Geek-Guy.com

Tag: confirmed

AI, Global Security News

Brute-force attack triggers Dashlane account lockouts

Password manager Dashlane has confirmed that a brute-force attack targeting user accounts triggered temporary account suspensions and authentication issues. The company first acknowledged the incident on May 31 after users reported receiving account suspension emails and experiencing login problems. “Your account has been temporarily suspended for security reasons as someone has attempted to register a…

Read more →

AI, Apps, Exploits, Global Security News, Government & Policy, Network Security, privacy, Risk Management

The Pentagon Finally Admits That Location Data Is a Battlefield Problem

The Pentagon confirmed adversaries are using commercial location data to track U.S. troops, exposing risks tied to smartphones and ad-tech networks. For years, security researchers, privacy advocates, and intelligence analysts have been warning about the same thing: smartphone location data isn’t just an advertising product. It’s surveillance infrastructure that anyone with enough money can access.…

Read more →

AI, Data Breaches, Global Security News

Cybercriminals sail away with data from 6 million Carnival customers

Carnival Corporation, one of the world’s largest cruise operators, confirmed a data breach weeks after the ShinyHunters hacking group claimed it had stolen millions of customer records. Carnival acknowledged a phishing incident involving a single employee account and stated that it was investigating the scope of the unauthorized activity. “On April 14, 2026, the company’s…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Global Security News, Network Security, Risk Management

ShinyHunters Alleges 42M Records Stolen from Charter Communications  

Charter Communications confirmed a cybersecurity incident after the ShinyHunters extortion group claimed it stole customer data and threatened to leak the information unless a ransom was paid.   The company, which operates under the Spectrum brand, said it is investigating the incident and coordinating with authorities.   “The Charter breach is a reminder that the most sophisticated…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Global Security News, Risk Management

Grafana confirms GitHub token breach cybercrime group claims the attack

Grafana confirmed a GitHub token breach that exposed source code, but said no customer data or systems were affected. Grafana Labs confirmed a security incident after the extortion group Coinbase Cartel listed it on a leak site and claimed data theft on May 15. The breach was triggered by a compromised token that gave attackers…

Read more →

AI, Apps, Data Breaches, Europe, Global Security News

ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed

7-Eleven confirmed a breach after ShinyHunters claimed theft of over 600,000 Salesforce records and franchisee data. 7-Eleven has confirmed a data breach after the ShinyHunters hacking group claimed it stole more than 600,000 Salesforce records containing personal and corporate information. “Over 600k Salesforce records containing PII and other internal corporate data have been compromised.” The…

Read more →

Global Security News, malware

Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations

A new analysis of the Lua-based fast16 malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations. According to Broadcom-owned Symantec and Carbon Black teams, the pre-Stuxnet tool was engineered to corrupt uranium-compression simulations that are central to nuclear weapon design. “Fast16’s hook engine is selectively interested…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, Risk Management

Nitrogen Ransomware claims massive data theft from Foxconn

Foxconn confirmed a cyberattack on some North American factories. The Nitrogen ransomware group claims it stole 8TB of data from the firm. Foxconn confirmed that several of its North American factories were affected by a cyberattack. The manufacturer confirmed it was targeted by threat actors after the Nitrogen ransomware group listed it on its Tor…

Read more →

AI, Cybersecurity, Global Security News

TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace. “If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa_1c16 that was published on December 17, 2025 or previously,” the cybersecurity company said in a statement over the…

Read more →

AI, Data Breaches, Europe, Exploits, Global Security News, Risk Management, Russia

Cyberattacks on Poland’s Water Plants: A Blueprint for Hybrid Warfare

Poland’s ABW confirmed hackers breached ICS at five water plants, gaining ability to alter equipment settings. Russia-linked APT groups suspected. Poland’s Internal Security Agency (ABW) has published a detailed account of a sustained campaign targeting the country’s water plants, documenting security breaches at five water treatment facilities in 2025. The incidents mark one of the…

Read more →

AI, Global Security News

Your AI Agents Are Already Inside the Perimeter. Do You Know What They’re Doing?

