Geek-Guy.com

npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk

GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens (GATs) designed to bypass two-factor authentication (2FA). The Microsoft-owned subsidiary noted that the following npm install behaviors that used to run automatically before have been made opt-in – allowScripts defaults to off, meaning

Durabook to Vanguard Channel Partner Program

Durabook, a mobile solutions brand owned by Twinhead International Corporation, is debuting a new deal registration program to protect channel partners’ investments in developing new business opportunities. Growing channel partnerships with an enhanced program The Vanguard Partner Program was developed to serve channel partners, “that are the foundation of its sales strategy.” The program complements…

How World Cup crypto prediction sites take your money

Crypto prediction and betting sites are appearing around the World Cup, and researchers have already tracked scams aimed at fans, including fake ticketing, fixed-match betting, prediction scams, and fan-branded meme coins. We investigated one prediction site ourselves. While we aren’t claiming every site works the same way, it matched several well-known scam patterns. Whether it’s…

6.9 million driver’s license numbers stolen from AssuranceAmerica

Insurance provider AssuranceAmerica has confirmed a data breach affecting the personal information and driver’s license numbers of up to 6.9 million people. AssuranceAmerica provides car and rental insurance to customers across 14 US states through a network of over 9,500 independent agents. TechCrunch reports:“AssuranceAmerica said it discovered hackers in its computer systems on March 17.…

Bitdefender Debuts Program to Advance EU Data Sovereignty Initiatives

Bitdefender, a cybersecurity-focused organization, has launched a new program to enable European Union (EU) sovereignty and regulatory compliance. European data hosting and security solution includes contract buyout The new program empowers European organizations to transition to a fully European cybersecurity and data hosting solution, ensuring that customer and configuration data, security events, telemetry, and information…

Citrix launches MCP Gateway to secure enterprise AI agents

Citrix has announced updates to its high-performance application delivery and security platform NetScaler, introducing MCP Gateway functionality to allow enterprises to securely route, govern and observe agent traffic to backend Model Context Protocol (MCP) servers. In addition, the company unveiled other enhancements to NetScaler AI Gateway, that extend model routing and token-level usage tracking for…

Cynet Report Shows MSPs Lead in AI Security Readiness

A new report from cybersecurity vendor Cynet finds managed service providers are pulling ahead of in-house security teams in AI adoption and confidence, even as both groups identify AI-powered phishing and social engineering as their top cybersecurity threats. The findings suggest organizations are increasingly turning to MSPs for AI-driven security capabilities as cyberattacks become more…

Attack on Amazon Bedrock-linked AI gateway highlights new cloud security risk

A cloud intrusion that ended with the deployment of cryptomining malware has exposed a bigger risk for enterprises: AI gateways that concentrate access to cloud identities, permissions, and foundation models in a single, highly privileged system. Researchers from cybersecurity firm Darktrace found attackers compromising an AWS EC2 instance acting as a LiteLLM proxy for Amazon…

AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack

AssuranceAmerica confirmed a breach exposing nearly 7 million driver’s licenses after hackers compromised an employee account and stole customer data. U.S. auto insurer AssuranceAmerica has confirmed a data breach affecting nearly 7 million people, making it the largest known theft of Americans’ driver’s license information in 2026. “In a data breach notice sent to customers…

UK cyber agency unveils AI-powered Cyber Shield to counter attacks at machine speed

The UK’s National Cyber Security Centre (NCSC) wants to deploy autonomous AI agents capable of finding and neutralizing cyberattacks on national networks in real time, marking Britain’s push toward a sovereign, machine-speed cyber defense system. The blueprint, called Cyber Shield, was developed jointly with the Department for Science, Innovation and Technology (DSIT). “The objective of…

Microsoft releases fix for RoguePlanet Defender flaw (CVE-2026-50656)

Microsoft has finally released a security update for its Microsoft Malware Protection Engine, which fixes CVE-2026-50656, the Windows Defender local privilege escalation vulnerability triggered by the RoguePlanet exploit. The vulnerability and the fix CVE-2026-50656 is due to improper link resolution before file access, affects Windows 10 and Windows 11, and may allow authenticated attackers to…

Microsoft fixes RoguePlanet zero-day in Defender

Microsoft issued a security update that fixes the zero-day vulnerability known as RoguePlanet in Microsoft Defender. RoguePlanet is tracked as CVE-2026-50656, a Microsoft Defender elevation of privilege (EoP) vulnerability. As we reported last month, if successfully exploited, RoguePlanet can allow an attacker to elevate privileges from a standard user account to NT AUTHORITYSYSTEM, the highest privilege level…

US Threat Landscape Alert: 30 Active Malware Families Ranked by Real Sandbox Data

State of Cybersecurity in the US  American organizations are processing more malware submissions than ever, and the mix keeps shifting under their feet. Phishing kits that hijack multi-factor authentication now sit alongside decades-old ransomware, commodity RATs sold for the price of a streaming subscription, and loaders built to slip payloads past EDR undetected. For CISOs…

Summer of Clearinghouses

Everyone seems to have announced a clearinghouse over the past few weeks. We did too. Ours is called Athena, and the main thing that sets it apart is that it was already real and running when we announced it — built quietly months earlier, heads down, taking findings and shipping fixes, because customers kept asking…

June 2026 Cyber Attacks Statistics

June 2026 saw 176 confirmed cyber attacks. Cyber Crime drove three in four incidents, Malware remained attackers’ weapon of choice, and Information & Communication infrastructure took the heaviest hit. This visual breakdown charts the month’s motivations, attack vectors, initial access techniques, and hardest-hit sectors.

Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)

Microsoft fixed RoguePlanet (CVE-2026-50656), a Defender flaw allowing local attackers to gain higher privileges through the Malware Protection Engine. Microsoft released security updates for RoguePlanet, a vulnerability tracked as CVE-2026-50656 (CVSS score of 7.8) affecting the Malware Protection Engine used by Defender. The Microsoft Malware Protection Engine (mpengine.dll) powers Defender’s malware scanning, detection, and removal…

Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges

Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became public. The vulnerability, tracked as CVE-2026-50656 (CVSS score: 7.8), is a privilege escalation issue in the Microsoft Malware Protection Engine (“mpengine.dll”), which provides scanning, detection, and cleaning capabilities for its antivirus and

NetSPI pairs AI pentesting with expert-validated security findings

NetSPI has announced the expansion of its AI-powered continuous pentesting platform, broadening the suite of services that organizations can use to ensure critical assets are always protected. The new services comprise continuous web application penetration testing, continuous AI penetration testing, continuous internal penetration testing and continuous AI findings validation which applies expert human judgement to…

AI Security & Governance Services

Your Business Is Already Using AI. Is Anyone Securing It? Somewhere in your organisation right now, someone is pasting company information into a chatbot. A department has quietly signed up for an AI tool that nobody in IT has reviewed. A supplier has automated part of their process with AI, and your data is flowing…

Lateral movement risk rises as enterprises emphasize convenience over containment

Poorly segmented networks and weak security controls continue to undercut security organizations’ ability to identify and contain attacks, giving attackers free rein after initial compromise, according to a recent study based on real-world enterprise security telemetry. Zero Networks’ 2026 Lateral Movement Exposure Report — based on analysis of 54 trillion activities across 312 live enterprise…

GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents

Researchers at Wiz found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer’s computer. The assistant asks permission to edit one harmless-looking file, but the write lands on a sensitive one instead. The affected tools are Amazon Q Developer, Anthropic’s Claude Code, Augment, Cursor, Google Antigravity,…