Geek-Guy.com

Tag: being

AI, Global Security News

Microsoft 365 users targeted by new phishing threat that bypasses MFA

Microsoft 365 access tokens are being targeted by an emerging Phishing-as-a-Service (PhaaS) platform called Kali365, the FBI is warning. First observed in April 2026, Kali365 has been distributed through Telegram, allowing cybercriminals to obtain Microsoft 365 access tokens and bypass MFA without stealing user credentials. “Kali365 lowers the barrier of entry, providing less-technical attackers access…

Read more →

AI, APAC, Compliance, Cybersecurity, Endpoint, Global Security News, malware, Network Security, Risk Management

Top 5 Phishing-Driven Social Engineering Attacks on Companies in 2026

Your employees are not falling for “bad grammar” phishing anymore. They are being pulled into fake Microsoft logins, banking pages, AI tool instructions, real OAuth flows, and event invitations that look close enough to daily work to pass without alarm.  For CISOs, that is the real social engineering problem in 2026: attacks are no longer…

Read more →

Exploits, Global Security News

Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945)

A critical NGINX vulnerability (CVE-2026-42945) disclosed last week is being exploited by attackers, VulnCheck security researcher Patrick Garrity revealed on Saturday. The vulnerability, dubbed NGINX Rift, can be reliably exploited to trigger a denial-of-service condition and can potentially allow for unauthenticated remote code execution, all achievable by sending a specially crafted HTTP request to a…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Risk Management

Optiv: AI is Reshaping the MDR Security Approach for Partners

Cybersecurity is fundamentally different today from many other industries being disrupted by AI. Defenders are constantly facing active adversaries, and AI has only intensified these threats. Many sectors are focused on AI-driven efficiency and automation, while cybersecurity teams must simultaneously defend against attackers who are rapidly adopting AI-powered tooling. In a conversation with Benjamin Spencer,…

Read more →

Exploits, Global Security News, Network Security

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)

A critical cross-site scripting (XSS) vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursday. A permanent fix is still in the works. In the meantime, Microsoft provided temporary mitigations. About CVE-2026-42897 CVE-2026-42897 affects on-premises versions of Microsoft Exchange Server: Subscription Edition RTM, 2019, and 2016. Exchange Online is not…

Read more →

AI, Apps, Global Security News, malware, Network Security

Fake Claude Code takes the IElevator to your browser secrets

Developers looking for Anthropic’s increasingly popular Claude Code tool are now being lured into downloading malware. According to researchers at Ontinue, attackers are abusing a fake Claude Code installer to deliver a previously undocumented PowerShell payload. The malware is designed to evade detection, recover browser encryption material, and steal sensitive data from developer systems. “Developers…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Risk Management

cPanel flaw exposes enterprises to hosting supply-chain risks

A newly disclosed cPanel vulnerability is being exploited at scale, giving attackers a route into web hosting environments that many enterprises may not monitor closely. Analysts say the risk highlights weak visibility into hosting supply chains. The flaw, tracked as CVE-2026-41940, has been used to deploy backdoors, plant SSH keys, steal credentials, and compromise hosting…

Read more →

AI, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

Palo Alto Networks Firewall Zero-Day Exploited in Active Attacks 

Palo Alto Networks recently disclosed a firewall vulnerability that is already being exploited in the wild. The flaw affects the PAN-OS User-ID Authentication Portal and could allow unauthenticated attackers to remotely execute code with root privileges on vulnerable devices. This vulnerability “… allows an unauthenticated attacker to execute arbitrary code with root privileges on the…

Read more →

Exploits, Global Security News, Network Security

Root-level RCE vulnerability in Palo Alto firewalls exploited (CVE-2026-0300)

A critical vulnerability (CVE-2026-0300) affecting Palo Alto Networks firewalls is being actively exploited by attackers, the security company acknowledged today, and urged customers to implement mitigations as they are still working on fixes. About CVE-2026-0300 CVE-2026-0300 is a buffer overflow vulnerability in the User-ID Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS…

Read more →

AI, Exploits, Global Security News, Network Security, Risk Management

AI agents can bypass guardrails and put credentials at risk, Okta study finds

An AI agent that revealed sensitive data without being asked. An agent that overruled its own guardrails. Another that sent credentials to an attacker via Telegram, because it forgot it wasn’t supposed to do so after a reset. It’s no secret that AI agents have huge potential, balanced by equally big risks. What’s becoming apparent,…

