Geek-Guy.com

Category: Risk Management

Master cybersecurity risk management with expert analysis on threat mitigation, compliance, and governance. Geek-Guy tracks the evolving landscape of digital risk.

Nightmare Eclipse incident shows the researcher-vendor fights may never fully go away

Microsoft reopened some wounds and has reignited debate over the past couple weeks about vulnerability disclosure and the sometimes adversarial dynamic it creates between security researchers and vendors.  The latest controversy ensued when Microsoft threatened criminal legal action against a security researcher who publicly disclosed a series of zero-day vulnerabilities with proof-of-concept exploits. Microsoft insisted…

Hugging Face Vulnerability Allows Remote Code Execution 

Organizations using vulnerable versions of the Hugging Face Transformers library could unknowingly execute attacker-controlled code simply by loading a malicious AI model.  Researchers at Pluto disclosed a remote code execution (RCE) vulnerability that bypasses the library’s built-in trust_remote_code=False security control, potentially exposing cloud credentials, SSH keys, API tokens, and other sensitive assets. “One poisoned field…

Anthropic suggests slowing AI research until we can align it with human goals

AI could soon lead to systems capable of improving their own performance faster than humans can effectively supervise them, reviving concerns about the industry’s longstanding “alignment problem,” ensuring AI systems reliably pursue human goals, senior Anthropic researchers have warned in a new blog post titled “When AI builds itself.” Anthropic Institute lead Marina Favaro and…

Malware could drain your fuel tank as well as your bank account

Ongoing cyber-attacks on automated tank gauges (ATGs) could result in fuel tanks being drained without businesses noticing, the US Cybersecurity & Infrastructure Security Agency has warned. Connected ATGs are widely deployed in gas stations, as well as on military bases, in hospitals, and in manufacturing plants. And it’s not just fuel stores at risk: ATGs…

Leader in Malware Analysis: ANY.RUN Named Top Vendor in G2 Summer 2026 Awards

We are proud to announce that ANY.RUN has earned the title of Momentum Leader and ranked #1 in the Relationship Index in the latest G2 Summer Reports. Reflecting real security teams’ actual experience, these rankings once again prove how critical ANY.RUN’s solutions are for daily SOC operations in modern enterprises.  Why ANY.RUN’s Momentum Leader Title Matters for Your Team  G2 awards…

Claude Code has an MCP security problem — and your developers are already using it

Claude Code is Anthropic’s AI coding assistant — a command-line tool that developers are adopting fast. It connects to external services through Model Context Protocol, the standard that lets AI tools interact with Jira, Confluence, GitHub, databases and internal APIs. When a developer connects one of those services, Claude Code runs an OAuth flow, the…

May 2026 Leadership Recap: Channel Execs Move Toward AI

We’re barreling toward the midway point of the year, and May has seen a number of new executive leadership shuffles to guide organizations through the second half of the year and beyond. Organizations across the ecosystem have made shifts to their leadership teams, including new hires, promotions, and the addition of their first-ever AI executives.…

May 2026 M&A Recap: Security and AI Remain Top Priorities

WatchGuard, Torq, and Asana are just a few organizations that have made strategic acquisitions in the IT ecosystem to expand their capabilities and provide more services to a greater number of customers. Before we reach the summer months, take stock of the mergers and acquisitions in the channel from May. Security consolidation continues as firms…

Fake Context Alignment: The Attack That Made Gemini Obey Strangers Through Your Notifications

SafeBreach tricked Gemini into obeying attackers via WhatsApp notifications, using hidden foreign-language text to bypass Google’s defenses and control smart home devices. SafeBreach Labs researcher Or Yair spent months trying to break Google’s Gemini voice assistant after Google patched the vulnerabilities he found in his previous research. The new attack class he developed, named Fake…

Commvault Provides Resilience Approach for Frontier AI

Commvault, a data protection and cyber resilience organization, has made recommendations to help organizations stay resilient in the age of frontier AI. Frontier models create new security risks while helping address them As frontier models, hosted in the cloud, excel at identifying vulnerabilities at speed and compressing exploitation timelines, they also present exploitable threats to…

