Geek-Guy.com

Tag: exploit

Endpoint, Exploits, Global Security News

Simplify security management with CIS SecureSuite Platform

New operating systems prioritize usability, a reality which threat actors use to exploit security gaps. Every misconfiguration creates an opportunity for compromise, and lean teams struggle in their security management efforts to harden hundreds or thousands of endpoints. CIS SecureSuite Membership simplifies the process with tools, benefits, and resources for implementing the secure recommendations of…

Read more →

AI, APAC, Cybersecurity, Exploits, Global Security News

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed HTTP/2 Bomb by Calif. “The vulnerable behavior exists in each server’s default HTTP/2 configuration,” the company said, adding it was discovered by OpenAI Codex by chaining

Read more →

AI, Endpoint, Exploits, Global Security News, malware

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware. “The campaign abused trusted endpoint management infrastructure to deliver malware across managed endpoints,” Arctic Wolf said. “Threat actors disguised the credential stealer payload as a Fortinet endpoint

Read more →

AI, Exploits, Global Security News, Risk Management

Zapier exploit chain shows how known anti-patterns compose into critical risk

A five-stage exploit chain disclosed by Token Security researchers turned a free Zapier account into write access on Zapier’s public developer SDK packages and on internal packages that load in every authenticated zapier.com session. Each link in the chain was a known anti-pattern. The composition across five systems was the finding. Zapier triaged the report…

Read more →

AI, Exploits, Global Security News, Risk Management

PinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch

PinTheft is a Linux LPE flaw in the RDS subsystem with public exploit code. Arch Linux users face the highest risk and should patch immediately. The wave of Linux local privilege escalation vulnerabilities showing up with working exploit code is not slowing down. The latest is PinTheft, discovered by the V12 security team, which affects…

Read more →

AI, Endpoint, Exploits, Global Security News

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of public disclosure. The vulnerability in question is CVE-2026-44338 (CVSS score: 7.3), a case of missing authentication that exposes sensitive endpoints to anyone, potentially allowing an attacker to invoke the

Read more →

AI, Apps, Exploits, Global Security News

Google researchers uncover criminal zero-day exploit likely built with AI

Google’s threat intelligence researchers have linked a zero-day exploit to AI-assisted development by a criminal group. The exploit targeted a popular open-source web-based system administration tool. It allowed attackers to bypass two-factor authentication once they had valid user credentials. The flaw stemmed from a semantic logic error, a case where a developer hardcoded a trust…

Read more →

AI, Cybersecurity, Exploits, Global Security News

Google spotted an AI-developed zero-day before attackers could use it

Google researchers found a zero-day exploit developed by artificial intelligence and alerted the susceptible vendor to the imminent threat before a well-known cybercrime group initiated a mass-exploitation campaign, the company said in a report released Monday. The averted disaster probably isn’t the first time attackers used AI to build a zero-day, but it is the…

Read more →

AI, china, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security

Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940

Attackers exploit a critical cPanel flaw to target government and MSP networks across Southeast Asia and several countries, including the U.S. and Canada. A threat actor is exploiting critical cPanel vulnerability CVE-2026-41940 to target government and military organizations in Southeast Asia, along with MSPs and hosting providers in countries like the Philippines, Laos, Canada, South…

Read more →

AI, Exploits, Global Security News, Network Security

Network ‘background noise’ may predict the next big edge-device vulnerability

Attackers rarely exploit an edge-device vulnerability indiscriminately. Typically, they first test how widely the flaw can be used and how much access it can provide, then move on to steal data or disrupt operations. Pre-attack surveillance and planning leaves a lot of noise in its wake. These signals — particularly spikes in traffic that are…

Read more →

AI, Exploits, Global Security News

Microsoft Defender under attack as three zero-days, two of them still unpatched, enable elevated access

Attackers exploit three Microsoft Defender zero-days, code-named BlueHammer, RedSun, and UnDefend, to gain elevated access. Attackers are exploiting three recently disclosed zero-day flaws in Microsoft Defender to gain higher privileges on compromised systems. The vulnerabilities, called BlueHammer, RedSun, and UnDefend, were revealed by a researcher known as Chaotic Eclipse after criticizing Microsoft’s handling of the…

Read more →

Exploits, Global Security News

Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild

The security researcher who earlier this month published a proof-of-concept (PoC) exploit for a zero-day privilege escalation vulnerability in Microsoft Defender is back with two more. The first, dubbed “RedSun,” is another privilege escalation flaw in the same platform. The second, “UnDefend,” allows a standard user to block Microsoft Defender from receiving signature updates or…

Read more →

AI, Apps, Exploits, Global Security News

Oligo enables real-time exploit detection and blocking at application runtime

Oligo Security has unveiled Runtime Exploit Blocking, a new capability that stops exploit attempts at the application layer in real time. By providing visibility into how applications execute and behave, Oligo identifies and blocks malicious activity at the point of execution, without killing containers or processes, or impacting the application. Attackers rely on repeatable exploit…

