Geek-Guy.com

Category: Exploits

Explore the latest software exploits, zero-day vulnerabilities, and security PoCs. Geek-Guy provides expert analysis on emerging threats and how to stay protected.

Exploits, Global Security News

Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws

Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. Topping the list is a critical flaw impacting Ivanti Xtraction (CVE-2026-8043, CVSS score: 9.6) that could be exploited to achieve information disclosure or client-side attacks. “External control of…

Read more →

AI, Apps, Compliance, Data Breaches, Exploits, Global Security News, malware, Risk Management

The Canvas breach proved that prevention is no longer enough

Earlier this month, ShinyHunters breached Instructure’s Canvas platform twice within a single week — stealing 3.65 terabytes of data from approximately 275 million users across more than 8,000 institutions. The group defaced login pages at hundreds of schools during final exam periods, forced Canvas offline, and extracted a ransom payment before Congress opened a formal…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Risk Management

Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix

MiniPlasma: a Windows SYSTEM privilege escalation believed patched in 2020 (CVE-2020-17103) is still fully working on every patched Windows 11. Once again, security researcher Chaotic Eclipse has released a proof-of-concept exploit for a new Windows privilege escalation zero-day called MiniPlasma, which can grant attackers SYSTEM privileges on fully patched systems. The flaw affects “cldflt.sys,” the…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Risk Management

Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945

A critical NGINX flaw (CVE-2026-42945) is actively exploited, allowing crashes or possible code execution via malicious HTTP requests. A critical vulnerability in NGINX Plus and NGINX Open, tracked as CVE-2026-42945 (CVSS v4 score of 9.2), is already being actively exploited shortly after disclosure. “We’re seeing active exploitation of CVE-2026-42945 in F5 NGINX, a heap buffer…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Risk Management

Optiv: AI is Reshaping the MDR Security Approach for Partners

Cybersecurity is fundamentally different today from many other industries being disrupted by AI. Defenders are constantly facing active adversaries, and AI has only intensified these threats. Many sectors are focused on AI-driven efficiency and automation, while cybersecurity teams must simultaneously defend against attackers who are rapidly adopting AI-powered tooling. In a conversation with Benjamin Spencer,…

Read more →

AI, Exploits, Global Security News, Risk Management

AI shrinks vulnerability exploitation window to hours

Time has become organizations’ biggest vulnerability because the gap between vulnerability discovery and exploitation has narrowed to hours, according to Synack’s 2026 State of Vulnerabilities Report. Total vulnerabilities by severity (2022-2025) (Source: Synack) AI expands the attack surface Agentic AI systems that act autonomously across systems introduce new risks that require human expertise to identify…

Read more →

AI, Exploits, Global Security News, malware

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter JDownloader site hacked to replace installers with Python RAT malware     New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps   Threat Actor Mr_Rot13 Actively Exploits CVE-2026-41940 for Backdoor Deployment   Operation…

Read more →

AI, APAC, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, Russia

Security Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Attackers exploit Funnel Builder bug to inject e-skimmers into e-stores Pwn2Own Berlin 2026, Day Three: DEVCORE…

Read more →

AI, Endpoint, Exploits, Global Security News, malware

Attackers exploit Funnel Builder bug to inject e-skimmers into e-stores

Attackers are exploiting a critical flaw in the WordPress Funnel Builder plugin to inject skimming code into WooCommerce checkout pages. A critical vulnerability in the WordPress Funnel Builder plugin is being actively exploited to inject malicious JavaScript into WooCommerce checkout pages, according to Sansec researchers. Funnel Builder by FunnelKit is a checkout and upsell plugin…

Read more →

AI, Exploits, Global Security News

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in ngx_http_rewrite_module affecting NGINX versions 0.6.27 through 1.30.0. According to AI-native security company depthfirst, the

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security

Week in review: Cisco patches SD-WAN 0-day, unpatched Microsoft Exchange Server flaw exploited

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Review: Foundations of Cybersecurity, 2nd edition Jason Andress has refreshed his introductory security text for No Starch Press. He writes in the introduction that the term security now extends past data center servers to cloud resources, mobile devices, the Internet…

