollution vulnerability – a type of vulnerability that occurs in JavaScript and allows attackers to add or modify an application’s JavaScript objects and properties.…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security

Marimo RCE Flaw Exploited Within Hours of Disclosure

A vulnerability in the open-source Marimo Python notebook platform is already being actively exploited, underscoring how quickly attackers can turn newly disclosed flaws into real-world attacks.  Less than 10 hours after public disclosure, threat actors developed a working exploit and began targeting exposed systems. “Within 9 hours and 41 minutes of the vulnerability advisory’s publication,…

Read more →

AI, Apps, Exploits, Global Security News, Risk Management

Adobe fixes actively exploited Acrobat Reader flaw CVE-2026-34621

Adobe addressed a critical Acrobat Reader vulnerability, tracked as CVE-2026-34621, which is actively exploited to run malicious code. Adobe released emergency updates to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited. The flaw could allow attackers to execute malicious code on affected systems,…

Read more →

Compliance, Exploits, Global Security News

Qualys TRU Research Finds Manual Remediation Can’t Keep Up As Exploitation Hits ‘Negative One Day’

GUEST RESEACH: Qualys, Inc. (NASDAQ: QLYS), a leading provider of cloud-based IT, security and compliance solutions, today released a new research report, The Broken Physics of Remediation,  revealing how exploitation timelines are outpacing human-scale remediation, and why traditional patch metrics can no longer describe true business exposure.

Read more →

AI, Compliance, Data Breaches, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

Hackers claim control over Venice San Marco anti-flood pumps

Hackers breached Venice ’s San Marco flood system, claiming control of pumps and the ability to disable defenses and flood coastal areas. The technologies that govern the physical world are the quiet infrastructure of modern life. From energy grids to water systems, from factories to flood defenses, operational technology (OT) has long had one essential…

Read more →

AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, privacy, Risk Management, Russia

Security Affairs newsletter Round 572 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S. GlassWorm evolves with…

Read more →

Exploits, Global Security News

Week in review: Windows zero-day exploit leaked, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Cloudflare moves up its post-quantum deadline as researchers narrow the path to Q-Day Cloudflare announced it is targeting 2029 to complete post-quantum security across its entire product suite, including post-quantum authentication. The company is following a revised roadmap that Google…

Read more →

Exploits, Global Security News

Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621

Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-34621, carries a CVSS score of 8.6 out of 10.0. Successful exploitation of the flaw could allow an attacker to run malicious code on affected installations. It has been described…

Read more →

AI, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S.

Censys researchers found 5,219 exposed Rockwell PLCs online, mostly in the U.S., urging defenders to secure or disconnect them. On April 7, 2026, U.S. agencies, including FBI, CISA, and NSA, warned of Iran-linked APTs exploiting internet-exposed Rockwell Automation PLCs. Threat actors are carrying out cyberattacks targeting internet-connected operational technology (OT) across multiple critical infrastructure sectors.…

Read more →

AI, Endpoint, Exploits, Global Security News, malware

CVE-2026-39987: Marimo RCE exploited in hours after disclosure

A critical flaw, tracked as CVE-2026-39987, in the open-source Python notebook tool Marimo was exploited within 10 hours of disclosure. A critical flaw in Marimo, tracked as CVE-2026-39987 (CVSS score of 9.3) was exploited just 10 hours after disclosure (On April 8, 2026). Sysdig Threat Research Team observed exploitation of the Marimo flaw within 9…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

Anthropic’s Project Glasswing Signals Potential AI-Driven Shift in Cybersecurity

Anthropic’s Project Glasswing highlights how advanced AI models may rival top human experts in finding and exploiting software vulnerabilities.  Early claims from the company suggest these models, like Claude Mythos Preview, can operate at large scale and find vulnerabilities faster. However, security leaders share mixed views on the claims. “Mythos appears to materially change the…

Read more →

AI, Endpoint, Exploits, Global Security News, Network Security

Old Docker authorization bypass pops up despite previous patch

Researchers warn about a new vulnerability that allows attackers to bypass authorization plug-ins in Docker Engine and gain root-level access to host systems. The flaw has the same root cause as another authorization bypass vulnerability patched in 2024, but the underlying problem has been known since 2016. Tracked as CVE-2026-34040, the new vulnerability is rated…

