Geek-Guy.com

Category: Global Security News

AI, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

CISA tells agencies to patch smarter, not harder — foreshadowing broader industry practice

Security teams’ patching practices have come under intense pressure over the past year, as active exploitation is up, time-to-exploit windows are accelerating, and vulnerabilities have become attackers’ top initial access vector of choice. Last year, organizations fully remediated only 26% of the vulnerabilities that attackers were actively exploiting in the wild — down from 38%…

Read more →

AI, china, Data Breaches, Funding, Global Security News, Government & Policy, Network Security

OpenAI: ‘Likely’ Chinese influence operation tried to use ChatGPT to stir debate on data centers 

OpenAI’s threat intelligence team tracked what it believes are two distinct clusters of activity online from groups with ties to China and posting content seemingly designed to stoke anger around divisive topics like AI and data centers. The first, dubbed “Data Center Bandwagon,” used ChatGPT to create imagery and social media comments claiming data center…

Read more →

AI, Endpoint, Exploits, Global Security News, Network Security

Ivanti patches critical Sentry flaws that lead to full device takeover

IT software provider Ivanti fixed two vulnerabilities in Ivanti Sentry, a secure mobile gateway appliance formerly called MobileIron Sentry. The flaws could allow unauthenticated remote attackers to gain complete control of deployments. One of the vulnerabilities, CVE-2026-10523, credited to researcher Bryan Lam, allows attackers to bypass authentication and create arbitrary administrative accounts on appliances. The…

Read more →

AI, Apps, Cloud Security, Cybersecurity, Global Security News, Network Security, Risk Management

News alert: Cloud security report finds fragmented tools widening the cloud complexity gap

WASHINGTON, Jun. 10, 2026, CyberNewswire–The 2026 Cloud Security Report from Cybersecurity Insiders, produced in collaboration with Fortinet, finds that 69% of organizations cite tool sprawl and visibility gaps as the top factor limiting cloud security effectiveness. Based on a survey of 1,163 IT and cybersecurity professionals, the report shows the strain: 66% lack strong confidence…

Read more →

AI, Cybersecurity, Endpoint, Global Security News, Network Security, Risk Management

ConnectWise Platform Brings Predictive IT to MSPs

ConnectWise is making a substantial change to the way it wants customers to interact with its software stack. This week, the company unveiled the ConnectWise Platform, a new environment that pulls together PSA, RMM, cybersecurity, automation, orchestration, agentic AI, and third-party integrations.  ConnectWise introduces its Predictive IT platform The launch sits within a larger Predictive…

Read more →

Global Security News

PCI SSC Publishes New Guidance on Compensating Controls and the Customized Approach

The PCI Security Standards Council (PCI SSC) has released a new information supplement, PCI DSS v4.x: Guidance for Compensating Controls and the Customized Approach. The document provides practical guidance to help assessed entities and assessors navigate two options in PCI DSS v4.x that provide flexibility but are often misunderstood – the use of compensating controls…

Read more →

china, Cybersecurity, Global Security News, Network Security

China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance

Cybersecurity researchers have warned of a “resurgence and expansion” of JDY, a covert network associated with China-nexus state-sponsored threat actors. “The JDY botnet comprises over 1,500 SOHO [small office and home office] and IoT devices and operates as a centrally controlled, high-performance scanner used to discover, fingerprint, and continuously map exposed services at scale,” Lumen’s

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management

CISA directive orders agencies to prioritize vulnerability patching in a new way

The Cybersecurity and Infrastructure Security Agency on Wednesday ordered federal agencies to prioritize vulnerabilities based on four criteria, as part of push to “patch smarter, not harder.” Federal agencies should emphasize patches for vulnerabilities that affect a publicly exposed asset, allow an attacker to fully automate exploitation, give attackers the ability to take over control…

Read more →

Global Security News

Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities

Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI. It’s tracked as CVE-2026-25089 (CVSS score: 9.1). “An

Read more →

AI, Cybersecurity, Endpoint, Global Security News, Network Security, Venture

What Israeli dominance in cyber means for non-Israeli cybersecurity founders

Over the past five years, it surely feels like Israeli cybersecurity startups have taken over. The biggest exit of recent years – Wiz – is an Israeli company. CyberArk, acquired by Palo Alto Networks, is an Israeli company. Armis, which just exited to ServiceNow, is also an Israeli company. That is not to say that…

Read more →

AI, Apps, Exploits, Global Security News

Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE

A high-severity unpatched security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability in question is CVE-2026-5027 (CVSS score: 8.8), a case of path traversal that could allow an attacker to write files to arbitrary locations.…

Read more →

AI, APAC, Apps, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

June Patch Tuesday marks a ‘new normal’ with over 200 CVEs, 32 rated ‘critical’

