Geek-Guy.com

Category: Global Security News

AI, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

Claude Code GitHub Actions Flaw Created Supply Chain Attack Risk

Organizations using Claude Code GitHub Actions should review their CI/CD environments after a researcher found vulnerabilities that could expose repositories to compromise and supply chain attacks.   The flaws, which have since been patched, allowed attackers to bypass permission controls and inject untrusted input into trusted workflows.   These vulnerabilities allow “… an attacker [to] bypass its…

Read more →

AI, Cybersecurity, Exploits, Global Security News

DOD wants to integrate cyber in all operations, and integrate security into AI

The Pentagon is focusing on integrating cyber into all its operations, and wants to make sure it integrates security into artificial intelligence usage from the outset, the Defense Department’s top cyber policy official said Tuesday. Recent conflicts have made clear how important cyber is, said Katherine Sutton, assistant secretary for cyber policy and principal cyber…

Read more →

AI, Cybersecurity, Global Security News, Government & Policy, Risk Management

Trump administration releases scaled-back AI executive order

The Trump administration issued a revised executive order Tuesday focused on artificial intelligence, offering a significantly pared-back vision for the federal government’s role vetting AI systems compared to a draft version that was spiked weeks ago. The order keeps in place the administration’s largely voluntary framework for companies to engage with the federal government around…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware

Instagram Account Hijacks Expose the Security Risks of AI-Powered Support

Attackers exploited Meta’s AI support chatbot to reset Instagram passwords and hijack accounts without accessing victims’ email inboxes. Attackers abused Meta’s AI-powered support chatbot to reset Instagram passwords and hijack accounts without accessing victims’ email inboxes. The issue affected several users, including high-profile accounts, before Instagram fixed the flaw. Security researcher Jane Wong and other…

Read more →

AI, APAC, china, Global Security News, Government & Policy, Network Security, Politics, Russia

The Pentagon Is Running an AI Propaganda Mill Targeting Latin America

The United States is feeding Pentagon propaganda to internet users in Latin American countries using a new AI-laden content mill, an investigation by The Intercept has found. La Tilde quietly began development early this year and appears to still be a work in progress, pitching itself as a modern media brand for Latin American audiences…

Read more →

AI, Apps, Compliance, Endpoint, Global Security News, Network Security

Secure multi-tenant AI agents with Amazon Bedrock AgentCore resource-based policies

Software as a service (SaaS) providers building AI-powered applications on Amazon Bedrock AgentCore often need to serve multiple tenants with distinct security requirements from a shared infrastructure. Some tenants require cross-account access from their own Amazon Web Services (AWS) accounts, while others mandate that traffic stay within a private virtual private cloud (VPC) for regulatory…

Read more →

AI, Apps, Compliance, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management

Google Patches Android Zero-Day Under Active Exploitation 

Google has patched a high-severity Android zero-day vulnerability that attackers have already exploited in the wild.  The issue affects multiple Android releases and serves as a reminder that mobile operating systems remain a valuable target for threat actors seeking access to sensitive enterprise and personal data.  “There are indications that CVE-2025-48595 may be under limited,…

Read more →

AI, Global Security News, Network Security

HPE Earnings, Shares Surge on AI and Networking Demand

HPE shares surged after the company reported stronger-than-expected fiscal second-quarter results, powered by booming demand for artificial intelligence infrastructure, networking equipment, and servers. HPE beats Q2 expectations The company reported revenue of $10.7 billion for the quarter ended April 30, a 40% increase from a year earlier and well ahead of Wall Street expectations. Adjusted…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

U.S. CISA adds Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Palo Alto Networks PAN-OS flaw, tracked as CVE-2024-21182 (CVSS score of 7.5), to its Known Exploited Vulnerabilities (KEV) catalog. The CVE-2024-21182 flaw is an easily exploitable vulnerability affecting Oracle WebLogic…

Read more →

AI, china, Compliance, Exploits, Global Security News, Risk Management, Russia, Venture

FIRESIDE CHAT: Deepfakes exploit human emotion, making employee reflex training essential

The wire transfer went through. The CFO on the video call looked right, sounded right, and gave the authorization — except there was no CFO on that call. Related: The industrializing of identity fraud Corporate deepfake attacks of that kind, executives impersonated to authorize fraudulent wire transfers, accounted for roughly $550 million of the $2.19…

