Geek-Guy.com

US and allied Governments’ Recommendations: Securing Network Devices Against Russian APT Groups

US and allies warn of Russian APT groups targeting routers and network devices to compromise critical infrastructure worldwide. The US and allied governments warn that Russian state-sponsored APT groups are scanning and exploiting poorly secured network devices, especially routers, to access critical infrastructure. Groups linked to FSB Center 16, including Berserk Bear, Energetic Bear, Ghost…

SonicWall customers under threat as attackers exploit 2 zero-days

SonicWall customers are attempting to dodge another security challenge as attackers are exploiting a pair of zero-day vulnerabilities that have been confirmed by the vendor.  The company publicly disclosed the vulnerabilities — CVE-2026-15409 and CVE-2026-15410 — in a security advisory Tuesday. SonicWall credited an employee with discovering the defects, but it hasn’t said when the…

TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development

Cybersecurity researchers have disclosed details of a previously unreported Internet-of-Things (IoT) botnet framework dubbed TuxBot v3 Evolution that shows signs of being developed with assistance from a large language model (LLM), albeit with not so successful results. “While the AI complied with their request to generate botnet code, it included a safety disclaimer that the…

Dems press DNI nominee Jay Clayton on election security questions, but leave dismayed

Democratic senators pressed President Donald Trump’s pick for director of national intelligence on questions of election security and integrity Wednesday, but they didn’t leave his nomination hearing satisfied with the answers. As is typical for Trump administration nominees, Jay Clayton wouldn’t answer definitively at his Senate Intelligence Committee confirmation hearing whether Joe Biden won the…

CVE-2026-15409, CVE-2026-15410: SonicWall SMA 1000 zero-day vulnerabilities exploited in the wild

SonicWall patched two recently exploited zero-day vulnerabilities in its SMA 1000 Series secure remote access appliances which may have been chained for unauthenticated remote code execution. Key takeaways CVE-2026-15409 and CVE-2026-15410 are a pair of exploited vulnerabilities that may have been chained together to allow for code execution on SonicWall SMA1000 series appliances.  Zero-day exploitation…

Chaotic Eclipse Unveils LegacyHive Exploit Affecting Fully Patched Windows Systems

LegacyHive PoC exposes a Windows Privilege Escalation flaw affecting fully patched Windows desktop and server systems. Just hours after Microsoft’s July 2026 Patch Tuesday, security researcher Nightmare Eclipse, also known as Chaotic Eclipse, published a new Windows zero-day proof-of-concept called LegacyHive. This time, the target is the Windows User Profile Service (ProfSvc), and unlike the…

centrexIT Finds Common Ground with Coalition on MDR

Cyber insurers and managed service providers have long debated where insurance ends and cybersecurity services begin. As insurers expand into offerings such as managed detection and response (MDR), many MSPs have questioned whether those moves create channel conflict or create new opportunities to improve customer security. Josh Hohbein, manager of cybersecurity and automation at centrexIT,…

Apple’s OpenAI lawsuit: The lunacy of trying to limit what ex-employees can tell future employers

When Apple sued OpenAI last week, the argument it made was that former employees had stolen Apple data and then used it to benefit OpenAI.  The technical details — an employee used “a rare, previously unknown authentication bug to access Apple’s shared network folders” — are interesting. But the larger story is Apple’s ridiculous attempt…

News alert: Pulse Security launches with $8 million for AI platform to modernize CISO operations

SAN FRANCISCO, July 15, 2026, CyberNewswire – Backed by Foundation Capital and Zetta Venture Partners with $8M in seed funding, Pulse Security delivers the program intelligence and agentic infrastructure that security leaders have been missing. Pulse Security AI launched from stealth today to solve a problem the security industry has spent decades ignoring: giving the leader…

News alert: Insignary’s on-demand SBOM verification boosts software supply chain security

TORONTO, July 15, 2026, CyberNewswire – According to Insignary Inc., a leader in software supply chain security and binary software composition analysis (SCA), most organizations cannot independently verify what is actually inside the software they deploy — because traditional SCA tools read what software claims to contain, not what it actually contains. Today, the company…

Understanding Claude Tag’s access model in Slack and how to configure it securely

Anthropic’s new AI agent for Slack acts under an admin-configured access bundle rather than each user’s own credentials. Here’s how that model works, what admins should understand and how to securely configure it. Key takeaways Claude Tag, Anthropic’s newly launched AI agent for Slack, acts on connected services using shared credentials an admin configures for…

LabubaRAT malware infiltrates Windows systems while posing as NVIDIA software

LabubaRAT, a previously undocumented Rust-based remote access tool (RAT) masquerading as NVIDIA software that enables post-compromise operations on Windows systems, has been uncovered by Blackpoint Cyber. According to researchers, LabubaRAT creates “a reusable foothold for hands-on activity.” Once deployed, it can profile the host, identify installed security tools, receive operator commands, transfer files, capture screenshots,…