Compliance chaos: NY regulators see a data breach — then focus on IT errors

The age-old IT defense when compliance violations are investigated by regulators is to try and keep a low profile — and hope no one looks too closely. But with enhanced SEC interest in all data breaches encouraging regulators around the globe to take those closer looks at IT, data breach disclosure rules are becoming more…

New infosec products of the week: June 5, 2026

Here’s a look at the most interesting products from the past week, featuring releases from Asimily, depthfirst, Diligent, Hyland, MazeBolt, and Noma. Asimily turns device risk into automated network policy Asimily has launched Segmentation Orchestration, enabling connected-device risk intelligence to flow directly into enforceable network policy without manual translation. No other platform combines full asset…

AI Threats Are Outpacing Enterprise Cybersecurity Defenses in 2026

Artificial intelligence (AI) is reshaping the digital risk landscape, creating new challenges for organizations already struggling to manage online fraud, impersonation, and brand abuse.  According to the 2026 Digital Risk Report, enterprises face growing exposure to AI-generated attacks while many lack the visibility, ownership, and response capabilities needed to address them effectively. “The question isn’t…

U.S. CISA adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Mirasvit Full Page Cache Warmer flaw, tracked as CVE-2026-45247 (CVSS ver 4.0 score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. The CVE-2026-45247 flaw is a…

OpenAI responds to White House executive order on AI governance

OpenAI has proposed mandatory federal evaluations of the most capable AI models before public release while arguing that regulators should stop short of deciding whether those systems can be deployed, staking out a middle ground in the debate over how frontier AI should be governed. The company’s proposal came a day after the White House…

Inside the race to adapt to an AI-powered security world

Troy West was in Warsaw when his dinner was interrupted by his phone. But he was happy about it. West, associate director of cybersecurity for autonomous offensive security company XBOW, had just learned that a trial version of the company’s platform had found a vulnerability that led to a full takedown of a development environment…

Introducing the Wallarm AI Control Platform: One closed loop for AI security and API security.

TL;DR- AI deployment has outpaced AI governance. Most enterprises running AI on AWS cannot answer four basic security questions about what’s running, what it’s doing,how to stop it, and how to prove it’s under control.- The Wallarm AI Control Platform closes this gap: one platform for Discover, Observe,Enforce, and Govern — running natively in your…

Critical Cisco Unified CM Bug Patched as Public Exploit Code Emerges

Cisco patched a critical Unified CM flaw with public PoC code that allows unauthenticated attackers to launch SSRF attacks remotely. Cisco has addressed a high-severity vulnerability, tracked as CVE-2026-20230, affecting Unified CM and Unified CM SME. The flaw, caused by improper validation of certain HTTP requests, allows a remote attacker without authentication to perform server-side…

Why Local AI Agents Are Creating a New Governance Blind Spot

Artificial intelligence (AI) governance efforts have largely focused on cloud-based tools such as ChatGPT, Microsoft Copilot, and other software-as-a-service (SaaS) platforms.  According to Josh McCarthy, Chief Product Officer at Arms Cyber, organizations may be overlooking a much larger risk: autonomous AI agents running locally on employee endpoints. As AI capabilities increasingly move from cloud environments…

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

A high severity vulnerability in Hugging Face Transformers enables attackers to compromise systems that use the popular Python library to test and run AI models. The flaw impacts library versions that continue to be actively downloaded and comes at a time when attackers are increasingly targeting the AI supply chain, including through malicious models hosted…

Q1 2026 Cyber Risk Report: Insights from 2.1 Million Malware and Phishing Investigations 

Based on 2,101,483 malware and phishing investigations from Q1 2026, ANY.RUN‘s Cyber Risk report provides a real-world view of modern attack trends.  It covers trending malware families, TTPs, and other technical observations, while also delivering executive insights CISOs and SOC teams can use to connect attacker behavior to business risk.  Combining data-backed malware trends with strategic guidance for security leaders, the report reveals critical gaps in detection, response, and visibility that directly impact business resilience, and outlines solutions organizations can use…

Google brings local AI agents to laptops with Gemma 4 12B

Google has released new tools that allow developers to run agentic AI workflows locally using Gemma 4 12B, a 12-billion-parameter model from Google DeepMind. In a blog post, the company said the model, combined with the Google AI Edge stack, can be used to build and test applications on everyday machines. The model-runtime combination supports…