Read more →

AI, Apps, Exploits, Global Security News, Network Security, Risk Management

Bringing Rust to the Pixel Baseband

Posted by Jiacheng Lu, Software Engineer, Google Pixel Team Google is continuously advancing the security of Pixel devices. We have been focusing on hardening the cellular baseband modem against exploitation. Recognizing the risks associated within the complex modem firmware, Pixel 9 shipped with mitigations against a range of memory-safety vulnerabilities. For Pixel 10, Google is…

Read more →

AI, Europe, Exploits, Global Security News

Ransomware attack on ChipSoft knocks EHR services offline across hospitals in the Netherlands and Belgium

Dutch healthcare IT firm ChipSoft suffered a ransomware attack, forcing services and its HiX platform offline, impacting hospitals and patients. ChipSoft, a major Dutch provider of EHR systems, was hit by a ransomware attack that forced it to take its website and digital services offline, disrupting access for hospitals, healthcare providers, and patients. EHR (Electronic…

Read more →

AI, Apps, Cloud Security, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Network Security, privacy, Risk Management

Zero-Days, Data Breaches, and AI Risks Define This Week’s Cybersecurity Landscape in 2026

Major Threats & Vulnerabilities Zero-Day and Critical Exploits A new zero-day vulnerability in Adobe Acrobat Reader is being actively exploited through malicious PDFs. Attackers can steal data and compromise systems, with no patch currently available. Security teams are urged to block untrusted PDFs, disable JavaScript, and use sandboxing with outbound traffic monitoring. The Fortinet EMS…

Read more →

AI, Apps, Exploits, Global Security News, Risk Management

EngageLab SDK flaw opens door to private data on 50M Android devices

A flaw in EngageLab SDK exposed up to 50M Android users, including 30M crypto wallets, letting apps bypass security and access private data. Microsoft researchers found a critical flaw in EngageSDK that lets apps bypass Android sandbox protections and access private data. The flaw put millions of users, including over 30M crypto wallet installs, at…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Risk Management, Venture

News alert: Mallory launches AI-native platform to cut through alert noise and surface real risk

AUSTIN, Texas, Apr. 9, 2026, CyberNewswire—Mallory is launching a AI-native threat intelligence platform, purpose-built to answer the questions CISOs and their teams are asking every day: •What are the real threat vectors for our organization? •What’s actually exploitable in our environment right now? •What should we proactively fix? The platform monitors thousands of threat sources,…

Read more →

AI, Exploits, Global Security News, malware, Risk Management

Hackers have been exploiting an unpatched Adobe Reader vulnerability for months

Adobe Reader vulnerabilities have been exploited for decades by threat actors taking advantage of the universal use of the utility to fool employees into downloading infected PDF documents through phishing lures. Now a security researcher says a Reader hole has been quietly exploited by malware for as long as four months, fingerprinting computers to gather…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

Iranian attacks on US critical infrastructure puts 3,900 devices in crosshairs

The fallout and potential exposure from Iran’s state-backed targeting of U.S. critical infrastructure extends to more than 5,200 internet-connected devices, researchers at Censys said in a threat intelligence brief Wednesday.   Of the programmable logic controllers manufactured by Rockwell Automation/Allen-Bradley that Censys identified as  potentially exposed to Iranian government attackers, nearly 3,900, or about 3 out…

Read more →

AI, Apps, china, Cybersecurity, Exploits, Global Security News, Government & Policy

Why is the timeline to quantum-proof everything constantly shrinking?

When Google announced last month it was moving up its own internal timeline for migrating to quantum-resistant forms of encryption, it started a broader conversation in the cybersecurity and cryptography communities: Just what was pushing one of the largest tech companies in the world to significantly accelerate its adoption of post-quantum protections for its systems,…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Russia

Malicious PDF reveals active Adobe Reader zero-day in the wild

Hackers used an Adobe Reader zero-day for months. Researcher Haifei Li found a malicious PDF and asks the community to help analyze it. Hackers used an Adobe Reader zero-day for months to deliver a sophisticated PDF exploit. Cybersecurity researcher Haifei Li, founder of Expmon, discovered the malicious file and warned the community. On March 26,…

