Geek-Guy.com

Tag: January

AI, Cybersecurity, Data Breaches, Global Security News

OpenLoop Health confirms January 2026 Data breach affecting 716,000

In January 2026, telehealth infrastructure firm OpenLoop Health suffered a security breach that exposed information of 716,000 people. OpenLoop Health confirmed a January 2026 cyberattack that exposed personal information of 716,000 individuals using its telehealth services. The breach was reported to authorities in March, but the full scope was only recently determined. Threat actors exfiltrated…

Read more →

AI, Global Security News, Network Security

Toxic Combinations: When Cross-App Permissions Stack into Risk

On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API tokens across 770,000 active agents. The more worrying part sat inside the private messages. Some of those conversations held plaintext third-party credentials, including OpenAI API…

Read more →

AI, china, Cloud Security, Compliance, Endpoint, Europe, Global Security News, Network Security, Risk Management

How to clone an AWS CloudHSM cluster across Regions

Important: As of January 1, 2025, Client SDK 3 tools (CMU and KMU) are no longer supported. This guide has been updated to use Client SDK 5 commands exclusively. Ensure you’re using the latest Client SDK 5 version (5.17 or later) for the most recent features and security improvements. You can use AWS CloudHSM to…

Read more →

AI, Global Security News

Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR

A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bring your own vulnerable driver (BYOVD) technique. “The campaign abuses Google Ads to serve rogue ScreenConnect (

Read more →

Cybersecurity, Exploits, Global Security News

CISA warns of active exploitation of Microsoft SharePoint vulnerability (CVE-2026-20963)

CVE-2026-20963, a remote code execution (RCE) SharePoint vulnerability Microsoft fixed in January 2026, is being exploited by attackers. The confirmation comes from the US Cybersecurity and Infrastructure Security Agency (CISA), which added the flaw to its Known Exploited Vulnerabilities (KEV) catalog on Wednesday. About CVE-2026-20963 CVE-2026-20963 affects Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Server…

Read more →

AI, Apps, Cloud Security, Compliance, Data Security, Europe, Global Security News, Government & Policy, privacy, Risk Management

AWS European Sovereign Cloud achieves first compliance milestone: SOC 2 and C5 reports plus seven ISO certifications

In January 2026, we announced the general availability of the AWS European Sovereign Cloud, a new, independent cloud for Europe entirely located within the European Union (EU), and physically and logically separate from all other AWS Regions. The unique approach of the AWS European Sovereign Cloud provides the only fully featured, independently operated sovereign cloud…

Read more →

AI, APAC, Apps, Cybersecurity, Data Breaches, Europe, Global Security News, Government & Policy, Network Security, Risk Management, Venture

February 2026 Recap: Channel Sees New Hires in a Variety of Roles

January saw a flurry of organizations hiring for the new year, including many CEOs. So many, in fact, that it required a Part 1 and Part 2. February’s leadership changes include several impactful hires from organizations such as QuSecure, Syncro, ConnectWise, and KnowBe4. Channel Insider takes a look around the channel each month to round…

Read more →

AI, Apps, Exploits, Global Security News, Government & Policy, malware, Risk Management

UAC-0252 Attack Detection: SHADOWSNIFF and SALATSTEALER Fuel Phishing Campaigns in Ukraine

Since January 2026, CERT-UA has been tracking a series of intrusions attributed to UAC-0252 and built around SHADOWSNIFF and SALATSTEALER infostealers. The campaigns rely on well-crafted phishing lures, payload staging on legitimate infrastructure, and user-driven execution of disguised EXE files. Detect UAC-0252 Attacks Covered in CERT-UA#20032 According to the Phishing Trends Q2 2025 research by…

Read more →

AI, Data Breaches, Endpoint, Exploits, Global Security News, Network Security

Who is the Kimwolf Botmaster “Dort”?