Analysts recently confirmed what identity security teams have quietly feared: AI agents are being deployed faster than enterprises can govern them. In their inaugural Market Guide for Guardian Agents, Gartner states that “enterprise adoption of AI agents is accelerating, outpacing maturity of governance policy controls.” Enterprise leaders can request access to the Gartner Market Guide…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, Network Security

Medtronic discloses security incident after ShinyHunters claimed theft of 9M+ records

Medtronic confirmed a breach of its IT systems after ShinyHunters claimed the theft of over 9 million records. Medtronic confirmed a cyberattack on its corporate IT systems after the hacker group ShinyHunters claimed to have stolen over 9 million records. The company did not share details on the security breach. Medtronic is an international medical…

Read more →

AI, Apps, Data Breaches, Global Security News, Network Security, Risk Management

Vercel Confirms Security Incident as Threat Actor Claims Stolen Data for Sale

Cloud development platform Vercel has confirmed a security incident involving unauthorized access to internal systems, after a threat actor claimed to be selling stolen company data online.  “We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems,” said the company in its advisory. Threat Actor Claims Access to Vercel Systems  Vercel…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

McGraw-Hill Confirms Data Exposure Tied to Salesforce Issue 

McGraw-Hill has confirmed unauthorized access to a limited set of internal data following a reported Salesforce misconfiguration.  The disclosure comes after an extortion threat that raised questions about the scale and sensitivity of the incident.  “ShinyHunters has no shortage of options for potential follow-up campaigns. They can target instructors with convincingly branded messages, pivot into…

Read more →

AI, china, Cybersecurity, Exploits, Funding, Global Security News, Government & Policy, Network Security, Risk Management, Russia

Secretary Mullin must help finish the job: Urge the Senate to confirm Plankey

On March 23, the Senate confirmed Senator Markwayne Mullin as the next homeland security secretary, marking an important step in strengthening leadership during a critical moment for our nation’s security. But only half of the job is done. The Cybersecurity and Infrastructure Security Agency (CISA), the federal government’s main civilian cyber defense agency, still lacks…

Read more →

AI, Global Security News

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman said the attackers tailored their social engineering efforts “specifically to me” by first approaching him under the guise of the founder of…

Read more →

AI, Global Security News

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026. “Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers,” the&

Read more →

AI, Data Breaches, Europe, Global Security News

Trivy supply chain attack enabled European Commission cloud breach

CERT-EU confirmed that ShinyHunters are behind the recent breach of the cloud infrastructure underpinning websites of the European Commission, and that they stole and subsequently leaked approximately 340 GB of data. “Analysis of the published dataset has so far confirmed the presence of personal data, including lists of names, last names, usernames, and email addresses,…

Read more →

AI, Compliance, Funding, Global Security News, Government & Policy, Risk Management

House Dems decry confirmed ICE usage of Paragon spyware

Immigration and Customs Enforcement has confirmed it is using Paragon spyware, prompting outrage Thursday from a trio of House Democrats. In response to a letter from the lawmakers inquiring about Paragon’s use, acting ICE Director Todd Lyons wrote that he had authorized the use of “cutting-edge technological tools” to help the Homeland Security Investigations division…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management

Chrome Vulnerability CVE-2026-5281 Exploited in the Wild

Google has released a Chrome update for multiple high-severity flaws and confirmed that one of the vulnerabilities is being actively exploited in the wild.  We are “… aware that an exploit for CVE-2026-5281 exists in the wild,” said Google in its advisory. Inside CVE-2026-5281 The vulnerability, tracked as CVE-2026-5281, is a use-after-free flaw affecting Chrome’s…

Read more →

AI, Cybersecurity, Data Breaches, Global Security News, Network Security

Cybercriminals take aim at Hasbro, weeks of recovery ahead

Hasbro, an American toy maker with more than 5,000 employees, confirmed a cyberattack and proactively took certain systems offline. The intrusion was detected on March 28, and the company promptly activated its incident response protocols. The company said the investigation is ongoing with support from third-party cybersecurity professionals as it works to determine the scope…

Read more →

AI, Data Breaches, Europe, Global Security News, Risk Management

Second data breach at European Commission this year leaves questions over resilience

The European Commission confirmed that a cyberattack impacted cloud infrastructure hosting its web presence on the Europa.eu platform. Authorities said the cyberattack was discovered on 24 March, and early findings from the ongoing investigation suggest data were taken from the affected websites. There is no indication that the Commission’s internal systems were affected by the…

Read more →

AI, Cybersecurity, Data Breaches, Europe, Global Security News, Network Security

The European Commission confirmed a cyberattack affecting part of its cloud systems

The European Commission confirmed a cyberattack affecting part of its cloud systems, now contained, with no impact on internal networks. On March 24, the European Commission detected a cyberattack affecting the cloud infrastructure hosting its Europa.eu websites. The incident was quickly contained, with mitigation measures applied and no disruption to website availability. Early findings suggest…

