Geek-Guy.com

Tag: allow

AI, Apps, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

Microsoft SharePoint Has a New RCE Flaw. If You Haven’t Patched Yet, Go Do That.

A critical vulnerability, tracked as CVE-2026-45659, in Microsoft SharePoint can allow attackers to achieve remote code execution with little effort. Microsoft released security updates to patch a high-severity SharePoint vulnerability, tracked as CVE-2026-45659 (CVSS score of 8.8), that could allow remote code execution. The flaw does not require complex conditions for exploitation, making it a…

Read more →

AI, Compliance, Cybersecurity, Global Security News, malware, Risk Management

New SOC-Ready Reporting for Faster Triage, Escalation, and Incident Response with ANY.RUN 

Successful SOC operations require more than accurate detections. Instant access to context, clear conclusions, and operationally relevant insights allow incidents to move across workflows without delays:  During alert triage, analysts need a quick threat overview to decide on the next steps.  Efficient incident response decisions demand clear, actionable context to rely on.  Swift incident reporting requires cross-tier visibility without the need for manual processing of raw technical data.  Making ANY.RUN’s Interactive Sandbox a part of your…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Risk Management

New cPanel vulnerabilities could allow file access and remote code execution

cPanel fixed three flaws that could allow file reads, code execution, and privilege escalation. No active exploitation has been reported yet. cPanel has released security updates to fix three vulnerabilities affecting cPanel & WHM that could allow attackers to read files, execute code, or escalate privileges on vulnerable systems. Below are the descriptions for these…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

CVE-2026-40372: Microsoft Patches ASP.NET Core Privilege Escalation Vulnerability

Microsoft has released an out-of-band update to fix an ASP.NET Core vulnerability that could allow attackers to take full control of affected systems.  The flaw enables unauthenticated privilege escalation, increasing risk for enterprises running .NET workloads.  “Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network,” said…

Read more →

AI, Europe, Funding, Global Security News, privacy, Risk Management

Google should share search data to break its monopoly, European Commission suggests

The European Commission this week requested, but did not order Google to allow third party search engines in Europe access to its search data as a means to comply with the Digital Markets Act (DMA), legislation the Commission describes as a law designed to “make the markets in the digital sector fairer and more contestable.” Google…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware, Network Security

Cisco fixed critical and high-severity flaws

Cisco fixed critical flaws that could allow attackers to bypass authentication, run code, and gain access to sensitive data. Cisco released patches for two critical and six high-severity vulnerabilities. These flaws could let attackers bypass authentication, execute malicious code, escalate privileges, and access sensitive information. One of these critical flaws is CVE-2026-20093 (CVSS score of…

Read more →

AI, Exploits, Global Security News, Network Security, Risk Management

OpenAI patches twin leaks as Codex slips and ChatGPT spills

OpenAI has fixed two flaws in its AI stack that could allow AI agents to move sensitive data in unintended ways. The issues, disclosed by researchers at BeyondTrust and Check Point Research, affect the OpenAI Codex coding agent and ChatGPT’s code execution environment, respectively. One enabled GitHub token theft through command injection, while the other…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, privacy, Risk Management

It’s a mystery … alleged unpatched Telegram zero-day allows device takeover, but Telegram denies

A critical Telegram flaw could allow zero-click remote code execution on devices, but Telegram denies it. Researcher Michael DePlante (@izobashi) of TrendAI Zero Day disclosed a new Telegram vulnerability through Zero Day Initiative (ZDI). The vulnerability, tracked as ZDI-CAN-30207 (CVSS score of 9.8) allows attackers to execute code on targeted devices without any user interaction.…

Read more →

AI, Global Security News, Risk Management

Chainguard locks down CI/CD with secure-by-default actions

Chainguard has announced Chainguard Actions, secure-by-default workflows for CI/CD pipelines that allow developers and AI agents to ship quickly without introducing software supply chain risk. Using an agentic approach, Chainguard Actions provides a continuously secured catalog of workflows maintained by the Chainguard Factory, the infrastructure that has become the industry standard for delivering trusted open…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

Active Directory Flaw Enables SYSTEM Privilege Escalation

A vulnerability in Microsoft’s Active Directory Domain Services could allow attackers to escalate privileges and potentially take full control of affected systems.  “Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network,” said Microsoft in its advisory. How the Active Directory…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

400K WordPress Sites Exposed by Elementor Ally Plugin SQL Flaw

A vulnerability in a widely used WordPress accessibility plugin could allow attackers to steal sensitive data from vulnerable websites without logging in.  The flaw affects the Ally plugin developed by Elementor, which is installed on hundreds of thousands of sites worldwide This vulnerability “… can be leveraged to extract sensitive data from the database, such…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