Read more →

AI, Exploits, Global Security News

Pwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million Total

Pwn2Own Berlin 2026 ended with 47 zero-days and $1.29M in payouts, as DEVCORE dominated the competition across all categories. Pwn2Own Berlin 2026 ended after three intense days, with participants discovering 47 unique zero-days, and earning $1,298,250 in total payouts. Pwn2Own Berlin 2026 wrapped up at OffensiveCon on Saturday with a final day that sealed DEVCORE’s…

Read more →

AI, china, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-42897 (CVSS score of 8.1), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Microsoft warned that threat actors are…

Read more →

AI, Exploits, Global Security News

Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goal of stealing payment data. Details of the activity were published by Sansec this week. The vulnerability currently does not have an official CVE identifier.…

Read more →

AI, Exploits, Global Security News, Risk Management

Pwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900K

Day two of Pwn2Own Berlin 2026 saw $385,750 earned for 15 zero-days, bringing the total to $908,750 and 39 vulnerabilities over two days. During the second day of Pwn2Own Berlin 2026, security researchers earned $385,750 after successfully demonstrating 15 unique zero-day vulnerabilities affecting products such as Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, Risk Management

Exchange Server zero-day vulnerability can be triggered by opening a malicious email

A newly discovered zero-day vulnerability in Microsoft Exchange Server has experts declaring an emergency and urging CSOs to think about the need to abandon on-premises email solutions. “Because it’s already being exploited in the wild, this isn’t a ‘patch next week situation; it’s a ‘mitigate right now’ emergency,” warned Rob Enderle of the Enderle Group.…

Read more →

AI, Compliance, Exploits, Global Security News, privacy, Risk Management

Here’s how the FTC plans to enforce the Take It Down Act

The Federal Trade Commission is set to begin enforcing a key provision of the Take Down Act on May 19, requiring websites and online services to remove nonconsensual deepfake media within 48 hours after a victim’s notice—or risk fines and FTC investigation. The law, passed by Congress last year, allowed law enforcement to immediately prosecute…

Read more →

AI, APAC, Apps, Endpoint, Exploits, Global Security News, Network Security, Risk Management

For May, Patch Tuesday means 139 updates — but no zero-days

Microsoft this week released 139 updates affecting Windows, Office, .NET, and SQL Server (though there were no updates for Microsoft Exchange Server). Despite the absence of zero-days, the May Patch Tuesday update still requires Patch Now recommendations for Windows and Office.  The combination of three unauthenticated network RCEs (Netlogon, DNS Client, and SSO Plugin for…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security

Cisco zero-day under ongoing attack by persistent threat group

Attackers returned once again to a common target with a massive user base by exploiting a max-severity zero-day vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager. The threat group behind the “limited” number of attacks Cisco is aware of thus far are also linked to a series of previously disclosed vulnerabilities in the vendor’s firewalls…

Read more →

AI, Exploits, Global Security News, malware, Network Security, Risk Management

CVE-2026-20182: Critical Authentication Bypass in Cisco SD-WAN Can Grant Admin Access

A vulnerability affecting Cisco Catalyst SD-WAN Controller has drawn urgent attention after Cisco, Rapid7, and CISA confirmed active exploitation. CVE-2026-20182 is a critical authentication bypass flaw in Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager that carries a CVSS 10.0 score and can let an unauthenticated remote attacker gain administrative privileges on an affected…

Read more →

AI, china, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day

Microsoft warned that attackers are exploiting a new Exchange Server zero-day vulnerability, tracked as CVE-2026-42897, in the wild. Microsoft warned that threat actors are actively exploiting a new Exchange Server zero-day vulnerability tracked as CVE-2026-42897 (CVSS score 8.1). The vulnerability is an improper neutralization of input during web page generation (‘cross-site scripting’) in Microsoft Exchange…

Read more →

AI, Exploits, Global Security News

CVE-2026-42897: Exchange Server OWA Spoofing Flaw Exploited via Crafted Email

Microsoft has disclosed a vulnerability impacting on-premise versions of Exchange Server that is already seeing active exploitation in the wild. Tracked as CVE-2026-42897, the issue carries a CVSS score of 8.1 and affects Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition, while Exchange Online is not impacted. Microsoft describes it as a…