29 Arrests, Nine Crime Groups Dismantled: Another Blow to Illegal Streaming

International Operation KRATOS led by Europol dismantled illegal streaming networks, leading to 29 arrests and nine crime groups taken down. An international law enforcement operation, codenamed Operation KRATOS and involving 13 countries (Belgium, Bulgaria, Croatia, France, Greece, Ireland, Italy, the Netherlands, Poland, Romania, Spain, the UK, and the US), spent seven months quietly dismantling the…

Beware the ‘son of Mythos,’ security experts warn

LONDON — Enterprise security teams were urged by security experts at Infosecurity Europe to brace for impact as both Anthrophic and OpenAI expand access to their frontier AI models for vulnerability discovery. Anthropic, in particular, is significantly expanding Project Glasswing, its scheme to provide select organizations with access to Claude Mythos, an AI-powered vulnerability discovery tool…

Hole in GitHub’s browser-based VSCode editor could lead to stolen token

A vulnerability in GitHub’s browser-based VSCode editor could lead to the theft of a developer’s token under certain circumstances, says a researcher. The issue, revealed this week in a blog by Ammar Askar, has apparently been already addressed by GitHub owner Microsoft. But it raises a questions about both DevOps security, and about the researcher’s…

SEON Launches AI Fraud Tools with New MCP Server

Fraud prevention startup SEON has launched its new MCP server, along with two new platform capabilities, Network Detection and AI Chart Builder, further connecting its existing automation and business intelligence features. Alongside these features, the company has introduced an AI Playbook for Risk and Compliance Teams, providing customers with a practical starting point to quickly…

Cloud Security Alliance Report Highlights Growing Patch Gap Risks 

Despite years of investment in vulnerability scanning and shift-left security practices, known vulnerabilities continue to drive production security incidents, according to the Cloud Security Alliance’s 2026 State of Modern Application & AI Security Report.   As AI accelerates both vulnerability discovery and exploit development, organizations are facing increasing pressure to reduce exposure windows before attackers can…

Trump Signs Executive Order Creating Voluntary AI Security Review Framework

President Trump has introduced a new executive order aimed at strengthening oversight of advanced AI models without imposing new regulations on tech companies.  The order establishes a voluntary framework that allows developers of powerful AI models to share systems with the federal government for security reviews before public release. “The United States continues to lead…

Microsoft wants to put AI agents on a short leash

As enterprises race to adopt AI agents across software development workflows, Microsoft is rolling out new controls aimed at keeping the transformation from becoming a security headache. At its annual developer conference, Microsoft Build, the company unveiled a set of initiatives, including a brand new runtime containment offering, Microsoft Execution Container (MXC), for agentic AI…

Microsoft wants to put AI agents on a short leash

As enterprises race to adopt AI agents across software development workflows, Microsoft is rolling out new controls aimed at keeping the transformation from becoming a security headache. At its annual developer conference, Microsoft Build, the company unveiled a set of initiatives, including a brand new runtime containment offering, Microsoft Execution Container (MXC), for agentic AI…

Microsoft wants to put AI agents on a short leash

As enterprises race to adopt AI agents across software development workflows, Microsoft is rolling out new controls aimed at keeping the transformation from becoming a security headache. At its annual developer conference, Microsoft Build, the company unveiled a set of initiatives, including a brand new runtime containment offering, Microsoft Execution Container (MXC), for agentic AI…

U.S. CISA adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2022-0492 (CVSS score of 7.0) Linux Kernel Improper Authentication…

Release Notes: Decision-Ready SOC Reporting, Elastic Security Integration, and 1400+ Threat Coverage Updates

Security leaders are under growing pressure to reduce the time between threat detection and response without adding more complexity to already overloaded SOC workflows. ANY.RUN’s May updates help teams act on security risks more efficiently, improve consistency across investigations, and maintain stronger protection as attacker tactics continue to evolve. Discover the updates your team can…

AI may finally unlock the cyber budgets CISOs have wanted for years

For nearly two decades, cybersecurity leaders have faced the same reality: No matter how catastrophic the latest breach, ransomware attack, or nation-state intrusion, security spending often struggled against competition with every other business priority. AI may finally be changing that equation. The rapid emergence of frontier AI systems capable of autonomous cyber operations — combined…

