Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own
QNAP has fixed seven zero-day vulnerabilities that security researchers exploited to hack QNAP network-attached storage (NAS) devices during the Pwn2Own Ireland 2025 competition. The flaws impact QNAP’s QTS and QuTS hero operating systems (CVE-2025-62847, CVE-2025-62848, CVE-2025-62849) and the company’s Hyper Data Protector (CVE-2025-59389), Malware Remover (CVE-2025-11837), and HBS 3 Hybrid Backup Sync (CVE-2025-62840, CVE-2025-62842) software. QNAP said […]
New LandFall spyware exploited Samsung zero-day via WhatsApp messages
A threat actor exploited a zero-day vulnerability in Samsung’s Android image processing library to deploy a previously unknown spyware called ‘LandFall’ using malicious images sent over WhatsApp. The security issue was patched this year in April, but researchers found evidence that the LandFall operation was active since at least July 2024, and targeted select Samsung Galaxy […]
Cisco: Actively exploited firewall flaws now abused for DoS attacks
Cisco warned this week that two vulnerabilities, which have been used in zero-day attacks, are now being exploited to force ASA and FTD firewalls into reboot loops. The tech giant released security updates on September 25 to address the two security flaws, stating that CVE-2025-20362 enables remote threat actors to access restricted URL endpoints without authentication, while CVE-2025-20333 allows authenticated attackers […]
U.S. Congressional Budget Office hit by suspected foreign cyberattack
The U.S. Congressional Budget Office (CBO) confirms it suffered a cybersecurity incident after a suspected foreign hacker breached its network, potentially exposing sensitive data. In a statement shared with GeekFeed, CBO spokesperson Caitlin Emma confirmed the “security incident” and said the agency acted quickly to contain it. “The Congressional Budget Office has identified the security incident, […]
AI-Slop ransomware test sneaks on to VS Code marketplace
A malicious extension with basic ransomware capabilities seemingly created with the help of AI, has been published on Microsoft’s official VS Code marketplace. Named susvsex and published by ‘suspublisher18,’ the extension’s malicious functionality is openly advertised in its description. Secure Annex researcher John Tuckner discovered susvsex and says that it is the product of “vibe coding” and is far from sophisticated. Despite […]
How a ransomware gang encrypted Nevada government’s systems
The State of Nevada has published an after-action report detailing how hackers breached its systems to deploy ransomware in August, and the actions taken to recover from the attack. The document is one of the few completely transparent technical report from a federal government in the U.S. on a cybersecurity incident, describing all the steps […]
University of Pennsylvania confirms data stolen in cyberattack
The University of Pennsylvania has confirmed that a hacker breached numerous internal systems related to the university’s development and alumni activities and stole data in a cyberattack. In a new statement, Penn confirmed GeekFeed’s reporting that the hackers breached its systems using compromised credentials, stating they were stolen in a social engineering attack. “On October 31, Penn discovered that […]
SonicWall says state-sponsored hackers behind September security breach
SonicWall’s investigation into the September security breach that exposed customers’ firewall configuration backup files concludes that state-sponsored hackers were behind the attack. The network security company says that incident responders from Mandiant confirmed that the malicious activity had no impact on SonicWall’s products, firmware, systems, tools, source code, or customer networks. “The Mandiant investigation is now […]
UK carriers to block spoofed phone numbers in fraud crackdown
Under a new partnership with the government aimed at combating fraud, Britain’s largest mobile carriers have committed to upgrading their networks to eliminate scammers’ ability to spoof phone numbers within a year. This agreement is part of the new Telecoms Charter, which brings together law enforcement, government agencies, and Britain’s top mobile networks, including BT […]
Google warns of new AI-powered malware families deployed in the wild
Google’s Threat Intelligence Group (GTIG) has identified a major shift this year, with adversaries leveraging artificial intelligence to deploy new malware families that integrate large language models (LLMs) during execution. This new approach enables dynamic altering mid-execution, which reaches new levels of operational versatility that are virtually impossible to achieve with traditional malware. Google calls the technique […]