Read more →

AI, Exploits, Global Security News

Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182)

Cisco has patched yet another Catalyst SD-WAN Controller authentication bypass vulnerability (CVE-2026-20182) that has been exploited as a zero-day by “a highly sophisticated cyber threat actor”. About CVE-2026-20182 CVE-2026-20182 – affecting both Cisco Catalyst SD-WAN Controller (the “brain” of the Cisco Catalyst SD-WAN solution) and Cisco Catalyst SD-WAN Manager (the management plane for the entire…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware, Risk Management

Cybersecurity Insider Survey: AI Is Fueling a New Generation of Threat Actors

Artificial intelligence continues reshaping the cybersecurity landscape, and many security professionals now believe it is also helping create a more capable generation of cybercriminals.  We recently surveyed thousands of subscribers to the Cybersecurity Insider newsletter and asked a simple but important question: Is AI creating a new generation of skilled threat actors? Key Takeaways of…

Read more →

AI, Apps, Exploits, Global Security News, Network Security, Risk Management

Illicit Enterprise: An Anatomy of the Modern Underground Phishing Marketplace

Just as cyber threats have grown more complex and foreboding, the underground phishing marketplace which makes such attacks possible has profoundly evolved.  No longer a Craigslist-styled hodgepodge of products and services, marketplace forums have emerged as complete criminal ecosystems that function as not only distribution points for resources, but as labor exchanges to recruit and…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security

Cisco warns of an actively exploited SD-WAN flaw with max severity

Cisco has disclosed a max-severity authentication bypass vulnerability affecting its Catalyst SD-WAN Controller and Catalyst SD-WAN Manager platforms, warning that the flaw has already been found to be exploited in the wild. The disclosure follows an earlier authentication bypass vulnerability that Cisco patched in February. In the latest advisory, the company said the new flaw…

Read more →

Exploits, Global Security News, Network Security

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)

A critical cross-site scripting (XSS) vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursday. A permanent fix is still in the works. In the meantime, Microsoft provided temporary mitigations. About CVE-2026-42897 CVE-2026-42897 affects on-premises versions of Microsoft Exchange Server: Subscription Edition RTM, 2019, and 2016. Exchange Online is not…

Read more →

AI, Exploits, Global Security News

Rocky Linux launches opt-in security repository for urgent fixes

Rocky Linux has introduced a Security Repository that allows the distribution to ship urgent security fixes ahead of upstream Enterprise Linux when public exploit code exists and upstream patches are unavailable. “The repository is disabled by default. That’s intentional. The default Rocky Linux experience stays exactly what it has always been: predictable, stable, and fully…

Read more →

AI, APAC, Compliance, Cybersecurity, Europe, Exploits, Global Security News, Network Security, Risk Management

EU’s Cyber Resiliency Act will put IT leaders to the test

Unlike most cyber security regulations, the EU’s Cyber Resilience Act is about product safety rather than processes or certification, extending the CE mark from the physical side of products to software, firmware, backend services, and anything with a network connection. It encodes existing best practices, enforces minimum product support lifecycles, and could mean developing stronger…

Read more →

AI, Exploits, Global Security News

Researchers uncover YellowKey and GreenPlasma Windows Zero-Days

Researchers disclosed two new Windows zero-days named YellowKey and GreenPlasma affecting BitLocker and the CTFMON framework. A security researcher known as Chaotic Eclipse, also called Nightmare-Eclipse, disclosed two new Windows zero-day vulnerabilities named YellowKey and GreenPlasma. The flaws affect BitLocker and the Windows Collaborative Translation Framework (CTFMON). YellowKey could allow attackers to bypass BitLocker protections,…

Read more →

AI, Exploits, Global Security News

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting…

Read more →

Cybersecurity, Exploits, Global Security News

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the issue by May 17, 2026. The vulnerability is a critical authentication bypass tracked as CVE-2026-20182. It’s