Read more →

AI, Cybersecurity, Endpoint, Exploits, Global Security News, Government & Policy, malware, Russia

Inside the FBI’s router takedown that cut off APT28’s ‘tremendous access’

The recent FBI-led operation to knock Russian government hackers off routers sought to topple an especially insidious and threateningly contagious cyberespionage campaign, top bureau cyber official Brett Leatherman told CyberScoop. Researchers, along with U.S. and foreign government agencies, revealed details of the campaign this week by which APT28 — also known as Forest Blizzard or…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management, Russia

Adobe Acrobat Reader Zero Day Exploited in Active PDF Attacks

Attackers have been exploiting a zero-day vulnerability in Adobe Acrobat Reader for months, using malicious PDF files to silently steal data and potentially take over victim systems. Active since at least Dec. 2025, the campaign highlights how a seemingly routine document can serve as an effective entry point for system compromise. This exploit “allows the…

Read more →

AI, Exploits, Global Security News, malware, Network Security

Masjesu botnet targets IoT devices while evading high-profile networks

Masjesu is a stealthy DDoS-for-hire botnet targeting IoT devices, active since 2023 and designed to stay hidden by avoiding high-profile networks. Masjesu is a stealthy botnet active since 2023, advertised as a DDoS-for-hire service. It targets IoT devices like routers and gateways, spanning multiple architectures. Designed for persistence, it executes carefully, avoiding high-profile IP ranges…

Read more →

AI, Endpoint, Exploits, Global Security News, malware, Network Security

Datto RMM Exploited in Phishing Attack, Researchers Warn

Security researchers have uncovered an active phishing campaign that abuses Datto’s remote monitoring and management platform, CentraStage, as a command-and-control channel, giving attackers full interactive control over compromised systems while flying under the radar of traditional security defenses. Phishing campaign delivers remote access trojan via fake files The campaign, tracked by the Fortra Intelligence and…

Read more →

AI, APAC, Exploits, Global Security News, malware

Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197)

In the latest demonstration of how AI assistants can help with bug hunting, Horizon3.ai researcher Naveen Sunkavally used Claude to unearth CVE-2026-34197, a remote code execution vulnerability in Apache ActiveMQ that’s been introduced in the codebase 13 years ago. The vulnerability was patched in late March 2026 and there’s currently no indication that it is…

Read more →

AI, Exploits, Global Security News

Mallory brings contextual threat intelligence to security operations

Mallory is launching an AI-native threat intelligence platform, purpose-built to answer the questions CISOs and their teams are asking every day: What are the real threat vectors for our organization? What’s actually exploitable in our environment right now? What should we proactively fix? The platform monitors thousands of threat sources, contextualizes them against your actual…

Read more →

AI, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, privacy, Risk Management

Weak at the seams

Before I ever held a security title, I was a software engineer implementing vertically integrated automation systems for industrial manufacturing, warehouse-scale conveyor networks, robotic material handling, physical infrastructure controlled by software on increasingly connected networks. I learned early that tightly coupled systems produce tightly coupled failures. When a single software fault could halt a distribution…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

GrafanaGhost Flaw Allows Silent Data Exfiltration

A vulnerability called GrafanaGhost allows attackers to quietly extract sensitive data from Grafana environments without user interaction or traditional compromise techniques.  Discovered by researchers at Noma Security, the flaw highlights how AI-driven features can introduce new, difficult-to-detect attack paths in widely used platforms. “Across ForcedLeak, GeminiJack, DockerDash, and now GrafanaGhost, we keep seeing the same…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

Don’t just fight fraud, hunt it

Our nation has entered a new fraud arms race fueled by AI. With billions of dollars in fraud losses mounting in both the private and public sectors, it’s clear the old ways of deterring fraud aren’t working. That’s why we need a new playbook that starts with understanding how fraudsters operate, evolving our defenses, and…

Read more →

AI, Compliance, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, Politics, Risk Management

How Phishing Is Targeting Germany’s Economy: Active Threats from Finance to Manufacturing

Germany’s economy is a precision machine: finance fuels it, manufacturing builds it, telecom connects it, IT optimizes it, and healthcare sustains it. The country sits at the crossroads of industrial power and digital transformation, making it irresistibly attractive to attackers. In this article, we explore real-world attacks targeting five critical German industries, analyzed by ANY.RUN’s analysts using Interactive…

