Geek-Guy.com

Category: Global Security News

AI, Global Security News, Risk Management

Treating AI agents like service accounts for federated query security

In this interview with Help Net Security, Paras Malhotra, CISO at Starburst, explains how the company handles data governance across federated query environments. Topics include layering Starburst’s access controls above native source permissions, tiering vendor risk across more than 200 partners and connectors, and building audit trails for autonomous agents. The conversation covers how AIDA…

Read more →

AI, Endpoint, Exploits, Global Security News, malware, Network Security

Meet Hades: The malware that lies to AI security agents

Threat actors are continuing their onslaught against software supply chains, now with malware named after death itself. The newly-discovered Hades Campaign is a “highly sophisticated” supply chain compromise that targets Python developer environments and runs as soon as infected packages are imported. It uses the popular Bun toolkit to silently execute multi-layer payloads that can…

Read more →

AI, china, Global Security News, Government & Policy, Risk Management

The security questions around Chinese AI coding models in U.S. software

Software developers across the United States are using AI models built in China to write, debug, and review code, drawn by prices below those of American alternatives. These models carry risks for the security of American software, according to a report from Booz Allen Hamilton, which tested how the models respond when the user appears…

Read more →

AI, Apps, Cybersecurity, Global Security News

Cybersecurity jobs available right now: June 9, 2026

Application Security Architect INTENSITY Global Group | Israel | Hybrid – View job details As an Application Security Architect, you will design secure application architectures, perform threat modeling and security assessments, define security standards and controls, integrate security into the SDLC and CI/CD pipelines, support application security tooling and incident response, and guide engineering teams…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security, Risk Management

OpenAI’s Lockdown Mode is trying to solve the problem that it created

OpenAI’s move to implement a Lockdown Mode that tries to limit data exfiltration by shutting down external capabilities is being seen as making the best out of a bad situation. But Lockdown Mode doesn’t block exfiltration as much as it slightly reduces it, and the reality of enterprises using multiple AI vendors for their agentic…

Read more →

AI, Exploits, Global Security News, Network Security

Attackers exploiting unpatched Cisco SD-WAN flaw

Cisco warns customers of an actively exploited high-severity vulnerability in Catalyst SD-WAN Manager, an enterprise network management system that has been targeted by hackers multiple times in the past. Located in the command-line interface, the flaw allows authenticated attackers to escalate privileges to root and take over the entire system. The vulnerability, tracked as CVE-2026-20245,…

Read more →

AI, Apps, Compliance, Endpoint, Global Security News, Network Security, Risk Management, Venture

ICYMI: May 2026 @AWS Security

Read all about the latest AWS security features, compliance updates, and hands-on resources in our new, monthly digest posts. You’ll find expert blog posts, new service capabilities, code samples, and workshops. AWS Security Blog posts This month’s AWS Security Blog posts covered AI security, network protection, identity management, compliance frameworks, and supply chain security. Read…

Read more →

AI, Apps, Global Security News, Government & Policy, Risk Management

Meta Accuses NSO of Violating WhatsApp Court Injunction

Meta says NSO violated a court injunction by targeting WhatsApp users again through phishing campaigns and test accounts. Last year, WhatsApp won a landmark case against NSO Group, the Israeli spyware vendor behind Pegasus, and secured a permanent court injunction barring the company from ever targeting WhatsApp or its users again. The court was unambiguous:…

Read more →

AI, Exploits, Global Security News

One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public

Security researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to root and break out of a container. The flaw, CVE-2026-23111, sits in the kernel’s nf_tables packet-filtering code and was patched upstream on February 5, 2026. Exodus Intelligence released its full technical walkthrough on June…

Read more →

AI, Global Security News, Government & Policy, Risk Management

Meta accuses NSO Group of defying spyware injunction, files contempt of court complaint

Meta said Monday that it caught a spearphishing campaign linked to spyware maker NSO Group despite a court injunction, prompting the tech giant to file a contempt-of-court complaint. The company won a civil case last year against NSO Group barring it from targeting WhatsApp users and securing $168 million in damages, although NSO Group has…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

TeamPCP Supply Chain Campaign: Activity Through 2026-06-07, (Mon, Jun 8th)