Read more →

AI, Exploits, Global Security News, Network Security, Risk Management

AI agents can bypass guardrails and put credentials at risk, Okta study finds

An AI agent that revealed sensitive data without being asked. An agent that overruled its own guardrails. Another that sent credentials to an attacker via Telegram, because it forgot it wasn’t supposed to do so after a reset. It’s no secret that AI agents have huge potential, balanced by equally big risks. What’s becoming apparent,…

Read more →

AI, Global Security News, Government & Policy, Risk Management

Australia’s Inflation Reality Check: When Policy Levers Pull in Opposite Directions

Australia’s rising inflation is being blamed on global forces and the Reserve Bank, but economists point to a deeper issue: domestic policy settings that may be working against the fight to bring prices under control. Have you wondered why the Treasurer continues to point to the Reserve Bank of Australia, the Middle East, and supply…

Read more →

AI, Global Security News, Risk Management

The metrics killing your SOC, and what to use instead

Security operations centres risk being rendered entirely ineffective if organizations measure them using the wrong performance indicators, according to Dave Chismon, CTO for Architecture at UK’s National Cyber Security Centre. Ticket-based metrics miss the point Evaluating ones’ SOC using the same ticket-based metrics applied to IT service desks can actively work against its core purpose:…

Read more →

AI, Global Security News, Government & Policy

Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks

A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy.  Xu Zewei, 34, was arrested in July 2025 by Italian authorities for his alleged links to the Chinese state-sponsored threat group and for orchestrating cyber attacks against American organizations and government agencies between…

Read more →

AI, Apps, Endpoint, Global Security News, malware, Network Security, Risk Management

Malicious pgserve, automagik developer tools found in npm registry

Application developers are being warned that malicious versions of pgserve, an embedded PostgreSQL server for application development, and automagik, an AI coding tool, have been dropped into the npm JavaScript registry, where they could poison developers’ computers. Downloading and using these versions will lead to the theft of data, tokens, SSH keys, credentials, including those…

Read more →

AI, APAC, Apps, china, Cloud Security, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Risk Management

Critical Exploits, AI Shifts, and Major Breaches Redefine Cybersecurity This Week

Major Threats & Vulnerabilities Zero-Day and Active Exploits A critical flaw in Nginx UI is being actively exploited in the wild, allowing unauthenticated users to perform privileged actions through an unprotected endpoint. Administrators are urged to patch immediately and restrict public access to management interfaces. The EngageLab SDK vulnerability affecting over 50 million Android users…

Read more →

AI, china, Cybersecurity, Exploits, Global Security News, Risk Management

Attackers target unpatched ShowDoc servers via CVE-2025-0520

A critical RCE flaw, tracked as CVE-2025-0520, in ShowDoc is being actively exploited, putting unpatched servers at serious risk. A critical remote code execution flaw, tracked as CVE-2025-0520 (CVSS score of 9.4), affecting ShowDoc is under active exploitation in the wild. ShowDoc is an online tool that helps IT teams share documents and improve collaboration…

Read more →

AI, china, Cybersecurity, Exploits, Global Security News, Risk Management

Attackers target unpatched ShowDoc servers via CVE-2025-0520

A critical RCE flaw, tracked as CVE-2025-0520, in ShowDoc is being actively exploited, putting unpatched servers at serious risk. A critical remote code execution flaw, tracked as CVE-2025-0520 (CVSS score of 9.4), affecting ShowDoc is under active exploitation in the wild. ShowDoc is an online tool that helps IT teams share documents and improve collaboration…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security

Marimo RCE Flaw Exploited Within Hours of Disclosure

A vulnerability in the open-source Marimo Python notebook platform is already being actively exploited, underscoring how quickly attackers can turn newly disclosed flaws into real-world attacks.  Less than 10 hours after public disclosure, threat actors developed a working exploit and began targeting exposed systems. “Within 9 hours and 41 minutes of the vulnerability advisory’s publication,…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management

CVE-2026-35616: FortiClient EMS Flaw Under Active Exploitation

Fortinet disclosed a critical FortiClient EMS vulnerability that is already being exploited in the wild.  The flaw could allow unauthenticated attackers to bypass API protections and execute unauthorized code or commands on exposed systems.  “This is a zero-day. While there is no full patch, we have to give credit where credit is due: Fortinet has…

Read more →

AI, Apps, Endpoint, Global Security News, Risk Management

How often are redirects used in phishing in 2026?, (Mon, Apr 6th)

In one of his recent diaries, Johannes discussed how open redirects are actively being sought out by threat actors[1], which made me wonder about how commonly these mechanisms are actually misused… Although open redirect is not generally considered a high-impact vulnerability on its own, it can have multiple negative implications. Johannes already covered one in…

