Geek-Guy.com

OAuth Client ID Spoofing Enables Stealthy Cloud Account Enumeration 

Microsoft Entra ID sign-in logs have provided defenders with critical visibility into authentication activity, helping security teams investigate user enumeration, password spraying, and other identity-based attacks.  However, research from Proofpoint shows threat actors are increasingly using a technique called OAuth client ID spoofing to evade common detection methods while identifying valid user accounts and credentials.…

Optro Partner Connect Launches for Global GRC Partners

Optro, an AI-powered governance, risk, and compliance (GRC) intelligence platform, has officially launched its new global partner program: Optro Partner Connect. The program offers partners flexible go-to-market (GTM) opportunities and a comprehensive suite of enablement, certification, technical, and co-marketing support. It also offers a path to expand into new markets, deepen service offerings, and drive…

Optimize365 Joins the Microsoft Marketplace to Help MSPs

Optimize365, an AI-powered multi-tenant M365 security management platform built for managed service providers (MSPs), is now available on the Microsoft Marketplace. Optimize365 will be discoverable and purchasable directly through Microsoft’s partner ecosystem, with co-sell eligibility that lets MSPs and their Microsoft representatives align on joint opportunities. Microsoft Marketplace: Simplifying the purchasing process Channel Insider sat…

Begun, the Patch Wars have

Welcome to this week’s edition of the Threat Source newsletter.  We all knew, to some degree or another, that this summer was going to a hot mess. I don’t mean FIFA drama or record setting heat waves. I mean the slow but steady momentum that AI frontier models were accruing for vulnerability research. If you…

Is Apple bringing chip manufacturing home?

Apple’s recently announced $30 billion multi-year agreement with Broadcom is significant because it means billions of chips for Apple devices will be made in the US, supporting hundreds of jobs.  This is Apple’s biggest US procurement deal so far, but it won’t be the last; when it announced the arrangement, Apple confirmed it is, “working with the administration…

Zoom patches account takeover hole

Zoom has identified, and patched, a critical security hole that “may allow an unauthenticated user to conduct an account takeover via network access.” The issue is especially significant given Zoom’s extensive reach; it reportedly has more than 300 million daily active users, including 470,000 paying business customers. Given that reach, Zoom has been impacted by many…

Russian trio indicted for allegedly running bulletproof hosting providers that spurred cybercrime

Three Russian nationals and a pair of bulletproof hosting providers directly supported a series of attacks on critical infrastructure in 21 states and several countries, according to a 2024 indictment unsealed in federal court Tuesday.  Officials, who have been investigating the trio and their companies since 2019, said the attacks resulted in losses surpassing $62…

Zoom patches account takeover hole

Zoom has identified, and patched, a critical security hole that “may allow an unauthenticated user to conduct an account takeover via network access.” The issue is especially significant given Zoom’s extensive reach; it reportedly has more than 300 million daily active users, including 470,000 paying business customers. Given that reach, Zoom has been impacted by many…

CVE-2026-32201, CVE-2026-45659, CVE-2026-56164: Frequently Asked Questions About Active Exploitation of Microsoft SharePoint Server Vulnerabilities

Four Microsoft SharePoint Server vulnerabilities are under active exploitation, prompting CISA to issue a hardening alert. An additional high-severity flaw recently patched adds pressure for organizations running on-premises deployments. Key Takeaways CISA confirmed active exploitation of three on-premises SharePoint Server vulnerabilities (CVE-2026-32201, CVE-2026-45659, CVE-2026-56164), used to gain unauthorized access, establish remote code execution, steal IIS…

H1 2026 Cyber Attacks Statistics Infographic

Last Updated on July 16, 2026 H1 Threat Intelligence Report Cyber Attacks Statistics — H1 2026 1,071 confirmed incidents across H1 2026 (1 Jan–30 Jun). Financially motivated Cyber Crime accounted for nearly 7 in 10 attacks, Malware remained the dominant weapon, and Information & Communication infrastructure bore the brunt of targeting. Total Incidents 0 1…

