Geek-Guy.com

Tag: including

AI, Apps, Cybersecurity, Exploits, Global Security News, Government & Policy

Google Patches Actively Exploited Android Flaw Affecting Millions of Devices

Google fixed 124 Android flaws, including CVE-2025-48595, an actively exploited privilege escalation bug linked to targeted attacks. Google has released its June 2026 Android security updates, fixing 124 vulnerabilities across the mobile operating system. One flaw, tracked as CVE-2025-48595 (CVSS score of 8.4) stands out from the rest because it is already being exploited in…

Read more →

AI, Data Security, Global Security News

Dell’s Partner Program Shifts to Strategic Customer Outcomes

Dell Technologies recently introduced new enhancements to its partner program, including rebates and incentives to enhance customer outcomes. Launching in August 2026, the partner program refresh centers on differentiated rebates for strategic solutions; focuses accounts on incentives; and recognizes impact from advisory and systems integrator co-sell. During Dell Technologies World 2026, Channel Insider spoke with…

Read more →

AI, Apps, Exploits, Global Security News, malware

19.6 Billion Files Are Sitting Open on the Internet. No Password Required

19.6 Billion files are exposed in misconfigured cloud buckets, including 685K credential files and nearly 1M database dumps. There’s a comfortable myth most people carry around: that the data they hand to companies is locked somewhere safe. Researchers at Mysterium VPN just ran the numbers, and the numbers disagree. Across 535,480 publicly listable cloud storage…

Read more →

AI, Global Security News

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

A new “coordinated” supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. “Although the affected packages were all Composer packages, the malicious code was not added to composer.json,” Socket said. “Instead, it was inserted into package.json, targeting projects that…

Read more →

AI, Global Security News, Network Security

Dell Set to Make Partner Program Enhancements

Dell Technologies is introducing new enhancements to Dell’s partner program, including rebates and incentives aligned to strategic solutions and customer outcomes. Dell aligns partner incentives to customer outcomes across the portfolio These enhancements are launching in August 2026 and are built around rewarding the outcomes customers expect. “We’re announcing pretty significant enhancements to our program,”…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News

Fortinet fixes two critical RCE flaws in FortiAuthenticator and FortiSandbox

Fortinet released a batch of patches across its products on Patch Tuesday, including two critical vulnerabilities that can lead to remote code execution. Fortinet flaws, both zero-day and n-day, have been exploited in the wild many times in the past, so companies should deploy patches as soon as possible. “Fortinet vulnerabilities are often attractive to…

Read more →

AI, Exploits, Global Security News, Network Security

Microsoft Patch Tuesday for May 2026 fix 138 bugs, some of them are alarming

Microsoft’s May 2026 Patch Tuesday fixed 138 flaws, including 30 critical bugs, across Windows, Office, Azure, Edge, SQL Server, and more. Microsoft’s May 2026 Patch Tuesday patched 138 vulnerabilities in a single release. That is a number that gives pause even for people accustomed to these cycles. The affected products span virtually the entire Microsoft…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security

Hackers accessed BWH Hotels reservation system for months

BWH Hotels says hackers accessed guest reservation data, including names and contacts, for over six months across multiple hotel brands. BWH Hotels disclosed a data breach, with threat actors having had access to guest reservation data for more than six months. The incident exposed names and contact details of an undisclosed number of guests. BWH…

Read more →

AI, Exploits, Global Security News, Network Security

Cisco patches high-severity flaws enabling SSRF, code execution attacks

Cisco fixed several high‑severity flaws in its enterprise products, including SSRF bugs in Unity Connection that could enable code execution or service disruption. Cisco released patches for multiple high‑severity vulnerabilities affecting its enterprise products. Successful exploitation could allow code execution, server‑side request forgery (SSRF), or denial‑of‑service attacks. Two notable flaws, CVE‑2026‑20034 and CVE‑2026‑20035, impact Cisco…