In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to build Kimwolf, the world’s largest and most disruptive botnet. Since then, the person in control of Kimwolf — who goes by the handle “Dort” — has coordinated a barrage of distributed denial-of-service (DDoS), doxing and email flooding attacks…

Read more →

AI, Funding, Global Security News

ZAST.AI Raises $6M Pre-A to Scale “Zero False Positive” AI-Powered Code Security

January 5, 2026, Seattle, USA — ZAST.AI announced the completion of a $6 million Pre-A funding round. This investment came from the well-known investment firm Hillhouse Capital, bringing ZAST.AI’s total funding close to $10 million. This marks a recognition from leading capital markets of a new solution: ending the era of high false positive rates…

Read more →

AI, APAC, Apps, Cybersecurity, Data Breaches, Europe, Global Security News, Government & Policy, Mergers & Acquisitions, Network Security, Risk Management, Venture

January 2026 M&A Recap: Channel Orgs Set to Expand Capabilities

January is now in the book, and channel organizations have made a number of early-year acquisitions to boost their capabilities and to better serve customers. Channel Insider has rounded up key mergers and acquisitions that have highlighted the start of Q1 2026. Service provider consolidation continues across ServiceNow, VMware ecosystems and more CoreX expands ServiceNow…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, APT28, Blog, CERT-UA, CVE-2026-21509, CVEs, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Network Security, Russia

UAC-0001 (APT28) Attack Detection: russia-Backed Actor Actively Exploits CVE-2026-21509 Targeting Ukraine and the EU

Right after Microsoft disclosed an actively exploited Office zero-day (CVE-2026-21509) on January 26, 2026, CERT-UA reported UAC-0001 (APT28) leveraging the vulnerability in the wild. The russia-backed threat actor targeted organizations in Ukraine and the EU with malicious Office documents, and metadata shows one sample was created on January 27 at 07:43 UTC, illustrating the rapid…

Read more →

AI, Apps, Blog, CVE, CVE-2026-21509, CVEs, Cybersecurity, Exploits, Global Security News

CVE-2026-21509: Actively Exploited Microsoft Office Zero-Day Forces Emergency Patch

Shortly after its January Patch Tuesday release, addressing 114 vulnerabilities, including a zero-day in Windows Desktop Manager (CVE-2026-20805), Microsoft rushed out an emergency out-of-band update to fix another bug under active exploitation. This time, attackers are targeting CVE-2026-21509, a Microsoft Office zero-day that allows threat actors to bypass built-in security features.  In view of the…

Read more →

AI, Apps, Blog, CVE, CVE-2026-21509, CVEs, Cybersecurity, Exploits, Global Security News

CVE-2026-21509: Actively Exploited Microsoft Office Zero-Day Forces Emergency Patch

Shortly after its January Patch Tuesday release, addressing 114 vulnerabilities, including a zero-day in Windows Desktop Manager (CVE-2026-20805), Microsoft rushed out an emergency out-of-band update to fix another bug under active exploitation. This time, attackers are targeting CVE-2026-21509, a Microsoft Office zero-day that allows threat actors to bypass built-in security features.  In view of the…

Read more →

AI, Apps, Blog, CVE, CVE-2026-21509, CVEs, Cybersecurity, Exploits, Global Security News

CVE-2026-21509: Actively Exploited Microsoft Office Zero-Day Forces Emergency Patch

Shortly after its January Patch Tuesday release, addressing 114 vulnerabilities, including a zero-day in Windows Desktop Manager (CVE-2026-20805), Microsoft rushed out an emergency out-of-band update to fix another bug under active exploitation. This time, attackers are targeting CVE-2026-21509, a Microsoft Office zero-day that allows threat actors to bypass built-in security features.  In view of the…

Read more →

AI, Apps, Blog, CVE, CVE-2026-21509, CVEs, Cybersecurity, Exploits, Global Security News

CVE-2026-21509: Actively Exploited Microsoft Office Zero-Day Forces Emergency Patch

Shortly after its January Patch Tuesday release, addressing 114 vulnerabilities, including a zero-day in Windows Desktop Manager (CVE-2026-20805), Microsoft rushed out an emergency out-of-band update to fix another bug under active exploitation. This time, attackers are targeting CVE-2026-21509, a Microsoft Office zero-day that allows threat actors to bypass built-in security features.  In view of the…

Read more →

AI, Apps, Blog, CVE, CVE-2026-21509, CVEs, Cybersecurity, Exploits, Global Security News