This diary continues the Internet Storm Center’s tracking of the TeamPCP supply chain campaign, first documented in the SANS white paper When the Security Scanner Became the Weapon and most recently in the handler diary Activity Through 2026-05-24. Since that update, the story moved into two new places: the United States government, which formally caught up to the…

Read more →

AI, Apps, Global Security News, Risk Management, Venture

Minimus Unveils New Supply Chain Protection Proxy and Command-Line Interface for Container Management

Cloud software security firm Minimus today expanded its product portfolio with the general availability of Minimus Supply Chain Protection and minicli. The tools introduce a unified approach to managing third-party software risks and container image configurations. The release of Supply Chain Protection directly targets vulnerabilities found within the application package universe, where interwoven dependencies are…

Read more →

Endpoint, Global Security News

Microsoft changes how Defender for Endpoint EDR updates are delivered on Windows

Microsoft will distribute Defender for Endpoint EDR updates through Microsoft Update, enabling EDR security improvements to be released independently of monthly Windows operating system updates. The rollout started for Windows 10 devices in late May 2026 and will expand to Windows 11 and other supported Windows versions later this year. Microsoft expects deployment to be…

Read more →

AI, Apps, Cloud Security, Compliance, Cybersecurity, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management

Operationalizing AWS security: A maturity roadmap

Enabling security tooling is the starting point. Making it operational—where findings drive decisions, response times are measurable, and your security posture improves week over week—is where most organizations struggle. This blog post provides a phased maturity roadmap for organizations that have already enabled AWS Security Hub and Amazon GuardDuty. These two services form the foundation…

Read more →

Exploits, Global Security News

Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups

Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol. The vulnerability, tracked as CVE-2026-50751 (CVSS score: 9.3), is a case of a logic flow weakness in certificate validation that allows an unauthenticated remote attacker…

Read more →

AI, Endpoint, Global Security News, Risk Management

Guardz Launches AI Reporting Tool for MSP Security Teams

Managed service providers may finally have an easier way to explain exactly what their security work is accomplishing. Guardz today unveils a new agentic reporting capability designed to simplify how managed service providers (MSPs) create, customize, and deliver security reports to customers.  Security operations get automation boost The launch marks the company’s latest step toward…

Read more →

AI, Exploits, Global Security News

Hackers used Meta’s AI support system to hijack over 20,000 Instagram accounts

Meta has revealed that attackers hijacked 20,225 Instagram accounts by exploiting a flaw in the company’s AI-assisted account recovery system. According to the company, a vulnerability in High Touch Support (HTS) allowed unauthorized parties to perform password resets on Instagram accounts. HTS is an AI-assisted account recovery system for Instagram designed to help users regain…

Read more →

AI, Global Security News

New Relic expands observability into AI-assisted software development

New Relic has announced AI Coding Observability, an open-source tool for monitoring AI-assisted software development workflows. As organizations adopt AI coding assistants, these tools often operate outside existing observability systems, limiting visibility into their use. AI Coding Observability extends monitoring into the software development process, enabling organizations to track, analyze, and audit AI-assisted coding activities.…

Read more →

AI, Global Security News, Risk Management

Silverfort Securing AI Agents With Copilot Studio Integration

Identity security organization Silverfort has announced it will integrate its Identity Security control for AI agents into Microsoft Copilot Studio. Runtime security addresses Copilot actions before execution The integration will enable Silverfort to deliver inline identity security at runtime, enforcing intelligent access control policies the moment a Copilot agent attempts to act, blocking unauthorized access…

Read more →

AI, Funding, Global Security News, Government & Policy, Network Security, Risk Management

Anthropic Calls for AI Pause as Industry Races Ahead

Anthropic picked an interesting week to warn the world about the dangers of advanced AI. Anthropic warns of self-improving AI risks Just days after filing confidentially for an IPO, the company published a rather lengthy proposal arguing that AI companies may eventually need a way to hit pause.  The company worries that AI could reach…

Read more →

Global Security News

Spotlight On: Dreamplug Technologies Private Limited (CRED), a New Principal Participating Organization

  Welcome Dreamplug Technologies Private Limited, operating under the brand name CRED, a new Principal Participating Organization (PPO) at the PCI Security Standards Council! In this special spotlight edition of our PCI Perspectives Blog, CRED CISO, Himanshu Kumar Das, introduces us to his company and how they are helping to shape the future of payment…