Read more →

AI, Cybersecurity, Exploits, Global Security News, Risk Management

Pwn2Own Berlin 2026, Day One: $523,000 paid out, AI products fall

Pwn2Own Berlin 2026 day one saw 22 entries and 24 zero-days across major software, with researchers earning $523,000 in total rewards. Day one of Pwn2Own Berlin 2026 featured 22 entries targeting widely used technologies, including browsers, operating systems, AI platforms, and NVIDIA infrastructure. By the end of the day, researchers demonstrated 24 unique zero-day vulnerabilities…

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, Network Security, Risk Management

AI agent finds 18-year-old remote code execution flaw in Nginx

Researchers have found a critical vulnerability in the widely used Nginx web server that can potentially lead to remote code execution under certain conditions. The flaw is a heap buffer overflow that has gone undetected in the program’s code for the past 18 years. Tracked as CVE-2026-42945, the vulnerability is one of 4 bugs found…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security, privacy, Risk Management

The Massive Canvas Cyberattack That Allegedly Ended in a Secret Deal With Hackers

The cyberattacks targeting Instructure’s Canvas learning management system unfolded as at least two distinct but likely connected operational phases that exposed the fragility of browser-based SaaS trust models inside modern educational infrastructure. What began in late April as a suspected cloud-platform compromise involving large-scale data exfiltration evolved by early May into a far more aggressive…

Read more →

AI, Exploits, Global Security News, Network Security

Meet Fragnesia, the third Linux kernel vulnerability in a month

Linux admins reeling from handling last month’s CopyFail and last week’s Dirty Frag kernel vulnerabilities have a new headache to deal with: Fragnesia. “This is a significant vulnerability,” Robert Beggs, head of incident response firm DigitalDefence, told CSO. “It is bypassing traditional filesystem permissions that are present and enforced (for example, ‘file is owned by…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

White House cyber official: identity security matters more than ever in the age of AI

As AI becomes more integrated into federal IT (and attacker toolsets) government agencies will need to focus their resources on regulating and monitoring the identities that access their network, a top White House cybersecurity official said Thursday. Nick Polk, branch director for federal cybersecurity in the Executive Office of the President, said that while AI…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

U.S. CISA adds a flaw in Cisco Catalyst SD-WAN  to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Cisco Catalyst SD-WAN to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Cisco Catalyst SD-WAN, tracked as CVE-2026-20182 (CVSS score of 10.0), to its Known Exploited Vulnerabilities (KEV) catalog. Cisco fixed CVE-2026-20182, a flaw in SD-WAN control…

Read more →

AI, Exploits, Global Security News, Network Security, Risk Management

Linux Kernel bug Fragnesia allows local root access attacks

Fragnesia, a new Linux kernel flaw tracked as CVE-2026-46300, could let local attackers gain root access through page cache corruption. Researchers disclosed a new Linux kernel privilege escalation vulnerability named Fragnesia, tracked as CVE-2026-46300 (CVSS score of 7.8). The flaw affects the XFRM ESP-in-TCP subsystem and could allow local attackers to gain full root access…

Read more →

AI, Exploits, Global Security News

Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access

Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks. The vulnerability, tracked as CVE-2026-20182, carries a CVSS score of 10.0. “A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly

Read more →

AI, Exploits, Global Security News, Risk Management

Broadcom releases VMware Fusion security update for root access bug

Broadcom patched a high-severity VMware Fusion flaw, CVE-2026-41702, that could let local attackers gain root privileges. Broadcom released a security update for VMware Fusion to address a high-severity vulnerability, tracked as CVE-2026-41702, that could allow local attackers to escalate privileges to root on affected systems. The flaw is a time-of-check time-of-use (TOCTOU) vulnerability affecting operations…

Read more →

AI, Exploits, Global Security News

CVE-2026-42945: 18-Year-Old NGINX Rewrite Flaw May Enable Unauthenticated RCE

Web infrastructure bugs remain especially dangerous when they sit in widely deployed request-handling logic for years without detection. Among the latest vulnerabilities impacting NGINX Plus and NGINX Open, the CVE-2026-42945 vulnerability stands out as an 18-year-old heap buffer overflow in ngx_http_rewrite_module that can be reached by an unauthenticated attacker through crafted HTTP requests and may…

