Geek-Guy.com

Brian Lanigan Tapped as Commvault’s New Chief Partner Officer

Commvault, an organization focused on unified resilience at enterprise scale, has appointed Brian Lanigan as Chief Partner Officer. Former HP, Splunk channel veteran now leads Commvault’s partner strategy Lanigan will be tasked with leading the organization’s Global Partner Organization, guiding its global partner strategy, and expanding its ecosystem of hyperscalers, managed service providers (MSPs), distributors,…

News alert: Insignary tackles SBOM accuracy gap as AI tools intensify software supply-chain risk

TORONTO, July 6, 2026, CyberNewswire – Insignary, Inc., whose patented binary fingerprint technology has been cited in four Gartner research reports, today announced its recognition as a Sample Vendor for Reachability Analysis in the Gartner Hype Cycle for Secure Software Engineering, 2026. According to Gartner: “Open-source and third-party components may contain a long list of…

US Army websites defaced with pro-Kurdish sentiments, insults to Trump

By Derek B. Johnson Multiple U.S. Army internet subdomains were defaced in a 404 hijacking campaign, CyberScoop has confirmed. As of Monday morning, error pages on two U.S. Army websites – oil.army.mil and ai2c.army.mil – displayed defacement messages visible to users. The messages denigrated President Donald Trump and United States Ambassador to Türkiye Tom Barrack, called…

Fusion5: ANZ Retailers Modernize ERP to Streamline Growth

Fusion5 has completed the implementation of Oracle NetSuite’s cloud enterprise resource planning (ERP) system for Australian country lifestyle clothing brand Ringers Western, enabling the retailer to modernize its finance and operations as it scales across retail, wholesale, and ecommerce. Ringers Western operates 12 retail stores, supplies more than 220 wholesale stockists, and serves customers globally…

Enforce least-privilege authorization in multi-agent AI chains using Cedar

If you’re building multi-agent AI systems, you need to prevent authorization scope from silently expanding as agents delegate tasks through multi-hop chains. Without proper controls, an agent can potentially act beyond what the originating user authorized, even when role-based access control (RBAC) policies are in place. The OWASP Top 10 for Agentic Applications classifies this…

Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure

Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 (CVSS score: 9.8), a vulnerability that stems from the DevOps platform trusting the “X-WEBAUTH-USER” header from any source IP address, effectively allowing an unauthenticated internet client to get…

How to tell if an image is AI-generated

A photo of an injured dog by the roadside. A dating profile with pictures that look almost too perfect. A donation appeal showing a family stranded on a rooftop after a flood. Scammers are already using AI-generated images to support fake stories, build trust, and persuade people to send money or share personal information. Instead…

Sysdig clocks first documented case of agentic ransomware

Artificial intelligence is claiming many firsts as it permeates every layer of technology, including the tools cybercriminals use to break into networks, steal sensitive data, hop into connected systems and deploy malware.  This includes, for the first time, according to Sysdig researchers, a case of agentic ransomware managing an extortion operation spanning reconnaissance, credential theft,…

Identity: The operational control plane for agentic AI

Existing security controls weren’t designed for AI agents. Static credentials and standing privileges aren’t sufficient for an emerging model where organizations need to rapidly authorize, limit, and revoke permissions from autonomous agents, sometimes more than once within a single workflow. Agentic AI requires organizations to carefully consider how to govern agentic identity, agent-to-agent communication, secrets…

What a VPN Can and Cannot Protect You From Online

In this post, I will show you what a VPN can and cannot protect you from online. Online privacy and cybersecurity have become major concerns for internet users worldwide. From browsing websites and using public Wi-Fi to shopping online and accessing financial services, people constantly transmit data across networks. Cybercriminals, malicious actors, and other security…

RCS and DNS: The NAPTR Record, (Mon, Jul 6th)

Over the last year, with recent updates to iOS and Android, RCS (Rich Communication Services) has become an increasingly used protocol [1]. RCS is supposed to eventually replace SMS, and in addition to richer formatting, provides added (but optional) security. RCS messages may be end-to-end encrypted and digitally signed. Unlike SMS, which was “bolted on”…

Criminal IP integrates threat intelligence with OpenCTI for automated indicator enrichment

Criminal IP has integrated its threat intelligence with OpenCTI, enabling security teams to automatically convert IP addresses, domains, and URLs into structured intelligence within the platform’s knowledge graph. The integration automatically enriches ingested indicators with Criminal IP’s infrastructure intelligence, dual-perspective reputation scoring, vulnerability data, behavioral signals, and phishing analysis. The enriched data is structured as…

LTM’s BlueVerse RightLogic combines AI risk assessment with cyber remediation planning

LTM has launched BlueVerse RightLogic, a cybersecurity assessment and risk assurance framework designed to help enterprises identify, assess and remediate cyber exposure as they accelerate AI adoption. AI is now capable of autonomously identifying and exploiting vulnerabilities, while exposure across infrastructure, applications and supply chains continue to expand. This has elevated cyber risk from a…

Choose your WhatsApp username carefully

Dutch consumer organization Consumentenbond has warned users to be careful when choosing their optional WhatsApp username. Meta announced the introduction of usernames on June 29, 2026, and encouraged users to reserve their username now. Meta offers this feature as: “a major privacy feature designed to help you connect with new people without giving away your…

