Geek-Guy.com

Tag: issue

AI, Cybersecurity, Exploits, Global Security News

Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user’s NTLMv2 hash to the attacker. Like in the case of CVE-2026-33829, which impacted the Windows Snipping Tool’s ms-screensketch: URI handler, the newly flagged issue resides in the search: URI handler, per Huntress. CVE-2026-33829 refers to a spoofing vulnerability…

Read more →

AI, Global Security News

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution. Exim is an open-source Mail Transfer Agent (MTA) designed for Unix-like systems to receive, route, and deliver email. The vulnerability, tracked as CVE-2026-45185, aka Dead.Letter, has been described as a use-after-free

Read more →

AI, Global Security News

The world’s most “Dangerous” AI, Anthropic’s Mythos, found only one flaw in curl

Anthropic’s AI found five vulnerabilities in curl, but only one low-severity issue proved to be a real vulnerability. In April, Anthropic made considerable noise announcing Mythos, a new artificial intelligence model described as so effective at identifying vulnerabilities in code as to be, in the company’s own words, “dangerously good.” So good, in fact, that…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

New ‘Dirty Frag’ exploit targets Linux kernel for root access

A newly disclosed Linux privilege escalation issue dubbed “Dirty Frag” is giving attackers a cleaner path to post-compromise escalation to root privileges. According to Microsoft, a couple of vulnerabilities constituting the issue, affecting Linux kernel networking and memory-fragment handling components, are already seeing active exploitation in the wild. The exploitation attempts look indistinguishable from the…

Read more →

AI, Exploits, Global Security News, malware, Risk Management

Edge browser leaves passwords exposed in plain text, says researcher

A Norwegian researcher has identified an issue with Microsoft Edge’s Password Manager that could be a serious concern for businesses. Tom Jøran Sønstebyseter Rønning found that passwords are being saved within the browser in plain text, with the effect that any PC, particularly a shared machine, within an organization is a potential risk. In a…

Read more →

AI, Exploits, Global Security News, malware, Risk Management

Edge browser leaves passwords exposed in plain text, says researcher

A Norwegian researcher has identified an issue with Microsoft Edge’s Password Manager that could be a serious concern for businesses. Tom Jøran Sønstebyseter Rønning found that passwords are being saved within the browser in plain text, with the effect that any PC, particularly a shared machine, within an organization is a potential risk. In a…

Read more →

AI, Global Security News

Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately

cPanel has released security updates to address a security issue impacting various authentication paths that could allow an attacker to obtain access to the control panel software. The problem affects all currently supported versions, according to an alert released by cPanel on Tuesday. The issue has been addressed in the following versions – 11.110.0.97 11.118.0.63…

Read more →

AI, Compliance, Exploits, Global Security News, Network Security, privacy, Risk Management

CVE-2026-28950: Apple Fixes iOS Flaw That Retained Deleted Notification Data

Apple has released security updates to address a Notification Services issue in iOS and iPadOS that could cause alerts marked for deletion to remain stored on a device. The fix was delivered in iOS 26.4.2 / iPadOS 26.4.2 and iOS 18.7.8 / iPadOS 18.7.8, where Apple says the problem was resolved through improved data redaction.…

Read more →

AI, Global Security News

Apple fixes iPhone bug that let FBI retrieve deleted Signal messages(CVE-2026-28950)

Apple has rolled out security updates for iPhones and iPads that fix CVE-2026-28950, a logging issue in Notification Services that made devices unexpectedly retain notifications marked for deletion. The vulnerability was patched following a recent report about the FBI accessing a suspect’s Signal message notification content on their iPhone, despite Signal being deleted from the…

Read more →

AI, Exploits, Global Security News

Another Microsoft Defender privilege escalation bug emerges days after patch

Days after Microsoft patched a high-severity issue affecting its Windows Defender antivirus tool through April’s Patch Tuesday, researchers warn of another vulnerability that could enable SYSTEM privileges through local escalation. In a newly disclosed proof-of-concept (PoC) exploit, dubbed “RedSun,” GitHub user going by the name “Nightmare Eclipse” demonstrated how Microsoft Defender’s handling of certain cloud-tagged…

Read more →

AI, APAC, Compliance, Cybersecurity, Global Security News, malware, privacy, Risk Management

Chile’s Cybersecurity Framework Law: How SOCs Achieve Compliance and Response Readiness

In Chile, cybersecurity compliance is becoming an operational issue, not just a legal one. Under the new Cybersecurity Framework Law, organizations must show they have real capabilities for threat detection, incident analysis, and response. For many teams, that exposes a serious gap between regulatory expectations and day-to-day security operations.  Key Takeaways  Chile’s Cybersecurity Framework Law…

Read more →

AI, Exploits, Global Security News, Government & Policy, malware, Risk Management

5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wild

A vulnerability misclassified five months ago as a denial-of-service issue in F5 BIG-IP Access Policy Manager (APM) turned out to be a critical pre-authentication remote code execution flaw that is now under active exploitation. Hackers are using it to deploy a persistent malware program that runs with root privileges. The CVE-2025-53521 vulnerability was first disclosed…

Read more →

AI, Exploits, Global Security News

ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and take over control. “Our vulnerability lives in the core system itself – no plugins, no marketplace, no user-installed extensions – just the bare OpenClaw gateway, running exactly…

Read more →

Cybersecurity, Global Security News, Risk Management

Your encrypted data is already being stolen

Quantum computing is often treated as a distant, theoretical cybersecurity issue. According to Ronit Ghose, Global Head, Future of Finance of Citi Institute, that mindset is already putting financial institutions at risk. The biggest misconception, he says, is that quantum threats begin on a single future Q-day, when quantum machines suddenly crack encryption. In reality,…

Read more →

AI, Cybersecurity, Global Security News, Risk Management

Cyber risk is becoming a hold-period problem for private equity firms

Private equity firms have spent years treating cybersecurity as an IT hygiene issue inside portfolio companies. That approach is getting harder to sustain as ransomware, data theft, and regulatory pressure interfere with value creation during the hold period. Has cybersecurity risk had any financial impact on your portfolio companies? (Source: Kroll) A recent Kroll survey…

Read more →

AI, Compliance, Cybersecurity, Data Breaches, Global Security News, Network Security, Risk Management

Building trust with the board through evidence-based proof

Cybersecurity is a boardroom issue, but meaningful dialogue often breaks down at the table. Boards ask about cybersecurity investments and cyber resilience; they need answers rooted in reality, not prognostication. When cybersecurity leaders respond with a list of technologies deployed and potential risks that require additional investment, board members may get frustrated by a lack…

Read more →