Read more →

AI, Cybersecurity, Exploits, Global Security News

Acrobat Reader zero-day exploited in the wild for many months

Unknown attackers have exploited a zero-day Adobe Acrobat Reader vulnerability since November 2025 and possibly even earlier, security researcher Haifei Li has discovered. PDF files carry the exploit Haifei Li is one of the creators of EXPMON, a sandbox-based cybersecurity system for detecting advanced file-based exploits. It does so by analyzing suspicious files submitted through…

Read more →

AI, Exploits, Global Security News

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2025. The finding, detailed by EXPMON’s Haifei Li, has been described as a highly-sophisticated PDF exploit. The artifact (“Invoice540.pdf”) first appeared on the VirusTotal platform on November 28, 2025. A second 

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management

Patch windows collapse as time-to-exploit accelerates

The gap between vulnerability disclosure and exploitation is drastically decreasing, putting security teams’ patching practices on notice. According to Rapid7’s latest Cyber Threat Landscape Report, confirmed exploitation of newly disclosed high- and critical-severity vulnerabilities (CVSS 7-10) increased 105% year to 146 in 2025, up from 71 in 2024. Moreover, the median time from vulnerability publication…

Read more →

AI, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, privacy, Risk Management

Weak at the seams

Before I ever held a security title, I was a software engineer implementing vertically integrated automation systems for industrial manufacturing, warehouse-scale conveyor networks, robotic material handling, physical infrastructure controlled by software on increasingly connected networks. I learned early that tightly coupled systems produce tightly coupled failures. When a single software fault could halt a distribution…

Read more →

AI, Europe, Exploits, Global Security News, malware, Network Security, Risk Management

Internet-Exposed ICS Devices Raise Alarm for Critical Sectors

Exposed ICS devices and insecure protocols like Modbus increase risks to critical infrastructure, enabling disruption, data access, and potential sabotage. Malware targeting industrial control systems (ICS) poses a serious risk to critical infrastructure, with threats like Stuxnet, Industroyer, Triton, Havex, and BlackEnergy already demonstrating the ability to disrupt operations, cause outages, and even inflict physical…

Read more →

AI, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management

U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Ivanti EPMM, tracked as CVE-2026-1340 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. The critical vulnerability is a code injection in Ivanti Endpoint Manager Mobile…

Read more →

AI, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia

Russia-linked APT28 uses PRISMEX to infiltrate Ukraine and allied infrastructure with advanced tactics

APT28 targets Ukraine and allies with PRISMEX malware, using stealthy techniques for espionage and command-and-control. Russia-linked group APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) is running a spear-phishing campaign against Ukraine and its allies, deploying a new malware suite called PRISMEX. Active since September 2025, the campaign uses advanced stealth techniques like steganography and…

Read more →

AI, APAC, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

Anthropic’s AI Push Signals Major Shift for Channel Partners

Anthropic is rapidly scaling both the infrastructure and security footprint of its AI business, signaling a shift that could reshape how enterprises—and their channel partners—approach both compute and cyber risk. The company this week announced a massive expansion of TPU capacity through Google and Broadcom while simultaneously launching Project Glasswing, a sweeping industry collaboration aimed…

Read more →

AI, APAC, Compliance, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, malware

TeamPCP Supply Chain Campaign: Update 007 – Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory, (Wed, Apr 8th)

This is the seventh update to the TeamPCP supply chain campaign threat intelligence report, “When the Security Scanner Became the Weapon” (v3.0, March 25, 2026). Update 006 covered developments through April 3, including the CERT-EU European Commission breach disclosure, ShinyHunters’ confirmation of credential sharing, Sportradar breach details, and Mandiant’s quantification of 1,000+ compromised SaaS environments. This update consolidates five…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

Iranian Threat Actors Target U.S. Critical Infrastructure

A new federal cybersecurity alert is raising alarms across critical infrastructure sectors, as Iranian-affiliated threat actors actively target programmable logic controllers (PLCs) in the United States.  The campaign, confirmed by multiple federal agencies, has already caused operational disruptions and financial losses — marking a notable escalation in cyber activity against industrial environments. “The most notable…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management