Read more →

AI, Global Security News, privacy

Apple: Local business ads are coming to Apple Maps

Following years of speculation, Apple has confirmed it intends to introduce advertising in Apple Maps — specifically a business-focused offering designed to grab a chunk of the estimated $296 billion location-based ads market.  Announced alongside big changes in Apple’s services for business, including international introduction of services previously available with Apple Business Essentials in the…

Read more →

AI, Exploits, Global Security News

Cisco warns of SD-WAN Manager exploitation, fixes 48 firewall vulnerabilities

Cisco has confirmed that two Catalyst SD-WAN Manager vulnerabilities (CVE-2026-20128 and CVE-2026-20122) patched in late February 2025 are being exploited by attackers. The exploited vulnerabilities (CVE-2026-20128, CVE-2026-20122) CVE-2026-20128 is a bug in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager, which could allow an authenticated, local attacker to gain DCA user privileges…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News

Oracle EBS 2025 campaign impacts Madison Square Garden, sensitive data leaked

Madison Square Garden confirmed a data breach tied to the 2025 Oracle E-Business Suite hacking campaign. Madison Square Garden (MSG) has confirmed it was affected by a data breach linked to the 2025 cybercrime campaign targeting Oracle’s E-Business Suite (EBS) customers. Madison Square Garden (MSG) is a world-famous multi-purpose indoor arena located in New York…

Read more →

AI, Global Security News, Government & Policy

NATO greenlights iPhone and iPad for classified information handling

Apple confirmed that the iPhone and iPad have been approved for use with classified information in NATO restricted environments. The devices will no longer require special software or settings to handle NATO restricted-level information. “This achievement recognizes that Apple has transformed how security is traditionally delivered. Prior to iPhone, secure devices were only available to…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

ShinyHunters Claims Wynn Resorts Data Theft

Wynn Resorts has confirmed that employee data was accessed by an unauthorized third party after the company appeared on the ShinyHunters extortion group’s leak site. The casino and hospitality giant said it activated its incident response plan immediately upon discovering the intrusion. “We have learned that an unauthorized third party acquired certain employee data,” Wynn…

Read more →

AI, Cybersecurity, Data Breaches, Endpoint, Global Security News, Network Security, Risk Management

Global Chip Supplier Advantest Discloses Cyber Incident 

Japanese semiconductor equipment company Advantest has confirmed it was hit by a ransomware attack after detecting unusual activity inside its corporate network on February 15.  The company says an unauthorized third party may have accessed internal systems and deployed ransomware, potentially affecting sensitive data tied to customers or employees. “Preliminary findings appear to indicate that…

Read more →

Global Security News

Japanese chip-testing toolmaker Advantest suffers ransomware attack

Japanese tech testing company Advantest has suffered a ransomware attack, the company confirmed last Thursday, after detecting unusual activity within its IT environment on February 15, 2026. What happened? Tokyo-based Advantest is a leading manufacturer of automatic test and measurement equipment used in the design and production of semiconductors that used in computers, electronic devices…

Read more →

AI, Apps, Compliance, Data Breaches, Data Security, Global Security News, Network Security, Risk Management

Microsoft 365 Copilot Bug Circumvented DLP Controls

Microsoft has confirmed a bug in Microsoft 365 Copilot Chat that allowed the AI assistant to summarize emails labeled as confidential, even when sensitivity labels and data loss prevention (DLP) policies were in place.  The issue, first identified on Jan. 21, 2026 and tracked internally as CW1226324, impacted Copilot’s “work tab” chat feature. “Without proper…

Read more →

AI, Data Breaches, Global Security News

Adidas investigates alleged data breach affecting 815,000 records

Adidas confirmed it is investigating a possible data breach involving one of its third-party customer service providers. The company stated that there is no indication its IT infrastructure, e-commerce platforms, or consumer data were impacted by the incident. An individual claiming to belong to the Lapsus$ Group posted on BreachForums alleging they had compromised the…

Read more →

AI, Apps, Data Breaches, Global Security News, Network Security, Risk Management

Japan’s Washington Hotel Reports Ransomware Attack

Washington Hotel Corporation has confirmed a ransomware attack that compromised several internal servers, triggering containment measures and an ongoing investigation into potential data exposure.  The incident was detected when unauthorized access was identified across multiple systems. “Unauthorized access to various business data stored on our servers has been confirmed. The information leak is currently under…

Read more →

AI, Data Breaches, Global Security News, Risk Management

Fintech firm Figure disclosed data breach after employee phishing attack

Fintech firm Figure confirmed a data breach after hackers used social engineering to trick an employee and steal a limited number of files. Blockchain-based lending firm Figure confirmed a data breach after an employee fell victim to a social engineering attack. According to a company spokesperson, the incident allowed hackers to access and steal a…