Read more →

AI, APAC, Exploits, Global Security News

Apache fixes critical HTTP/2 double-free flaw CVE-2026-23918 enabling RCE

Apache fixed several flaws in HTTP Server, including CVE-2026-23918 (CVSS score of 8.8), a double-free bug in HTTP/2 that could allow remote code execution. The Apache Software Foundation has released updates to fix multiple vulnerabilities in its HTTP Server, including CVE-2026-23918 (CVSS score of 8.8). The issue involves a “double free” error in HTTP/2 handling…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, Risk Management

MOVEit automation flaws could enable full system compromise

Progress fixes critical MOVEit Automation flaws, including an authentication bypass bug that could let attackers gain unauthorized access to systems. Progress Software addressed two vulnerabilities in MOVEit Automation, a critical authentication bypass flaw tracked as CVE-2026-4670 and a privilege escalation issue tracked as CVE-2026-5174. If exploited, these bugs could allow attackers to gain unauthorized access…

Read more →

Global Security News

Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass

Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass. MOVEit Automation (formerly Central) is a secure, server-based managed file transfer (MFT) solution used to schedule and automate file movement workflows in enterprise environments without requiring any custom scripts.  The

Read more →

AI, Global Security News

The best way for small business owners to produce marketing videos on a tight budget

GUEST OPINION: Running a small business means wearing every hat, including the one labelled “marketing director.” Video content drives engagement across nearly every platform, but hiring videographers, animators, and editors quickly drains operating budgets. Many entrepreneurs end up posting infrequently or skipping video entirely, missing massive opportunities for customer connection.

Read more →

Apps, Exploits, Global Security News

Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876)

Progress Software has fixed a slew of high-severity vulnerabilities in MOVEit WAF and LoadMaster, including a flaw (CVE-2026-21876) that may allow attackers to bypass firewall detection. MOVEit WAF (web application firewall) is designed to protect Progress’s managed file transfer platform MOVEit Transfer from web-based attacks. (A zero-day vulnerability in MOVEit Transfer was infamously exploited in…

Read more →

Exploits, Global Security News

CISA flags another Cisco Catalyst SD-WAN Manager bug as exploited (CVE-2026-20133)

CISA added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including a Cisco Catalyst SD-WAN Manager vulnerability (CVE-2026-20133) that Cisco has yet to flag as exploited. Three Cisco Catalyst SD-WAN Manager vulnerabilities Alongside CVE-2026-20133, CISA has also listed CVE-2026-20128 and CVE-2026-20122 – two other Catalyst SD-WAN Manager vulnerabilities – as being leveraged in…

Read more →

AI, Exploits, Global Security News, Network Security, Risk Management

Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day

Microsoft Patch Tuesday security updates for April 2026 fixed 165 vulnerabilities, including an actively exploited SharePoint zero-day. Microsoft Patch Tuesday security updates addressed 165 vulnerabilities, making it one of the largest updates by CVE count. One of the most interesting flaws fixed by the IT giant is a critical SharePoint zero-day, tracked as CVE-2026-32201, already…

Read more →

AI, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security

Microsoft drops its second-largest monthly batch of defects on record

Microsoft addressed 165 vulnerabilities affecting its various products and underlying systems, including one actively exploited vulnerability in Microsoft Office SharePoint, in this month’s Patch Tuesday update.  “By my count, this is the second-largest monthly release in Microsoft’s history,” Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative, wrote in a blog post…

Read more →

AI, Data Breaches, Europe, Global Security News

Personal data of 1 million gym members compromised in Basic-Fit security incident

A breach at Basic-Fit exposed data of 1M members, including names, birth dates and bank details after unauthorized access. Basic-Fit, Europe’s largest gym chain, has disclosed a data breach affecting around 1 million members. Hackers gained unauthorized access to the company systems and stole personal. The gym chain said it recently detected the intrusion and…

