13 Jul, 2026

Previously harmless Google API keys now expose Gemini AI data

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI assistant and access private data. Researchers found nearly 3,000 such keys while scanning internet pages from organizations in various sectors, and even from Google. The problem occurred when Google introduced its Gemini assistant, and developers started […]

3 mins read

Trend Micro warns of critical Apex One code execution flaws

Japanese cybersecurity software firm Trend Micro has patched two critical Apex One vulnerabilities that allow attackers to gain remote code execution (RCE) on vulnerable Windows systems. Apex One is an endpoint security platform that detects and responds to security threats, including malware, spyware, malicious tools, and vulnerabilities. The first critical Apex One security flaw patched this week […]

2 mins read

European DYI chain ManoMano data breach impacts 38 million customers

DIY store chain ManoMano is notifying customers of a data breach that was caused by hackers compromising a third-party service provider. The company confirmed to GeekFeed that it learned of the hack in January 2026. An investigation into the incident determined that 38 million individuals are affected. “We can confirm that ManoMano has recently notified […]

2 mins read

Critical Juniper Networks PTX flaw allows full router takeover

A critical vulnerability in the Junos OS Evolved network operating system running on PTX Series routers from Juniper Networks could allow an unauthenticated attacker to execute code remotely with root privileges. PTX Series routers are high-performance core and peering routers built for high throughput, low latency, and scale. They are commonly used by internet service providers, telecommunication […]

2 mins read

Olympique Marseille confirms ‘attempted’ cyberattack after data leak

French professional football club Olympique de Marseille has confirmed a cyberattack after a threat actor claimed on Monday that it breached the club’s systems earlier this month. Founded 126 years ago, Olympique Marseille competes in the Ligue 1, the top tier of the French football league system, and was the first French club to win […]

2 mins read

Ransomware payment rate drops to record low as attacks surge

The number of ransomware victims paying threat actors has dropped to 28% last year, an all-time low, despite a significant increase in the number of claimed attacks. A downward payment trend has been observed for the past four consecutive years by the blockchain intelligence platform Chainalysis. At the moment, the total of on-chain ransomware payments in 2025 stands […]

3 mins read

New York sues Valve for promoting illegal gambling via game loot boxes

New York Attorney General Letitia James sued video game developer and publisher Valve Corporation for using game loot boxes to facilitate illegal gambling activities among children and teenagers. Valve operates Steam, one of the largest digital game distribution services in the world, offering access to thousands of games for millions of users worldwide. At the […]

2 mins read

Medical device maker UFP Technologies warns of data stolen in cyberattack

American manufacturer of medical devices, UFP Technologies, has disclosed that a cybersecurity incident has compromised its IT systems and data. UFP Technologies is a publicly traded medical engineering and manufacturing company that produces a broad range of devices and components used in surgery, wound care, implants, orthopedic applications, and healthcare wearables. The company employs 4,300 people, […]

2 mins read

Fake Next.js job interview tests backdoor developer’s devices

A coordinated campaign targeting software developers with job-themed lures is using malicious repositories posing as legitimate Next.js projects and technical assessment materials, including recruiting coding tests. The attacker’s goal is to achieve remote code execution (RCE) on developer machines, exfiltrate sensitive data, and introduce additional payloads on compromised systems. Multiple execution triggers Next.js is a popular […]

3 mins read

Ex-L3Harris exec jailed for selling zero-days to Russian exploit broker

The former head of Trenchant, a specialized U.S. defense contractor unit, was sentenced Tuesday to more than seven years in federal prison for stealing and selling zero-day exploits to a Russian broker whose clients include the Russian government. 39-year-old Australian national Peter Williams served as the general manager of Trenchant, a cybersecurity unit of defense […]

2 mins read