Read more →

AI, Exploits, Global Security News, Network Security

CVE-2026-46300: Fragnesia Linux Kernel Flaw Grants Root via Page Cache Corruption

Local privilege-escalation bugs remain especially dangerous when they turn an ordinary user foothold into immediate root access. The CVE-2026-46300 vulnerability, nicknamed Fragnesia, is a high-severity Linux kernel flaw in the XFRM ESP-in-TCP subsystem that allows an unprivileged local attacker to write arbitrary bytes into the page cache of read-only files and escalate privileges. Public reporting…

Read more →

AI, Apps, Exploits, Global Security News

NGINX Rift: an 18-year-old flaw in the world’s most deployed web server just came to light

Researchers found a critical 18-year-old buffer overflow flaw in NGINX, tracked as CVE-2026-42945 and named NGINX Rift. If you run NGINX, and statistically speaking, there is a very good chance you do, this week brought news worth stopping for. Security researchers at depthfirst disclosed a critical heap buffer overflow vulnerability in both NGINX Plus and…

Read more →

AI, Compliance, Cybersecurity, Endpoint, Exploits, Global Security News, Risk Management

Fleet CEO: Faster Remediation Needs IT and Partner Support

Fleet has announced new autonomous endpoint management capabilities designed to help enterprises reduce vulnerability exposure windows from months to days, and in some cases, hours, as security teams face faster exploit development and growing pressure from AI-enabled threats. The San Francisco-based company said its platform now supports continuous patching and vulnerability exposure reporting across major…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, privacy, Risk Management

LATAM Under Siege: Agent Tesla’s 18-Month Credential Theft Campaign Against Chilean Enterprises

Credential theft malware rarely announces itself with ransomware-level noise. Instead, it operates like a silent siphon hidden inside everyday business workflows: invoices, payroll files, purchase orders, procurement requests. Agent Tesla campaigns are especially dangerous because they target the operational arteries of organizations, harvesting credentials that enable deeper compromise, business email compromise (BEC), financial fraud, cloud account takeover, and long-term…

Read more →

AI, Endpoint, Exploits, Global Security News

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of public disclosure. The vulnerability in question is CVE-2026-44338 (CVSS score: 7.3), a case of missing authentication that exposes sensitive endpoints to anyone, potentially allowing an attacker to invoke the

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management

PraisonAI vulnerability gets scanned within 4 hours of disclosure

A newly disclosed authentication bypass flaw in the open-source AI orchestration framework PraisonAI was probed by internet scanners less than four hours after its public disclosure. According to Sysdig observations, roughly three hours and 44 minutes after a GitHub advisory dropped, a scanner identifying itself as “CVE-Detector/1.0” was already looking through the exposed PraisonAI instances…

Read more →

AI, Exploits, Global Security News, Risk Management

How AI Hallucinations Are Creating Real Security Risks

AI hallucinations are introducing serious security risks into critical infrastructure decision-making by exploiting human trust through highly confident yet incorrect outputs. When an AI model lacks certainty, it doesn’t have a mechanism to recognize that. Instead, it generates the most probable response based on patterns in its training data, even if that response is inaccurate.…

Read more →

AI, Apps, china, Endpoint, Europe, Exploits, Global Security News, malware, Network Security, Russia

FamousSparrow targets Azerbaijani energy sector in multi-wave espionage campaign

Chinese-linked FamousSparrow repeatedly targeted an Azerbaijani oil and gas company, reusing the same entry point in three intrusions from Dec 2025 to Feb 2026. Chinese-linked threat actor FamousSparrow has conducted a sustained intrusion campaign against an Azerbaijani oil and gas company, returning to the same compromised entry point three separate times between late December 2025…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security

Researchers say AI just broke every benchmark for autonomous cyber capability

Two of the most advanced artificial intelligence models — Anthropic’s Claude Mythos Preview and OpenAI’s GPT-5.5 — have significantly surpassed the already-accelerating pace at which AI systems are completing autonomous cybersecurity tasks, according to separate findings published Wednesday by the United Kingdom’s AI Security Institute (AISI) and Palo Alto Networks. The AISI, which conducts pre-deployment…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News

