17 Jul, 2026

WordPress security plugin exposes private data to site subscribers

The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information. The plugin provides malware scanning and protection against brute-force attacks, exploitation of known plugin flaws, and against database injection attempts. Identified as CVE-2025-11705, the […]

2 mins read

Canada says hacktivists breached water and energy facilities

The Canadian Centre for Cyber Security warned today that hacktivists have breached critical infrastructure systems multiple times across the country, allowing them to modify industrial controls that could have led to dangerous conditions. The authorities issued the warning to raise awareness of the elevated malicious activity targeting internet-exposed Industrial Control Systems (ICS) and the need […]

2 mins read

PhantomRaven attack floods npm with credential-stealing packages

An active campaign named ‘PhantomRaven’ is targeting developers with dozens of malicious npm packages that steal authentication tokens, CI/CD secrets, and GitHub credentials. The activity started in August and deployed 126 npm packages that counted more than 86,000 downloads. The Node Package Manager (NPM) is the default package manager for Node.js, used by JavaScript developers […]

2 mins read

Microsoft fixes 0x800F081F errors causing Windows update failures

Microsoft has resolved a known issue that caused Windows updates to fail, leading to 0x800F081F errors on Windows 11 24H2 systems. In a service alert seen by GeekFeed, Microsoft says this known issue affects users who have installed the KB5050094 January 2025 preview cumulative update and later Windows updates. “The cumulative update failure might be accompanied with error code […]

2 mins read

Windows 11 KB5067036 update rolls out Administrator Protection feature

Microsoft has released the KB5067036 preview cumulative update for Windows 11 24H2 and 25H2, which begins the rollout of the Administrator Protection cybersecurity feature and an updated Start Menu. The KB5067036 update is part of the company’s optional non-security preview update schedule, which releases updates at the end of each month to test new fixes and features coming to […]

10 mins read

Advertising giant Dentsu reports data breach at subsidiary Merkle

Japanese advertising giant Dentsu has disclosed that its U.S.-based subsidiary Merkle suffered a cybersecurity incident  that exposed staff and client data. The company states that the incident forced them to take certain systems offline as part of their response plan. “We detected abnormal activity within part of the network of Merkle, a company leading the […]

2 mins read

Qilin ransomware abuses WSL to run Linux encryptors in Windows

The Qilin ransomware operation was spotted executing Linux encryptors in Windows using Windows Subsystem for Linux (WSL) to evade detection by traditional security tools. The ransomware first launched as “Agenda” in August 2022, rebranding to Qilin by September and continuing to operate under that name to this day. Qilin has become one of the most […]

4 mins read

CISA warns of two more actively exploited Dassault vulnerabilities

The Cybersecurity & Infrastructure Security Agency (CISA) warned today that attackers are actively exploiting two vulnerabilities in Dassault Systèmes’ DELMIA Apriso, a manufacturing operations management (MOM) and execution (MES) solution. The first one (CVE-2025-6205) is a critical-severity missing authorization security flaw that can allow unauthenticated threat actors to remotely gain privileged access to an unpatched […]

2 mins read

Google Chrome to warn users before opening insecure HTTP sites

Google announced today that the Chrome web browser will start warning users by default before connecting to insecure HTTP public websites beginning with Chrome 154 in October 2026. Google Chrome also has an opt-in HTTPS-First Mode since 2021, which added the “Always Use Secure Connections” setting and attempts to connect to websites over HTTPS (HyperText Transfer Protocol […]

3 mins read

TEE.Fail attack breaks confidential computing on Intel, AMD, NVIDIA CPUs

Academic researchers developed a side-channel attack called TEE.Fail, which allows extracting secrets from the trusted execution environment in the CPU, the highly secure area of a system, such as Intel’s SGX and TDX, and AMD’s SEV-SNP. The method is a memory-bus interposition attack on DDR5 systems that could be successfully done by computer hobbyists a cost of less than […]

5 mins read