15 Jul, 2026

Covenant Health says May data breach impacted nearly 478,000 patients

The Covenant Health organization has revised to nearly 500,000 the number of individuals affected by a data breach discovered last May. The healthcare entity initially reported in July that the data of 7,864 people had been exposed, but further analysis has revealed a larger impact. After completing “the bulk of its data analysis,” Covenant Health […]

1 min read

Cryptocurrency theft attacks traced to 2022 LastPass breach

Blockchain investigation firm TRM Labs says ongoing cryptocurrency thefts have been traced to the 2022 LastPass breach, with attackers draining wallets years after encrypted vaults were stolen and laundering the crypto through Russian exchanges. In 2022, LastPass disclosed that attackers breached its systems by compromising a developer environment, stealing portions of the company’s source code and proprietary technical […]

5 mins read

Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass

Over 10,000 Fortinet firewalls are still exposed online and vulnerable to ongoing attacks exploiting a five-year-old critical two-factor authentication (2FA) bypass vulnerability. Fortinet released FortiOS versions 6.4.1, 6.2.4, and 6.0.10 in July 2020 to address this flaw (tracked as CVE-2020-12812) and advised admins who couldn’t immediately patch to turn off username-case-sensitivity to block 2FA bypass attempts […]

2 mins read

Trust Wallet links $8.5 million crypto theft to Shai-Hulud NPM attack

Trust Wallet believes the compromise of its web browser to steal roughly $8.5 million from over 2,500 crypto wallets is likely related to an “industry-wide” Sha1-Hulud attack in November. Trust Wallet, a crypto wallet used by over 200 million people, enables users to store, send, and receive Bitcoin, Ethereum, Solana, and thousands of other cryptocurrencies […]

3 mins read

The biggest cyber security and cyberattack stories of 2025

2025 was a big year for cyber security, with major cyberattacks, data breaches, threat groups reaching new notoriety levels, and, of course, zero-day vulnerabilities exploited in incidents. Some stories, though, were more impactful or popular with our readers than others. Below are fifteen of what GeekFeed believes are the most impactful cyber security topics of […]

19 mins read

NYC mayoral inauguration bans Flipper Zero, Raspberry Pi devices

New York City’s 2026 mayoral inauguration of Zohran Mamdani has published a list of banned items for the event, specifically prohibiting the Flipper Zero and Raspberry Pi devices. As first reported by Adafruit, the ban list appears in the inauguration event’s official FAQ, which lists items that may or may not be brought to the event. The list […]

3 mins read

Hackers drain $3.9M from Unleash Protocol after multisig hijack

The decentralized intellectual property platform Unleash Protocol has lost around $3.9 million worth of cryptocurrency after someone executed an unauthorized contract upgrade that allowed asset withdrawals. According to the team behind the blockchain project, the attacker obtained enough signing power to act as an administrator of Unleash’s multisig governance system. “Our initial investigation indicates that an […]

2 mins read

RondoDox botnet exploits React2Shell flaw to breach Next.js servers

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. First documented by Fortinet in July 2025, RondoDox is a large-scale botnet that targets multiple n-day flaws in global attacks. In November, VulnCheck spotted new RondoDox variants that featured exploits for CVE-2025-24893, a critical remote code execution (RCE) vulnerability in […]

2 mins read

New GlassWorm malware wave targets Macs with trojanized crypto wallets

A fourth wave of the “GlassWorm” campaign is targeting macOS developers with malicious VSCode/OpenVSX extensions that deliver trojanized versions of crypto wallet applications. Extensions in the OpenVSX registry and the Microsoft Visual Studio Marketplace expand the capabilities of a VS Code-compatible editor by adding features and productivity enhancements in the form of development tools, language support, or themes. […]

3 mins read

IBM warns of critical API Connect auth bypass vulnerability

IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could allow attackers to access apps remotely. API Connect is an application programming interface (API) gateway that enables organizations to develop, test, and manage APIs and provide controlled access to internal services for applications, business partners, and external […]

2 mins read