Fortinet fixes two critical RCE flaws in FortiAuthenticator and FortiSandbox

Fortinet released a batch of patches across its products on Patch Tuesday, including two critical vulnerabilities that can lead to remote code execution. Fortinet flaws, both zero-day and n-day, have been exploited in the wild many times in the past, so companies should deploy patches as soon as possible. “Fortinet vulnerabilities are often attractive to…

Read more →

AI, Exploits, Global Security News, Network Security

Microsoft Patch Tuesday for May 2026 fix 138 bugs, some of them are alarming

Microsoft’s May 2026 Patch Tuesday fixed 138 flaws, including 30 critical bugs, across Windows, Office, Azure, Edge, SQL Server, and more. Microsoft’s May 2026 Patch Tuesday patched 138 vulnerabilities in a single release. That is a number that gives pause even for people accustomed to these cycles. The affected products span virtually the entire Microsoft…

Read more →

AI, Compliance, Exploits, Global Security News, Network Security, Risk Management

Weaponized AI: The new frontier of fraud and identity spoofing

Today’s enterprise executives are navigating a complex landscape of AI-driven challenges, but none is more urgent than the rapid escalation of AI-generated fraud. Fraudsters are weaponizing generative AI to automate impersonation and mass-produce synthetic identities at a scale and pace that is rendering enterprises’ long-standing defenses obsolete. This is no longer a slow-moving game of…

Read more →

AI, APAC, Cybersecurity, Exploits, Global Security News, Network Security

Cyberattack: First they come for Foxconn, then they come for you

Apple’s key manufacturing partner Foxconn has confirmed its US factories suffered a ransomware attack in recent days after the gang responsible claimed to have stolen 8TB of data from the company — including confidential Apple information. This isn’t the first attack to hit Foxconn, and such is the scale and value of the company that it is unlikely…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management

NVIDIA NemoClaw Research Highlights AI Sandbox Exfiltration Risks

Researchers at Lasso have found that sandboxing autonomous AI agents may not be enough to stop sensitive data theft after demonstrating multiple exfiltration techniques against NVIDIA’s NemoClaw and OpenShell environments.  The findings show how attackers can abuse trusted tools and approved outbound connections to quietly steal credentials, manipulate agent behavior, and maintain persistence inside AI…

Read more →

AI, Apps, china, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Politics, Risk Management, Venture

What happens when China’s AI catches up to Mythos?

The Trump-Xi summit opening in Beijing this week carries an agenda item unlike any in the history of US-China diplomacy: what to do about artificial intelligence that can autonomously find and exploit vulnerabilities in the world’s most critical software — and what happens when both superpowers have it. Anthropic’s Mythos Preview, released last month to…

Read more →

AI, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

Quest KACE SMA flaw CVE-2025-32975: when one unpatched tool opens the door to 60 organizations

CVE-2025-32975 is a critical flaw in Quest KACE SMA used for endpoint management. If exploited, it could impact all managed systems across organizations. CVE-2025-32975 is a critical flaw in Quest KACE SMA used for endpoint management. If exploited, it could impact all managed systems across organizations. Quest KACE SMA is an on-premises endpoint management platform…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, malware, Network Security, privacy

LW ROUNDTABLE: Microsoft Edge normalizes credential exposure — security pros push back

By design. Two words that have done an awful lot of heavy lifting in the cybersecurity industry over the years. They tend to surface whenever a vendor wants to wave off a serious finding without fixing it. Related: The unending password problem Microsoft just deployed them again. This time in response to a Norwegian researcher…

Read more →

AI, Cybersecurity, Endpoint, Exploits, Global Security News, malware

ClickFix finds a backup plan in PySoxy proxy chains

ClickFix, a one-shot social engineering technique that tricks victims into executing malicious workflows disguised as fixes to technical issues in their systems, has got a persistence upgrade. In a one-off instance, ReliaQuest researchers have spotted an intrusion chain using scheduled tasks, PowerShell-based command-and-control (C2), and a unique abuse of the decade-old open-source proxy tool PySoxy.…