Read more →

AI, APAC, Data Breaches, Global Security News, Government & Policy

Medtech giant Stryker says it’s back up after Iranian cyberattack

Medtech company Stryker says it’s back to being “fully operational,” three weeks after it became the most prominent victim to date of Iranian hackers, who said they attacked the Michigan-based company in retaliation over the conflict with the United States and Israel. A March 11 wiper attack from the pro-Palestinian, Iranian government-connected group Handala damaged…

Read more →

AI, Global Security News, malware

TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware

TeamPCP continues is supply chain compromise rampage, with telnyx on PyPI being the latest maliciously modified package. What happened? Telnyx is a widely used software development kit (SDK) for the Telnyx AI Voice Agent service. According to Endor Labs researchers, attackers backdoored the legitimate SDK code and published versions 4.87.1 and 4.87.2 of the package…

Read more →

AI, Exploits, Global Security News

DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover

A new exploit kit for Apple iOS devices designed to steal sensitive data from is being wielded by multiple threat actors since at least November 2025, according to reports from Google Threat Intelligence Group (GTIG), iVerify, and Lookout. According to GTIG, multiple commercial surveillance vendors and suspected state-sponsored actors have utilized the full-chain exploit kit,…

Read more →

AI, Global Security News, malware

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. “The attack targets Python projects — including Django apps, ML research code, Streamlit dashboards, and PyPI packages — by appending obfuscated code to files like setup.py, main.py, and app.py,”…

Read more →

AI, Global Security News

Codoxo’s Deepfake Detection identifies AI-generated medical records for health plans

Codoxo has announced the launch of Deepfake Detection, an AI-driven fraud detection tool now being deployed by health plans across the U.S. The solution helps identify AI-generated or manipulated medical documentation and diagnostic images submitted in support of claims before payment is made. Healthcare fraud is already a multibillion-dollar problem, and generative AI is turning…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management

Teams Social Engineering Campaign Drops A0Backdoor Malware

Microsoft Teams impersonation and social engineering tactics are being used in an ongoing campaign to deliver a stealthy malware payload known as A0Backdoor.  Researchers at BlueVoyant report that the operation combines social engineering techniques, malicious installers, and covert command-and-control (C2) communications to gain persistent access within targeted networks. “The malware’s loader exhibits anti-sandbox evasion, and…

Read more →

AI, Compliance, Data Breaches, Exploits, Global Security News, malware

When AI safety constrains defenders more than attackers

Security teams are being urged to adopt AI copilots for threat modeling, phishing simulations, and SOC workflows. Yet many of the most widely deployed, enterprise-approved AI systems struggle to support realistic defensive scenarios once prompts resemble real-world attack behavior. This is not because such activity is inherently malicious, but because mainstream AI safety models are…

Read more →

AI, Apps, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management, Russia

CleanMyMac Imposter Site Installs SHub Stealer on Macs

A fake version of the popular Mac utility CleanMyMac is being used to trick users into installing data-stealing malware. The campaign uses a fraudulent website that instructs visitors to manually run a command in Terminal, which secretly installs a macOS infostealer known as SHub Stealer.  This malware steals “… sensitive data including saved passwords, browser…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, malware, Network Security

Teenage hacker myth primed for a middle-age criminal makeover

The Hollywood image of criminal hackers being largely teenage ne’er do wells is due for an update. That’s because profit-seeking career criminals — often approaching middle age — make up the largest cohort of today’s cybercriminals, according to an analysis of criminal cases carried out by Orange Cyberdefence. The Orange Group’s cybersecurity unit analysed 418…

Read more →

AI, Global Security News, privacy, Risk Management

Workers reviewing Meta Ray-Ban footage encounter users’ intimate moments

Bank details and intimate moments captured without people realizing they are being recorded are the new privacy nightmare behind the latest tech fashion hit, Meta Ray-Ban smart glasses. A joint investigation by Svenska Dagbladet and Göteborgs-Posten found that footage and audio recorded by Meta’s Ray-Ban smart glasses are reviewed by human contractors in Kenya, including…

Read more →

AI, Exploits, Global Security News, Network Security, Risk Management

Security hole could let hackers take over Juniper Networks PTX core routers

Network admins with Juniper PTX series routers in their environments are being warned to patch immediately, because a newly-discovered critical vulnerability could lead to an unauthenticated threat actor running code with root privileges. The hole is “especially dangerous, because these devices often sit in the middle of the network, not on the fringes,” said Piyush…

Read more →

AI, APAC, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management

Ransomware, Zero-Days, and Data Breaches Shape This Week’s Cybersecurity Landscape