Read more →

AI, Data Breaches, Global Security News

Hackers access Booking.com user data, company secures systems

Hackers accessed some Booking.com user data, including names, emails, phone numbers, and booking details. The issue is now contained. Booking.com warned that hackers may have accessed customer data linked to travel reservations. Exposed details could include names, email addresses, phone numbers, and information shared with accommodations. Booking.com is one of the world’s leading online travel agencies…

Read more →

AI, Apps, Exploits, Global Security News, Risk Management

EngageLab SDK flaw opens door to private data on 50M Android devices

A flaw in EngageLab SDK exposed up to 50M Android users, including 30M crypto wallets, letting apps bypass security and access private data. Microsoft researchers found a critical flaw in EngageSDK that lets apps bypass Android sandbox protections and access private data. The flaw put millions of users, including over 30M crypto wallet installs, at…

Read more →

Exploits, Global Security News, Risk Management

New Darktrace Research Shows Evolution of Chinese-Nexus Cyber Operations into Long-Term Strategic Statecraft, Centered on Critical Infrastructure

88% of observed incidents targeted organizations in critical infrastructure sectors, including transportation, telecommunications, healthcare, and manufacturing. Nearly 63% of compromises began with exploitation of internet-facing systems, reinforcing the risk of exposed digital infrastructure. Over half of observed activity impacted Western economies, with the U.S. alone accounting for 22.5% of cases.

Read more →

AI, Exploits, Global Security News

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released

Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in Dawn, an open-source and cross-platform implementation of the WebGPU standard. “Use-after-free in Dawn in Google…

Read more →

AI, Data Breaches, Global Security News, Risk Management

Cybercrime group Lapsus$ claims the hack of pharma giant AstraZeneca

Cybercrime group Lapsus$ claims it hacked AstraZeneca, stealing 3GB of data including credentials, code, and employee information. The Lapsus$ group claims it breached AstraZeneca, stealing about 3GB of sensitive data. The alleged leak includes credentials, tokens, internal code repositories (Java, Angular, Python), and employee information, though the company has not yet confirmed the breach. Even…

Read more →

Apps, Exploits, Global Security News

Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks

Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application. The vulnerabilities are listed below – CVE-2026-3055 (CVSS score: 9.3) – Insufficient input validation leading to memory overread CVE-2026-4368 (CVSS score: 7.7) – Race condition…

Read more →

AI, Global Security News, malware

The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks

Artificial Intelligence (AI) is changing how individuals and organizations conduct many activities, including how cybercriminals carry out phishing attacks and iterate on malware. Now, cybercriminals are using AI to generate personalized phishing emails, deepfakes and malware that evade traditional detection by impersonating normal user activity and bypassing legacy security models. As a result,

Read more →

AI, Apps, Exploits, Global Security News, Network Security

Critical Ubiquiti UniFi UniFi security flaw allows potential account hijacking

Ubiquiti fixed two UniFi vulnerabilities, including a critical flaw that could let attackers take over user accounts. Ubiquiti patched two vulnerabilities in its UniFi Network app, including a maximum-severity flaw that could enable account takeover. The software is widely used to manage UniFi networking devices like access points, switches, and gateways. The Ubiquiti UniFi Network…

Read more →

Europe, Global Security News

Elite members of North Korean society fake their way into Western paychecks

Increased federal activity, including indictments over the past year, has drawn attention to a pattern that has been unfolding inside corporate hiring pipelines. North Korean nationals are securing roles as remote IT contractors and full-time staff within organizations across North America and Western Europe, using standard hiring channels to get in. Research by IBM X-Force…

Read more →

AI, Exploits, Global Security News, Network Security, Risk Management

Hewlett Packard Enterprise fixes critical authentication bypass in Aruba AOS-CX

Hewlett Packard Enterprise (HPE) fixed several flaws in Aruba AOS-CX, including a critical bug that lets attackers reset admin passwords. Hewlett Packard Enterprise (HPE) patched multiple vulnerabilities in Aruba AOS-CX, the operating system used in Aruba CX switches. The most severe issue, tracked as CVE-2026-23813 (CVSS score of 9.8), allows unprivileged attackers to bypass authentication…