Threat actor impersonated hundreds of brands on GitHub to push infostealer malware

A financially motivated threat actor is impersonating hundreds of brands on GitHub and pushing a smash-and-grab infostealer masquerading as legitimate downloads of popular software, Arctic Wolf threat researchers have warned. “The 292 impersonated repositories span security tooling, fintech and personal finance, cryptocurrency wallets and exchanges, developer and productivity tools, secure email providers, macOS utilities, and…

Socure rolls out Remote Verifier for higher-risk identity checks

Socure has launched Remote Verifier in RiskOS, a new identity verification tool that helps organizations verify identities requiring additional review while reducing manual effort. Socure’s AI-powered document verification solution instantly verifies more than 99% of identities on the first try, compared to an industry average of 64%. The Remote Verifier is designed for individuals who…

Xint Pulse offers on-demand black-box penetration testing for web applications

Xint.io has launched Xint Pulse, a black-box autonomous penetration testing tool that provides product security teams with on-demand security assessments of their applications. Unlike the company’s enterprise platform, which is designed for continuous testing, Xint Pulse is intended for timely, one-off penetration tests. But with Xint Pulse, organizations of all sizes, from startups to large…

F5 Insight for ADSP enhances BIG-IP operations with guided updates and AI audit trails

F5 has announced new fleet management capabilities for F5 Insight for ADSP that help enterprises reduce risk exposure across F5 BIG-IP environments as frontier AI compresses vulnerability response timelines. The new F5 Insight workflows give security and operations teams fleet-wide visibility, guided update management, enterprise authentication, role-based access controls, and a tamper-evident AI audit trail.…

2026 Cybersecurity Budget Allocations by Area

2026 Cybersecurity Budget Allocations by Area

Comprehensive Report with Citations & Analysis Executive Summary Global cybersecurity spending is projected to reach $240-248.9 billion in 2026, representing a 12.5-15% increase from 2025 (Gartner 2Q26 forecast, June 25, 2026). The spending breakdown has shifted dramatically from traditional categories toward software platforms and AI-driven security. Key Finding: Software now commands ~40% of enterprise security…

New Windows Bind Link techniques let attackers evade EDR, security controls

Attackers who already have administrator privileges on a Windows machine have newer ways to slip past endpoint security without exploiting a vulnerable driver or modifying trusted binaries. Bitdefender researchers have warned against three techniques that abuse Windows Bind Links, a legitimate filesystem virtualization capability, to occupy security tools with clean files while malicious ones execute…

5 reasons to bring application security data into your exposure management platform

When you incorporate data from application security scanners into your exposure management platform, you can assess the threat from formerly isolated code flaws using a broader risk context, which illuminates hidden exposures that your security and development teams can eliminate together. Key takeaways Break application security silos and obtain full code-to-runtime visibility by integrating standalone…

White House launches AI-driven vulnerability clearinghouse to speed cyber remediation

The White House is expanding the use of AI beyond cyber threat detection into vulnerability management, launching a new program that aims to help government agencies and critical infrastructure operators identify, prioritize, and remediate software vulnerabilities faster. Called Gold Eagle, the initiative will act as a centralized clearinghouse for cybersecurity vulnerabilities, coordinating vulnerability reporting, verification,…

July 2026 Patch Tuesday fixes 622 Microsoft CVEs, including three zero-days

Just one month ago, June 2026 Patch Tuesday broke Microsoft’s previous record with 206 CVEs and three zero‑days. July now triples that count, reinforcing that the era of “small” Patch Tuesdays may be over as AI‑driven vulnerability discovery ramps up. The update includes 59 critical vulnerabilities, as well as three publicly disclosed zero-days. Microsoft classifies…

Radware adds cloud intelligence to DefensePro X for web DDoS defense

Radware has announced a new cloud-augmented protection architecture for DefensePro X, extending the platform with new AI-powered cloud algorithms while keeping traffic inspection and mitigation locally within customer premises. The first such service released is Cloud Web DDoS Protection for DefensePro X designed to improve characterization and real time footprint generation of sophisticated application-layer distributed…

New bugs in Claude for Chrome allow extensions to abuse AI privileges

Two vulnerabilities found in Anthropic’s Claude for Chrome extension remain exploitable months after they were reported to the company, a research by Manifold Security noted. According to the researchers, the flaws can allow a malicious browser extension to trigger Claude into performing privileged actions, including reading Gmail messages, Google Docs content, and Calendar entries on…

LatticeFlow AI connects governance frameworks with continuous AI risk monitoring

LatticeFlow AI has announced a platform for managing AI risk across agentic systems. Organizations are deploying autonomous AI in critical business processes, while governance approaches based on documentation and point-in-time assessments struggle to keep up with evolving risks. The LatticeFlow AI Platform links AI governance frameworks with technical controls to continuously generate evidence and translate…