Microsoft SQL Server Vulnerability Enables Privilege Escalation

A vulnerability in SQL Server could allow attackers to escalate their privileges to system administrator level within affected database environments.  “Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network,” said Microsoft in their security advisory. Understanding CVE-2026-21262 The vulnerability, tracked as CVE-2026-21262, carries a CVSS score of 8.8…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

Microsoft .NET Vulnerability Enables Remote DoS Attacks

Microsoft has released a security update to address a vulnerability in the .NET platform that could allow attackers to remotely crash affected applications.  The flaw enables unauthenticated attackers to trigger a Denial-of-Service (DoS) condition, potentially causing applications or services running on vulnerable .NET environments to become unavailable.  Exploitation of the vulnerability “… allows an unauthorized…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

WordPress Plugin Flaw Lets Attackers Create Admin Accounts

A vulnerability in a popular WordPress membership plugin could allow attackers to create administrator accounts and completely take over affected websites.  The flaw affects the User Registration & Membership plugin and enables unauthenticated attackers to bypass security controls during the account registration process.  This vulnerability allows “… unauthenticated attackers to create administrator accounts by supplying…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

MS-Agent Flaw Enables Remote Code Execution via AI Agents 

A vulnerability in an AI automation framework could allow attackers to take complete control of systems running the software.  Security researchers have identified a command injection flaw in the ModelScope MS-Agent framework that could enable remote code execution through crafted prompt input, exposing organizations that deploy AI agents with operating system access. “The real issue…

Read more →

AI, APAC, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management

Juniper PTX Flaw Could Allow Full Router Takeover

Juniper Networks has disclosed a critical vulnerability in Junos OS Evolved that could allow an unauthenticated attacker to gain root-level control of affected PTX Series routers.  These routers are widely used in service provider, telecom, and cloud environments. The vulnerability “… allows an unauthenticated, network-based attacker to execute code as root,” said the company in…

Read more →

AI, Global Security News, Network Security, Risk Management

Untrusted repositories turn Claude code into an attack vector

Flaws in Anthropic’s Claude Code could allow remote code execution and theft of API keys when users open untrusted repositories. Check Point Research team found multiple vulnerabilities in Anthropic’s Claude Code AI coding assistant that could lead to remote code execution and API key theft. The vulnerabilities abuse features such as Hooks, MCP servers, and…

Read more →

AI, Apps, Compliance, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management

better-auth Flaw Allows Unauthenticated API Key Creation

A vulnerability in the better-auth library could allow attackers to take over user accounts without ever logging in.  The flaw affects the library’s API keys plugin and enables unauthenticated attackers to mint privileged API keys for arbitrary users. Exploitation of the vulnerability grants “… full authenticated access as the targeted user and, depending on the…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

Windows Admin Center Flaw Opens Door to Privilege Escalation

A vulnerability in Windows Admin Center (WAC) could allow authorized attackers to escalate privileges in enterprise environments.  The issue affects WAC version 2.6.4 and has been assigned a CVSS score of 8.8. “Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network,” said Microsoft in its advisory. How the…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

OpenClaw Flaw Enables AI Log Poisoning Risk

A vulnerability has been identified in OpenClaw’s AI assistant that could allow attackers to insert crafted content into system logs.  The flaw stems from how certain WebSocket headers were logged, creating a potential log poisoning risk in AI-assisted workflows. “This issue is primarily an indirect prompt injection risk and depends on downstream log consumption behavior.…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, News, Risk Management, Threats

Windows Notepad RCE Flaw Exploits Markdown Files

Microsoft has patched a vulnerability in the modern Windows Notepad app that could allow remote code execution if a user opens a specially crafted Markdown file.  The issue carries a CVSS score of 8.8 and requires user interaction to exploit. The vulnerability “… allows an unauthorized attacker to execute code over a network,” said Microsoft…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Network Security, News, Risk Management, Threats

FortiSandbox XSS Vulnerability Allows Remote Command Execution

Fortinet has disclosed a vulnerability in its FortiSandbox platform that could allow unauthenticated attackers to execute arbitrary commands.  The issue involves a cross-site scripting (XSS) flaw in the FortiSandbox web interface that may lead to elevated access if exploited. The vulnerability “… may allow an unauthenticated attacker to execute commands via crafted requests,” said Fortinet…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, News, Risk Management, Threats

Ingress-Nginx Vulnerability Enables Code Execution in Kubernetes

A recently disclosed vulnerability in ingress-nginx may allow authenticated attackers to execute code and access Kubernetes Secrets in affected clusters.  The vulnerability could “… lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller,” said Kubernetes researchers. Inside the Ingress-Nginx Security Vulnerability Ingress controllers sit…

Read more →