Read more →

AI, Cybersecurity, Europe, Exploits, Global Security News

Attackers Exploit RCE Flaw as 14,000 F5 BIG-IP APM Instances Remain Exposed

Over 14,000 F5 BIG-IP APM instances remain exposed online, as attackers actively exploit a critical remote code execution flaw CVE-2025-53521. Over 14,000 F5 BIG-IP APM instances remain exposed online, with attackers actively exploiting the critical remote code execution vulnerability CVE-2025-53521 (CVSS ver. 3.1 score of 9.8), the nonprofit security organization Shadowserver warns. The vulnerability in BIG-IP…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Risk Management

6 ways attackers abuse AI services to hack your business

Attackers are starting to exploit AI systems to mount attacks in the same way they once relied on built-in enterprise tools such as PowerShell. Instead of relying on malware, cybercriminals are increasingly abusing AI tools enterprises depend on — a trend some experts describe as living off the AI land. “We’re seeing it in things…

Read more →

AI, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, Russia

Russia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing wave

Russia-linked TA446 is using the DarkSword iOS exploit kit in targeted phishing campaigns to compromise iPhone users. Russia-linked APT group TA446 (aka SEABORGIUM, ColdRiver, Callisto, and Star Blizzard) is using the DarkSword exploit kit in targeted spear-phishing campaigns against iOS devices. The attacks rely on malicious emails to compromise iPhones, highlighting a growing threat from…

Read more →

AI, Exploits, Global Security News, Government & Policy, malware, Risk Management, Russia

Apple urges iPhone users to update as Coruna and DarkSword exploit kits emerge

Apple warns that outdated iPhones are vulnerable to Coruna and DarkSword exploit kits and urges users to update iOS. Apple has warned that iPhones running outdated iOS versions are at risk from exploit kits like Coruna and DarkSword. These attacks use malicious web content to trigger infection chains that can steal sensitive data. Users are…

Read more →

AI, Exploits, Global Security News, Government & Policy, malware, Risk Management, Russia

DarkSword emerges as powerful iOS exploit tool in global attacks

DarkSword, a new iOS exploit kit, is used by multiple actors to steal data in campaigns targeting Saudi Arabia, Turkey, Malaysia, and Ukraine. Lookout Threat Labs discovered a new iOS exploit kit called DarkSword that has been used since late 2025 by multiple threat actors, including surveillance vendors and likely nation-state actors. The toolkit enables…

Read more →

AI, Exploits, Global Security News

DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover

A new exploit kit for Apple iOS devices designed to steal sensitive data from is being wielded by multiple threat actors since at least November 2025, according to reports from Google Threat Intelligence Group (GTIG), iVerify, and Lookout. According to GTIG, multiple commercial surveillance vendors and suspected state-sponsored actors have utilized the full-chain exploit kit,…

Read more →

AI, Exploits, Global Security News, Risk Management

CVE-2026-3888: Ubuntu Desktop 24.04+ vulnerable to Root exploit

Ubuntu flaw CVE-2026-3888 lets attackers gain root via a systemd timing exploit, affecting Desktop 24.04+ with high severity. Qualys researchers found a high-severity flaw, tracked as CVE-2026-3888 (CVSS score of 7.8), in Ubuntu Desktop 24.04+, which allows attackers to exploit a systemd cleanup timing issue to escalate privileges to root and potentially take full control…

Read more →

AI, Exploits, Global Security News, malware, Risk Management

RondoDox botnet expands arsenal targeting 174 flaws, and hits 15,000 daily exploit attempts

RondoDox botnet targets 174 flaws, reaching 15,000 daily exploit attempts in a more focused and strategic campaign. RondoDox botnet is ramping up attacks, targeting 174 vulnerabilities with up to 15,000 daily exploitation attempts in a more focused and strategic campaign, Bitsight reported. “We gathered all these exploit attempts (identifiable by indicators like the User-Agent and…

Read more →

AI, Exploits, Global Security News, Network Security

Authorities dismantle SocksEscort proxy network behind millions in fraud

SocksEscort, a residential proxy network used to exploit thousands of compromised home routers worldwide and facilitate large-scale fraud that cost victims millions of dollars, has been disrupted in an international law enforcement operation led by the U.S. Department of Justice. The domain seizure notice Law enforcement agencies seized 34 domains and 23 servers located in…

Read more →

AI, Europe, Exploits, Global Security News, Government & Policy, Russia

The Coruna exploit: Why iPhone users should be concerned

A new iPhone-hacking exploit has exposed the uncomfortable truth that when governments build offensive attacks, they eventually come for all of us. Revealed by Google’s Threat Intelligence Group (GTIG) and iVerify, the Coruna exploit can compromise iPhones running iOS 13 through to iOS 17.2.1, though Apple has secured its systems against this threat in iOS 26. What Coruna does Coruna…

