Geek-Guy.com

Tag: core

Global Security News, AI, Exploits, Cybersecurity, Risk Management, Apps, malware, Data Breaches

AI Is Reshaping the Future of Cyber Resilience

Cyber resilience has been a core focus in cybersecurity for years.  During my recent conversation with Brandon Willitts, Director of Product Management for Cyber Resilience at Everpure, it became clear that artificial intelligence (AI) is rapidly changing how organizations approach resilience strategies.  According to Willitts, AI is not creating entirely new security problems as much…

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, malware, Risk Management

The Underground Malware-Signing-as-a-Service That Makes Ransomware Look “Verified” on Windows

The Core Technical Concept: Code Signing At the center of Microsoft’s disruption of the Fox Tempest cybercrime operation is a foundational trust mechanism that modern operating systems rely on heavily: code signing. Code signing is a cryptographic trust framework used by operating systems such as Windows to verify both the integrity and origin of executable…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

U.S. CISA adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-9082 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Drupal issued a highly critical security patch on May…

Read more →

AI, Endpoint, Exploits, Global Security News, Risk Management

CVE-2026-9082: Highly Critical Drupal Core SQL Injection Flaw Threatens PostgreSQL Sites

Drupal has released security updates for a “highly critical” security vulnerability in Drupal Core that can be exploited by anonymous attackers against sites using PostgreSQL databases. Tracked as the CVE-2026-9082 vulnerability, the issue resides in Drupal’s database abstraction API, which is supposed to sanitize queries before they reach the backend database. Drupal rates the flaw…

Read more →

AI, Exploits, Global Security News

Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks

Drupal has released security updates for a “highly critical” security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure. The vulnerability, now tracked as CVE-2026-9082, carries a CVSS score of 6.5 out of 10.0, per CVE.org. Drupal said the vulnerability resides in a database…

Read more →

AI, Apps, Compliance, Europe, Exploits, Global Security News, Risk Management

News alert: Orchid Security study finds invisible identities now outnumber managed accounts

NEW YORK, May 19, 2026, CyberNewswire—Orchid Security, the company solving identity at its core, today released its Identity Gap: 2026 Snapshot report, revealing that the majority of enterprise identity now exists outside the view of identity and access management systems. The report found that invisible identity (“identity dark matter”) now outweighs visible identity across enterprise…

Read more →

AI, Apps, Data Breaches, Global Security News, Government & Policy, Network Security, Risk Management

Canonical Hit by Sustained DDoS Attack, Disrupting Ubuntu Services Worldwide

Canonical’s web infrastructure was knocked offline by a distributed denial-of-service (DDoS) attack, disrupting core Ubuntu services relied on by developers and security teams globally.  “A direct extortion message sent to the Ubuntu team by the hacktivist group ‘The Islamic Cyber Resistance in Iraq – 313 Tea,’ has been detected,” said VECERT Analyzer in their X…

Read more →

AI, Apps, Exploits, Global Security News, Risk Management

CVE-2026-40372: Critical ASP.NET Core Flaw May Let Attackers Gain SYSTEM Privileges

Microsoft has released out-of-band updates for CVE-2026-40372, a high-impact ASP.NET Core privilege-escalation vulnerability tied to the platform’s Data Protection cryptographic APIs. Public reporting says the flaw carries a CVSS score of 9.1 and could allow an unauthenticated attacker to forge authentication material and ultimately obtain SYSTEM privileges on affected systems. The issue stands out not…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

CVE-2026-40372: Microsoft Patches ASP.NET Core Privilege Escalation Vulnerability

Microsoft has released an out-of-band update to fix an ASP.NET Core vulnerability that could allow attackers to take full control of affected systems.  The flaw enables unauthenticated privilege escalation, increasing risk for enterprises running .NET workloads.  “Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network,” said…

Read more →

AI, Apps, Exploits, Global Security News, Network Security, Risk Management

Microsoft out-of-band updates fixed critical ASP.NET Core privilege escalation flaw

Microsoft fixed critical ASP.NET Core vulnerability, tracked as CVE-2026-40372 (CVSS score of 9.1), that lets attackers escalate privileges. Microsoft released out-of-band updates to address a serious ASP.NET Core vulnerability tracked as CVE-2026-40372 (CVSS score of 9.1). Microsoft fixed the flaw in ASP.NET Core version 10.0.7. An attacker could exploit the flaw to gain SYSTEM-level privileges, access…

Read more →

Global Security News

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges. The vulnerability, tracked as CVE-2026-40372, carries a CVSS score of 9.1 out of 10.0. It’s rated Important in severity. An anonymous researcher has been credited with discovering and reporting the flaw. “Improper verification of…

Read more →

AI, Global Security News, Network Security, Russia

Scottish man pleads guilty to attack spree that created Scattered Spider’s notoriety

A core leader of the hacker subset of The Com responsible for a series of high-profile phishing attacks and cryptocurrency thefts from September 2021 to April 2023 pleaded guilty to federal charges, the Justice Department said Friday.  Tyler Robert Buchanan of Dundee, Scotland, pleaded guilty to conspiracy to commit wire fraud and aggravated identity theft.…