AI may finally unlock the cyber budgets CISOs have wanted for years

For nearly two decades, cybersecurity leaders have faced the same reality: No matter how catastrophic the latest breach, ransomware attack, or nation-state intrusion, security spending often struggled against competition with every other business priority. AI may finally be changing that equation. The rapid emergence of frontier AI systems capable of autonomous cyber operations — combined…

AI may finally unlock the cyber budgets CISOs have wanted for years

For nearly two decades, cybersecurity leaders have faced the same reality: No matter how catastrophic the latest breach, ransomware attack, or nation-state intrusion, security spending often struggled against competition with every other business priority. AI may finally be changing that equation. The rapid emergence of frontier AI systems capable of autonomous cyber operations — combined…

Lessons from the Canvas cyberattack

Canvas cyberattack: Who, what, when, how? What and when? Over May 6 and 7, 2026, Canvas learning management system (LMS) users were served up a defaced web page in place of the expected login page. The altered web page displayed a warning by the ShinyHunters criminal hacker and extortion group advising of the Instructure compromise.…

Lessons from the Canvas cyberattack

Canvas cyberattack: Who, what, when, how? What and when? Over May 6 and 7, 2026, Canvas learning management system (LMS) users were served up a defaced web page in place of the expected login page. The altered web page displayed a warning by the ShinyHunters criminal hacker and extortion group advising of the Instructure compromise.…

Lessons from the Canvas cyberattack

Canvas cyberattack: Who, what, when, how? What and when? Over May 6 and 7, 2026, Canvas learning management system (LMS) users were served up a defaced web page in place of the expected login page. The altered web page displayed a warning by the ShinyHunters criminal hacker and extortion group advising of the Instructure compromise.…

MazeBolt brings AI-generated attack simulation to DDoS security testing

MazeBolt has announced the launch of RADAR VectorAI, a new MazeBolt module that creates AI-generated DDoS attacks. As AI outpaces human response, enterprises need to have access to validated DDoS vulnerability data about both known and AI-generated attack vectors. Mythos has raised awareness of the cybersecurity risks created by AI. But while Mythos makes it…

Netskope adds AI asset discovery and AISecOps agent to AI security portfolio

Netskope has announced Netskope One AI Command Center, bringing together AI discovery, risk intelligence, and autonomous response capabilities in a single platform. As the latest expansion of the Netskope One AI Security suite, it helps security teams understand what AI is running in their environments, determine which risks require action, and accelerate response efforts. Among…

Why an HP Poly VoIP Phones Bug Could Become an Enterprise Foothold

Rapid7 details a critical unauthenticated overflow in HP Poly VoIP phones that can lead to root RCE, with patches available for affected models. Rapid7’s latest disclosure on CVE-2026-0826 should get serious attention from anyone running HP Poly VoIP phones in an enterprise setting. It’s a critical unauthenticated stack-based buffer overflow that can give a remote…

Welcoming the Philippine Government to Have I Been Pwned

Today, we welcome the 46th government onboarded to Have I Been Pwned’s free gov service: the Philippines. The Philippines’ National CERT, working with the Department of Information and Communications Technology, now has access to monitor official government domains against the data in HIBP. This gives their Cyber Threat Intel and Monitoring Section the ability to…

Anthropic grants Project Glasswing access to 150 more companies, with a focus on critical infrastructure

Anthropic on Tuesday announced that it was adding 150 more companies to its Project Glasswing AI-based vulnerability hunting initiative, with a particular focus on critical infrastructure companies including those involved in “power, water, healthcare, communications and hardware.” Analysts and security vendors agreed that the move is a positive step, noting that the more companies involved…

Two-year old Oracle WebLogic Server vulnerability is being exploited

US federal government departments have been given until Thursday to patch a two-year old high severity vulnerability in Oracle WebLogic Server that could allow an unauthenticated attacker to access critical data. The vulnerability, CVE-2024-21182, was added Monday to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog, giving federal Oracle admins a…

News alert: Halo Security recognized for helping MSPs manage customers’ external attack surfaces

