22 Jun, 2026

Geek Feed

Latest IT News & Tech Trends

Contact Us
Breaking News
CISA warns Fortinet users to secure devices after FortiBleed leak

CISA warns Fortinet users to secure devices after FortiBleed leak

Gentlemen ransomware uses multiple EDR killers to disable defenses

Gentlemen ransomware uses multiple EDR killers to disable defenses

Nintendo confirms data stolen in WebMD subsidiary cyberattack

Nintendo confirms data stolen in WebMD subsidiary cyberattack

USB worm spreads crypto-stealing malware via Windows shortcut files

USB worm spreads crypto-stealing malware via Windows shortcut files

Klue OAuth breach linked to 'Icarus' Salesforce data theft attacks

Klue OAuth breach linked to ‘Icarus’ Salesforce data theft attacks

Police cleans nearly 15,000 SocGholish-infected sites tied to Evil Corp

Police cleans nearly 15,000 SocGholish-infected sites tied to Evil Corp

Grafana breach caused by missed token rotation after TanStack attack

geekfeed0Tagged , , , , ,

The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week. In the ongoing Shai-Hulud malware campaign attributed to TeamPCP hackers, dozens of TanStack packages infected with credential-stealing code were published on the npm index, compromising developer environments, including Grafana’s. When the malicious […]

Read More
2 mins read

Max-severity flaw in ChromaDB for AI apps allows server hijacking

geekfeed0Tagged , , , , , , , , ,

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers. The flaw is tracked as CVE-2026-45829 and was reported to ChromaDB on February 17. It received the maximum severity score from HiddenLayer, the company that discovered it. ChromaDB is an open-source vector database and AI retrieval […]

Read More
2 mins read

Cybercrime service disrupted for abusing Microsoft platform to sign malware

geekfeed0Tagged , , , ,

Microsoft says it has disrupted a malware-signing-as-a-service (MSaaS) operation that abused the company’s Artifact Signing service to generate fraudulent code-signing certificates used by ransomware gangs and other cybercriminals. According to a report published today by Microsoft Threat Intelligence, the threat actor tracked as Fox Tempest used the Microsoft Artifact Signing platform to create short-lived certificates […]

Read More
4 mins read

Discord rolls out end-to-end encryption on voice, video calls

geekfeed0Tagged , , , ,

Discord announced that all voice and video calls through the communication platform are now protected by default with end-to-end encryption (E2EE). The implementation was completed in March. Extensive at-scale testing has given Discord the confidence to formally announce the E2EE deployment now, and to start removing client code that supports unencrypted fallback. Discord is a […]

Read More
2 mins read

FBI: Americans lost over $388 million to scams using crypto ATMs in 2025

geekfeed0Tagged , , , , , , , ,

The FBI says Americans have lost over $388 million last year to scams using cryptocurrency kiosks, also known as crypto ATMs or Bitcoin ATMs. Cryptocurrency kiosks are physical, standalone electronic terminals (which may or may not require identity verification to prevent money laundering) that resemble bank ATMs and allow users to buy or sell crypto […]

Read More
2 mins read

Drupal critical update to fix bug with high exploitation risk

geekfeed0Tagged , , , ,

Drupal has announced a “core security release” scheduled for later today, warning that threat actors might develop exploits within hours of the update disclosure. Administrators are urged to reserve time for core updates on May 20 between 17:00 and 21:00 UTC. Website administrators running versions 8 or 9 are strongly recommended to upgrade to at […]

Read More
1 min read

Exploit released for new PinTheft Arch Linux root escalation flaw

geekfeed0Tagged , , , , , ,

A recently patched Linux privilege escalation vulnerability now has a publicly available proof-of-concept (PoC) exploit that allows local attackers to gain root privileges on Arch Linux systems. The vulnerability, named PinTheft by the V12 security team and still waiting to be assigned a CVE ID for easier tracking, exists in the Linux kernel’s RDS (Reliable […]

Read More
3 mins read

GitHub confirms breach of 3,800 repos via malicious VSCode extension

geekfeed0Tagged , , , , , ,

GitHub has confirmed that roughly 3,800 internal repositories were breached after one of its employees installed a malicious VS Code extension. The company has since removed the unnamed trojanized extension from the VS Code marketplace and has secured the compromised device. “Yesterday we detected and contained a compromise of an employee device involving a poisoned […]

Read More
3 mins read

Microsoft shares mitigation for YellowKey Windows zero-day

geekfeed0Tagged , , , , , , , , ,

Microsoft has shared mitigations for YellowKey, a recently disclosed Windows BitLocker zero-day vulnerability that grants access to protected drives. The security flaw was disclosed last week by an anonymous security researcher known as ‘Nightmare Eclipse,’ who described it as a backdoor and published a proof-of-concept (PoC) exploit. Nightmare Eclipse said that exploiting this zero-day involves placing specially […]

Read More
3 mins read

GitHub investigates internal repositories breach claimed by TeamPCP

geekfeed0Tagged , , , ,

GitHub is investigating a breach of its internal repositories after the TeamPCP hacker group claimed to have accessed approximately 4,000 repositories containing private code. GitHub’s cloud-based development platform is used by more than 4 million organizations (including 90% of the Fortune 100) and over 180 million developers who contribute to more than 420 million code […]

Read More
2 mins read