Geek-Guy.com

First Foxconn, now Tata — Apple suppliers keep getting hacked

The recently reported cyberattack against Tata Electronics is shaping up to be one of the most consequential attacks exposing important trade secrets belonging to Apple and, conceivably, other clients, including a slew of details about the upcoming iPhone 18 Pro. The attack follows May’s assault against key Apple manufacturing partner Foxconn. World Leaks iPhone 18 Pro Hackers from…

Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses

Cybersecurity researchers have flagged an active browser extension campaign that is designed to steal cryptocurrency by stealthily replacing wallet addresses when unsuspecting users initiate a transaction. The cryptocurrency clipper activity has been codenamed Silent Swap by McAfee Labs. “The campaign is delivered through unsigned installers – observed in both .NET and Golang variants – that

DHS to unveil replacement council for critical infrastructure cybersecurity

The Department of Homeland Security is bringing back a key cybersecurity information sharing effort with critical infrastructure, more than a year after the Trump administration shuttered an existing nerve center between government and private sector. The Alliance of National Councils for Homeland Operational Resilience – Critical Infrastructure program, first reported by CyberScoop in January, is meant…

$10 Million Reward for Russian Hackers Targeting Messaging App Users

The Department of State is offering up to $10 million for information on two Russian-linked hacking groups targeting Signal and WhatsApp users.  This reward is being offered through the department’s Rewards for Justice (RFJ) program, which seeks information on foreign state-backed cyber actors targeting U.S. critical infrastructure and national security interests.  The latest bounty focuses…

Oracle E-Business Suite Payments flaw under attack (CVE-2026-46817)

Exploitation attempts targeting a critical vulnerability (CVE-2026-46817) in Oracle Payments, the payment-processing module within Oracle’s E-Business Suite (EBS), have been spotted over the weekend, threat intelligence company Defused warned on Monday. The detected exploitation attempts (Source: Defused) “On 27 June 2026 our Oracle E-Business Suite decoys recorded the first in-the-wild exploitation of CVE-2026-46817 — roughly…

Cequence Platform 9.0 uses AI to simplify API security and compliance

Cequence Security has announced general availability of Cequence Platform 9.0, an AI-native release that changes how users interact with API security tools. Platform 9.0 ships with a built-in AI Assistant, an open Model Context Protocol (MCP) server that exposes every platform capability to an organisation’s agents or automation workflows, a compliance-ready risk rules library mapped…

Digi International’s DANI automates network diagnostics and device management

Digi International has announced the launch of DANI, the Digi Artificial Network Intelligence agent, a purpose-built AI network operations agent natively embedded in a networking device management platform, Digi Remote Manager (DRM). Embedded directly within DRM as a value-added service, DANI enables network operators and managed service providers to monitor and diagnose network issues, identify…

OpenMatter Network brings verifiable trust to AI governance

OpenMatter Network has announced the launch of its cryptographically verifiable platform for secure collaboration and AI governance, built on a simple premise: Don’t Trust Data. Prove It. For decades, organizations have relied on trust-based assumptions to secure data, execute workloads and govern digital systems. But as data becomes increasingly distributed and AI agents begin operating…

How CISA BOD 26-04 redefines vulnerability management metrics for security leaders

CISA’s BOD 26-04 changes how federal agencies patch and how security leaders must measure, justify, and communicate cyber risk to executives and boards. Key takeaways BOD 26-04 requires agencies to make and defend risk-based vulnerability prioritization decisions, including decisions to defer vulnerability remediation. This accountability requirement transforms vulnerability management from a technical operation into a…

AppViewX Launches Global Partner Program

Machine and agent identity security organization, AppViewX, has announced the launch of its first global partner program. The program is designed to provide the infrastructure, resources, and an engagement framework necessary to engage prospects and customers more effectively, deliver greater value, and maximize co-sell opportunities and profitability. AppViewX formalizes its channel strategy The AppViewX Partner…

Huntress Launches Managed ISPM for Microsoft 365 Security

Cybersecurity company Huntress has announced the general availability of its Managed Identity Security Posture Management (ISPM) service, expanding its Agentic Security Platform with tools that continuously identify and remediate identity security weaknesses across Microsoft 365 environments. The launch follows an Early Access program involving more than 12,000 Microsoft 365 tenants, where Huntress says it uncovered…

Report: AI-Driven Threats Outpace Cyber Professionals

Cybersecurity leader Bitdefender has recently released an annual report in which cybersecurity professionals detailed their most urgent concerns, key challenges, and threat perceptions shaping security. Agentic AI, LLMs, and infrastructure breaches top the list of security concerns The 2026 Cybersecurity Assessment Report is an independent survey of over 1,200 IT and security professionals. Those surveyed…

