Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
Microsoft Teams to warn of suspicious traffic with external domains
Microsoft is working on a new Teams security feature that will analyze suspicious traffic with external domains to help IT administrators tackle potential security threats. As explained in a Microsoft 365 roadmap update this week, the “External Domains Anomalies Report” will help admins protect their organizations without disrupting legitimate business communications. The new tool will do […]
Over 10,000 Docker Hub images found leaking credentials, auth keys
More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD databases, or LLM model keys. The secrets impact a little over 100 organizations, among them are a Fortune 500 company and a major national bank. Docker Hub is the largest container registry where developers upload, host, […]
New Spiderman phishing service targets dozens of European banks
A new phishing kit called Spiderman is targeting customers of numerous European banks and cryptocurrency services using pixel-perfect replicas of legitimate sites. The platform allows cybercriminals to launch phishing campaigns that can capture login credentials, two-factor authentication (2FA) codes, and credit card data. The Spiderman phishing kit, analyzed by researchers at Varonis, targets financial institutions in […]
Ukrainian hacker charged with helping Russian hacktivist groups
U.S. prosecutors have charged a Ukrainian national for her role in cyberattacks targeting critical infrastructure worldwide, including U.S. water systems, election systems, and nuclear facilities, on behalf of Russian state-backed hacktivist groups. On Tuesday, 33-year-old Victoria Eduardovna Dubranova (also known as Vika, Tory, and SovaSonya) was arraigned on charges related to her alleged role in […]
SAP fixes three critical vulnerabilities across multiple products
SAP has released its December security updates addressing 14 vulnerabilities across a range of products, including three critical-severity flaws. The most severe (CVSS score: 9.9) of all the issues is CVE-2025-42880, a code injection problem impacting SAP Solution Manager ST 720. “Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious […]
Windows PowerShell now warns when running Invoke-WebRequest scripts
Microsoft says Windows PowerShell now warns when running scripts that use the Invoke-WebRequest cmdlet to download web content, aiming to prevent potentially risky code from executing. As Microsoft explains, this mitigates a high-severity PowerShell remote code execution vulnerability (CVE-2025-54100), which primarily affects enterprise or IT-managed environments that use PowerShell scripts for automation, since PowerShell scripts are not […]
Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws
Today is Microsoft’s December 2025 Patch Tuesday, which fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. This Patch Tuesday also addresses three “Critical” remote code execution vulnerabilities. The number of bugs in each vulnerability category is listed below: When GeekFeed reports on Patch Tuesday security updates, we only count those released by […]
Fortinet warns of critical FortiCloud SSO login auth bypass flaws
Fortinet has released security updates to address two critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager that could allow attackers to bypass FortiCloud SSO authentication. Threat actors can exploit the two security flaws tracked as CVE-2025-59718 (FortiOS, FortiProxy, FortiSwitchManager) and CVE-2025-59719 (FortiWeb) by abusing improper verification of cryptographic signature weaknesses in vulnerable products via a […]
Ivanti warns of critical Endpoint Manager code execution flaw
American IT software company Ivanti warned customers today to patch a newly disclosed vulnerability in its Endpoint Manager (EPM) solution that could allow attackers to execute code remotely. Ivanti delivers system and IT asset management solutions to over 40,000 companies via a network of more than 7,000 organizations worldwide. The company’s EPM software is an […]
Spain arrests teen who stole 64 million personal data records
The National Police in Spain have arrested a suspected 19-year-old hacker in Barcelona, for allegedly stealing and attempting to sell 64 million records obtained from breaches at nine companies. The teen now faces charges related to involvement in cybercrime, unauthorized access and disclosure of private data, and privacy violations. “The cybercriminal accessed nine different companies […]