June’s Patch Tuesday security updates have arrived, with SAP fixing four critical vulnerabilities and Microsoft addressing over 200 CVEs. Microsoft’s to-do list includes fixes for three zero days, 32 patches rated as ‘critical’, and a batch of other high-risk vulnerabilities that need urgent assessment. There’s also one older flaw under exploit, and some patches affecting…

Read more →

Cybersecurity, Exploits, Global Security News

CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation. The list of vulnerabilities is as follows – CVE-2026-20245 (CVSS score: 7.8) – An improper encoding or escaping of output vulnerability in Cisco Catalyst SD-WAN Manager that could allow…

Read more →

AI, Global Security News

How AI Is Changing IT Channel Partner Programs

Partner programs across the IT channel are undergoing a major transformation as AI adoption accelerates and vendors rethink how they engage with MSPs and solution providers. In this Channel Insider Partner POV discussion, Victoria Durgin and Jordan Smith explore how traditional vendor programs are evolving, why collaboration and ecosystem strategies are becoming more important, and…

Read more →

AI, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, Russia

Who Runs the Ransomware Group ‘The Gentlemen?’

A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life identity for the administrator…

Read more →

AI, APAC, Cybersecurity, Global Security News, Network Security

Kaseya Unveils MSP Success Ecosystem for Efficient Growth

Global provider of AI-powered IT management and cybersecurity software, Kaseya, announced the launch of MSP Success, a unified growth ecosystem that brings together Kaseya’s growth and business acceleration programs, including MSP Success Digital Marketing, MSP Success Peer, and the Kaseya Community. Kaseya unifies its partner marketing and peer groups This unification is meant to help…

Read more →

AI, Exploits, Global Security News

AISLE Snapshot keeps source code under enterprise control during vulnerability scanning

AISLE has introduced AISLE Snapshot, a new offering that gives regulated and security-sensitive enterprises access to frontier-class vulnerability detection inside their own environments, at a fraction of the cost, with source code and security data that never leave their control. Organizations are under increasing pressure to secure growing codebases against a rapidly expanding vulnerability landscape.…

Read more →

AI, APAC, Apps, Europe, Global Security News

EU Unveils Tech Sovereignty Package and Chips Act 2.0

The EU has unveiled its much-anticipated European Technological Sovereignty Package, comprising two pieces of legislation intended to boost the continent’s independence in cloud services, AI and semiconductors. The Cloud and AI Development Act seeks to foster the growth of AI models and apps, as well as the buildout of supporting infrastructure, with a specific goal…

Read more →

AI, Endpoint, Exploits, Global Security News, Government & Policy, malware, Russia

Russian APTs Still Exploiting Patched WinRAR Flaw CVE-2025-8088

Despite a 2025 patch, Russian-linked groups still exploit a WinRAR flaw (CVE-2025-8088) to deploy malware via phishing archives. CVE-2025-8088 is a path traversal flaw in WinRAR that lets an attacker write files outside the extraction directory using NTFS Alternate Data Streams. WinRAR fixed it in version 7.13 in July 2025. Nearly a year later, Trend…

Read more →

AI, Global Security News, Risk Management

Drata brings visibility, control and auditability to enterprise AI agents

Drata has introduced AI Agent Governance, a new security category focused on managing the risks and oversight requirements of AI agents, while extending its trust platform to support enterprise adoption of autonomous AI systems. While McKinsey finds 57% of business leaders cite governance friction as the top blocker to deploying more AI, this move is…

Read more →

Global Security News

New Intel 471 assessment helps organizations measure CTI program maturity

Intel 471 has announced its new Cyber Threat Intelligence (CTI) Maturity Pulse Check, a free, lightweight self-assessment for practitioners based on the Cyber Threat Intelligence Capability Maturity Model (CTI-CMM v1.3). The CTI Maturity Pulse Check offers a quick, structured way for organizations to reflect on their CTI program’s current capabilities, highlight areas that warrant a…

Read more →

AI, Exploits, Global Security News

Critical Ivanti Sentry flaw allows root-level remote code execution (CVE-2026-10520)

Ivanti has patched two critical vulnerabilities (CVE-2026-10520 and CVE-2026-10523) in Ivanti Sentry and has urged customers to implement the fix right away. Though the vulnerabilities are not known to be actively exploited, security researchers have already released technical details about the former, which may be used by attackers to craft a working exploit. About Ivanty…

Read more →

AI, Cybersecurity, Endpoint, Europe, Global Security News, malware, Network Security, Risk Management

Intelligence-Driven Threat Hunting: How SOCs Find What Alerts Miss

Talk to any threat hunter long enough, and beneath the polished case studies and conference talks, the same frustrations surface. Hunting is supposed to be proactive. In practice, it often feels reactive. You are chasing whispers of activity through log noise, querying SIEM fields that barely reflect real attacker behavior and writing detections against technique descriptions that…