Read more →

AI, Apps, Cloud Security, Cybersecurity, Endpoint, Global Security News, Network Security, Risk Management, Venture

Four questions to answer if a security product will survive in the AI-first world

AI is changing the world faster than anyone could have predicted. This isn’t because it is taking over jobs (this would be too simplistic), but because it is slowly taking over a growing number of tasks that used to be done by humans. Security is not in any way immune to these changes, and I…

Read more →

AI, APAC, Apps, Compliance, Global Security News

Workday Intros New Developer Capabilities for Enterprise AI Agents

Workday has made a series of announcements recently, including a new partnership with AWS and new capabilities designed to help developers build, run, and govern AI agents on trusted HR and finance data while using the agentic coding tools and clouds they already utilize. The new capability announcements include: New Developer Agent and Agent-Ready Tools…

Read more →

AI, APAC, Cloud Security, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security

Anthropic expanding access to Project Glasswing

Anthropic is broadening access to its Project Glasswing program, adding approximately 150 organizations in 15 countries, the company announced Tuesday, as its restricted Claude Mythos Preview model has already surfaced more than 10,000 high- or critical-severity software vulnerabilities since the program launched in early April. The expansion follows an initial cohort of roughly 50 partners…

Read more →

AI, Compliance, Data Security, Global Security News

Portal26 Adds Visibility, Management for Anthropic Claude

Portal26 has announced new enterprise AI management capabilities for Anthropic’s Claude and Claude Cowork, positioning the offering as a control layer for organizations scaling generative and agentic AI across business workflows. The company said the capabilities are designed to give enterprises real-time visibility into Claude usage, token consumption, security controls, governance enforcement, auditability, and analytics…

Read more →

AI, Global Security News

Noma brings visibility and access governance to AI agents and MCP servers

Noma has announced the launch of Noma Agent Access Control, which helps security teams discover, govern, and enforce access policies for AI agents and Model Context Protocol (MCP) servers throughout the enterprise. AI agents and MCP servers have proliferated across developer environments faster than existing governance frameworks were designed to handle. In less than 12…

Read more →

Data Breaches, Exploits, Global Security News, Risk Management

Tuskira Quell identifies, mitigates, and validates zero-day risk before breach

Tuskira launched Quell, its exposure-led zero-day defense capability. Quell helps enterprises survive the window between a zero-day’s disclosure and a patch by determining which zero-days are reachable in their environment, whether existing controls would stop them, and which compensating control change would disrupt the exploit immediately. Organizations using Tuskira have cut breachable exposure by up…

Read more →

AI, Global Security News

Meta adds stricter guardrails for teen feeds

Meta has expanded its Teen Accounts 13+ content settings globally on Instagram, Facebook, and Messenger. The safeguards are designed to help young users see age-appropriate content by default. The company also introduced Limited Content on Instagram for parents seeking stricter restrictions. Meta plans to roll out the feature on Facebook and Messenger later this year.…

Read more →

AI, Compliance, Global Security News, Risk Management

Sectigo Launches MCP Server for CLM

Sectigo has announced the general availability of what it says is the first globally available, production-ready Model Context Protocol server for certificate lifecycle management, expanding how enterprises can use AI agents to manage digital certificates. The MCP Server for Sectigo Certificate Manager allows administrators to perform certificate operations using natural language through MCP-compatible AI agents,…

Read more →

AI, Apps, Endpoint, Global Security News, Network Security, Risk Management

Cisco Debuts Cloud Control for Agentic IT Operations

Cisco today unveiled Cisco Cloud Control, a new unified platform built for humans and AI agents to manage, monitor, and defend critical IT infrastructure. This platform is fully extensible, with more than 40 ecosystem tooling connectors, and fully customizable, enabling the creation of custom applications and agents using natural language directly within the platform. Cisco…

Read more →

AI, Exploits, Global Security News

Google fixes actively exploited Android vulnerability (CVE-2025-48595)

Google has announced the June 2026 Android security updates, which fix a bucketload of vulnerabilities, including a high-severity vulnerability (CVE-2025-48595) in the Android Framework that “may be under limited, targeted exploitation.” About CVE-2025-48595 CVE-2025-48595 is an integer overflow vulnerability in the Android Framework, a set of APIs and system services that apps interact with directly.…