Read more →

AI, Apps, china, Exploits, Global Security News, malware, Network Security, Risk Management, Russia

Coruna iOS exploit kit moved from spy tool to mass criminal campaign in under a year

Google’s threat intelligence researchers have identified a sophisticated exploit kit targeting iPhones that was first used by a commercial surveillance vendor’s customer before being repurposed by a suspected Russian espionage group and then by Chinese cybercriminals, highlighting what researchers describe as an active secondary market for high-end zero-day exploits. “How this proliferation occurred is unclear,…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management, Russia

Coruna iOS Exploit Kit Compromises Thousands of iPhones

An iOS exploit framework has revealed how advanced mobile attack tools can move rapidly from surveillance operations to espionage and financial crime.  Google’s Threat Intelligence Group (GTIG) identified Coruna, a powerful exploit kit containing 23 vulnerabilities across five exploit chains that were used to compromise thousands of iPhones throughout 2025. “The core technical value of…

Read more →

AI, APAC, Cybersecurity, Exploits, Funding, Global Security News, Government & Policy, Risk Management

VulnCheck Raises $25M to Expand Channel Threat Intelligence

VulnCheck has raised $25 million in Series B funding as demand grows for exploit intelligence platforms that help enterprises and government agencies respond to vulnerabilities in real time. The cybersecurity company plans to use the capital to expand its threat intelligence capabilities and scale its global channel partner program. We spoke with Mike Deskewies, head…

Read more →

AI, Exploits, Global Security News, Government & Policy, malware

Google uncovers Coruna iOS Exploit Kit targeting iOS 13–17.2.1

Google warns of the Coruna iOS exploit kit, using 23 exploits across five chains to target iPhones running iOS 13–17.2.1, but not the latest iOS. Google’s Threat Intelligence Group has identified a powerful new iOS exploit kit called Coruna (also known as CryptoWaters) that targets Apple iPhones running iOS versions 13.0 through 17.2.1. The kit…

Read more →

AI, Exploits, Global Security News

Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1

Google said it identified a “new and powerful” exploit kit dubbed Coruna (aka CryptoWaters) targeting Apple iPhone models running iOS versions between 13.0 and 17.2.1. The exploit kit featured five full iOS exploit chains and a total of 23 exploits, Google Threat Intelligence Group (GTIG) said. It’s not effective against the latest version of iOS.…

Read more →

AI, china, Cybersecurity, Exploits, Global Security News, Government & Policy, Russia

Possible U.S.-developed exploits linked to first known ‘mass’ iOS attack

An exploit kit that may have originated from a leaked U.S. government framework is behind what researchers are calling the first mass-scale attack on iOS, the operating system for Apple’s iPhones. Traces of the exploits, found in the work of Chinese cybercriminals, also have been spotted in Russian attacks on Ukraine and used by a…

Read more →

AI, Exploits, Global Security News

Coruna: Spy-grade iOS exploit kit powering financial crime

A powerful iOS exploit kit has circulated among multiple threat actors over the past year, moving from a commercial surveillance operation to state-linked espionage campaigns and, ultimately, ended into the hands of financially motivated hackers, according to new research from Google’s Threat Intelligence Group (GTIG). “The exploit kit, named ‘Coruna’ by its developers, contained five…

Read more →

AI, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, Network Security, Risk Management, Russia

Treasury Sanctions Russian Exploit Brokerage

The U.S. government has imposed sanctions on a foreign exploit brokerage accused of purchasing and reselling stolen government cyber tools under the Protecting American Intellectual Property Act (PAIPA).  This action targets Operation Zero, a Russia-linked exploit broker, and signals a tougher stance against markets that monetize zero-day vulnerabilities tied to national security systems.  “If you…

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, Risk Management

Exploit available for new Chrome zero-day vulnerability, says Google

Threat actors now have the ability to exploit a new zero-day vulnerability in the Chrome browser, Google has advised IT administrators. The warning comes after Google released a patch for Chrome to plug a use after free memory vulnerability (CVE-2026-2441) in cascading style sheets (CSS), which means the browser’s CSS engine isn’t properly managing memory…

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, Risk Management

Exploit available for new Chrome zero-day vulnerability, says Google

Threat actors now have the ability to exploit a new zero-day vulnerability in the Chrome browser, Google has advised IT administrators. The warning comes after Google released a patch for Chrome to plug a use after free memory vulnerability (CVE-2026-2441) in cascading style sheets (CSS), which means the browser’s CSS engine isn’t properly managing memory…

Read more →

AI, Exploits, Global Security News

Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability

Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products, according to watchTowr. “Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors,” Ryan Dewhurst, head of threat intelligence at watchTowr, said in a post on X. “Attackers are abusing

Read more →