Read more →

AI, Cybersecurity, Exploits, Global Security News

Microsoft feud escalates as researcher drops new Windows zero-day

The long-running feud between Microsoft and security researcher Nightmare Eclipse has entered a new chapter. Eclipse, who has spent the past several months publicly releasing unpatched Windows vulnerabilities while sparring with Microsoft over vulnerability disclosure practices, has published exploit code for a new zero-day flaw dubbed RoguePlanet. The researcher said their exploit uses a race…

Read more →

AI, Global Security News

Why I’m leaving Copilot for Gemini

I’ve been using and writing about Microsoft Copilot since it was publicly released in 2023. I’ve reviewed it, written articles about using it more effectively, explained how to curb hallucinations in it and other similar tools, and detailed how to use it in concert with Microsoft 365. It’s also been my go-to generative AI (genAI)…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

U.S. CISA adds Cisco Catalyst SD-WAN, Arista Extensible Operating System (EOS), and Google Chromium V8 flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Catalyst SD-WAN, Arista Extensible Operating System (EOS), and Google Chromium V8 flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities (KEV) catalog. The two flaws added to…

Read more →

Exploits, Global Security News

Record Microsoft Patch Tuesday, fresh zero-day

Microsoft marked its largest-ever Patch Tuesday this month, by shipping fixes for nearly 200 vulnerabilities. Within hours, “Nightmare Eclipse”, the researcher behind weeks of escalating Windows exploit releases, dropped a proof-of-concept exploit for a new zero-day: “RoguePlanet”, which abuses a race condition in Windows Defender to spawn a command shell running with SYSTEM-level privileges. Various…

Read more →

AI, Apps, Cybersecurity, Global Security News, Risk Management

Autonomous AI agents duped into leaking sensitive data in phishing test

AI agents given access to corporate email and business applications could become a new phishing target for attackers, according to cybersecurity researchers, after a test agent built on OpenClaw was tricked into sharing cloud credentials and customer data with an external attacker. Varonis Threat Labs said it built an OpenClaw AI agent called Pinchy to…

Read more →

AI, Exploits, Global Security News, Risk Management

Chaotic Eclipse Unveils RoguePlanet Exploit Targeting Fully Patched Windows

The researcher Chaotic Eclipse released a PoC for the RoguePlanet Microsoft Defender zero-day, which can grant SYSTEM privileges on fully patched Windows systems. Security researcher Chaotic Eclipse, also known as Nightmare-Eclipse, has published a new proof-of-concept exploit for a RoguePlanet Microsoft Defender zero-day. The flaw relies on a race condition that can provide attackers with…

Read more →

Global Security News

Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs

Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release. Of the 206 flaws, 39 are rated Critical, and 167 are rated Important in severity. This includes 63 privilege escalation, 56 remote code execution, 30 information disclosure,…

Read more →

AI, Apps, Exploits, Global Security News, Network Security

Rubrik launches Autonomous Business Recovery to rebuild cloud applications after cyberattacks

Rubrik has unveiled Autonomous Business Recovery (ABR) for Cloud Applications, the agentic cyber resilience solution that recovers cloud applications from data to network, identity and configurations. The end result is a rebuild of an organization’s Minimum Viable Business (MVB) at machine speed. At a time when powerful AI models collapse the window between vulnerability discovery…

Read more →

AI, Global Security News, privacy

Apple brings Private Cloud Compute to third-party data centers

Apple is bringing its Private Cloud Compute (PCC) platform to Google Cloud, expanding the infrastructure behind Apple Intelligence to third-party data centers. Introduced in 2024, PCC provides cloud-based processing for AI workloads that exceed the capabilities of on-device models while maintaining Apple’s security and privacy guarantees. The system was originally built on Apple silicon and…

Read more →

AI, Apps, Exploits, Global Security News

F5 adds AI-powered threat detection and API security for on-premises environments

F5 has introduced new web application and API protection (WAAP) capabilities for its Application Delivery and Security Platform. The company said the updates are intended to address a threat landscape in which AI models can accelerate the time between vulnerability discovery and exploitation, giving attackers faster access to offensive capabilities. The new features expand the…

Read more →

AI, Cybersecurity, Global Security News, Risk Management

Anthropic’s Claude Fable 5 is out for public use, with safeguards for high-risk requests

Days after publishing research on how advanced AI systems could amplify cyber operations in the wrong hands, Anthropic released Claude Fable 5, a Mythos-class model for general use. “Releasing a model this capable comes with risks. Without safeguards, Fable 5’s capabilities in areas like cybersecurity could be misused to cause serious damage,” Anthropic wrote. The…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management

“AI Worms”, researchers demonstrate autonomous malware capable of adapting to any online device