CVE-2026-21509: Actively Exploited Microsoft Office Zero-Day Forces Emergency Patch

Shortly after its January Patch Tuesday release, addressing 114 vulnerabilities, including a zero-day in Windows Desktop Manager (CVE-2026-20805), Microsoft rushed out an emergency out-of-band update to fix another bug under active exploitation. This time, attackers are targeting CVE-2026-21509, a Microsoft Office zero-day that allows threat actors to bypass built-in security features.  In view of the…

Read more →

AI, Apps, Blog, CVE, CVE-2026-21509, CVEs, Cybersecurity, Exploits, Global Security News

CVE-2026-21509: Actively Exploited Microsoft Office Zero-Day Forces Emergency Patch

Shortly after its January Patch Tuesday release, addressing 114 vulnerabilities, including a zero-day in Windows Desktop Manager (CVE-2026-20805), Microsoft rushed out an emergency out-of-band update to fix another bug under active exploitation. This time, attackers are targeting CVE-2026-21509, a Microsoft Office zero-day that allows threat actors to bypass built-in security features.  In view of the…

Read more →

AI, Apps, Blog, CVE, CVE-2026-21509, CVEs, Cybersecurity, Exploits, Global Security News

CVE-2026-21509: Actively Exploited Microsoft Office Zero-Day Forces Emergency Patch

Shortly after its January Patch Tuesday release, addressing 114 vulnerabilities, including a zero-day in Windows Desktop Manager (CVE-2026-20805), Microsoft rushed out an emergency out-of-band update to fix another bug under active exploitation. This time, attackers are targeting CVE-2026-21509, a Microsoft Office zero-day that allows threat actors to bypass built-in security features.  In view of the…

Read more →

AI, authentication bypass, Blog, CVE, CVEs, Exploits, Global Security News, Risk Management

CVE-2026-24061 Detection: Decade-Old Vulnerability in GNU InetUtils telnetd Enables Remote Root Access

Update (January 28, 2026): This article has been updated to feature a dedicated detection rule set focused on CVE-2026-24061 exploitation. Dive into the threat overview and access the updated rule collection, which now contains 5 content items. A new day, a new challenge for cyber defenders. Right after the disclosure of a nasty zero-day vulnerability…

Read more →

AI, authentication bypass, Blog, CVE, CVEs, Exploits, Global Security News, Risk Management

CVE-2026-24061 Detection: Decade-Old Vulnerability in GNU InetUtils telnetd Enables Remote Root Access

Update (January 28, 2026): This article has been updated to feature a dedicated detection rule set focused on CVE-2026-24061 exploitation. Dive into the threat overview and access the updated rule collection, which now contains 5 content items. A new day, a new challenge for cyber defenders. Right after the disclosure of a nasty zero-day vulnerability…

Read more →

AI, authentication bypass, Blog, CVE, CVEs, Exploits, Global Security News, Risk Management

CVE-2026-24061 Detection: Decade-Old Vulnerability in GNU InetUtils telnetd Enables Remote Root Access

Update (January 28, 2026): This article has been updated to feature a dedicated detection rule set focused on CVE-2026-24061 exploitation. Dive into the threat overview and access the updated rule collection, which now contains 5 content items. A new day, a new challenge for cyber defenders. Right after the disclosure of a nasty zero-day vulnerability…

Read more →

AI, authentication bypass, Blog, CVE, CVEs, Exploits, Global Security News, Risk Management

CVE-2026-24061 Detection: Decade-Old Vulnerability in GNU InetUtils telnetd Enables Remote Root Access

Update (January 28, 2026): This article has been updated to feature a dedicated detection rule set focused on CVE-2026-24061 exploitation. Dive into the threat overview and access the updated rule collection, which now contains 5 content items. A new day, a new challenge for cyber defenders. Right after the disclosure of a nasty zero-day vulnerability…

Read more →

AI, authentication bypass, Blog, CVE, CVEs, Exploits, Global Security News, Risk Management

CVE-2026-24061 Detection: Decade-Old Vulnerability in GNU InetUtils telnetd Enables Remote Root Access