Read more →

AI, Exploits, Global Security News, Network Security

Microsoft’s agentic security system found four critical Windows RCE flaws

Microsoft responded to growing competition in AI security by announcing that its new agentic security system helped researchers discover 16 new vulnerabilities in the Windows networking and authentication stack, including four critical remote code execution (RCE) flaws. MDASH architecture diagram (Source: Microsoft) Two of the four flaws — CVE-2026-40361 and CVE-2026-40364 — were deemed by…

Read more →

AI, Exploits, Global Security News, malware

Google entdeckt erstmals KI-basierten Zero-Day-Exploit

Willkommen im neuen, KI-geschwängerten Bedrohungszeitalter. Gorodenkoff / Shutterstock Die Google Threat Intelligence Group (GTIG) warnt davor, dass kriminelle Hacker mittlerweile KI einsetzen – sowohl, um Schwachstellen aufzuspüren, als auch um anschließend Malware zu entwickeln, die diese aktiv ausnutzt. Der Anlass: Im Rahmen der eingehenden Analyse einer Angriffskampagne prorussischer Hacker haben die Sicherheitsexperten nach eigenen Angaben…

Read more →

AI, Cybersecurity, Exploits, Global Security News

Critical Fortinet vulnerabilities fixed in FortiSandbox and FortiAuthenticator

Fortinet patched critical flaws in FortiSandbox and FortiAuthenticator that could let attackers remotely execute code on unpatched systems. Fortinet addressed two critical vulnerabilities affecting FortiSandbox and FortiAuthenticator. The flaws could allow attackers to execute arbitrary commands or code on unpatched systems. The first vulnerability, tracked as CVE-2026-44277, is an improper access control issue in FortiAuthenticator.…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management

May Patch Tuesday roundup: Critical holes in Windows Netlogon, DNS, and SAP S/4HANA

Critical vulnerabilities in Windows Server’s networking and identity infrastructure, as well as a serious hole in Microsoft Dynamics 365 on-premises version, highlight Microsoft’s May Patch Tuesday fixes. They are among the 118 vulnerabilities identified this month by the company. Some in cloud-based services like Azure and Microsoft Teams have already been fixed, so no admin…

Read more →

AI, Exploits, Global Security News, malware

Patch Tuesday, May 2026 Edition

Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers — including Apple, Google, Microsoft, Mozilla and Oracle — fixing near…

Read more →

AI, Apps, Exploits, Global Security News, malware, Network Security

‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack

A rapidly spreading malware campaign has infected hundreds of software packages across major open-source registries, embedding credential-stealing code into development tools downloaded millions of times a week. The attack, referred to as “mini Shai-Hulud,” targeted prominent software libraries, including TanStack, UiPath, and MistralAI. TanStack’s React Router package alone accounts for more than 12 million weekly…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management

AWS Security Agent full repository code scanning feature now available in preview

Today, we’re excited to announce the preview release of full repository code review, a new capability in AWS Security Agent that performs deep, context-aware security analysis of your entire code base. AI-driven cybersecurity capabilities are advancing rapidly. AWS Security Agent can now find vulnerabilities and build working exploits across your entire code base at a…

Read more →

AI, Apps, Exploits, Global Security News, Risk Management

Microsoft addresses 137 vulnerabilities in May’s Patch Tuesday, including 13 rated critical

Microsoft addressed another triple-digit batch of vulnerabilities cutting across its various enterprise products, components and underlying systems. Yet despite the high number of defects, the vendor reported no actively exploited zero-days in this month’s Patch Tuesday update. Thirteen of the 137 vulnerabilities Microsoft disclosed were assigned critical CVSS ratings, including a pair of vulnerabilities affecting…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security

Hackers accessed BWH Hotels reservation system for months

BWH Hotels says hackers accessed guest reservation data, including names and contacts, for over six months across multiple hotel brands. BWH Hotels disclosed a data breach, with threat actors having had access to guest reservation data for more than six months. The incident exposed names and contact details of an undisclosed number of guests. BWH…

Read more →

AI, APAC, Apps, Exploits, Global Security News

Microsoft May 2026 Patch Tuesday, (Tue, May 12th)

Today’s Microsoft patch Tuesday fixes 137 different vulnerabilities. In addition, the update addresses 137 Chromium-related issues affecting Microsoft Edge. There are no already disclosed or already exploited vulnerabilities included in today’s patches. I removed the Chromium issues from the table below and included only the 137 Microsoft issues to make it more readable. Note that issues…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management

