Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
McGraw-Hill confirms data breach following extortion threat
Education company McGraw-Hill has confirmed in a statement to GeekFeed that hackers exploited a Salesforce misconfiguration and accessed its internal data. The company assured that the breach did not affect its Salesforce accounts, customer databases, or internal systems, and that the amount of exposed data is limited and non-sensitive. “McGraw-Hill recently identified unauthorized access to […]
Fake Ledger Live app on Apple’s App Store stole $9.5M in crypto
A malicious Ledger Live app for macOS available from Apple’s App Store has drained approximately $9.5 million in cryptocurrency from 50 victims in just a few days this month. Users who downloaded the fake Ledger app were tricked into entering their seed/recovery phrases, thus giving attackers full access to their wallets and allowing them to […]
European Gym giant Basic-Fit data breach affects 1 million members
Dutch fitness giant Basic-Fit announced that hackers breached its systems and gained access to information belonging to a million of its customers. The company operates the largest gym chain in Europe, owning more than 1,700 clubs and over 430 franchises in 12 countries, including the Netherlands, Belgium, France, Spain, and Germany. In a disclosure published […]
Stolen Rockstar Games analytics data leaked by extortion gang
Rockstar Games has suffered a data breach linked to a recent security incident at Anodot, with the ShinyHunters extortion gang now leaking the stolen data on its data leak site. The threat actors claim the data was taken from Snowflake environments using authentication tokens stolen during a recent Anodot security incident. They have now published what […]
Critical flaw in wolfSSL library enables forged certificate use
A critical vulnerability in the wolfSSL SSL/TLS library can weaken security via improper verification of the hash algorithm or its size when checking Elliptic Curve Digital Signature Algorithm (ECDSA) signatures. Researchers warn that an attacker could exploit the issue to force a target device or application to accept forged certificates for malicious servers or connections. […]
FBI takedown of W3LL phishing service leads to developer arrest
The FBI Atlanta Field Office and Indonesian authorities have dismantled the “W3LL” global phishing platform, seizing infrastructure and arresting the alleged developer in what is described as the first coordinated enforcement action between the United States and Indonesia targeting a phishing kit developer. The W3ll Store was a phishing kit and online marketplace that enabled […]
OpenAI rotates macOS certs after Axios attack hit code-signing workflow
OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a recent supply chain attack. The company said that on March 31, 2026, the legitimate workflow downloaded and executed a compromised Axios package (version 1.14.1) that was used in attacks to deploy malware on devices. That […]
New Booking.com data breach forces reservation PIN resets
Booking.com has confirmed in a statement to GeekFeed that hackers accessed some users’ data from booking information associated with their reservations. The company took immediate action, forced PIN resets for existing and past reservations, and informed impacted users directly via email. Booking.com is one of the largest online travel platforms in the world, allowing users […]
Adobe rolls out emergency fix for Acrobat Reader zero-day flaw
Adobe has released an emergency security update for Acrobat Reader to fix a vulnerability, tracked as CVE-2026-34621, that has been exploited in zero-day attacks since at least December. The flaw allows malicious PDF files to bypass sandbox restrictions and invoke privileged JavaScript APIs, potentially leading to arbitrary code execution. The exploit observed in attacks enables reading and stealing arbitrary files. No user […]
Critical Marimo pre-auth RCE flaw now under active exploitation
Hackers started exploiting a critical vulnerability in the Marimo open-source reactive Python notebook platform just 10 hours after its public disclosure. The flaw allows remote code execution without authentication in Marimo versions 0.20.4 and earlier. It tracked as CVE-2026-39987 and GitHub assessed it with a critical score of 9.3 out of 10. According to researchers at cloud-security […]