17 Jul, 2026

Microsoft Teams to warn of suspicious traffic with external domains

Microsoft is working on a new Teams security feature that will analyze suspicious traffic with external domains to help IT administrators tackle potential security threats. As explained in a Microsoft 365 roadmap update this week, the “External Domains Anomalies Report” will help admins protect their organizations without disrupting legitimate business communications. The new tool will do […]

1 min read

Over 10,000 Docker Hub images found leaking credentials, auth keys

More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD databases, or LLM model keys. The secrets impact a little over 100 organizations, among them are a Fortune 500 company and a major national bank. Docker Hub is the largest container registry where developers upload, host, […]

3 mins read

Ukrainian hacker charged with helping Russian hacktivist groups

U.S. prosecutors have charged a Ukrainian national for her role in cyberattacks targeting critical infrastructure worldwide, including U.S. water systems, election systems, and nuclear facilities, on behalf of Russian state-backed hacktivist groups. On Tuesday, 33-year-old Victoria Eduardovna Dubranova (also known as Vika, Tory, and SovaSonya) was arraigned on charges related to her alleged role in […]

3 mins read

SAP fixes three critical vulnerabilities across multiple products

SAP has released its December security updates addressing 14 vulnerabilities across a range of products, including three critical-severity flaws. The most severe (CVSS score: 9.9) of all the issues is CVE-2025-42880, a code injection problem impacting SAP Solution Manager ST 720. “Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious […]

2 mins read

Windows PowerShell now warns when running Invoke-WebRequest scripts

Microsoft says Windows PowerShell now warns when running scripts that use the Invoke-WebRequest cmdlet to download web content, aiming to prevent potentially risky code from executing. As Microsoft explains, this mitigates a high-severity PowerShell remote code execution vulnerability (CVE-2025-54100), which primarily affects enterprise or IT-managed environments that use PowerShell scripts for automation, since PowerShell scripts are not […]

2 mins read

Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws

Today is Microsoft’s December 2025 Patch Tuesday, which fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. This Patch Tuesday also addresses three “Critical” remote code execution vulnerabilities. The number of bugs in each vulnerability category is listed below: When GeekFeed reports on Patch Tuesday security updates, we only count those released by […]

10 mins read

Fortinet warns of critical FortiCloud SSO login auth bypass flaws

Fortinet has released security updates to address two critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager that could allow attackers to bypass FortiCloud SSO authentication. Threat actors can exploit the two security flaws tracked as CVE-2025-59718 (FortiOS, FortiProxy, FortiSwitchManager) and CVE-2025-59719 (FortiWeb) by abusing improper verification of cryptographic signature weaknesses in vulnerable products via a […]

2 mins read

Ivanti warns of critical Endpoint Manager code execution flaw

American IT software company Ivanti warned customers today to patch a newly disclosed vulnerability in its Endpoint Manager (EPM) solution that could allow attackers to execute code remotely. Ivanti delivers system and IT asset management solutions to over 40,000 companies via a network of more than 7,000 organizations worldwide. The company’s EPM software is an […]

2 mins read

Spain arrests teen who stole 64 million personal data records

The National Police in Spain have arrested a suspected 19-year-old hacker in Barcelona, for allegedly stealing and attempting to sell 64 million records obtained from breaches at nine companies. The teen now faces charges related to involvement in cybercrime, unauthorized access and disclosure of private data, and privacy violations. “The cybercriminal accessed nine different companies […]

2 mins read