Geek Feed - Latest IT News & Tech Trends 🚀💻

Critical flaw in Next.js lets hackers bypass authorization

April 2, 2025April 2, 2025 geekfeed0Tagged Authentication Bypass, CVE-2025-29927, Next.js, ReactJS, vulnerability

A critical severity vulnerability has been discovered in the Next.js open-source web development framework, potentially allowing attackers to bypass authorization checks. The flaw, tracked as CVE-2025-29927, enables attackers to send requests that reach destination paths without going through critical security checks. Next.js is a popular React framework with more than 9 million weekly downloads on npm. It is used for […]

2 mins read

Google Gemini’s Astra (screen sharing) rolls out on Android for some users

April 2, 2025April 2, 2025 geekfeed0Tagged ai, Artificial Intelligence, Gemini, Gemini AI, google, Project Astra

At MWC 2025, Google confirmed it was working on screen and video share capabilities for Gemini Live, codenamed “Project Astra”. At that time, Google promised that the feature would begin rolling out soon, and now some users have spotted it in the wild. According to a video shared by a Reddit user who owns a Xiaomi phone with a […]

1 min read

FBI warnings are true—fake file converters do push malware

April 2, 2025April 2, 2025 geekfeed0Tagged Denver, FBI, File Converter, malware, ransomware, Scam

The FBI is warning that fake online document converters are being used to steal peoples’ information and, in worst-case scenarios, to deploy ransomware on victims’ devices. The warning came last week from the FBI Denver field office, after receiving an increasing number of reports about these types of tools. “The FBI Denver Field Office is […]

4 mins read

Cloudflare now blocks all unencrypted traffic to its API endpoints

April 2, 2025April 2, 2025 geekfeed0Tagged API, API endpoint, cloudflare, Cloudflare API, Cloudflare block, Encryption, HTTPS, Internet, security, unencrypted traffic

Cloudflare announced that it closed all HTTP connections and it is now accepting only secure, HTTPS connections for api.cloudflare.com. The move prevents unencrypted API requests from being sent, even accidentally, to eliminate the risk of sensitive information being exposed in cleartext traffic before the server closes the HTTP conection and redirects to a secure communication channel. […]

2 mins read

Microsoft Trust Signing service abused to code-sign malware

April 2, 2025April 2, 2025 geekfeed0Tagged Certificates, Code-signing, malware, microsoft, Microsoft Trusted Signing

Cybercriminals are abusing Microsoft’s Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. Threat actors have long sought after code-signing certificates as they can be used to sign malware to appear like they are from a legitimate company. Signed malware also has the advantage of potentially bypassing security filters that would normally block unsigned […]

5 mins read

Coinbase was primary target of recent GitHub Actions breaches

March 28, 2025March 28, 2025 geekfeed0Tagged Access Token, Breach, Coinbase, GitHub, GitHub Actions

Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories. According to new reports from Palo Alto Unit 42 and Wiz, the attack was carefully planned and began when malicious code was injected into reviewdog/action-setup@v1 GitHub Action. It is unclear how the breach occurred, but […]

2 mins read

Oracle denies breach after hacker claims theft of 6 million data records

March 28, 2025March 28, 2025 geekfeed0Tagged Breach, BreachForums, data breach, Data Leak, Oracle, SSO

Oracle denies it was breached after a threat actor claimed to be selling 6 million data records allegedly stolen from the company’s Oracle Cloud federated SSO login servers. “There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any […]

2 mins read

Fake Semrush ads used to steal SEO professionals’ Google accounts

March 28, 2025March 28, 2025 geekfeed0Tagged Ads, Google Account, Google Ads, malicious Semrush Google Ads, Malvertising, phishing, Semrush, SEO

A new phishing campaign is targeting SEO professionals with malicious Semrush Google Ads that aim to steal their Google account credentials. Malwarebytes researcher Jerome Segura and SEO strategist Elie Berreby believe that the threat actor is after Google Ads accounts that would enable them to create new malvertising campaigns. This type of “cascading fraud” has been gaining traction recently, as […]

4 mins read

Microsoft: Exchange Online bug mistakenly quarantines user emails

March 28, 2025March 28, 2025 geekfeed0Tagged email, Exchange Online, False Positive, Mail, microsoft, Microsoft 365, Quarantine

Microsoft is investigating an Exchange Online bug causing anti-spam systems to mistakenly quarantine some users’ emails. According to a new incident report added to the Microsoft 365 Admin Center, the email issues started almost five hours ago, at 10:11 UTC. While the company has yet to share what regions are impacted, this Exchange Online incident has been tagged as a critical […]

2 mins read

US removes sanctions against Tornado Cash crypto mixer

March 28, 2025March 28, 2025 geekfeed0Tagged CryptoCurrency, Cryptocurrency Mixer, CryptoMixer, Department of the Treasury, Tornado Cash, Treasury Department

The U.S. Department of Treasury announced today that it has removed sanctions against Tornado Cash, a cryptocurrency mixer used by North Korean Lazarus hackers to launder hundreds of millions stolen in multiple crypto heists. The Department’s Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash in August 2022 for helping launder over $7 billion since its creation in […]

3 mins read