Geek-Guy.com

Tag: revealed

AI, APAC, china, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, privacy, Risk Management, Russia

AI-Driven Threats, Critical Vulnerabilities, and Supply Chain Breaches Define the Week in May 2026

Major Threats & Vulnerabilities AI-Powered Cyberattacks and Exploits The 2026 Verizon DBIR revealed that vulnerability exploitation has surpassed credential abuse as the leading breach vector, accounting for 31% of incidents. The report highlights how generative AI is accelerating attack automation and expanding third-party risk exposure, particularly among SMBs facing ransomware threats. Microsoft Defender vulnerabilities are…

Read more →

AI, Global Security News, Network Security

Six new dnsmasq vulnerabilities open the door to DNS cache poisoning, local root

Recent disclosures have revealed that open-source networking tool dnsmasq is grappling with a serious set of vulnerabilities. The problems span memory safety and input validation, with researchers identifying heap buffer overflows, heap corruption, and code execution bugs among the issues. Taken together, the security flaws open the door to various attacks: poisoning cached DNS entries,…

Read more →

AI, Exploits, Global Security News, Network Security, Risk Management

AI agents can bypass guardrails and put credentials at risk, Okta study finds

An AI agent that revealed sensitive data without being asked. An agent that overruled its own guardrails. Another that sent credentials to an attacker via Telegram, because it forgot it wasn’t supposed to do so after a reset. It’s no secret that AI agents have huge potential, balanced by equally big risks. What’s becoming apparent,…

Read more →

AI, Exploits, Global Security News, Network Security, Risk Management

AI agents can bypass guardrails and put credentials at risk, Okta study finds

An AI agent that revealed sensitive data without being asked. An agent that overruled its own guardrails. Another that sent credentials to an attacker via Telegram, because it forgot it wasn’t supposed to do so after a reset. It’s no secret that AI agents have huge potential, balanced by equally big risks. What’s becoming apparent,…

Read more →

Cybersecurity, Global Security News, malware

FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency’s Cisco Firepower device running Adaptive Security Appliance (ASA) software was compromised in September 2025 with malware called FIRESTARTER. FIRESTARTER, per CISA and the U.K.’s National Cyber Security Centre (NCSC), is assessed to be a backdoor designed for remote access…

Read more →

AI, Global Security News, Government & Policy

NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

The Office of Inspector General (OIG) of the U.S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese national posed as a U.S. researcher as part of a spear-phishing campaign to obtain sensitive information from the space agency, as well as from government entities, universities, and private companies, in violation of export control…

Read more →

AI, Apps, Exploits, Global Security News

Microsoft issues out-of-band patch for critical security flaw in update to ASP.NET Core

Developers are advised to check their applications after Microsoft revealed that last week’s ASP.NET Core update inadvertently introduced a serious security flaw into the web framework’s Data Protection Library. Microsoft describes the issue as a “regression,” coding jargon for an update that breaks something that was previously working correctly. In this case, what was introduced…

Read more →

AI, Global Security News, Risk Management

Ivanti Neurons AI automates IT operations, reducing manual work and security risk

Ivanti has revealed new solution capabilities, focusing on enabling autonomous IT operations and organizations to secure their environments more efficiently at scale. With these advancements, Ivanti enables IT and security operations to detect, decide, and act autonomously without sacrificing trust, governance, or control. AI capabilities and the threat landscape are changing quickly, and IT and…

Read more →

AI, Exploits, Global Security News, Network Security

Prompt injection turned Google’s Antigravity file search into RCE

Security researchers have revealed a prompt injection flaw in Google’s Antigravity IDE that could be weaponized to bypass its sandbox protections and achieve remote code execution (RCE). The issue came from Antigravity’s ability to allow AI agents to invoke native functions, like searching files, on behalf of the user. Designed to kill complexity, the feature…

Read more →

Funding, Global Security News, Venture

LIFTWOMEN® announces finalists for Angel Grant, further strengthening cross-border innovation

COMPANY NEWS: LIFTWOMEN® has revealed the top eight finalists for its LIFT Angels Grant, a groundbreaking initiative supporting women-led businesses across Asia and Australia. In partnership with AsiaPay Capital, this year’s grant is bigger than ever, offering a total of $20,000 in matched funding to the winners to further help them launch and grow ventures that…

Read more →

Global Security News, Risk Management

Claroty advances CPS security with Visibility Orchestration in xDome

Claroty has revealed new Visibility Orchestration capabilities in its Saas offering Claroty xDome, transforming visibility from a vague concept into a quantifiable measurement that proves the value of a strong CPS protection program. Visibility Orchestration elevates organizations across the industrial, healthcare, commercial, and public sectors to a high-fidelity understanding of their CPS environments, enabling measurable,…

Read more →

AI, Global Security News, Risk Management

Tenable Hexa AI automates exposure management and security workflows

Tenable has revealed Tenable Hexa AI, the agentic AI engine of the Tenable One Exposure Management Platform that automates security workflows and transforms exposure intelligence into coordinated action to reduce cyber risk. AI-powered cyberattacks, rapid vulnerability discovery and the explosion of AI-driven tools are expanding the attack surface faster than security teams can keep up.…

Read more →

AI, Funding, Global Security News, Network Security, Risk Management

OpenAI’s Foundation play reframes the AI roadmap for IT leaders

OpenAI’s non-profit arm has revealed its plans to tackle “humanity’s hardest problems.” The OpenAI Foundation has announced a sweeping range of investment and research goals, from building safeguards around how AI behaves in the wild to pushing for shared data ecosystems and funding disease research. The stated roadmap could serve as a blueprint for how…