Read more →

AI, Apps, Exploits, Global Security News, Network Security

Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751)

A Qilin ransomware affiliate is believed to be exploiting CVE-2026-50751, an authentication bypass vulnerability in Check Point VPN Remote Access and Mobile Access, the company announced on Monday. About CVE-2026-50751 Check Point Remote Access VPN enables and secures connections between corporate networks and remote or mobile devices. Check Point Mobile Access lets mobile and remote…

Read more →

AI, Apps, Exploits, Global Security News, Risk Management

Google Protocol Buffers flaw turns schemas into shells

A widely used JavaScript implementation of Google’s Protocol Buffers format is placing too much trust in untrusted data, exposing affected applications to remote code execution and other attacks. Researchers at Cyera have disclosed six vulnerabilities affecting “protobuf.js,” all stemming from the library’s handling of schema and metadata. Attackers could exploit an input validation oversight to…

Read more →

AI, Global Security News

The Hardest Fork

Mythos is real. I know a big chunk of the industry thinks it’s a marketing stunt, and I get why. I get it. But I’ve seen the findings, and they’re bad. These aren’t “whoops, this line right here is wrong, and that’s RCE.” They’re novel combinations of a few dozen issues out of thousands of…

Read more →

AI, APAC, Europe, Funding, Global Security News, Government & Policy, Risk Management, Venture

EU’s cloud sovereignty push leaves room for US hyperscalers

The European Commission published its tech sovereignty package last week, including the clearest signal yet of its intention to strengthen European cloud sovereignty and reduce its dependence on US hyperscalers. It’s a response to growing concerns among European organizations and regulators about the reliance on US tech firms and legislation such as the US CLOUD…

Read more →

AI, Exploits, Global Security News, Risk Management

RidgeBot 7.0 automates Active Directory attack simulations for security validation

Ridge Security has announced the release of RidgeBot 7.0, an update to its automated security validation platform that introduces automated Windows Active Directory penetration testing capabilities. The new version enables organizations to conduct end-to-end domain compromise simulations, helping security teams identify attack paths and prioritize exploitable risks. RidgeBot 7.0 delivers automated Active Directory penetration testing…

Read more →

Global Security News, Risk Management

ConnectSecure’s Patch 360 gives MSPs control over patch testing and deployment

ConnectSecure has announced the launch of Patch 360, a patch management solution built for managed service providers (MSPs) to reduce deployment risk while accelerating vulnerability remediation. Patch management has long followed a “deploy-and-hope” model, with teams addressing critical issues only after users are impacted. Patch 360 replaces that approach with a rigorous test-and-trust framework that…

Read more →

AI, Cybersecurity, Global Security News

BM Blockchain says its free cloud mining could let users earn up to $4,888 a day, plus new sign-ups get $108

In the latest development, BM Blockchain says its free cloud mining could let users earn up to $4,888 a day, plus new sign-ups get $108. As more people talk about digital money, many are looking for easy ways to get into crypto rewards without buying expensive mining gear or dealing with complicated tech. BM Blockchain…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

UNC3753 Escalates: From Vishing Calls to Physical Office Intrusions at US Legal and Financial Firms

UNC3753 phones staff posing as IT, hijacks screen sessions, steals sensitive legal files, and now sends operatives physically into offices to plug in USB drives. Google Mandiant and the Google Threat Intelligence Group published a detailed report documenting an active extortion campaign carried out by the cybercrime group UNC3753 (aka Luna Moth, Chatty Spider, and…

Read more →

Cybersecurity, Exploits, Global Security News

CISA: Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318)

A vulnerability (CVE-2026-28318) that can be exploited to crash SolarWinds Serv-U file transfer servers is being leveraged by attackers in the wild, the US Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Friday. The agency has ordered US federal civilian agencies to address it by June 19, 2026, either by implementing a patch or implementing…

Read more →

AI, Compliance, Cybersecurity, Global Security News, Risk Management

N-able CEO: AI is Becoming an MSP Competitive Risk

As artificial intelligence becomes more deeply embedded in managed services, N-able CEO John Pagliuca says MSPs are entering a new phase of opportunity and risk. Pagliuca told Channel Insider that most MSPs are no longer simply experimenting with AI for personal productivity. Instead, many are beginning to use AI to streamline technician workflows, support customer…

