Over 900 FreePBX systems remain infected after CVE-2025-64328 exploitation, now listed in CISA KEV amid active attacks.

Hackers exploited CVE-2025-64328, a FreePBX command injection vulnerability, to infect hundreds of instances with web shells.

Zimbabwe’s anti-graft watchdog, the Zimbabwe Anti-Corruption Commission (Zacc), handled nearly two dozen money laundering cases in 2022 worth about US$30 million before referring them for prosecution ...

Palo Alto Networks’ Unit 42 says two critical flaws are being actively abused to gain unauthenticated access, deploy persistent backdoors, and compromise entire enterprise mobile fleets even after ...

Infosec In Brief An unknown attacker accessed the French government’s database listing every bank account in the country and made off with 1.2 million records.

Researchers say threat actors used the sophisticated — and unfortunately named — toolkit to target high-value networks for React2Shell exploitation.

A suspected Chinese espionage group exploited hardcoded admin credentials in Dell RecoverPoint for Virtual Machines to deploy ...

China-linked attackers exploited a maximum-severity hardcoded-credential bug in Dell RecoverPoint for Virtual Machines as a zero-day since at least mid-2024. It's all part of a long-running effort to ...

Clawdbot's MCP implementation has no mandatory authentication, allows prompt injection, and grants shell access by design. Monday's VentureBeat article documented these architectural flaws. By ...

UK Shell supermajor Shell is considering a sale of its assets in Argentina's Vaca Muerta (Dead Cow) shale play and has approached potential buyers in recent weeks to ascertain their interest. The play ...

The WooCommerce Square plugin enables WordPress sites to accept payments through the Square POS, as well as synchronize product inventory data between Square and WooCommerce. Square plugin enables a ...