Malicious Chromium extension spoofs Perplexity AI to hijack browser searches

Google has removed a malicious browser extension masquerading as Perplexity AI after Microsoft researchers found it was intercepting users’ search traffic and routing queries through attacker-controlled servers before forwarding them to legitimate search engines. Microsoft Threat Intelligence said the extension masqueraded as the AI-powered answer engine to trick users into installing it. Based on its…

Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer

An unknown threat actor has been observed exploiting a recently disclosed maximum-severity security flaw in SimpleHelp to deliver two previously unreported malware families, TaskWeaver and Djinn Stealer. The intrusion involves the exploitation of CVE-2026-48558 (CVSS score: 10.0), a critical authentication bypass vulnerability impacting the OpenID Connect (OIDC) flow that an unauthenticated

Microsoft unveils Memora to tackle AI agents’ memory problem

With AI agents increasingly expected to remember conversations, preferences, and decisions over extended periods, Microsoft Research has developed Memora, a memory system designed to provide more scalable and reliable long-term recall than existing approaches. AI agents are increasingly expected to retain context across weeks or months rather than individual chat sessions. Memory can become fragmented,…

SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558)

Attackers are exploiting CVE-2026-48558, a recently patched authentication bypass vulnerability in SimpleHelp RMM, to drop the novel Djinn Stealer malware on victim computers. The malware is capable of targeting Windows, macOS, and Linux systems, and “collects credentials associated with cloud platforms, source control, package registries, infrastructure tooling, AI development assistants, browsers, SSH, and cryptocurrency wallets,”…

Closing the Supplier Security Gap: How a US Manufacturer Cut Third-Party Risk and Doubled SOC Triage Speed

For a US automotive manufacturer working with more than 200 active vendors, supplier file intake had become a growing security and cost challenge. Suspicious submissions often reached the SOC without enough context, forcing Tier 1 analysts to escalate most cases and slowing detection and response across the business.  By introducing a scalable triage and analysis process…

June 2026 Apple Updates, (Tue, Jun 30th)

Apple released updates for iOS/iPadOS, macOS, and Safari on Monday. There have been no updates for other Apple operating systems (visionOS, watchOS, tvOS). Usually, Apple updates all products at the same time. Most of the vulnerabilities affect the web browser (WebKit, libxslt, WebRTC, and Web Extension). Only four of the vulnerabilities are not directly related…

Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817

Attackers are exploiting a critical flaw in Oracle E-Business Suite, CVE-2026-46817, that allows remote, unauthenticated attackers to take over Oracle Payments. A critical vulnerability in Oracle E-Business Suite, tracked as CVE-2026-46817, is being actively exploited in the wild, according to cybersecurity firm Defused Cyber. “CVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Business) is being…

Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs

Apple on Monday released security updates for iOS, macOS, and the Safari web browser to address over three dozen flaws, including four vulnerabilities in WebKit that were discovered using artificial intelligence (AI) tools like Anthropic Claude and OpenAI Codex Security. The WebKit vulnerabilities are listed below – CVE-2026-43707 – A memory corruption issue that could…

Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild

A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-2026-46817 (CVSS score: 9.8), refers to an improper privilege management and authentication flaw in Oracle Payments that could be abused to take over susceptible instances. “Easily exploitable vulnerability allows

Hottest cybersecurity open-source tools of the month: June 2026

Presented here is a curated selection of noteworthy open-source cybersecurity solutions that have drawn recognition for their ability to enhance security postures across diverse settings. OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory AI agents keep memory across sessions. Conversation history, vector stores, scratchpads, and RAG indexes persist between…

Half the defense base still builds security around compliance

CMMC requirements are appearing in defense contracts and moving down through supplier networks to thousands of companies new to this kind of compliance work. Many run on limited budgets with lean security teams. The picture comes from nearly 900 defense contractors, C3PAOs, federal suppliers, and cybersecurity professionals who attended the 2026 Secureframe National Cybersecurity Summit.…

Cybersecurity jobs available right now: June 30, 2026

AI Offensive Security Engineer AGAPI | UAE | On-site – View job details As an AI Offensive Security Engineer, you will leverage AI and LLMs to accelerate offensive security research, exploit development, vulnerability discovery, and security automation. You will validate AI-generated findings through manual testing, conduct authorized security assessments, and produce high-quality technical reports and…