H1 2026 Cyber Attacks Statistics

In H1 I recorded 1,071 confirmed cyber incidents. Financially motivated Cyber Crime drove nearly 7 in 10 attacks, malware remained the top weapon (40.5% of attack-vector entries), and exploitation of public-facing applications was the leading initial access technique (23.7%). Cyber Espionage accounted for roughly 1 in 5 incidents, with the Information & Communication sector bearing…

CVE-2026-42533: Critical NGINX Map Regex Flaw Can Trigger Heap Buffer Overflow and Possible RCE

F5 has disclosed multiple NGINX Vulnerabilities in an out-of-band security update, with CVE-2026-42533 standing out as one of the most dangerous issues in the batch. The flaw is a heap buffer overflow in NGINX’s handling of the map directive when regular expression matching references regex variables in a specific order. In vulnerable deployments, a remote…

Adaptiva simplifies secure patch management for air-gapped networks

Adaptiva has announced AirGap for OneSite Patch, a new capability that extends autonomous patch management to air-gapped environments. Developed in response to growing demand from government agencies, critical infrastructure operators, and large enterprises managing highly secure environments, AirGap for OneSite Patch enables organizations to securely patch isolated systems without compromising the physical separation those environments…

CISA folds its own hard-won lessons into coordinated vulnerability disclosure guidance

On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and four allied cyber authorities published a guide telling software vendors how to build a coordinated vulnerability disclosure (CVD) program. Six days earlier, CISA published a blog post explaining how a security researcher had tried and failed, repeatedly, to report a serious problem to CISA…

CVE-2026-56164 and CVE-2026-56155: Two Exploited Microsoft Zero-Days Put SharePoint and AD FS at Risk

Microsoft’s July 2026 Patch Tuesday drew immediate attention not just because of its record scale, but because two actively exploited zero-days hit some of the most sensitive parts of enterprise infrastructure. CVE-2026-56164 targets on-premises SharePoint Server and is remotely exploitable in low-complexity attacks, while CVE-2026-56155 targets Active Directory Federation Services and allows privilege escalation from…

New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands

Cybersecurity researchers have called attention to a new modular malware called TELEPUZ that’s been spreading via websites infected with ClickFix lures since late April 2026. “The malware is full-featured, lightweight, and modular,” Elastic Security Labs researcher Cyril François said in a technical report. “While the number of C2 [command-and-control] domains is currently small, the daily

CVE-2026-15410 and CVE-2026-15409: SonicWall SMA 1000 Zero-Days Exploited in the Wild

SonicWall has patched two actively exploited zero-days affecting SMA 1000 Series secure remote access appliances. The issues are CVE-2026-15409, a critical unauthenticated SSRF flaw in the Workplace interface, and CVE-2026-15410, a post-authentication code injection flaw in the Appliance Management Console that can lead to arbitrary OS command execution as administrator under certain conditions. Public reporting…

CISA urges immediate SharePoint hardening as exploits mount

The US Cybersecurity and Infrastructure Security Agency (CISA) has urged organizations to immediately secure Microsoft SharePoint deployments after warning that three vulnerabilities affecting the on-premises collaboration platform are being actively exploited. A recent advisory from the federal cybersecurity watchdog asked administrators to patch vulnerable servers, review Microsoft’s mitigation guidance, and assume that internet-facing SharePoint instances remain attractive…

Delinea Launches New Partner Program

Delinea, a runtime identity security platform governing humans, machines, and AI agents, is launching a new partner program to drive partner profitability. Delivering AI-powered enablement to the channel The Delinea Partner Advantage Program provides partners with a comprehensive framework to deliver identity security technology, protected discounts, and ease of doing business. The program is meant…

Russian cybercriminal used jailbroken Gemini CLI to rebuild botnet infrastructure in six minutes