Read more →

AI, Exploits, Global Security News, Network Security

Microsoft Patch Tuesday March 2026, (Tue, Mar 10th)

Microsoft today released patches for 93 vulnerabilities, including 9 vulnerabilities in Chromium affecting Microsoft Edge. 8 of the vulnerabilities are rated critical. 2 were disclosed prior to today but have not yet been exploited. This update addresses no already-exploited vulnerabilities. Disclose vulnerabilities: CVE-2026-26127: A denial of service vulnerability in .Net. Microsoft considers exploitation unlikely. The…

Read more →

AI, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

Iran-linked MuddyWater deploys Dindoor malware against U.S. organizations

Iran-linked APT MuddyWater targeted U.S. organizations, deploying the new Dindoor backdoor across sectors including banks, airports, and nonprofits. Broadcom’s Symantec Threat Hunter Team uncovered a campaign by the Iran-linked MuddyWater  (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) APT group targeting several U.S. organizations. “Activity associated with Iranian APT group Seedworm has been spotted on the networks of multiple…

Read more →

AI, Cybersecurity, Funding, Global Security News, Venture

Reclaim Security secures $26 million to automate cybersecurity remediation

Reclaim Security has raised $26 million in total funding, including a recent $20 million Series A round led by Acrew Capital, with participation from QP Ventures and Ibex Investors. The funding will accelerate the company’s mission to eliminate what many security leaders consider cybersecurity’s most persistent gap: remediation. As attacker breakout times have fallen to…

Read more →

AI, APAC, Apps, Cybersecurity, Data Breaches, Europe, Global Security News, Government & Policy, Network Security, Risk Management, Venture

February 2026 Recap: Channel Sees New Hires in a Variety of Roles

January saw a flurry of organizations hiring for the new year, including many CEOs. So many, in fact, that it required a Part 1 and Part 2. February’s leadership changes include several impactful hires from organizations such as QuSecure, Syncro, ConnectWise, and KnowBe4. Channel Insider takes a look around the channel each month to round…

Read more →

AI, APAC, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

VMware Aria Vulnerabilities Expose RCE Risk

Broadcom has disclosed three vulnerabilities in VMware Aria Operations, including one that could allow unauthenticated remote code execution during product migrations.  One of the flaws, CVE-2026-22719, can allow an attacker “… to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress,” said Broadcom…

Read more →

AI, APAC, Compliance, Exploits, Global Security News, Risk Management

VMware Aria Operations flaws could enable remote attacks

Broadcom patched multiple VMware Aria Operations flaws, including high-severity issues that could enable remote code execution. Broadcom has released security updates to address multiple vulnerabilities affecting VMware Aria Operations. VMware Aria Operations is an IT operations management platform that helps organizations monitor and optimize virtual, cloud, and hybrid environments. It provides performance monitoring, capacity planning,…

Read more →

AI, Global Security News

Redpanda brings identity, policy control, and data governance to AI agents

Redpanda announced the availability of new core capabilities in the Redpanda Agentic Data Plane (ADP), including a centralized AI gateway, AI observability and evaluation via OpenTelemetry, AI agents, and unified authentication and authorization. Together, these features form a unified governance layer that allows enterprises to securely connect AI agents and Model Context Protocol (MCP) servers…

Read more →

AI, Global Security News

Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers

A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions. “The attacks range in severity from integrity violations to the complete compromise of all vaults in an organization,” researchers Matteo Scarlata, Giovanni Torrisi, Matilda Backendal, and Kenneth G. Paterson said.