API Security Risks Rise as AI Adoption Accelerates

As organizations deploy autonomous agents and generative AI tools at scale, APIs have become a backbone of modern operations — introducing a growing attack surface. Enterprises are rapidly embracing AI and API-driven architectures, but a new report from Salt Security reveals that security is struggling to keep up. “The future of AI will not be…

Read more →

AI, Apps, Exploits, Global Security News, Network Security

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

Threat actors have found a way to inject arbitrary JavaScript into the Flowise low-code platform for building custom LLM and agentic systems. The code injection was possible due to a design oversight, rated at max-severity, in the platform’s custom MCP node, which acts as a plug-in connector for an application’s AI agent to talk to…

Read more →

AI, china, Cybersecurity, Exploits, Funding, Global Security News, Government & Policy, Network Security, Risk Management

Project Glasswing powered by Claude Mythos: defending software before hackers do

Anthropic unveiled Claude Mythos, a powerful AI for cybersecurity that could also be misused to enhance cyberattacks. Anthropic has unveiled Claude Mythos, a new AI model designed to strengthen cybersecurity through Project Glasswing, aiming to secure critical software before it can be abused. Interest in Mythos grew after a leak of nearly 3,000 internal files…

Read more →

AI, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia

Forest Blizzard leverages router compromises to launch AiTM attacks, target Outlook sessions

Russian threat actor Forest Blizzard has been exploiting unsecured home and small-office internet equipment, such as routers, to redirect traffic through attacker-controlled DNS servers. The group has leveraged this DNS hijacking activity to support post-compromise adversary-in-the-middle (AiTM) attacks on Transport Layer Security (TLS) connections, targeting Microsoft Outlook on the web domains, according to a Microsoft…

Read more →

AI, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia

Forest Blizzard leverages router compromises to launch AiTM attacks, target Outlook sessions

Russian threat actor Forest Blizzard has been exploiting unsecured home and small-office internet equipment, such as routers, to redirect traffic through attacker-controlled DNS servers. The group has leveraged this DNS hijacking activity to support post-compromise adversary-in-the-middle (AiTM) attacks on Transport Layer Security (TLS) connections, targeting Microsoft Outlook on the web domains, according to a Microsoft…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

The zero-day timeline just collapsed. Here’s what security leaders do next

A zero-day is not frightening because it is sophisticated. It is frightening because it is unknown. There is no patch in the moment it matters most. That single condition undermines the comfort most security programs rely on: time. In the past, attackers didn’t need zero-days because they relied on predictable failures in patching and credential…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

The zero-day timeline just collapsed. Here’s what security leaders do next

A zero-day is not frightening because it is sophisticated. It is frightening because it is unknown. There is no patch in the moment it matters most. That single condition undermines the comfort most security programs rely on: time. In the past, attackers didn’t need zero-days because they relied on predictable failures in patching and credential…

Read more →

AI, Apps, Compliance, Exploits, Global Security News, Risk Management

Microsoft’s new Agent Governance Toolkit targets top OWASP risks for AI agents

Microsoft has quietly introduced the Agent Governance Toolkit, an open-source project designed to monitor and control AI agents during execution as enterprises try to move them into production workflows. The toolkit, which is a response to the Open Worldwide Application Security Project’s (OWASP) emerging focus on AI and LLM security risks, adds a runtime security…

Read more →

AI, Apps, Compliance, Exploits, Global Security News, Risk Management

Microsoft’s new Agent Governance Toolkit targets top OWASP risks for AI agents

Microsoft has quietly introduced the Agent Governance Toolkit, an open-source project designed to monitor and control AI agents during execution as enterprises try to move them into production workflows. The toolkit, which is a response to the Open Worldwide Application Security Project’s (OWASP) emerging focus on AI and LLM security risks, adds a runtime security…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

U.S. agencies alert: Iran-linked actors target critical infrastructure PLCs

U.S. agencies warn Iran-linked threat actors are targeting internet-exposed PLCs used in critical infrastructure networks. U.S. agencies, including the FBI and CISA, warn that Iran-linked hackers are targeting internet-exposed Rockwell/Allen-Bradley PLCs used in critical infrastructure. The agencies published a joint advisory involving multiple federal organizations. “Iran-affiliated advanced persistent threat (APT) actors are conducting exploitation activity…