A Russian-speaking threat actor known as “bandcampro” used a jailbroken Gemini CLI, Google’s open-source terminal-based AI agent, to deploy and operate a small command-and-control (C2) botnet, according to TrendAI. Operational overview (Source: TrendAI) In more than 200 sessions between March 19 and April 21, 2026, the threat actor worked with Gemini to deploy and operate…

CISA urges immediate SharePoint hardening as exploits mount

The US Cybersecurity and Infrastructure Security Agency (CISA) has urged organizations to immediately secure Microsoft SharePoint deployments after warning that three vulnerabilities affecting the on-premises collaboration platform are being actively exploited. A recent advisory from the federal cybersecurity watchdog asked administrators to patch vulnerable servers, review Microsoft’s mitigation guidance, and assume that internet-facing SharePoint instances…

Intruder brings AI-powered, on-demand penetration testing to web applications

Intruder has announced the launch of AI Pentesting for web applications, providing on-demand penetration testing. Following its initial release of issue-level investigations last quarter, the platform now allows organizations to securely connect their codebases via GitHub or GitLab to automatically scope and launch penetration tests in minutes, with results and audit-ready reporting in hours. Mythos…

Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor

An advanced malware previously attributed to a China-linked threat actor has resurfaced after more than four years within a Taiwan manufacturing firm, along with a previously unreported backdoor dubbed Stupig. Daxin (“srt64.sys”), as the kernel-mode rootkit is referred to, was first documented by Broadcom-owned Symantec in March 2022, with evidence indicating its use in targeted…

Thinking Machines Lab offers enterprises a US alternative in open-weight AI

Thinking Machines Lab, the San Francisco startup founded by former OpenAI CTO Mira Murati, has released Inkling, its first general-purpose AI model. The launch adds another US-developed entrant to an open-weight market where Chinese developers produce several leading coding and reasoning models. Inkling uses a mixture-of-experts architecture with 975 billion total parameters, of which 41 billion are active…

CISA urges software vendors to formalize vulnerability disclosure programs

The Cybersecurity and Infrastructure Security Agency (CISA) and four international cybersecurity agencies have published guidance urging software manufacturers and online service providers to establish coordinated vulnerability disclosure (CVD) programs, saying structured engagement with security researchers can help improve vulnerability management and product security. Published jointly with the US National Security Agency (NSA), Japan Computer Emergency…

UAT-11795 deploys novel Starland RAT and bespoke WLDR C2 implant in financially motivated campaign

Cisco Talos is disclosing UAT-11795, a sophisticated, Russian-speaking, financially motivated adversary that has been conducting a malicious campaign targeting users in the U.S. and Europe since at least June 2025.   Talos has discovered that the actor in this campaign delivers a Python-based remote access tool (RAT) that we track as “Starland RAT” and a command-and-control (C2) memory implant known as the “WLDR agent.” …

Tenable One unifies code risks with enterprise exposure data

Tenable has announced the expansion of the Tenable One Exposure Management Platform, unifying application security risks with all other exposure data. By integrating static code vulnerability data, Tenable One delivers complete, code-to-runtime visibility across the entire attack surface. Security teams have long struggled with a code security problem where vulnerable code reaches production faster than…

Lineation.ai focuses on runtime security for autonomous AI agents

Lineation.ai has announced the public launch of its comprehensive agentic security platform. Delivering a solution at the intersection of GenAI Application Security and Runtime Defense, Lineation introduces a Zero Trust unified control plane and a lightweight endpoint daemon that secures autonomous AI agents directly at execution. As enterprises adopt autonomous AI agents that read sensitive…

Hidden Infrastructure Exposed: ANY.RUN Reveals Hijacked Gov Websites Delivering Malware 

An original threat intelligence investigation uncovering how trusted government infrastructure became an attack channel, placing banking organizations and public-sector systems at risk while revealing previously undocumented infrastructure relationships and actionable mitigation guidance for security leaders.  ANY.RUN analysts have uncovered an active PhantomEnigma campaign abusing compromised government infrastructure and fake police-themed documents to target banking and public-sector organizations in Brazil. Trusted emails and legitimate…