Read more →

AI, Endpoint, Exploits, Global Security News, Uncategorized

Multiple Endpoint Manager bugs patched by Ivanti, including remote auth bypass

Ivanti patched over a dozen Endpoint Manager flaws, including a high-severity auth bypass that let attackers steal credentials remotely. Ivanti released patches for more than a dozen vulnerabilities in Endpoint Manager, including flaws disclosed in October 2025. The update addresses a high-severity authentication bypass, tracked as CVE-2026-1603 (CVSS score of 8.6), that attackers could exploit…

Read more →

Don't miss, Exploits, Global Security News, Hot stuff, News

Microsoft Patch Tuesday: 6 exploited zero-days fixed in February 2026

Microsoft has plugged 50+ security holes on February 2026 Patch Tuesday, including six zero-day vulnerabilities exploited by attackers in the wild. The “security feature bypass” zero-days Among the zero-days fixed are three vulnerabilities that allow attackers to bypass a security feature. CVE-2026-21513 affects the MSHTML/Trident browser engine for the Microsoft Windows version of Internet Explorer,…

Read more →

AI, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Endpoint, Europe, Exploits, Global Security News, Government & Policy, ivanti, known exploited vulnerabilities (KEV), network edge devices, Threats

Fallout from latest Ivanti zero-days spreads to nearly 100 victims

Ivanti customers, including major government agencies, face mounting pressure as attackers expand their scope of targets to exploit a pair of vulnerabilities the vendor disclosed late January after in-the-wild attacks already occurred. The Netherlands’ Dutch Data Protection Authority and the Council for the Judiciary confirmed both agencies were impacted by attacks linked to the Ivanti…

Read more →

AI, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Endpoint, Europe, Exploits, Global Security News, Government & Policy, ivanti, known exploited vulnerabilities (KEV), network edge devices, Threats

Fallout from latest Ivanti zero-days spreads to nearly 100 victims

Ivanti customers, including major government agencies, face mounting pressure as attackers expand their scope of targets to exploit a pair of vulnerabilities the vendor disclosed late January after in-the-wild attacks already occurred. The Netherlands’ Dutch Data Protection Authority and the Council for the Judiciary confirmed both agencies were impacted by attacks linked to the Ivanti…

Read more →

AI, Compliance, Cybersecurity, Data Breaches, Global Security News, Network Security, privacy, Risk Management

Never settle: How CISOs can go beyond compliance standards to better protect their organizations

The start of a new year means a fresh start for everyone, including cybersecurity teams. With budgets and plans now finalized, it’s time for CISOs and their teams to execute their strategies. But that doesn’t mean that innovation stops when the plan is finalized. In 2026, CISOs should focus on going beyond cybersecurity compliance standards…

Read more →

AI, Compliance, Cybersecurity, Data Breaches, Global Security News, Network Security, privacy, Risk Management

Never settle: How CISOs can go beyond compliance standards to better protect their organizations

The start of a new year means a fresh start for everyone, including cybersecurity teams. With budgets and plans now finalized, it’s time for CISOs and their teams to execute their strategies. But that doesn’t mean that innovation stops when the plan is finalized. In 2026, CISOs should focus on going beyond cybersecurity compliance standards…

Read more →

AI, Europe, Global Security News, Government & Policy

HPE and NVIDIA push secure AI factories with sovereign-ready designs and new Grenoble lab

HPE has expanded its NVIDIA AI Computing by HPE portfolio with new “secure AI factory” building blocks, including a planned AI Factory Lab in Grenoble, France, aimed at helping customers validate sovereign and compliant AI deployments – a theme that’s resonating well beyond Europe as governments and regulated industries tighten requirements around data residency and…

Read more →

AI, Apps, Blog, CVE, CVE-2026-21509, CVEs, Cybersecurity, Exploits, Global Security News

CVE-2026-21509: Actively Exploited Microsoft Office Zero-Day Forces Emergency Patch