MIAMI BEACH, Fla., June 2, 2026, CyberNewswire—Halo Security today announced that its attack surface management solution has been named a 2026 MSP Today Product of the Year Award winner by TMC, a leading global media company recognized for building communities in technology and business through live events and digital marketing platforms. This marks the second…

Identify unused AWS KMS keys and prevent accidental key deletions

As you scale your use of Amazon Web Services (AWS), managing KMS keys becomes increasingly important. Whether you manage a handful of keys or thousands across multiple AWS accounts and AWS Regions, there’s often a need to audit key usage to help you meet compliance requirements, evaluate your risk posture, and optimize key management costs.…

Trump revives parts of canceled AI order with cybersecurity-focused directive

US President Donald Trump signed an executive order aimed at strengthening cybersecurity defenses and establishing a voluntary framework for cooperation between the federal government and developers of advanced artificial intelligence models, reviving portions of a broader AI initiative that he abruptly shelved less than two weeks ago. The order, “Promoting Advanced Artificial Intelligence Innovation and…

Claude Code GitHub Actions Flaw Created Supply Chain Attack Risk

Organizations using Claude Code GitHub Actions should review their CI/CD environments after a researcher found vulnerabilities that could expose repositories to compromise and supply chain attacks.   The flaws, which have since been patched, allowed attackers to bypass permission controls and inject untrusted input into trusted workflows.   These vulnerabilities allow “… an attacker [to] bypass its…

Trump administration releases scaled-back AI executive order

The Trump administration issued a revised executive order Tuesday focused on artificial intelligence, offering a significantly pared-back vision for the federal government’s role vetting AI systems compared to a draft version that was spiked weeks ago. The order keeps in place the administration’s largely voluntary framework for companies to engage with the federal government around…

Google Patches Android Zero-Day Under Active Exploitation 

Google has patched a high-severity Android zero-day vulnerability that attackers have already exploited in the wild.  The issue affects multiple Android releases and serves as a reminder that mobile operating systems remain a valuable target for threat actors seeking access to sensitive enterprise and personal data.  “There are indications that CVE-2025-48595 may be under limited,…

U.S. CISA adds Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Palo Alto Networks PAN-OS flaw, tracked as CVE-2024-21182 (CVSS score of 7.5), to its Known Exploited Vulnerabilities (KEV) catalog. The CVE-2024-21182 flaw is an easily exploitable vulnerability affecting Oracle WebLogic…

FIRESIDE CHAT: Deepfakes exploit human emotion, making employee reflex training essential

The wire transfer went through. The CFO on the video call looked right, sounded right, and gave the authorization — except there was no CFO on that call. Related: The industrializing of identity fraud Corporate deepfake attacks of that kind, executives impersonated to authorize fraudulent wire transfers, accounted for roughly $550 million of the $2.19…

Four questions to answer if a security product will survive in the AI-first world

AI is changing the world faster than anyone could have predicted. This isn’t because it is taking over jobs (this would be too simplistic), but because it is slowly taking over a growing number of tasks that used to be done by humans. Security is not in any way immune to these changes, and I…

Tuskira Quell identifies, mitigates, and validates zero-day risk before breach

Tuskira launched Quell, its exposure-led zero-day defense capability. Quell helps enterprises survive the window between a zero-day’s disclosure and a patch by determining which zero-days are reachable in their environment, whether existing controls would stop them, and which compensating control change would disrupt the exploit immediately. Organizations using Tuskira have cut breachable exposure by up…

Sectigo Launches MCP Server for CLM

Sectigo has announced the general availability of what it says is the first globally available, production-ready Model Context Protocol server for certificate lifecycle management, expanding how enterprises can use AI agents to manage digital certificates. The MCP Server for Sectigo Certificate Manager allows administrators to perform certificate operations using natural language through MCP-compatible AI agents,…

Cisco Debuts Cloud Control for Agentic IT Operations

Cisco today unveiled Cisco Cloud Control, a new unified platform built for humans and AI agents to manage, monitor, and defend critical IT infrastructure. This platform is fully extensible, with more than 40 ecosystem tooling connectors, and fully customizable, enabling the creation of custom applications and agents using natural language directly within the platform. Cisco…