Read more →

AI, Exploits, Global Security News

Anthropic’s new AI model finds and exploits zero-days across every major OS and browser

Automated vulnerability discovery tools have existed for decades, and the gap between finding a bug and building a working exploit has always slowed attackers. That gap is now substantially narrower. Anthropic’s Claude Mythos Preview, a new general-purpose language model being made available only to a limited group of critical industry partners and open source developers,…

Read more →

AI, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, Russia

Feds quash widespread Russia-backed espionage network spanning 18,000 devices

Russian state-sponsored attackers compromised more than 18,000 routers spread across more than 120 countries to gain deeper access to sensitive networks for a large-scale espionage campaign before it was recently neutralized, researchers and authorities said Tuesday. Forest Blizzard, also known as APT28 and Fancy Bear, exploited known vulnerabilities to steal credentials for thousands of TP-Link…

Read more →

AI, APAC, Cybersecurity, Exploits, Funding, Global Security News, Network Security, Risk Management

What Anthropic Glasswing reveals about the future of vulnerability discovery

AI giant Anthropic has unveiled Project Glasswing, a cybersecurity initiative built around Claude Mythos Preview, a model it describes as “cybersecurity in the age of AI” that can autonomously identify software vulnerabilities at scale. Rather than release the model publicly, Anthropic is restricting access to a closed consortium of more than 40 companies that includes…

Read more →

AI, Apps, Compliance, Cybersecurity, Endpoint, Exploits, Global Security News

Fortinet releases emergency hotfix for FortiClient EMS zero-day flaw

Hackers have been exploiting a critical vulnerability in FortiClient Endpoint Management Server (FortiClient EMS) since at least the end of March. Fortinet has published an advisory and released an emergency hotfix that can be applied to affected deployments until a patched version can be released. The vulnerability, now tracked as CVE-2026-35616, allows unauthenticated attackers to…

Read more →

AI, Apps, Exploits, Global Security News, Network Security, Risk Management

Attackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution

Attackers are exploiting a critical Flowise flaw, tracked as CVE-2025-59528 (CVSS score of 10), that lets them run malicious code and access systems due to poor validation of user-supplied JavaScript. Attackers are actively exploiting a critical vulnerability in Flowise, tracked as CVE-2025-59528, that allows remote code execution and file system access. The flaw stems from improper validation…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

5 practical steps to strengthen attack resilience with attack surface management

Every asset you manage expands your attack surface. Internet‑facing applications, cloud workloads, credentials, endpoints, and third‑party integrations all represent potential entry points for attackers. As environments grow more distributed, that exposure expands faster than most security teams can track manually. Attack surface management (ASM) helps answer a critical question for IT security teams: What can…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management

5 steps to strengthen supply chain security and improve cyber resilience

Supply chain attacks have rapidly become one of the most damaging and difficult threats facing IT and security teams. When an adversary compromises a trusted vendor, software component, cloud service, or MSP tool, they bypass traditional defenses and enter through the front door. For organizations managing distributed environments, and for MSPs supporting dozens or hundreds…

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

5 ways to strengthen identity security and improve attack resilience

Identity compromise has become one of the most effective ways for attackers to infiltrate business systems. Firewalls, endpoint protection, and monitoring tools mean little once an attacker logs in using valid credentials. For MSPs and corporate IT teams, strengthening identity security and enforcing least privilege access are two of the most powerful ways to reduce…

Read more →

AI, Apps, Cloud Security, Compliance, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

Building AI defenses at scale: Before the threats emerge

At AWS, we’ve spent decades developing processes and tools that enable us to defend millions of customers simultaneously, wherever they operate around the world. Every day, our security and threat intelligence teams are doing work with AI and automation that most people never see. Our AI-powered log analysis system has reduced the time SecOps engineers…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, malware

Iranian hackers launching disruptive attacks at U.S. energy, water targets, feds warn

Iranian government hackers are launching disruptive cyberattacks on American energy and water infrastructure, U.S. government agencies “urgently” warned Tuesday. The hackers are taking aim at devices and systems that control industrial processes, and have harmed victims in the last month following the onset of U.S.-Israel strikes against Iran, according to the joint alert from the…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management