This week, a Dell vulnerability is being actively exploited, an Apache flaw allows bypass of RBAC, and over 41% of OpenClaw skills are vulnerable. Major Threats & Vulnerabilities Zero-Day Vulnerabilities A zero-day vulnerability in Dell RecoverPoint is being actively exploited to deploy web shells and backdoors in VMware environments. This highlights the urgent need for…

Read more →

AI, Global Security News, malware

Criminals create business website to sell RAT disguised as RMM tool

A RAT masquerading as legitimate remote monitoring and management (RMM) software is being sold to cybercriminals as a service, Proofpoint researchers recently discovered. The fake RMM tool, called TrustConnect, was being marketed via an LLM-created website parked on trustconnectsoftware[.]com, supposedly belonging to “TrustConnect Software PTY LTD”. “The malware creator uses the domain as the ‘business…

Read more →

AI, APAC, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management

Ivanti EPMM Vulnerabilities Actively Exploited in the Wild

Two vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) are being actively exploited in the wild, putting thousands of enterprise mobile management systems at risk.  The flaws allow unauthenticated attackers to remotely execute arbitrary code on vulnerable servers, potentially giving them full control over corporate mobile device management (MDM) environments. “Palo Alto Networks Cortex Xpanse has…

Read more →

AI, APAC, Apps, china, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

Zero-Day in Dell RecoverPoint Enables GRIMBOLT Backdoor 

A zero-day vulnerability in Dell RecoverPoint for Virtual Machines is being actively exploited to deploy backdoors and pivot deeper into enterprise networks.  The flaw has reportedly been abused since at least mid-2024 by a suspected China-linked threat cluster. “Beyond the Dell appliance exploitation, Mandiant observed the actor employing novel tactics to pivot into VMware virtual…

Read more →

AI, Global Security News, Risk Management

SecureClaw: Dual stack open-source security plugin and skill for OpenClaw

AI agent frameworks are being used to automate work that involves tools, files, and external services. That type of automation creates security questions around what an agent can access, what it can change, and how teams can detect risky behavior. SecureClaw is an open-source project that adds security auditing and rule-based controls to OpenClaw agent…

Read more →

AI, Compliance, Global Security News, Government & Policy, Risk Management

Pentagon Weighs Axing $200M Anthropic Deal in Moral Standoff Over AI Safeguards

Here’s a sentence you don’t hear every day: the US military is threatening to punish an AI company for being too ethical. Axios reported that Defense Secretary Pete Hegseth is “close” to cutting ties with Anthropic and designating it a “supply chain risk,” a label normally reserved for foreign adversaries like Chinese tech firms. The…

Read more →

AI, Apps, Compliance, Endpoint, Global Security News, Risk Management

Proofpoint Wants Visibility Into How AI Really Works

Security teams are being asked to protect a workspace that now includes AI acting alongside people. Once AI has access to systems and data, securing the workflow becomes a very different animal. That’s the backdrop for Proofpoint’s acquisition of Acuvity, a startup focused on AI security and governance. The deal is aimed at adding AI-native…

Read more →

AI, APAC, Apps, Global Security News, Infrastructure, Risk Management

Java Adoption Accelerates for AI Workloads, Azul Survey Finds

Java is increasingly being positioned as a core language for enterprise AI development, even as organizations accelerate plans to move away from Oracle Java due to pricing and licensing concerns, according to Azul’s newly released 2026 State of Java Survey & Report. The annual study is based on responses from more than 2,000 Java professionals…

Read more →

AI, Data Breaches, Exploits, Global Security News, Risk Management

ACCC: Australians living with disability at risk of exploitation by NDIS providers breaching consumer laws

The ACCC says participants in the National Disability Insurance Scheme (NDIS) are being targeted by NDIS providers’ deceptive advertising practices and other behaviours banned by consumer law, a new report has found. Whilst these practices are not universal, the scale and types of complaints the ACCC is hearing about is concerning.

Read more →

AI, CISA, Don't miss, Exploits, Global Security News, Hot stuff, News

CISA confirms exploitation of VMware ESXi flaw by ransomware attackers

CVE-2025-22225, a VMware ESXi arbitrary write vulnerability, is being used in ransomware campaigns, CISA confirmed on Wednesday by updating the vulnerability’s entry in its Known Exploited Vulnerabilities (KEV) catalog. Researchers linked VMware ESXi zero-day trio to single exploit toolkit Broadcom fixed CVE-2025-22225, CVE-2025-22224 (a heap overflow vulnerability) and CVE-2025-22226 (an information disclosure flaw) in VMware…

Read more →