Diligent automates cyber risk assessments and reporting

Diligent has announced Diligent Cyber Risk Management, an agentic solution designed to help organizations manage cybersecurity risk in a business context. Available in summer 2026, the platform reduces cyber risk assessment work from weeks to hours and links cyber threats to strategic objectives, critical business processes, and board-level oversight, helping organizations prioritize security investments based…

Attackers exploit Palo Alto GlobalProtect flaw days after disclosure

A Palo Alto Networks vulnerability that allows attackers to establish unauthorized VPN access into corporate networks is being actively exploited in the wild, weeks after the company disclosed the flaw as a medium-severity issue and said it was unaware of any attacks. However, according to Rapid7, threat actors began exploiting the bug within days of…

Attack targeting OpenAI Codex users exposes AI software supply chain risks

A malicious npm package posing as a remote user interface for OpenAI Codex exfiltrated developer authentication tokens, after attackers allegedly published code to npm that was not visible in the project’s public GitHub repository. Researchers at Aikido said the package, called codexui-android, appeared to offer legitimate functionality while collecting authentication tokens and sending them to…

ENISA NIS360 2026: Progress Across the Board, But the Sectors That Matter Most Are Still Falling Short

ENISA NIS360 2026 shows cybersecurity improving across EU critical sectors, but health, water, rail, and space remain in the risk zone. ENISA has published its third annual NIS360 report, assessing the cybersecurity maturity and criticality of all sectors covered by the NIS2 directive. The headline finding is that things are improving across the board. The…

7 tabletop exercise mistakes that sabotage incident response

Discussion-based, low-stress simulations during which IT, legal, and other key leadership stakeholders walk through theoretical scenarios to test their preparedness for cyber incidents is a popular and highly useful tool. Yet unless tabletop training is properly handled, the results can be misleading and potentially destructive. When your organization’s incident response training consistently fails to meet…

Attackers are exploiting Palo Alto Networks defect that initially flew under the radar

Researchers and threat hunters are scrambling to respond to an actively exploited authentication-bypass vulnerability affecting Palo Alto Networks customers’ firewalls.  The company initially tagged CVE-2026-0257 with a medium-severity rating when it disclosed the defect May 13, but quickly reassessed it as critical after Rapid7 observed and confirmed active exploitation in the wild. The Cybersecurity and…

Fake Claude Code Installers Deliver Credential-Stealing Malware 

Developers searching for Claude Code installation instructions could be walking into a sophisticated malware campaign that disguises itself as legitimate AI tooling documentation.  Researchers found dozens of fake Claude Code and developer platform sites designed to steal credentials, API keys, and cryptocurrency.  “The attack chain runs on the same unchecked trust that makes AI developer…

Spring 2026 SOC 1, 2, and 3 reports are now available with 188 services in scope

Amazon Web Services (AWS) is pleased to announce that the Spring 2026 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover 188 services over the 12-month period from April 1, 2025–March 31, 2026, giving customers a full year of assurance. These reports demonstrate our continuous commitment to adhering…

Cops Are Spying on People Who Criticize AI Data Centers Online

Americans speaking out against artificial intelligence data centers on social media are falling under police surveillance, a confidential law enforcement bulletin obtained by The Intercept reveals. A fusion center in Philadelphia combed through spicy internet comments from AI critics and concluded there is a growing risk of physical violence against data centers from “domestic violent…

Windows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089)

CVE-2026-41089, a critical Windows Netlogon RCE flaw that allows remote code execution, is now actively exploited in the wild, the Centre for Cybersecurity Belgium (CCB) warned on Friday. About CVE-2026-41089 CVE-2026-41089 is a stack-based buffer overflow vulnerability in Windows Netlogon, the service and protocol that handles authentication and security within a Windows domain environment. The…

Secure Code Warrior connects developer training to AI usage and code risks

Secure Code Warrior has introduced Adaptive Learning, a capability designed to help organizations support AI software governance through targeted training based on identified risks. The feature delivers contextual microlearning and tracks outcomes at the code commit level. Software development is going through its biggest shift ever, from human-written code, to AI-assisted coding, to fully agentic…

Microsoft Defender Vulnerability Management gets a smarter exposure score

Microsoft Defender Vulnerability Management’s updated exposure score model adds vulnerability risk signals and asset context to help teams understand where risk is concentrated and which remediation actions are likely to have the greatest impact. The model is available in public preview. “The updated model addresses these customer pain points by combining vulnerability risk, exploitability signals,…