Read more →

AI, Cybersecurity, Global Security News, malware

Infected Red Hat npm packages expose developer credentials

Developers who pulled packages from Red Hat’s @redhat-cloud-services npm namespace over the weekend got a secret-stealing worm instead. Security researchers from several cybersecurity outlets are warning of a new supply chain attack compromising over 30 Red Hat Cloud Services-related npm packages to steal credentials, authentication tokens, and other secrets from developer environments. The campaign, which…

Read more →

AI, Exploits, Global Security News

AI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It.

AI-driven exploitation timelines are rapidly shrinking, and they are not going to stop shrinking. Vulnerabilities are being discovered, reproduced, and weaponized faster than ever in the history of enterprise security. As a result, the window between a vulnerability being disclosed and indiscriminate exploitation observed across the internet is now measured in hours, not days. The…

Read more →

AI, Cybersecurity, Global Security News, Risk Management

Diligent automates cyber risk assessments and reporting

Diligent has announced Diligent Cyber Risk Management, an agentic solution designed to help organizations manage cybersecurity risk in a business context. Available in summer 2026, the platform reduces cyber risk assessment work from weeks to hours and links cyber threats to strategic objectives, critical business processes, and board-level oversight, helping organizations prioritize security investments based…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management

Attackers exploit Palo Alto GlobalProtect flaw days after disclosure

A Palo Alto Networks vulnerability that allows attackers to establish unauthorized VPN access into corporate networks is being actively exploited in the wild, weeks after the company disclosed the flaw as a medium-severity issue and said it was unaware of any attacks. However, according to Rapid7, threat actors began exploiting the bug within days of…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Global Security News, malware, Network Security

From Fake Purchase Orders to Remote Access: Analyzing the JS.MonoGlyphRAT Threat to US Enterprises

A previously unidentified cyberattack is quietly spreading through US businesses — and most security tools are not catching it. Researchers at ANY.RUN have identified a new backdoor called JS.MonoGlyphRAT, an advanced piece of malware delivered as an ordinary-looking JavaScript file disguised as a purchase order, quote, or business proposal. Once an employee opens the file,…

Read more →

Endpoint, Global Security News

How Leading Organizations Are Turning EDR Into Operational Resilience

Most organizations now recognize that endpoint protection alone is no longer sufficient. That’s why adoption of endpoint detection and response (EDR) has accelerated rapidly in recent years. Organizations understand that modern attacks move faster, evade traditional prevention controls, and require continuous visibility into suspicious activity across the environment. But owning EDR

Read more →

AI, Global Security News, Network Security

Microsoft Entra pushes passkeys, tightens identity security

Microsoft has released multiple identity and network access capabilities for Entra, its family of identity and network access products that help organizations implement a zero trust security strategy, over the last 30 days. Features reaching general availability Identity and authentication updates Phishing-resistant MFA is now available on Linux desktops through the Microsoft identity broker. The…

Read more →

AI, Endpoint, Global Security News, malware

Sophos uncovers AI-powered malware lab built for EDR evasion

A threat actor used AI technologies to build a malware-testing framework for developing and refining endpoint detection and response (EDR) evasion techniques, according to Sophos. The investigation began after an anomalous endpoint in a customer environment triggered alerts tied to malicious payloads originating from a testing directory. The files pointed to a broader framework focused…

Read more →

AI, Compliance, Cybersecurity, Exploits, Global Security News, malware, Risk Management

Attack targeting OpenAI Codex users exposes AI software supply chain risks

A malicious npm package posing as a remote user interface for OpenAI Codex exfiltrated developer authentication tokens, after attackers allegedly published code to npm that was not visible in the project’s public GitHub repository. Researchers at Aikido said the package, called codexui-android, appeared to offer legitimate functionality while collecting authentication tokens and sending them to…

Read more →

AI, Cybersecurity, Global Security News

Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT

Cybersecurity researchers have disclosed details of a spear-phishing campaign likely undertaken by the Pakistan-aligned SideCopy group targeting Afghanistan’s Ministry of Finance with an open-source remote access trojan called Xeno RAT. “The campaign opens with a spear phishing delivery – a ZIP archive containing a malicious LNK file bearing a carefully crafted Pashto-language filename,”