Read more →

AI, Data Breaches, Exploits, Global Security News, Network Security

Warlock Ransomware Breaches SmarterTools Through Unpatched SmarterMail Server

SmarterTools confirmed last week that the Warlock (aka Storm-2603) ransomware gang breached its network by exploiting an unpatched SmarterMail instance. The incident took place on January 29, 2026, when a mail server that was not updated to the latest version was compromised, the company’s Chief Commercial Officer, Derek Curtis, said. “Prior to the breach, we…

Read more →

AI, Breaking News, Cybersecurity, Data Breaches, Endpoint, Europe, Exploits, Global Security News, Government & Policy, hacking, hacking news, intelligence, Security

Dutch agencies hit by Ivanti EPMM exploit exposing employee contact data

Dutch agencies confirmed attacks exploiting Ivanti EPMM flaws that exposed employee contact data at the data protection authority and courts. Dutch authorities said cyberattacks hit the Dutch Data Protection Authority and the Council for the Judiciary after hackers exploited newly disclosed flaws in Ivanti Endpoint Manager Mobile (EPMM). The incidents were reported to parliament, and…

Read more →

Endpoint, Exploits, Global Security News

Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data

The Netherlands’ Dutch Data Protection Authority (AP) and the Council for the Judiciary confirmed both agencies (Rvdr) have disclosed that their systems were impacted by cyber attacks that exploited the recently disclosed security flaws in Ivanti Endpoint Manager Mobile (EPMM), according to a notice sent to the country’s parliament on Friday. “On January 29, the…

Read more →

AI, Apps, Breaking News, Exploits, Global Security News, hacking, hacking news, information security news, Network Security, Security

Attackers abuse SolarWinds Web Help Desk to install Zoho agents and Velociraptor

Huntress confirmed active SolarWinds Web Help Desk exploits, where attackers installed Zoho tools for persistence, and used Velociraptor for control. On February 7, 2026, Huntress investigated an active attack abusing SolarWinds Web Help Desk flaws. Attackers exploited unpatched versions to run code remotely, then quickly installed Zoho ManageEngine tools for persistent remote access and Cloudflare…

Read more →

AI, Apps, Breaking News, Exploits, Global Security News, hacking, hacking news, information security news, Network Security, Security

Attackers abuse SolarWinds Web Help Desk to install Zoho agents and Velociraptor

Huntress confirmed active SolarWinds Web Help Desk exploits, where attackers installed Zoho tools for persistence, and used Velociraptor for control. On February 7, 2026, Huntress investigated an active attack abusing SolarWinds Web Help Desk flaws. Attackers exploited unpatched versions to run code remotely, then quickly installed Zoho ManageEngine tools for persistent remote access and Cloudflare…

Read more →

AI, Apps, Breaking News, Exploits, Global Security News, hacking, hacking news, information security news, Network Security, Security

Attackers abuse SolarWinds Web Help Desk to install Zoho agents and Velociraptor

Huntress confirmed active SolarWinds Web Help Desk exploits, where attackers installed Zoho tools for persistence, and used Velociraptor for control. On February 7, 2026, Huntress investigated an active attack abusing SolarWinds Web Help Desk flaws. Attackers exploited unpatched versions to run code remotely, then quickly installed Zoho ManageEngine tools for persistent remote access and Cloudflare…

Read more →

AI, Apps, Breaking News, Exploits, Global Security News, hacking, hacking news, information security news, Network Security, Security

Attackers abuse SolarWinds Web Help Desk to install Zoho agents and Velociraptor

Huntress confirmed active SolarWinds Web Help Desk exploits, where attackers installed Zoho tools for persistence, and used Velociraptor for control. On February 7, 2026, Huntress investigated an active attack abusing SolarWinds Web Help Desk flaws. Attackers exploited unpatched versions to run code remotely, then quickly installed Zoho ManageEngine tools for persistent remote access and Cloudflare…

Read more →

AI, Cybercrime, data breach, Data Breaches, Global Security News, hacking, hacking news, Uncategorized

Hacker claims theft of data from 700,000 Substack users; Company confirms breach

Substack confirmed a data breach after a hacker leaked data from nearly 700,000 users, including email addresses and phone numbers. Substack is an online platform for publishing email‑based newsletters and blogs, with built‑in paid subscriptions and basic analytics. It’s free to start; creators pay a fee on paid plans. In 2026 it’s estimated to serve…

Read more →