Read more →

AI, Compliance, Cybersecurity, Global Security News, Government & Policy, Risk Management

The AI security race needs accountability, not overregulation

AI models such as Anthropic’s Claude Mythos and OpenAI’s Daybreak represent a fundamental inflection point in security. These advances are not only reshaping technology but also redefining trust, risk, and the relationship between humans and intelligent systems. As innovation accelerates, AI governance and responsible deployment are becoming strategic priorities for every organization. Historically, governments have…

Read more →

AI, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

Meta AI Recovery Tool Flaw Exposed 20,000+ Instagram Accounts

A flaw in Meta’s AI-powered Instagram recovery tool exposed over 20,000 accounts, letting attackers reset passwords and take over profiles. Meta’s High Touch Support tool, known as HTS, was designed to help Instagram users recover locked accounts: you provide an email address, you get a password reset link. The flaw was equally simple: the tool…

Read more →

Cybersecurity, Global Security News

Why Utah Is Becoming a Leading Choice for Colocation Services

In this post, I will show you why Utah is becoming a leading choice for colocation services. As businesses continue to generate larger volumes of data, the demand for secure, scalable, and reliable infrastructure is growing rapidly. Companies across industries are now looking beyond traditional hosting and exploring colocation solutions that offer better uptime, security,…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

15 tough cybersecurity questions every CISO must answer

As CISOs know, an effective security program cannot be static. Rather, it must adapt to the evolving threat landscape and an ever-changing business environment. To adapt and improve, CISOs must continuously evaluate their existing program. That starts with asking tough questions about their performance, investments, and strategies. Here, security leaders share 15 questions every CISO…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

Why most enterprise security teams would fail a military readiness test

Have you ever watched a military cyber ops team go to work responding to a cyberattack simulation? It’s like that scene from Die Hard 4.0 when all the screens start flashing red and systems start shutting down; however, unlike the movies, where bumbling government IT workers are caught out and panicking, our military actually moves…

Read more →

AI, Global Security News, Risk Management

OpenAI is locking down parts of ChatGPT to reduce data theft risks

OpenAI has started rolling out Lockdown Mode for ChatGPT, an optional security setting that restricts access to external resources and several product capabilities. It is available for personal accounts, including Free, Go, Plus, and Pro plans, as well as self-serve ChatGPT Business accounts. “Lockdown Mode is not intended for everyone. It is designed for people…

Read more →

AI, Cybersecurity, Global Security News

UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign

Cybersecurity researchers have disclosed details of a financially motivated data theft extortion campaign that has targeted dozens of organizations across professional, legal, and financial services in the U.S. between January and May 2026. The activity has been attributed by Google Mandiant and Google Threat Intelligence Group (GTIG) to a threat actor dubbed UNC3753, which is…

Read more →

AI, Cybersecurity, Data Security, Europe, Global Security News, Government & Policy, Network Security, Russia

Ukraine’s foreign minister offer recipe for improved resilience

Cybersecurity professionals were offered lessons of resilience in the most extreme circumstances from Ukraine’s former minister of foreign affairs. Dmytro Kuleba, who served as Ukraine’s Minister of Foreign Affairs between 2020 and 2024, told Infosecurity Europe delegates that the key to Ukraine’s survival after the full-scale Russian invasion of 2022 was pre-planning, a lesson learned…

Read more →

AI, Exploits, Global Security News, malware, Network Security

IoT Botnet C0XMO Adds Competitor-Killing Capability

C0XMO is a new Gafgyt botnet variant exploiting old router flaws, spreading across IoT devices, killing rivals, and enabling large-scale DDoS attacks. In March 2026, FortiGuard Labs discovered a new variant of the Gafgyt botnet, dubbed C0XMO, which is noticeably more capable than its predecessors. The malware spreads through CVE-2021-27137, a stack buffer overflow in…

Read more →

AI, Global Security News

VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

Microsoft has announced that Visual Studio Code (VS Code) will apply a two-hour delay before extensions for the integrated development environment (IDE) are updated automatically to a newer version in an attempt to tackle software supply chain threats. “When automatic updates are enabled, new versions are auto-updated two hours after they are published, adding an…

Read more →