Read more →

AI, Global Security News

Cybanetix unveils Managed AI Service to secure users, models, and agents

Cybanetix has announced the launch of its Managed AI Service to address all three aspects of AI use within the enterprise. Covering employee AI usage, AI governance, and embedded AI, the Managed AI Service combines technology from NOMA, SentinelOne, Microsoft, and Exabeam with Cybanetix consultancy, managed services, and 24/7 Security Operations Centre (SOC) monitoring. The…

Read more →

AI, APAC, Compliance, Cybersecurity, Europe, Global Security News, Network Security, Risk Management

ENISA NIS360 2026: Progress Across the Board, But the Sectors That Matter Most Are Still Falling Short

ENISA NIS360 2026 shows cybersecurity improving across EU critical sectors, but health, water, rail, and space remain in the risk zone. ENISA has published its third annual NIS360 report, assessing the cybersecurity maturity and criticality of all sectors covered by the NIS2 directive. The headline finding is that things are improving across the board. The…

Read more →

AI, Cybersecurity, Global Security News, Government & Policy

Sensitive government personnel data posted online, Spanish police arrest suspect

The Spanish National Police arrested a man in Granada for allegedly leaking personal data belonging to members of several sensitive state institutions. According to police, the suspect published the information on multiple online platforms, exposing personnel associated with organizations including the National Cybersecurity Institute (INCIBE), the National Security Council, the National Police, the Civil Guard,…

Read more →

AI, Compliance, Cybersecurity, Data Breaches, Global Security News, Risk Management

7 tabletop exercise mistakes that sabotage incident response

Discussion-based, low-stress simulations during which IT, legal, and other key leadership stakeholders walk through theoretical scenarios to test their preparedness for cyber incidents is a popular and highly useful tool. Yet unless tabletop training is properly handled, the results can be misleading and potentially destructive. When your organization’s incident response training consistently fails to meet…

Read more →

AI, Cybersecurity, Funding, Global Security News, Venture

Lemhi Emerges From Stealth With AI Platform Built for MSPs

Lemhi officially launches today after exiting stealth, introducing an AI Transformation-as-a-Service platform built specifically for managed service providers (MSPs).  The company also confirms a pre-seed funding round led by Top Down Ventures, with participation from Lookout Ventures and Start Something Ventures. Why Lemhi says AI operations are a challenge worth addressing Lemhi positions itself as…

Read more →

Global Security News, Government & Policy

RSA extends passwordless authentication to Linux environments

RSA has expanded its passwordless authentication capabilities to Linux environments, advancing its goal of delivering secure, password-free access for every user in every environment. Linux is ubiquitous in enterprise infrastructure, powering servers, developer workstations, and critical operational environments across industries from financial services to government. Despite its reach, Linux users have historically been underserved by…

Read more →

AI, Apps, Global Security News, malware, Network Security

GoDaddy found malware on 1,980 WordPress sites using Steam as C2 infrastructure

Malware on approximately 2,000 WordPress sites hid C2 instructions in Steam profile comments using invisible Unicode. GoDaddy researchers spotted a command-and-control infrastructure for a malware campaign abusing Valve’s Steam gaming platform. The experts discovered malware on approximately 1,980 WordPress sites that fetches its instructions by reading Steam Community profile comments, where the actual payload is…

Read more →

AI, Global Security News

Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded

Password manager Dashlane has disclosed that “fewer than” 20 users on the personal subscription plan had their encrypted vaults downloaded following a brute-force attack launched by an unknown party. On May 31, 2026, the company said an “external” threat actor launched a brute-force attack against certain Dashlane user accounts with the aim of breaking two-factor…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

Attackers are exploiting Palo Alto Networks defect that initially flew under the radar

Researchers and threat hunters are scrambling to respond to an actively exploited authentication-bypass vulnerability affecting Palo Alto Networks customers’ firewalls.  The company initially tagged CVE-2026-0257 with a medium-severity rating when it disclosed the defect May 13, but quickly reassessed it as critical after Rapid7 observed and confirmed active exploitation in the wild. The Cybersecurity and…

Read more →