A study by the University of Toronto shows how artificial intelligence can power autonomous worms capable of tailoring attacks against Windows, Linux and IoT devices. A group of researchers from the University of Toronto has demonstrated how open-source artificial intelligence models can be used to create a new category of computer worms capable of autonomously…

Read more →

AI, Apps, Endpoint, Global Security News

How has use of framing protection security headers changed in the past 3 years?, (Wed, Jun 10th)

Back in 2023, I wrote a diary[1] discussing how commonly X-Frame-Options and CSP headers containing the frame-ancestors directive were used on 1 million most popular domains on the internet (based on the Tranco list[2]), and how they were set. Given that three years have passed since then, I thought it might be interesting to repeat…

Read more →

AI, Compliance, Global Security News, privacy

Plugable CEO: Local AI Creates MSP Opportunity

As businesses reassess the cost, privacy, and performance tradeoffs of cloud-based AI, Plugable CEO Lynn Smurthwaite-Murphy sees local AI becoming a more urgent channel opportunity for IT resellers and MSPs. In an interview with Channel Insider, Smurthwaite-Murphy said AI adoption remains “all over the map” as companies experiment with cloud-based models, emerging open-source tools, and…

Read more →

AI, Exploits, Global Security News

ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances

ServiceNow has warned about a security incident in which unknown threat actors exploited a flaw to obtain deeper unauthorized access to susceptible instances. “On June 5, 2026, ServiceNow applied a security update to hosted customer instances,” the company revealed in an advisory that requires customer access. “The update concerned a security issue that could allow…

Read more →

Data Breaches, Global Security News

Weekly Update 507

1,000 breaches is one hell of a milestone. It’s not just the process of getting data, verifying it, loading it, sending notifications etc, it’s all the other stuff that goes into keeping the whole thing afloat. Legal docs. Trademarks. Accounting. Agreements. The most mind-numbingly boring stuff you can imagine happening in the background so that…

Read more →

AI, Global Security News

NOVA microhypervisor brings AMD DMA isolation to shared AI infrastructure

BlueRock has issued the latest open-source release of its NOVA Microhypervisor with DMA remapping support for AMD platforms that have IOMMU hardware virtualization. The capability is enabled by default and extends hardware-level isolation across virtual machines, devices, and memory in shared execution environments. Background on NOVA NOVA combines microkernel and hypervisor functions in a small…

Read more →

AI, Exploits, Global Security News

Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows

The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day named RoguePlanet. “The exploit is a race condition, so it’s a hit or miss,” the researcher, who published the exploit under a new GitHub account, “MSNightmare” said. “I have managed to…

Read more →

Cybersecurity, Exploits, Global Security News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Cybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers (Protobuf), that, if successfully exploited, could result in remote code execution (RCE) and denial-of-service (DoS) attacks. “In affected environments, a single malicious protobuf schema, descriptor, or crafted payload could be enough to trigger

Read more →

AI, china, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, privacy, Risk Management

UK move to filter photos and messages triggers encryption worries for CISOs

UK Prime Minister Keir Starmer’s speech on Monday insisting that tech companies create device controls to somehow block children from viewing or creating sexually explicit imagery has raised alarms among CISOs, who worry that the same technology could undermine enterprise security. Starmer gave tech firms three months to create and implement such restrictions voluntarily, at…

Read more →

AI, china, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, privacy, Risk Management

UK move to filter photos and messages triggers encryption worries for CISOs

UK Prime Minister Keir Starmer’s speech on Monday insisting that tech companies create device controls to somehow block children from viewing or creating sexually explicit imagery has raised alarms among CISOs, who worry that the same technology could undermine enterprise security. Starmer gave tech firms three months to create and implement such restrictions voluntarily, at…

Read more →

AI, Global Security News

Scams now operate like real businesses with budgets and targets

Social media has overtaken email as a primary attack vector, showing changes in how people consume information and interact online, according to Bitdefender’s Global Scam Intelligence Report 2026. Fraud campaigns use advertisements, sponsored content, impersonation pages, and direct messages to reach users. Global scam breakdown by category (Source: Bitdefender) One in seven consumers fell victim…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management

Enterprises know AI-generated code is vulnerable; they’re shipping it anyway

AI-generated code is riddled with security flaws, yet enterprises are shipping more of it than ever before. Why? Perhaps they’re over-confident, lack true visibility into security risks, or are simply choosing to ignore the problem and hope it goes away. It’s a dangerous game to play at the dawn of the agentic AI era, as…

Read more →

AI, Compliance, Global Security News, Network Security, Risk Management

Working group formed to develop standard for AI-native docs

LF AI & Data Foundation, a division of the Linux Foundation, launched a working group on Tuesday that will focus on the development of DocLang, a specification intended to support interoperable document processing across AI and agentic workflows. The working group, founded by premier members IBM, Nvidia and Red Hat, is tasked with the creation…

Read more →