Shortly after its January Patch Tuesday release, addressing 114 vulnerabilities, including a zero-day in Windows Desktop Manager (CVE-2026-20805), Microsoft rushed out an emergency out-of-band update to fix another bug under active exploitation. This time, attackers are targeting CVE-2026-21509, a Microsoft Office zero-day that allows threat actors to bypass built-in security features.  In view of the…

Read more →

AI, Apps, Blog, CVE, CVE-2026-21509, CVEs, Cybersecurity, Exploits, Global Security News

CVE-2026-21509: Actively Exploited Microsoft Office Zero-Day Forces Emergency Patch

Shortly after its January Patch Tuesday release, addressing 114 vulnerabilities, including a zero-day in Windows Desktop Manager (CVE-2026-20805), Microsoft rushed out an emergency out-of-band update to fix another bug under active exploitation. This time, attackers are targeting CVE-2026-21509, a Microsoft Office zero-day that allows threat actors to bypass built-in security features.  In view of the…

Read more →

AI, Apps, Blog, CVE, CVE-2026-21509, CVEs, Cybersecurity, Exploits, Global Security News

CVE-2026-21509: Actively Exploited Microsoft Office Zero-Day Forces Emergency Patch

Shortly after its January Patch Tuesday release, addressing 114 vulnerabilities, including a zero-day in Windows Desktop Manager (CVE-2026-20805), Microsoft rushed out an emergency out-of-band update to fix another bug under active exploitation. This time, attackers are targeting CVE-2026-21509, a Microsoft Office zero-day that allows threat actors to bypass built-in security features.  In view of the…

Read more →

AI, Apps, Blog, CVE, CVE-2026-21509, CVEs, Cybersecurity, Exploits, Global Security News

CVE-2026-21509: Actively Exploited Microsoft Office Zero-Day Forces Emergency Patch

Shortly after its January Patch Tuesday release, addressing 114 vulnerabilities, including a zero-day in Windows Desktop Manager (CVE-2026-20805), Microsoft rushed out an emergency out-of-band update to fix another bug under active exploitation. This time, attackers are targeting CVE-2026-21509, a Microsoft Office zero-day that allows threat actors to bypass built-in security features.  In view of the…

Read more →

AI, Apps, Blog, CVE, CVE-2026-21509, CVEs, Cybersecurity, Exploits, Global Security News

CVE-2026-21509: Actively Exploited Microsoft Office Zero-Day Forces Emergency Patch

Shortly after its January Patch Tuesday release, addressing 114 vulnerabilities, including a zero-day in Windows Desktop Manager (CVE-2026-20805), Microsoft rushed out an emergency out-of-band update to fix another bug under active exploitation. This time, attackers are targeting CVE-2026-21509, a Microsoft Office zero-day that allows threat actors to bypass built-in security features.  In view of the…

Read more →

AI, Apps, Blog, CVE, CVE-2026-21509, CVEs, Cybersecurity, Exploits, Global Security News

CVE-2026-21509: Actively Exploited Microsoft Office Zero-Day Forces Emergency Patch

Shortly after its January Patch Tuesday release, addressing 114 vulnerabilities, including a zero-day in Windows Desktop Manager (CVE-2026-20805), Microsoft rushed out an emergency out-of-band update to fix another bug under active exploitation. This time, attackers are targeting CVE-2026-21509, a Microsoft Office zero-day that allows threat actors to bypass built-in security features.  In view of the…

Read more →

AI, Apps, Blog, CVE, CVE-2026-21509, CVEs, Cybersecurity, Exploits, Global Security News

CVE-2026-21509: Actively Exploited Microsoft Office Zero-Day Forces Emergency Patch

Shortly after its January Patch Tuesday release, addressing 114 vulnerabilities, including a zero-day in Windows Desktop Manager (CVE-2026-20805), Microsoft rushed out an emergency out-of-band update to fix another bug under active exploitation. This time, attackers are targeting CVE-2026-21509, a Microsoft Office zero-day that allows threat actors to bypass built-in security features.  In view of the…

Read more →