Update (January 28, 2026): This article has been updated to feature a dedicated detection rule set focused on CVE-2026-24061 exploitation. Dive into the threat overview and access the updated rule collection, which now contains 5 content items. A new day, a new challenge for cyber defenders. Right after the disclosure of a nasty zero-day vulnerability…

Read more →

AI, Blog, CVE, CVEs, Cybersecurity, Denial of Service, Exploits, Global Security News, Network Security, Risk Management

CVE-2026-0227: Palo Alto Networks Fixes GlobalProtect DoS Flaw Allowing Remote Firewall Disruption

Shortly after Microsoft’s massive January Patch Tuesday release addressing the CVE-2026-20805 zero-day vulnerability in Windows Desktop Window Manager, another technology giant has issued a security fix. This time, Palo Alto Networks has warned of a high-severity flaw affecting its GlobalProtect Gateway and Portal, noting that a proof-of-concept (PoC) exploit is available. GlobalProtect is Palo Alto…

Read more →

AI, Blog, CVE, CVEs, Cybersecurity, Denial of Service, Exploits, Global Security News, Network Security, Risk Management

CVE-2026-0227: Palo Alto Networks Fixes GlobalProtect DoS Flaw Allowing Remote Firewall Disruption

Shortly after Microsoft’s massive January Patch Tuesday release addressing the CVE-2026-20805 zero-day vulnerability in Windows Desktop Window Manager, another technology giant has issued a security fix. This time, Palo Alto Networks has warned of a high-severity flaw affecting its GlobalProtect Gateway and Portal, noting that a proof-of-concept (PoC) exploit is available. GlobalProtect is Palo Alto…

Read more →

AI, Blog, CVE, CVEs, Cybersecurity, Denial of Service, Exploits, Global Security News, Network Security, Risk Management

CVE-2026-0227: Palo Alto Networks Fixes GlobalProtect DoS Flaw Allowing Remote Firewall Disruption

Shortly after Microsoft’s massive January Patch Tuesday release addressing the CVE-2026-20805 zero-day vulnerability in Windows Desktop Window Manager, another technology giant has issued a security fix. This time, Palo Alto Networks has warned of a high-severity flaw affecting its GlobalProtect Gateway and Portal, noting that a proof-of-concept (PoC) exploit is available. GlobalProtect is Palo Alto…

Read more →

AI, Blog, CVE, CVEs, Cybersecurity, Denial of Service, Exploits, Global Security News, Network Security, Risk Management

CVE-2026-0227: Palo Alto Networks Fixes GlobalProtect DoS Flaw Allowing Remote Firewall Disruption

Shortly after Microsoft’s massive January Patch Tuesday release addressing the CVE-2026-20805 zero-day vulnerability in Windows Desktop Window Manager, another technology giant has issued a security fix. This time, Palo Alto Networks has warned of a high-severity flaw affecting its GlobalProtect Gateway and Portal, noting that a proof-of-concept (PoC) exploit is available. GlobalProtect is Palo Alto…

Read more →

AI, Apps, APT, Blog, CERT-UA, CVEs, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Pluggyape, Risk Management, Russia

UAC-0190 Attack Detection: Fake Charity Lures Used to Deploy the PLUGGYAPE Backdoor Against the Ukrainian Armed Forces

On January 12, 2026, the CERT-UA team disclosed a targeted cyber-espionage campaign against the Ukrainian Armed Forces that abused charity-themed social engineering to deliver the PLUGGYAPE backdoor. The activity, observed between October and December 2025, is attributed with medium confidence to the russia-aligned threat actor known as Void Blizzard (Laundry Bear), tracked by CERT-UA as…

Read more →

AI, Apps, APT, Blog, CERT-UA, CVEs, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Pluggyape, Risk Management, Russia

UAC-0190 Attack Detection: Fake Charity Lures Used to Deploy the PLUGGYAPE Backdoor Against the Ukrainian Armed Forces

On January 12, 2026, the CERT-UA team disclosed a targeted cyber-espionage campaign against the Ukrainian Armed Forces that abused charity-themed social engineering to deliver the PLUGGYAPE backdoor. The activity, observed between October and December 2025, is attributed with medium confidence to the russia-aligned threat actor known as Void Blizzard (Laundry Bear), tracked by CERT-UA as…

Read more →