Mistral AI SDK, TanStack Router hit in npm software supply chain attack

The TeamPCP threat group has pulled off another big supply chain attack which within a few hours this week was able to successfully compromise 170 Node Package Manager (npm) and PyPI packages. The attack affected the entire TanStack Router ecosystem (@tanstack) of 42 packages, a routing library hugely popular among React web application developers. Multiple…

Read more →

AI, Endpoint, Exploits, Global Security News, Risk Management

Extending Security to MCP Servers: Closing a Critical Gap

The Model Context Protocol (MCP) is a de facto standard for providing structured access to privileged systems for AI agents and external integrations. It acts as a USB-C port for AI, enabling faster innovation by allowing organizations to expose tools, resources, and workflows without the time-consuming work of building APIs.  Adoption has surged in recent…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management, Venture

What works against Mythos today is what worked against ransomware 5 years ago, and malware 10-15 years ago

Mythos completely changed the game, except, in most ways, it didn’t. It isn’t creating entirely new security problems, it simply makes existing problems much easier to exploit at scale. Yes, AI will increase breaches by making attacks faster and cheaper, but the way companies defend themselves hasn’t fundamentally changed. The organizations best prepared for AI-driven…

Read more →

AI, Exploits, Global Security News

Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940)

Security researchers at XLab have outlined an active attack campaign targeting CVE-2026-41940, the recently disclosed vulnerability in cPanel & WHM, and have linked it to a stealthy hacking group that has been operating largely undetected for years. The vulnerability allows an attacker to log into a cPanel server without a username or password, effectively handing…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

Palo Alto Networks Targets AI Identity Risks with Idira

Palo Alto Networks is expanding its identity security business with the launch of Idira, a platform designed to secure human users, machine identities, and autonomous AI agents as enterprises face growing identity-related cyber risk.  The company also named Oracle veteran Sonny Singh to lead the business, signaling a broader push around identity security for AI-driven…

Read more →

AI, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Risk Management

ThreatDown Expands Into Identity Security With ITDR Platform

ThreatDown on Tuesday announced the launch of its new Identity Threat Detection and Response (ITDR) platform, designed to help organizations detect and respond to attacks targeting user identities and credentials after authentication. The California-based cybersecurity vendor said the product is built to monitor suspicious identity activity across hybrid environments, including Microsoft Entra ID, Okta, and…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Risk Management

Attackers exploit cPanel CVE-2026-41940 to deploy Filemanager Backdoor

Attackers are exploiting cPanel flaw CVE-2026-41940 to install the Filemanager backdoor and gain unauthorized admin access. Cybercriminals are actively exploiting the critical cPanel vulnerability CVE-2026-41940 (CVSS score of 9.3) to deploy a backdoor called Filemanager on compromised servers. cPanel is a widely used web hosting control panel that lets users manage websites and servers through a…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Risk Management

cPanel flaw exposes enterprises to hosting supply-chain risks

A newly disclosed cPanel vulnerability is being exploited at scale, giving attackers a route into web hosting environments that many enterprises may not monitor closely. Analysts say the risk highlights weak visibility into hosting supply chains. The flaw, tracked as CVE-2026-41940, has been used to deploy backdoors, plant SSH keys, steal credentials, and compromise hosting…

Read more →

AI, Data Breaches, Exploits, Global Security News

Škoda confirms unauthorized access to its online shop

Car manufacturer Škoda discovered that attackers had exploited a vulnerability in its online shop software and gained temporary unauthorized access to the system. What happened? After discovering the incident, the company took the shop offline as a precautionary measure, fixed the vulnerability, referred the incident to a specialized IT forensics team for technical analysis, and…

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management, Russia

Developer workstations are the new beachhead

I spent the first week of April reading three separate threat intelligence reports that, on the surface, had nothing in common. One covered a North Korean campaign that had published over 1,700 malicious packages across five open-source ecosystems. Another detailed a malware operation using a Zig-compiled binary to silently infect every IDE on a developer’s…

Read more →