Read more →

AI, Global Security News, Risk Management

Astrix advances AI agent security platform to govern shadow and enterprise agents

Astrix Security has revealed a major expansion of its AI agent security platform, covering every layer where AI agents operate in the enterprise: from managed AI platforms to shadow deployments running on managed devices, detecting both agent existence and unauthorized access to enterprise resources, and enforcing policy over what agents are allowed to do. AI…

Read more →

AI, Apps, Global Security News

Versa Secure Enterprise Browser delivers browser-native security for enterprise apps

Versa has revealed early access to Versa Secure Enterprise Browser, a new browser-native security capability within the VersaONE Universal SASE Platform that protects employees, contractors, and partner users as they access web, SaaS, and enterprise AI applications by enforcing security, access, and data protection policies directly within the browser session. The browser has become the…

Read more →

AI, Global Security News

Backslash adds cross-product support to secure AI skills in developer environments

Backslash Security has revealed new cross-product support for agentic AI Skills within its platform, enabling organizations to discover, assess, and apply security guardrails to Skills used across AI-native software development environments. The developer ecosystem of AI-powered coding agents and tools is rapidly expanding with new extensibility layers, including Skills, Model Context Protocol (MCP) servers, prompt…

Read more →

AI, Global Security News

Graylog advances explainable AI and automated workflows for faster threat detection

Graylog has revealed advances in explainable AI and automated investigation workflows that help small-to-mid-sized security teams detect threats faster, investigate with confidence, and cut the manual documentation work that consumes analyst time. “Lean security teams don’t have the luxury of analyst bench depth or months of automation tuning,” said Andy Grolnick, CEO of Graylog. “Every…

Read more →

Global Security News

Druva connects identity data and behavior to restore access after attacks

Druva has revealed Druva Identity Resilience, adding support for Okta and Microsoft Active Directory alongside Microsoft Entra ID. Druva Identity Resilience delivers unified protection, cyber recovery, and threat detection and response in a single SaaS platform, bringing disparate identity providers together so security and IT teams can restore trusted access through one coordinated process. Identity-driven…

Read more →

AI, china, Compliance, Cybersecurity, Data Breaches, Global Security News, Network Security, privacy, Risk Management

Officials worry Salt Typhoon apathy is killing momentum for tougher telecom security rules

Two years ago, it was revealed that Chinese hackers had compromised at least ten U.S. telecoms, giving them broad access to phone data affecting nearly all Americans. Since then, public officials charged with responding to the campaign and bolstering the nation’s cyber defenses have reported a common problem. Many of their constituents struggle to understand…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management, Russia

Coruna iOS Exploit Kit Compromises Thousands of iPhones

An iOS exploit framework has revealed how advanced mobile attack tools can move rapidly from surveillance operations to espionage and financial crime.  Google’s Threat Intelligence Group (GTIG) identified Coruna, a powerful exploit kit containing 23 vulnerabilities across five exploit chains that were used to compromise thousands of iPhones throughout 2025. “The core technical value of…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management

14 old software bugs that took way too long to squash

In 2021, a vulnerability was revealed in a system that lay at the foundation of modern computing. An attacker could force the system to execute arbitrary code. Shockingly, the vulnerable code was almost 54 years old — and there was no patch available, and no expectation that one would be forthcoming. Fortunately, that’s because the…

Read more →

AI, Data Breaches, Endpoint, Exploits, Global Security News, Network Security

Who is the Kimwolf Botmaster “Dort”?

In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to build Kimwolf, the world’s largest and most disruptive botnet. Since then, the person in control of Kimwolf — who goes by the handle “Dort” — has coordinated a barrage of distributed denial-of-service (DDoS), doxing and email flooding attacks…

Read more →

AI, Global Security News

Microsoft Finds “Summarize with AI” Prompts Manipulating Chatbot Recommendations

New research from Microsoft has revealed that legitimate businesses are gaming artificial intelligence (AI) chatbots via the “Summarize with AI” button that’s being increasingly placed on websites in ways that mirror classic search engine poisoning (AI). The new AI hijacking technique has been codenamed AI Recommendation Poisoning by the Microsoft Defender Security Research Team. The…

Read more →

AI, china, Global Security News

China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Campaign

The Cyber Security Agency (CSA) of Singapore on Monday revealed that the China-nexus cyber espionage group known as UNC3886 targeted its telecommunications sector. “UNC3886 had launched a deliberate, targeted, and well-planned campaign against Singapore’s telecommunications sector,” CSA said. “All four of Singapore’s major telecommunications operators (‘telcos’) – M1, SIMBA Telecom, Singtel, and

Read more →

AI, Exploits, Global Security News, Network Security

SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers

Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk (WHD) instances to obtain initial access and move laterally across the organization’s network to other high-value assets. That said, the Microsoft Defender Security Research Team said it’s not clear whether the activity weaponized recently

Read more →

AI, Global Security News

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

Artificial intelligence (AI) company Anthropic revealed that its latest large language model (LLM), Claude Opus 4.6, has found more than 500 previously unknown high-severity security flaws in open-source libraries, including Ghostscript, OpenSC, and CGIF. Claude Opus 4.6, which was launched on Thursday, comes with improved coding skills, including code review and debugging capabilities, along

Read more →