Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
Nike investigates data breach after extortion gang leaks files
Nike is investigating what it described as a “potential cyber security incident” after the World Leaks ransomware gang leaked 1.4 TB of files allegedly stolen from the sportswear giant. “We always take consumer privacy and data security very seriously,” the company told GeekFeed in an email statement. “We are investigating a potential cyber security incident […]
Critical sandbox escape flaw found in popular vm2 NodeJS library
A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system. The open-source vm2 library creates a secure context to allow users to execute untrusted JavaScript code that does not have access to the filesystem. vm2 has historically been seen in SaaS platforms […]
US charges 31 more suspects linked to ATM malware attacks
A Nebraska federal grand jury charged 31 additional defendants for their involvement in an ATM jackpotting operation allegedly orchestrated by members of the Venezuelan gang Tren de Aragua. These latest charges follow two previous indictments: a December 9 one charging 22 individuals with conspiracy to provide material support to terrorists and money laundering, and an October […]
Over 6,000 SmarterMail servers exposed to automated hijacking attacks
Nonprofit security organization Shadowserver has found over 6,000 SmarterMail servers exposed online and likely vulnerable to attacks exploiting a critical authentication bypass vulnerability. Cybersecurity company watchTowr reported the security flaw to developer SmarterTools on January 8, which released a fix on January 15 without assigning an identifier. The vulnerability was later assigned CVE-2026-23760 and rated critical severity, as […]
Have I Been Pwned: SoundCloud data breach impacts 29.8 million accounts
Hackers have stolen the personal and contact information belonging to over 29.8 million SoundCloud user accounts after breaching the audio streaming platform’s systems. SoundCloud was founded in 2007 as an artist-first platform that now provides access to over 400 million tracks from more than 40 million artists worldwide. The company confirmed the breach on December 15, following widespread reports from users […]
New malware service guarantees phishing extensions on Chrome web store
A new malware-as-a-service (MaaS) called ‘Stanley’ promises malicious Chrome extensions that can clear Google’s review process and publish them to the Chrome Web Store. Researchers at end-to-end data security company Varonis named the project Stanley after the alias of the seller, who advertises easy phishing attacks by intercepting navigation and covering a webpage with an iframe […]
New ClickFix attacks abuse Windows App-V scripts to push malware
A new malicious campaign mixes the ClickFix method with fake CAPTCHA and a signed Microsoft Application Virtualization (App-V) script to ultimately deliver the Amatera infostealing malware. The Microsoft App-V script acts as a living-off-the-land binary that proxies the execution of PowerShell through a trusted Microsoft component to disguise the malicious activity. Microsoft Application Virtualization is an enterprise Windows […]
Microsoft patches actively exploited Office zero-day vulnerability
Microsoft has released emergency out-of-band security updates to patch a high-severity Microsoft Office zero-day vulnerability exploited in attacks. The security feature bypass vulnerability, tracked as CVE-2026-21509, affects multiple Office versions, including Microsoft Office 2016, Microsoft Office 2019, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, and Microsoft 365 Apps for Enterprise (the company’s cloud-based subscription service). […]
Cloudflare misconfiguration behind recent BGP route leak
Cloudflare has shared more details about a recent 25-minute Border Gateway Protocol (BGP) route leak affecting IPv6 traffic, which caused measurable congestion, packet loss, and approximately 12 Gbps of dropped traffic. The BGP system helps route data across different networks called autonomous systems (AS) that send it to destination through smaller networks on the internet. The incident was […]
Nearly 800,000 Telnet servers exposed to remote attacks
Internet security watchdog Shadowserver tracks nearly 800,000 IP addresses with Telnet fingerprints amid ongoing attacks exploiting a critical authentication bypass vulnerability in the GNU InetUtils telnetd server. The security flaw (CVE-2026-24061) impacts GNU InetUtils versions 1.9.3 (released 11 years ago in 2015) through 2.7 and was patched in version 2.8 (released on January 20). “The […]