AsyncAPI npm Supply Chain Attack: Malware Injected Into Packages With 2 Million Weekly Downloads

AsyncAPI npm packages with 2M weekly downloads were compromised, spreading malware with info-stealing, crypto-theft and RAT capabilities. OX Security researchers disclosed on July 14 that the AsyncAPI npm organization was compromised, with malicious code injected into four packages that together account for over 2 million weekly downloads. The affected versions are @asyncapi/generator 3.3.1, @asyncapi/generator-components 0.7.1,…

Nudge Security automates detection of risky OAuth grants and browser extensions

Nudge Security has announced new agentic capabilities to help security and IT teams find and remediate malicious and high-risk OAuth grants and browser extensions, two of the fastest-growing and hardest to manage attack surfaces in the enterprise. The new agents continuously analyze OAuth grants and browser extensions discovered by Nudge Security, flag what’s risky, and…

SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough.

For years, routing traffic through cloud proxies was good enough. Then work moved to the browser, AI entered the workflow, and the inspection model stopped keeping up. Enterprise workflows now live across SaaS applications, browsers, and an expanding ecosystem of generative AI tools, unsanctioned browser extensions, and autonomous agents. Employees routinely paste intellectual property into

Binary Defense’s NightBeacon CMD helps enterprise SOC teams automate threat investigations

Binary Defense has announced NightBeacon CMD, a standalone AI-driven SOC workbench that enterprise security teams can deploy in their own environments. Built and hardened inside Binary Defense’s live 24/7 Security Operations Center (SOC), NightBeacon CMD gives customers the same operating platform Binary Defense’s own analysts use every day, without requiring a managed service. Rather than…

Polygraf AI Meeting Guard delivers real-time deepfake detection for enterprise meetings

Polygraf AI has announced Meeting Guard, a real-time AI fraud detection solution for enterprise meetings built to detect fraud and protect meeting security. AI can clone a voice, animate a face, and answer every interview question in real time, making trust signals obsolete across hiring processes, executive meetings, vendor calls, and enterprise collaboration. Organizations are…

Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday

Security researcher Chaotic Eclipse (aka Nightmare-Eclipse) has released a new proof-of-concept (PoC) exploit called LegacyHive. It has been described as a Windows User Profile Service arbitrary hive load elevation of privileges vulnerability. The Windows User Profile Service, also referred to as ProfSvc, is a core system component that manages user accounts and environments. “The PoC…

How to unionize your tech workplace

This is Part 2 of a series on tech worker unionization. See Part 1: “A brewing battle: More IT workers want unions. The industry doesn’t.” The best time for tech workers to unionize was 20 years ago, when they had plenty of leverage. The second-best time is now, when they don’t. Mass layoffs, AI-driven displacement,…

U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities (KEV) catalog. The flaws added to the catalog are: CVE-2026-15409 SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability CVE-2026-15410 SonicWall SMA1000 Appliances Code…

AI-driven bug hunting fuels record Microsoft Patch Tuesday

Microsoft has released patches for 570+ vulnerabilities on July 2026 Patch Tuesday, including two that are being leveraged by attackers (CVE-2026-56155 and CVE-2026-56164), and one that was previouly disclosed (CVE-2026-50661). The release was once again followed by Nightmare Eclipse publishing a stripped down proof-of-concept exploit for an unpatched Windows elevation of privilege (EoP) vulnerability, which…

This fake Apple app can unlock your Mac’s password vault

CrashStealer is a new macOS infostealer that masquerades as Apple’s CrashReporter component, uses an Apple‑notarized installer to slip past Gatekeeper, tricks users into handing over their password, and then systematically loots browsers, password managers, crypto wallets, and Keychain secrets before exfiltrating them in AES‑encrypted bundles. Researchers have been following the development of CrashStealer since May…

SonicWall warns of active exploitation of two SMA 1000 zero-days

SonicWall warns of active attacks exploiting two SMA 1000 zero-days, including a flaw enabling arbitrary command execution. SonicWall confirmed the active exploitation of two zero-day vulnerabilities affecting Secure Mobile Access (SMA) 1000 appliances. The vulnerabilities were internally discovered and reported by Adam Babis of the company’s PSIRT. The company investigated multiple incidents indicating these vulnerabilities…

Fortinet adds AI controls and data loss prevention to FortiEndpoint

Fortinet has announced new capabilities for its unified endpoint platform, FortiEndpoint, designed to help organizations securely adopt AI, protect sensitive data, and reduce risk. By bringing AI visibility and control, native data security, endpoint risk scoring, and FortiAI-assisted operations into FortiEndpoint, Fortinet enables security teams to better govern AI usage, reduce sensitive data exposure, enforce…