Flowise’s MCP implementation can run ghost commands

Enterprises using the lightweight, open-source Flowise platform to power self-hosted AI workloads have a new near-max severity issue to worry about. Researchers at Obsidian Security have detailed a one-click remote code execution (RCE) vulnerability affecting self-hosted Flowise deployments through its implementation of Model Context Protocol (MCP) stdio servers. The problem is essentially a sandboxing failure…

IBM unveils tool to track sovereignty risks for cloud workloads

IBM has launched a tool designed to help customers assess cloud-sovereignty risks and meet regulatory compliance requirements.  The Sovereignty Risk Profile launch comes as digital sovereignty becomes a higher priority for organizations concerned about where data is stored and processed. According to an IBM survey, 93% of executives believe sovereignty needs to be part of…

Windows 11 Smart App Control explained

In the ever-evolving cybersecurity landscape, Microsoft has introduced various new features in Windows 11 designed to protect users from modern workplace threats. Among such features, Smart App Control (SAC) changes how Windows devices handle, and occasionally block, unwanted or potentially malicious applications. But what exactly is Smart App Control? How does it work, who benefits…

CIFSwitch, a Linux Root Bug Hidden in Plain Sight for 19 Years

CIFSwitch is a 19-year-old Linux logic bug turning forged CIFS auth keys into root. Affects Mint, CentOS, Rocky, Kali, SLES. CIFSwitch stands apart from typical privilege escalation vulnerabilities because of how it was discovered. Asim Manizada, a security engineer at SpaceX, didn’t find it by auditing source code the old-fashioned way. He built an AI-powered…

U.S. CISA adds Palo Alto Networks PAN-OS flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Networks PAN-OS flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Palo Alto Networks PAN-OS flaw, tracked as CVE-2026-0257 (CVSS score of 7.8), to its Known Exploited Vulnerabilities (KEV) catalog. Palo Alto Networks addressed the vulnerability CVE-2026-0257 on May…

1,000 Data Breaches Later, the Disclosure Lag is Worse Than Ever

Today, I loaded the 1,000th data breach into Have I Been Pwned. Reflecting on that milestone number, I pondered how to mark the occasion in writing, and what immediately came to mind was a very simple question: why is it still needed? Especially considering the emergence of privacy regulations such as GDPR and CCPA in…

Asimily turns device risk into automated network policy

Asimily has launched Segmentation Orchestration, enabling connected-device risk intelligence to flow directly into enforceable network policy without manual translation. No other platform combines full asset visibility, vulnerability prioritization, and segmentation orchestration in a single system. “AI has exploded the volume and sophistication of network attacks against connected devices, and security teams are discovering that visibility…

The Pentagon Finally Admits That Location Data Is a Battlefield Problem

The Pentagon confirmed adversaries are using commercial location data to track U.S. troops, exposing risks tied to smartphones and ad-tech networks. For years, security researchers, privacy advocates, and intelligence analysts have been warning about the same thing: smartphone location data isn’t just an advertising product. It’s surveillance infrastructure that anyone with enough money can access.…

6 critical security gaps every CISO must address

CISOs acknowledge that no organization is completely safe, but many also admit their security measures aren’t where they’d like them to be. One-third of CISOs surveyed for Proofpoint’s 2025 Voice of the CISO Report said the data within their organization is not adequately protected, and 58% said their organizations were unprepared to respond to a…

145 AI laws passed in 2025 and privacy teams aren’t catching a break

145 AI-related laws were enacted by state legislatures in 2025, and more than 1,000 additional bills were introduced or revised, according to DataGrail’s Privacy and AI Trends Report 2026. Average cost of manual data subject request management (Source: DataGrail) Shadow AI risks Of the 2,400 popular business software providers that advertised AI capabilities, 63.6% did…

Press Release: CSO30 ASEAN & Hong Kong Awards 2026 open for nominations

>The CSO30 ASEAN & Hong Kong Awards return in 2026, as an important moment to recognise the cybersecurity leaders and teams who are making resilience measurable across the region. In a landscape shaped by rapid threat evolution, board-level scrutiny and rising expectations of business continuity, these awards spotlight the people and programmes that are turning…