Geek Feed - Latest IT News & Tech Trends 🚀💻

CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day

June 11, 2026June 11, 2026 geekfeed0Tagged Actively Exploited, Check Point Software, CISA, CVE-2026-50751, Firewall, Qilin, ransomware, vpn

CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. Unauthenticated remote attackers can exploit this security flaw (tracked as CVE-2026-50751) to bypass authentication and establish a remote access VPN connection on targeted Mobile Access/SSL VPNs, […]

2 mins read

Google patches new Chrome zero-day flaw exploited in the wild

June 11, 2026June 11, 2026 geekfeed0Tagged 0day, CVE-2026-11645, Emergency Update, google, google chrome, web browser, Zero-Day

Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year. “Google is aware that an exploit for CVE-2026-11645 exists in the wild,” the company said in a Monday security advisory. The company fixed the zero-day for users […]

2 mins read

NFCShare Android malware spreads via fake banking app updates on GitHub

June 11, 2026June 11, 2026 geekfeed0Tagged android, Credit Card, Credit Card Stealer, malware, mobile, NFC, NFCShare, Payment card

New variants of the NFCShare Android malware are being distributed as fake updates for legitimate banking apps hosted on GitHub. The malware has evolved and is now targeting customers of multiple banks and financial institutions across Europe in a phishing campaign aimed at stealing payment card data. After tricking victims with a fake verification screen […]

3 mins read

SoFi confirms third-party data breach at Hong Kong subsidiary

June 11, 2026June 11, 2026 geekfeed0Tagged Customer Data, data breach, Hong Kong, SoFi, Third-Party

SoFi Hong Kong is warning that it suffered a data breach after hackers gained access to a database at a third-party vendor containing customer information. The company is a U.S.-based financial technology company that offers banking, investing, loans, and other personal finance services. The company also operates SoFi Hong Kong, which provides investment and securities […]

2 mins read

New Apple feature automatically changes your compromised passwords

June 11, 2026June 11, 2026 geekfeed0Tagged apple, Apple Intelligence, Artificial Intelligence, ios, Passwords

At WWDC 2026, Apple announced an Apple Intelligence-powered feature that can automatically fix weak and compromised passwords. Right now, Safari and the built-in Apple Passwords app can automatically flag weak, duplicate, or compromised passwords. For example, if you enter a password when you’re creating an account, Apple will warn you if it detects the password […]

2 mins read

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

June 10, 2026June 10, 2026 geekfeed0Tagged malware, Packages, PyPI, Shai Hulud, supply chain, Supply Chain Attack

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud supply-chain attack that delivered malware designed to steal developer secrets. Many of the infected packages are popular bioinformatics tools such as Dynamo, Spateo, CoolBox, U-FISH, and Napari-UFISH. The new campaign was discovered by application security company Socket and […]

2 mins read

WhatsApp says it disrupted new NSO spyware phishing attacks

June 10, 2026June 10, 2026 geekfeed0Tagged Legal, NSO Group, Pegasus Spyware, Spyware, WhatsApp

WhatsApp has detected and stopped spear-phishing campaigns allegedly conducted by the NSO Group after investigating user reports of social engineering attacks. The NSO Group is an Israeli commercial spyware vendor known for its advanced “Pegasus” tool that has been deployed against politicians, activists, journalists, academics, and other “high-interest” individuals. The firm has been on the […]

2 mins read

Gogs patches critical zero-day enabling remote code execution

June 10, 2026June 10, 2026 geekfeed0Tagged Argument Injection, Gogs, rce, Remote Code Execution, vulnerability

Gogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and access any repositories (including private ones). This argument injection vulnerability has yet to be assigned a CVE ID, can only be exploited by authenticated attackers without admin privileges, and affects all Gogs releases up to and including 0.14.2 and 0.15.0+dev. […]

4 mins read

Critical UniFi OS bug lets hackers gain root without authentication

June 10, 2026June 10, 2026 geekfeed0Tagged CVE-2026-34908, CVE-2026-34909, CVE-2026-34910, Exploit Chain, rce, Remote Code Execution, Scanner, Ubiquiti, Ubiquiti Unifi, UniFi, Vulnerability Scanner

Attackers can chain three already fixed vulnerabilities in the Ubiquiti UniFi OS server to execute remote code with root privileges and without authentication. The security issues are tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910. They have been addressed in May and impact UniFi OS Server versions 5.0.6 and earlier. While all three flaws received the maximum severity […]

4 mins read

Check Point links VPN zero-day attacks to Qilin ransomware gang

June 10, 2026June 10, 2026 geekfeed0Tagged 0day, Actively Exploited, Check Point Software, CVE-2026-50751, CVE-2026-50752, Firewall, Qilin, ransomware, vpn, Zero-Day

Israeli cybersecurity company Check Point has released security updates to patch a critical flaw affecting Remote Access VPN and Mobile Access deployments, which was exploited in zero-day attacks. Tracked as CVE-2026-50751, this vulnerability can be exploited by unauthenticated, remote attackers to bypass authentication on targeted Mobile Access / SSL VPNs, Remote Access VPNs, or Spark firewalls […]

2 mins read