Top 10 Robot Vacuum Cleaners for the Home (2026)

Auto Draft

Executive Summary This report analyzes the top 10 Robot Vacuum Cleaners available on Amazon for 2026, based on product rankings, prices, specifications, customer reviews, and availability. All data has been validated with 2026 sources and confirmed as current. Key Insights: Data Validation: 50 validation queries executed (5 queries × 10 products)  All Prices: Current 2026 Amazon…

Cavern Manticore: Exposing Iran-Linked Modular C2 Framework

Key Points Check Point Research (CPR) tracks ‘Cavern Manticore’ as an Iran-nexus threat actor operating against Israeli targets, with a focus on the government and IT sectors. Cavern Manticore shares technical overlaps with other Iranian MOIS (Ministry of Intelligence and Security)-linked threat actors, including MuddyWater and Lyceum. CPR observed a modular C2 framework in the wild, with all…

6th July – Threat Intelligence Report

For the latest discoveries in cyber research for the week of 6th July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES River Bank & Trust, a US financial institution, has experienced a ransomware incident after an unauthorized actor accessed the network of parent company River Financial Corporation on June 16. The bank found…

This AI agent autonomously hacked a network, adapted on the fly, and demanded a ransom

A fully autonomous AI agent conducted an end-to-end cyber intrusion and extortion campaign after exploiting a vulnerable Langflow server, demonstrating how large language models could accelerate ransomware operations, according to research published by Sysdig. Sysdig detailed the operation in a research paper, saying the AI agent, dubbed JadePuffer, completed the entire intrusion chain, from initial…

6 ways to make AI accountability stick

As intelligent systems move into production environments and begin taking actions, organizations quickly discover that accountability becomes much harder. Unlike traditional enterprise software, these tools can produce unpredictable outcomes as they interact dynamically with data, APIs, and business workflows. “When something goes wrong with AI, it is generally assigned to whoever was closest to the…

Suspected China-Nexus Hackers Use Fake Indian Tax Filing Utility to Deploy DcRAT

A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan designed to steal sensitive data from compromised hosts. The multi-stage campaign, codenamed Operation DragonReturn by Seqrite Labs, involves sending spear-phishing emails impersonating the Income Tax Department of India.

Finding vulnerabilities was never the hard part

I keep hearing the same frustration when I talk with security leaders. The real problem sitting on their desk isn’t finding vulnerabilities. It’s deciding which ones actually matter. The industry has spent billions on better visibility. We’ve convinced ourselves that if we could just discover more vulnerabilities, collect more data, and ingest more threat intelligence,…

New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS

Cybersecurity researchers have flagged a novel Java-based remote access trojan (RAT) called QuimaRAT that’s capable of targeting Windows, Linux, and macOS environments. According to LevelBlue, the cross-platform malware is advertised under a malware-as-a-service (MaaS) model, costing anywhere between $150 for one month to $1,200 for lifetime access. Other subscription tiers include $300 for

A week in security (June 29 – July 5)

Last week on Malwarebytes Labs: Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts Apple’s Hide My Email doesn’t hide it very well Fake Google and Cloudflare verification pages spread multiple malware families WinRAR flaw could allow attackers to take control of your computer Fake Perplexity Chrome extension spies on your searches BioShocking:…

7 cyber risk assessment gotchas to avoid

A cyber risk assessment helps security teams identify, estimate, and prioritize potential threats and vulnerabilities to key enterprise digital and physical assets. Yet, despite its importance, many CISOs fall victim to several types of “gotchas” that prevent them from fully achieving their risk assessment goals. An assessment should be an essential part of every organization’s…

Product showcase: Is that text a scam? Malwarebytes Mobile Security can help you find out

Malwarebytes Mobile Security for iPhone combines scam prevention, privacy protection, and identity monitoring in a single app. It evaluates a device’s security posture, provides recommendations to improve protection, and is available for Windows, macOS, Android, iOS, and ChromeOS. Installation and security dashboard Installing Malwarebytes Mobile Security from the App Store takes only a few moments.…

The future of payment fraud could be automated

Payment fraud is becoming more organized as criminal groups use fake websites, large-scale operations, and, in some cases, forced labor to steal money and personal information. Advances in agentic AI could automate many stages of payment fraud, from collecting and assembling stolen credentials to deploying password-cracking tools. What kind of payment fraud concerns you most?…

Medtronic Notifies 3.8 Million After ShinyHunters Data Breach

Medtronic says a ShinyHunters attack exposed the personal and medical data of over 3.8 million people. Products and operations were unaffected. Medtronic is notifying 3,834,294 individuals after a cyberattack by the ShinyHunters extortion group exposed personal and medical information. In April 2026, Medtronic confirmed a cyberattack on its corporate IT systems after the hacker group ShinyHunters claimed…

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Hijacked npm Packages Use Novel VSCode Autorun and Blockchain Dead Drops to Deploy a Credential/Crypto Stealer   Building a CI/CD pipeline for Sigma rules   Inside StegoAd: How a Threat Actor Evolved to Fuel Silent Ad…