Geek-Guy.com

Tag: user

AI, Compliance, Cybersecurity, Exploits, Global Security News, malware, Risk Management

Attack targeting OpenAI Codex users exposes AI software supply chain risks

A malicious npm package posing as a remote user interface for OpenAI Codex exfiltrated developer authentication tokens, after attackers allegedly published code to npm that was not visible in the project’s public GitHub repository. Researchers at Aikido said the package, called codexui-android, appeared to offer legitimate functionality while collecting authentication tokens and sending them to…

Read more →

AI, Global Security News

Brute-force attack triggers Dashlane account lockouts

Password manager Dashlane has confirmed that a brute-force attack targeting user accounts triggered temporary account suspensions and authentication issues. The company first acknowledged the incident on May 31 after users reported receiving account suspension emails and experiencing login problems. “Your account has been temporarily suspended for security reasons as someone has attempted to register a…

Read more →

AI, Apps, Exploits, Global Security News, malware, Network Security

SHub Reaper impersonates Apple, Google, and Microsoft in one MacOS attack chain

A newly disclosed macOS infostealer campaign is exploiting user trust in some of the biggest names in tech to slip past defenses.  Researchers at SentinelOne have detailed a new variant of the SHub malware family, dubbed “Reaper,” that impersonates Apple, Google, and Microsoft at different stages of a single attack chain targeting Mac users. The…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security

Cisco zero-day under ongoing attack by persistent threat group

Attackers returned once again to a common target with a massive user base by exploiting a max-severity zero-day vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager. The threat group behind the “limited” number of attacks Cisco is aware of thus far are also linked to a series of previously disclosed vulnerabilities in the vendor’s firewalls…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Funding, Global Security News, Government & Policy, Risk Management, Venture

A DOD contractor’s API flaw exposed military course data and service member records

A defense technology company with Department of Defense contracts exposed user records and military training materials through API endpoints that lacked meaningful authorization checks, according to an account published by Strix, an open-source autonomous security testing project. The issue affected Schemata, an AI-powered virtual training platform used in military and defense settings. According to Strix,…

Read more →

AI, Apps, Compliance, Cybersecurity, Endpoint, Global Security News, Network Security

Transform security logs into OCSF format using a configuration-driven ETL solution

Security logs capture essential security-related activities, such as user sign-ins, file access, network traffic, and application usage. These logs are important for monitoring, detecting, and responding to potential security events. The Open Cybersecurity Schema Framework (OCSF) addresses this challenge by providing a standardized format to represent security events, ensuring consistent and efficient data handling across…

Read more →

AI, Data Breaches, Global Security News

Hackers access Booking.com user data, company secures systems

Hackers accessed some Booking.com user data, including names, emails, phone numbers, and booking details. The issue is now contained. Booking.com warned that hackers may have accessed customer data linked to travel reservations. Exposed details could include names, email addresses, phone numbers, and information shared with accommodations. Booking.com is one of the world’s leading online travel agencies…

Read more →

AI, Global Security News, Risk Management

Secureframe expands Comply with User Access Reviews for automated governance

Secureframe has announced the launch of User Access Reviews, a new capability within Secureframe Comply. Access reviews are the primary mechanism organizations use to validate that the right people have the appropriate access, but the process has historically been manual, fragmented, and difficult to audit. Most teams still conduct access reviews using exported spreadsheets and…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Risk Management

Federal judge blocks Perplexity’s AI browser from making Amazon purchases

A federal judge has blocked Perplexity, makers of the Comet AI browser, from accessing user Amazon accounts and making purchases on their behalf. In an March 9 order, Judge Maxine Chesney of the Northern District Court of California said the temporary injunction reflects the likelihood that Amazon “will succeed on the merits” of its claim…

Read more →

AI, Apps, Data Breaches, Global Security News

PayPal discloses extended data leak linked to Loan App glitch

PayPal disclosed a six-month data breach that exposed sensitive user data, including Social Security numbers, due to a software error. PayPal has disclosed a data breach caused by a software bug in its PayPal Working Capital loan app. The flaw exposed sensitive customer information, including customers’ business contact details (name, email, phone number, address), along…

Read more →

AI, Apps, Compliance, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management

better-auth Flaw Allows Unauthenticated API Key Creation

A vulnerability in the better-auth library could allow attackers to take over user accounts without ever logging in.  The flaw affects the library’s API keys plugin and enables unauthenticated attackers to mint privileged API keys for arbitrary users. Exploitation of the vulnerability grants “… full authenticated access as the targeted user and, depending on the…

Read more →

AI, Apps, Endpoint, Global Security News, malware, Network Security, Risk Management, Russia

Keenadu: Android malware that comes preinstalled and can’t be removed by users

There’s too little a user can do when hit with a complex Android malware that comes preinstalled on their new smartphone or tablet. Security researchers at Kaspersky have flagged a multifaceted Android malware dubbed Keenadu that can ship preinstalled via device firmware, compromising users before they even complete setup. “Keenadu serves as a reminder that…

Read more →

Compliance, Data Breaches, Global Security News, Risk Management

Passwork 7.4 enhances enterprise security with centralized User vault restrictions

Passwork has released version 7.4, introducing restrictive settings for User vaults along with enhancements to improve security and user experience. The update enables administrators to enforce stricter controls over password sharing and distribution, reducing data breach risks and supporting compliance with strong security policies. Key features of Passwork 7.4 Restrictive settings for User Vaults: Administrators…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, News, Risk Management, Threats

n8n Flaw Puts Hundreds of Thousands of Enterprise AI Systems at Risk

A flaw in the n8n platform allowed any authenticated user to fully compromise the underlying server, exposing credentials, secrets, and AI-driven workflows across enterprise environments. The vulnerability carries a CVSS score of 10.0 and allows attackers to break out of n8n’s JavaScript sandbox to execute arbitrary commands, effectively transforming routine workflow logic into complete control…

Read more →