Read more →

AI, Global Security News

DXC Partners with ServiceNow on a New Wave of AI-first Enterprise Transformation

DXC adopts ServiceNow’s Core Business Suite as Customer Zero, activating agentic AI across core business functions for a Global Business Services-led transformation   The partnership combines DXC’s transformation expertise with the ServiceNow AI Platform to power smarter, more resilient operations across the enterprise   DXC will enable customers to replicate these transformation outcomes at scale 

Read more →

AI, Compliance, Global Security News

ZeroEyes Expands AI Security Platform Beyond Gun Detection

ZeroEyes is expanding beyond its core AI gun-detection roots, rolling out new analytics capabilities and product lines to deliver a more unified physical security platform for enterprises, public sector organizations, and channel partners. ZeroEyes broadens platform beyond gun detection The Philadelphia-based company announced it is adding knife detection, suspect tracking, and a broader analytics suite…

Read more →

AI, Apps, Compliance, Data Security, Global Security News, Government & Policy, Network Security, Risk Management

RSAC 2026: AI Security Tools Aim to Cut Response Time

Security vendors at RSAC 2026 are zeroing in on one core problem: investigation speed.  Across the show floor, new AI-powered tools promise to cut threat response times from hours to seconds while helping overwhelmed security teams keep pace with rising alert volumes. From autonomous investigation agents to platforms designed to secure enterprise AI systems, this…

Read more →

AI, APAC, Apps, Compliance, Cybersecurity, Endpoint, Global Security News, Network Security, privacy, Risk Management

Telemetry Pipeline: How It Works and Why It Matters in 2026

A telemetry pipeline has become a core layer in modern security operations because teams no longer send data from applications, infrastructure, and cloud services straight into a single backend and hope for the best. In 2026, most environments are distributed across cloud, hybrid, and on-prem systems, which means more services, more data sources, more formats,…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

AI Email Summaries Create a New Phishing Attack Surface

Artificial intelligence (AI) assistants are rapidly becoming a core part of workplace productivity, but new research suggests they may also introduce a previously overlooked phishing vector.  Permiso researchers found that attacker-controlled text embedded in emails can manipulate Microsoft Copilot summaries through cross prompt injection attacks (XPIA), potentially inserting deceptive security alerts or malicious prompts into…

Read more →

AI, Global Security News

VulHunt: Open-source vulnerability detection framework

Binarly has published VulHunt Community Edition, making the core scanning engine from Binarly’s commercial Transparency Platform available to independent researchers and practitioners. What VulHunt does VulHunt Community Edition is a framework for detecting vulnerabilities in compiled software. It operates against multiple binary representations simultaneously, working across disassembly, an intermediate representation layer, and decompiled code. Targets…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

Epic Fury introduces new layer of enterprise risk

Operation Epic Fury — the US administration’s sustained kinetic pressure on core Iranian regime assets — introduces a new layer of operational risk for every multinational with people, assets, or dependencies in the Middle East region and beyond. The immediate briefings from Washington — early damage assessments, stated intent, geopolitical framing, and situational updates and…

Read more →

AI, Global Security News, Network Security

IPFire ships its 200th core update with a new domain blocklist and kernel upgrade

Network firewall distribution IPFire released Core Update 200, marking the 200th incremental update to the 2.29 branch. The release bundles a kernel upgrade, a beta domain blocklist service, security patches for OpenSSL and glibc, and a range of component updates. The kernel has been rebased on Linux 6.18.7 LTS, bringing updated hardware security mitigations alongside…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management

Inside AWS Security Agent: A multi-agent architecture for automated penetration testing

AI agents have traditionally faced three core limitations: they can’t retain learned information or operate autonomously beyond short periods, and they require constant supervision. AWS addresses these limitations with frontier agents—a new category of AI that performs complex reasoning, multi-step planning, and autonomous execution for hours or days. Multi-agent collaboration has emerged as a powerful…

Read more →

Apps, Global Security News

Coroot: Open-source observability and APM tool

Coroot is an open-source observability and application performance monitoring tool. The core software, published in Go and accompanied by companion repositories such as coroot-node-agent, focuses on collecting telemetry data across systems. It uses extended Berkeley Packet Filter (eBPF) technology to gather metrics and trace inter-service communications without manual instrumentation of application code. Coroot collects standard…

Read more →

AI, Global Security News

Redpanda brings identity, policy control, and data governance to AI agents

Redpanda announced the availability of new core capabilities in the Redpanda Agentic Data Plane (ADP), including a centralized AI gateway, AI observability and evaluation via OpenTelemetry, AI agents, and unified authentication and authorization. Together, these features form a unified governance layer that allows enterprises to securely connect AI agents and Model Context Protocol (MCP) servers…

Read more →

AI, APAC, Apps, Global Security News, Infrastructure, Risk Management

Java Adoption Accelerates for AI Workloads, Azul Survey Finds

Java is increasingly being positioned as a core language for enterprise AI development, even as organizations accelerate plans to move away from Oracle Java due to pricing and licensing concerns, according to Azul’s newly released 2026 State of Java Survey & Report. The annual study is based on responses from more than 2,000 Java professionals…

Read more →