Geek-Guy.com

Tag: warning

AI, Exploits, Global Security News, Risk Management

Microsoft Calls the Zero-Day Dumps Irresponsible. The Researcher Says Microsoft Started It.

A researcher dropped 6 Windows zero-days with no warning. Three are now exploited in the wild. Microsoft is angry. The researcher says Microsoft ignored them first. Over the past month, a researcher going by Chaotic Eclipse, also known as Nightmare-Eclipse, publicly released details of six unpatched vulnerabilities in Windows components including Defender and BitLocker. No…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware, Risk Management, Russia

Security experts caution MFA alone can no longer stop threat actors

Cybersecurity experts are warning enterprise admins about an increasing number of phishing campaigns aimed at stealing Microsoft 365 (M365) access tokens to bypass multifactor authentication login protection. Phishing kits aimed at capturing M365 tokens aren’t new; some reports say these kits have been around since 2021. One of the latest is EvilTokens, which researchers at…

Read more →

AI, Apps, Global Security News, malware

FBI warns about fast-growing phishing kit targeting Microsoft 365 users

The FBI is warning organizations and defenders about Kali365, a growing phishing-as-a-service platform that retrieves Microsoft 365 access tokens, issuing a public service announcement Thursday.  The toolkit bypasses multi-factor authentication and abuses OAuth device code authorizations via phishing lures impersonating common enterprise services. This technique grants cybercriminal-controlled applications access to Microsoft 365 accounts, opening victims…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Risk Management

IMF warns of the potential for AI attacks on global financial systems

The International Monetary Fund (IMF) is warning that AI could become a growing threat to global financial stability by making cyberattacks faster and more sophisticated. In a new analysis, the organization describes how new AI tools can help attackers identify and exploit security vulnerabilities in banks, payment systems, and cloud services in record time. According…

Read more →

Endpoint, Global Security News

Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access

Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild. The high-severity vulnerability, CVE-2026-6973 (CVSS score: 7.2), is a case of improper input validation affecting EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1. It allows “a remotely authenticated user with administrative access to achieve…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security

Critical Palo Alto Networks software bug hits exposed firewalls

Palo Alto Networks is warning customers about a critical buffer overflow vulnerability affecting its PAN-OS user-ID authentication portal that is already being exploited in the wild. The flaw allows attackers to execute arbitrary code with root privileges on exposed firewalls, the company said in a security advisory. PAN-OS is the software that runs all Palo…

Read more →

Exploits, Global Security News, Network Security

Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution

Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild. The vulnerability, tracked as CVE-2026-0300, has been described as a case of unauthenticated remote code execution. It carries a CVSS score of 9.3 if the User-ID Authentication Portal is configured to…

Read more →

Cybersecurity, Global Security News

Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks

Cybersecurity researchers are warning of two cybercrime groups that are carrying out “rapid, high-impact attacks” operating almost within the confines of SaaS environments, while leaving minimal traces of their actions. The clusters, Cordial Spider (aka BlackFile, CL-CRI-1116, O-UNC-045, and UNC6671) and Snarky Spider (aka O-UNC-025 and UNC6661), have been attributed to high-speed data theft and

Read more →

AI, Exploits, Global Security News

Max-severity RCE flaw found in Google Gemini CLI

Security researchers are warning about a max severity vulnerability in Google Gemini CLI that could allow remote code execution (RCE) in environments where the tool processes untrusted inputs. The issue was disclosed by Novee Security researchers and affects the @google/gemini-cli package and its associated GitHub Action, widely used in CI/CD workflows. “Gemini CLI (@google/gemini-cli) and…

Read more →

AI, china, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Network Security, Russia, Venture

The thin gray line: Handala, CyberAv3ngers and Iran’s proxy ops

On April 7, six US government agencies issued a critical advisory warning domestic private sector organizations of potential infrastructural cyberattacks conducted by Iranian-affiliated Advanced Persistent Threat (APT) actors. The advisory stops short of attributing these threats to a single group but makes reference to 2023 attacks on US water and wastewater facilities linked to the…

Read more →

AI, Exploits, Global Security News

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and UnDefend, all of which were released as zero-days by a researcher known as Chaotic Eclipse (

