The Hacker News

FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE

FreePBX patched 2025 flaws allowing SQL injection, file upload attacks, and an auth bypass only when webserver AUTHTYPE was ...

GhostPoster attacks hide malicious JavaScript in Firefox addon logos

A new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions counting more ...

Microsoft Worm Attack Warning — Act Rapidly And Change Passwords Now

Rapidly change your password, the Microsoft security team urges as Shai-Hulud Dune Worm cloud attacks continue.

North Korean hackers exploit React2Shell flaw in EtherRAT malware attacks

A new malware implant called EtherRAT, deployed in a recent React2Shell attack, runs five separate Linux persistence mechanisms and leverages Ethereum smart contracts for communication with the ...
WeLiveSecurity

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

ESET researchers discovered a China-aligned APT group, LongNosedGoblin, which uses Group Policy to deploy cyberespionage ...

Beware the fake ChatGPT Atlas browser stealing account logins and saved passwords

Things get shady the moment you try to download the app. Instead of offering a normal installer file, the site tells users to paste a command into their terminal.
Infosecurity Magazine

New BeaverTail Malware Variant Linked to Lazarus Group

A new variant of the BeaverTail malware linked to North Korean hackers has been identified targeting cryptocurrency traders ...
Cybernews

Hackers turn ChatGPT, Grok chat links into malware traps on search engines

Cybercriminals are using manipulated ChatGPT and Grok chat links, pushed via sponsored search results, to trick users into ...
How-To Geek on MSN

Stop opening your browser for these 8 tasks, the terminal does them better

Terminal is approachable, faster, and ad-free—learn it to get things done. Use built-in CLI tools for passwords, weather, IP, speed tests, conversions, translations, and downloads.
Railway-News

Written Orders in RailSoft – a Modern, Secure and Ir-1-Compliant Solution from 2025

Petrosoft’s RailSoft enables digital written orders and European instructions, supporting compliance with new Polish rail ...
The Hacker News

New MacSync macOS Stealer Uses Signed App to Bypass Apple Gatekeeper

A new MacSync macOS stealer spreads via a signed, notarized fake installer, bypassing Apple Gatekeeper before Apple revoked ...
Security Boulevard

What are Access Tokens? Complete Guide to Access Token Structure, Usage & Security

Learn everything about access tokens: their structure, how they work in SSO and CIAM, and critical security measures to protect them from threats.