Hackers exploited CVE-2025-64328, a FreePBX command injection vulnerability, to infect hundreds of instances with web shells.

Over 900 FreePBX systems remain infected after CVE-2025-64328 exploitation, now listed in CISA KEV amid active attacks.

A fake Go module posing as golang.org/x/crypto captures terminal passwords, installs SSH persistence, and delivers the ...

Anthropic fixed the flaws - but the AI-enabled attack surfaces remain Security vulnerabilities in Claude Code could have allowed attackers to remotely execute code on users' machines and steal API ...

Security experts have identified three critical vulnerabilities in Anthropic's Claude Code, potentially allowing remote code execution and API key theft. Attackers could exploit malicious ...

A suspected Chinese espionage group exploited hardcoded admin credentials in Dell RecoverPoint for Virtual Machines to deploy ...

Full scale of infections remains 'unknown' China-linked attackers exploited a maximum-severity hardcoded-credential bug in Dell RecoverPoint for Virtual Machines as a zero-day since at least mid-2024.

When you peel back the covers to view what's going on beneath the surface, you'll find that GNOME 50 is actually a significant release; it just doesn't show it off. GNOME 50 is a ton of subtle changes ...

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.

OpenClaw jumped from 1,000 to 21,000 exposed deployments in a week. Here's how to evaluate it in Cloudflare's Moltworker sandbox for $10/month — without touching your corporate network.