Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
WordPress security plugin exposes private data to site subscribers
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information. The plugin provides malware scanning and protection against brute-force attacks, exploitation of known plugin flaws, and against database injection attempts. Identified as CVE-2025-11705, the […]
Canada says hacktivists breached water and energy facilities
The Canadian Centre for Cyber Security warned today that hacktivists have breached critical infrastructure systems multiple times across the country, allowing them to modify industrial controls that could have led to dangerous conditions. The authorities issued the warning to raise awareness of the elevated malicious activity targeting internet-exposed Industrial Control Systems (ICS) and the need […]
PhantomRaven attack floods npm with credential-stealing packages
An active campaign named ‘PhantomRaven’ is targeting developers with dozens of malicious npm packages that steal authentication tokens, CI/CD secrets, and GitHub credentials. The activity started in August and deployed 126 npm packages that counted more than 86,000 downloads. The Node Package Manager (NPM) is the default package manager for Node.js, used by JavaScript developers […]
Microsoft fixes 0x800F081F errors causing Windows update failures
Microsoft has resolved a known issue that caused Windows updates to fail, leading to 0x800F081F errors on Windows 11 24H2 systems. In a service alert seen by GeekFeed, Microsoft says this known issue affects users who have installed the KB5050094 January 2025 preview cumulative update and later Windows updates. “The cumulative update failure might be accompanied with error code […]
Windows 11 KB5067036 update rolls out Administrator Protection feature
Microsoft has released the KB5067036 preview cumulative update for Windows 11 24H2 and 25H2, which begins the rollout of the Administrator Protection cybersecurity feature and an updated Start Menu. The KB5067036 update is part of the company’s optional non-security preview update schedule, which releases updates at the end of each month to test new fixes and features coming to […]
Advertising giant Dentsu reports data breach at subsidiary Merkle
Japanese advertising giant Dentsu has disclosed that its U.S.-based subsidiary Merkle suffered a cybersecurity incident that exposed staff and client data. The company states that the incident forced them to take certain systems offline as part of their response plan. “We detected abnormal activity within part of the network of Merkle, a company leading the […]
Qilin ransomware abuses WSL to run Linux encryptors in Windows
The Qilin ransomware operation was spotted executing Linux encryptors in Windows using Windows Subsystem for Linux (WSL) to evade detection by traditional security tools. The ransomware first launched as “Agenda” in August 2022, rebranding to Qilin by September and continuing to operate under that name to this day. Qilin has become one of the most […]
CISA warns of two more actively exploited Dassault vulnerabilities
The Cybersecurity & Infrastructure Security Agency (CISA) warned today that attackers are actively exploiting two vulnerabilities in Dassault Systèmes’ DELMIA Apriso, a manufacturing operations management (MOM) and execution (MES) solution. The first one (CVE-2025-6205) is a critical-severity missing authorization security flaw that can allow unauthenticated threat actors to remotely gain privileged access to an unpatched […]
Google Chrome to warn users before opening insecure HTTP sites
Google announced today that the Chrome web browser will start warning users by default before connecting to insecure HTTP public websites beginning with Chrome 154 in October 2026. Google Chrome also has an opt-in HTTPS-First Mode since 2021, which added the “Always Use Secure Connections” setting and attempts to connect to websites over HTTPS (HyperText Transfer Protocol […]
TEE.Fail attack breaks confidential computing on Intel, AMD, NVIDIA CPUs
Academic researchers developed a side-channel attack called TEE.Fail, which allows extracting secrets from the trusted execution environment in the CPU, the highly secure area of a system, such as Intel’s SGX and TDX, and AMD’s SEV-SNP. The method is a memory-bus interposition attack on DDR5 systems that could be successfully done by computer hobbyists a cost of less than […]