FreePBX patched 2025 flaws allowing SQL injection, file upload attacks, and an auth bypass only when webserver AUTHTYPE was ...

A Google Chrome extension with a "Featured" badge and six million users has been observed silently gathering every prompt ...

Researchers report phishing emails in Russia using ISO attachments to deploy Phantom Stealer against finance and related ...

VolkLocker uses AES-256 in Galois/Counter Mode ( GCM) for encryption through Golang's "crypto/rand" package. Every encrypted ...

Learn how the ShadyPanda campaign turned trusted browser extensions into spyware and the steps security teams can take to reduce extension risk.

CISA warns of active exploitation of Sierra Wireless router flaw allowing remote code execution via unrestricted file upload.

Apple fixes two exploited WebKit bugs targeting specific users, issuing security updates across iOS, macOS, and Safari.

Researchers detail new AI and phishing kits that steal credentials, bypass MFA, and scale attacks across major services.

Enterprises rely on browser-based GenAI, increasing data-exposure risks and demanding strict policies, isolation, and ...

CISA reports active exploitation of GeoServer XXE flaw CVE-2025-58360 and directs immediate updates to secure affected ...

Storm-0249 now employs ClickFix, fileless PowerShell, and DLL sideloading to gain stealthy access that enables ransomware ...

Written in C++, NANOREMOTE is equipped to perform reconnaissance, execute files and commands, and transfer files to and from ...