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, Network Security

Seven IBM WebSphere Liberty flaws can be chained into full takeover

Security researchers are warning of a set of flaws affecting IBM WebSphere Liberty, a lightweight, modular Java application server, that can be chained into a full server compromise. The flaws, a total of seven, that led to the ultimate compromise of the server were initiated by a newly discovered pre-authentication issue in the platform’s SAML…

Read more →

AI, Exploits, Global Security News, malware

WhatsApp malware campaign uses malicious VBS files to gain persistent access

Microsoft is warning WhatsApp users of a new malware campaign that tricks them into executing malicious Visual Basic Script (VBS) files, ultimately enabling persistence and remote access. In a March 31 report, Microsoft Defender Experts said attackers have been distributing malicious Visual Basic Script (VBS) files through WhatsApp since at least late February, relying on…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, Risk Management

LangChain path traversal bug adds to input validation woes in AI pipelines

Security researchers are warning that applications using AI frameworks without proper safeguards can expose sensitive information in basic, yet critical, non-AI ways. According to a recent Cyera analysis, widely used AI orchestration tools, LangChain and LangGraph, are vulnerable to critical input validation flaws that could allow attackers to access sensitive enterprise data. In a recent…

Read more →

AI, Apps, Exploits, Global Security News, malware

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

PyPI is warning of possible credential theft from AI applications and developer pipelines after two malicious versions of the widely used Python middleware for large language models, LiteLLM, were briefly published. “Anyone who has installed and run the project should assume any credentials available to the LiteLLM environment may have been exposed, and revoke/rotate them…

Read more →

AI, Exploits, Global Security News

Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access

Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that’s exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software. The vulnerability in question is CVE-2026-20131 (CVSS score: 10.0), a case of insecure deserialization of user-supplied Java byte stream, which could allow an unauthenticated, remote attacker to

Read more →

AI, Europe, Global Security News, Risk Management

European companies warn EU leaders: reduced reliance on US tech could hurt profitability

Several European companies are warning that the EU’s increased focus on technological sovereignty could hurt both profitability and competitiveness and argue it will be difficult to quickly reduce dependence on US tech firms, the Financial Times reports. The European Commission is currently working on a new package for technological sovereignty aimed at reducing Europe’s dependence…

Read more →

AI, Apps, Global Security News

Phishing campaign spoofs local officials to steal permit fees

The FBI is warning about a phishing scheme in which cybercriminals impersonate city and county officials to solicit fraudulent payments for planning and zoning permits. Criminals mine publicly available permit data to find likely targets and make their outreach appear legitimate. Investigators say victims receive unsolicited emails that cite legitimate permit details, including zoning application…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management

Cisco SD-WAN Manager Vulnerabilities Actively Exploited

Cisco is warning customers that attackers are actively exploiting multiple vulnerabilities affecting its Catalyst SD-WAN Manager platform. The software serves as a centralized management console used to monitor and control large distributed SD-WAN deployments.  These vulnerabilities “… could allow an attacker to access an affected system, elevate privileges to root, gain access to sensitive information,…

Read more →

AI, Exploits, Global Security News, Risk Management

Google addresses actively exploited Qualcomm zero-day in fresh batch of 129 Android vulnerabilities

Google disclosed one actively exploited zero-day vulnerability Monday, warning that the high-severity defect affecting an open-source Qualcomm display component for Android devices “may be under limited, targeted exploitation.” The memory-corruption vulnerability — CVE-2026-21385 — which Google’s Android security team reported to Qualcomm Dec. 18, affects 234 chipsets, Qualcomm said in a security bulletin. Qualcomm said…

Read more →

AI, Compliance, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security, Risk Management

Odido CRM Data Breach Exposes 6.2M Customer Records

A major Dutch telecom provider is warning customers after a cyberattack exposed personal data tied to millions of accounts.  Odido Telecom confirmed that attackers gained unauthorized access to its customer database, impacting roughly 6.2 million customers.  “This involved personal data from a customer contact system used by Odido. No passwords, call logs, or billing information…

Read more →

Don't miss, Europe, Global Security News, Hot stuff, News

State-backed phishing attacks targeting military officials and journalists on Signal

German security authorities are warning that a likely state-backed hacking group is engaged in attempts at phishing senior political figures, military officials, diplomats, and investigative journalists across Germany and Europe via Signal. The authorities also noted that while these attacks are likely perpetrated by a state-controlled cyber actor, there’s nothing stopping non-state actors and financially…

Read more →