NomShub Vulnerability Chain Exposes Hidden Risks in AI Coding Tools

A vulnerability chain in an AI-powered code editor is raising alarms about how autonomous developer tools can be turned against their users.  Dubbed NomShub, the flaw allows attackers to gain persistent shell access simply by luring a developer into opening a malicious repository — no traditional exploit required. “When an AI agent can execute shell…

Read more →

AI, Exploits, Global Security News, Government & Policy, malware, Network Security, Russia

Russia Hacked Routers to Steal Microsoft Office Tokens

Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code. Microsoft…

Read more →

AI, Exploits, Global Security News, Russia

Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign

The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under their control as part of a cyber espionage campaign since at least May 2025. The large-scale exploitation campaign has been codenamed 

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware

Cybercrime losses jumped 26% to $20.9 billion in 2025

Cybercrime remains a booming business.  Annual cybercrime losses amounted to almost $20.9 billion last year, reflecting a 26% increase from 2024, the FBI’s Internet Crime Complaint Center (IC3) said in its annual report Tuesday. The comprehensive study exposes a worsening digital crime environment that is driving financial losses, with momentum moving in the wrong direction…

Read more →

AI, Exploits, Global Security News, Russia

Russian hackers hijack internet traffic using vulnerable routers

The Russian state cyber group APT28 has been compromising routers to hijack web traffic and spy on victims, the UK’s The National Cyber Security Centre (NCSC) has warned. Attackers are exploiting vulnerable routers to alter DHCP and DNS settings, redirecting traffic through servers they control. “We assess that APT28 is almost certainly the Russian General…

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, Risk Management

‘GrafanaGhost’ bypasses Grafana’s AI defenses without leaving a trace

Security researchers at Noma Security have disclosed a new vulnerability they are calling GrafanaGhost, an exploit capable of silently stealing sensitive data from Grafana environments by chaining multiple security bypasses, including a method that circumvents the platform’s AI model guardrails without requiring any user interaction. Grafana is widely deployed across enterprise organizations as a central…

Read more →

AI, china, Data Breaches, Exploits, Global Security News, Network Security

Fast-moving Storm-1175 uses new exploits to breach networks and drop Medusa

China-based actor Storm-1175 runs fast ransomware attacks, exploiting new flaws to breach systems and quickly deploy Medusa ransomware. China-based actor Storm-1175 carries out fast, financially driven ransomware attacks by exploiting newly disclosed vulnerabilities before organizations patch them. The group targets exposed systems and quickly moves from initial access to data theft and Medusa ransomware deployment,…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

Docker Flaw (CVE-2026-34040) Lets Attackers Bypass Security Controls and Take Over Hosts

A vulnerability in Docker Engine allows attackers to bypass authorization controls and potentially gain full access to host systems.  Cyera researchers found that the flaw affects a core security mechanism relied on by organizations to enforce container policies. “This research shows that a lot of foundational infrastructure is still carrying old bug classes in places…

Read more →

AI, Apps, Exploits, Global Security News, Network Security, Risk Management

Zero‑click Grafana AI attack can enable enterprise data exfiltration

Indirect prompt injection is possible on AI-powered dashboards, allowing exfiltration of sensitive enterprise data without user authentication. Security researchers are warning about a critical Grafana issue, dubbed GrafanaGhost, that allows attackers to leak sensitive data from Grafana environments, including financial metrics, infrastructure health data, private customer data, and operational logs, among others. Noma Security disclosed…

Read more →

AI, Exploits, Global Security News

Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign

An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet. “A purpose-built Python scanner continuously sweeps major cloud IP ranges for vulnerable targets, automatically installing malicious nodes via ComfyUI-Manager if no exploitable node is already

Read more →

AI, Exploits, Global Security News

AI-enabled device code phishing campaign exploits OAuth flow for account takeover

A phishing campaign that bypasses the standard 15-minute expiration window through automation and dynamic code generation, leveraging the OAuth Device Code Authentication flow to compromise organizational accounts at scale, has been observed by the Microsoft Defender Security Research team. The campaign uses AI-assisted infrastructure and end-to-end automation. Attack overview Device Code Authentication is a legitimate…

Read more →