700Credit, a U.S.-based financial services and fintech company, will start notifying more than 5.8 million people that their personal information has been exposed in a data breach incident. […]
2025’s Top Phishing Trends and What They Mean for Your Security Strategy
Phishing attacks in 2025 increasingly moved beyond email, with attackers using social platforms, search ads, and browser-based techniques to bypass MFA and steal sessions. Push Security outlines key phishing trends and what security teams must know as identity-based attacks continue to evolve in 2026. […]
Microsoft: Recent Windows updates break VPN access for WSL users
Microsoft says that recent Windows 11 security updates are causing VPN networking failures for enterprise users running Windows Subsystem for Linux. […]
FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE
Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including a critical flaw that could result in an authentication bypass under certain configurations.
The shortcomings, discovered by Horizon3.ai and reported to the project maintainers on September 15, 2025, are listed below –
The shortcomings, discovered by Horizon3.ai and reported to the project maintainers on September 15, 2025, are listed below –
CVE-2025-61675 (CVSS score: 8.6) – Numerous
Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery
Google has also mentioned seeing React2Shell attacks conducted by Iranian threat actors.
The post Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery appeared first on SecurityWeek.
Google links more Chinese hacking groups to React2Shell attacks
Over the weekend, Google’s threat intelligence team linked five more Chinese hacking groups to attacks exploiting the maximum-severity “React2Shell” remote code execution vulnerability. […]
⚡ Weekly Recap: Apple 0-Days, WinRAR Exploit, LastPass Fines, .NET RCE, OAuth Scams & More
If you use a smartphone, browse the web, or unzip files on your computer, you are in the crosshairs this week. Hackers are currently exploiting critical flaws in the daily software we all rely on—and in some cases, they started attacking before a fix was even ready.
Below, we list the urgent updates you need to install right now to stop these active threats.
⚡ Threat of the Week
Apple and
Below, we list the urgent updates you need to install right now to stop these active threats.
⚡ Threat of the Week
Apple and
A Browser Extension Risk Guide After the ShadyPanda Campaign
In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions on a massive scale.
A threat group dubbed ShadyPanda spent seven years playing the long game, publishing or acquiring harmless extensions, letting them run clean for years to build trust and gain millions of installs, then suddenly flipping them into
A threat group dubbed ShadyPanda spent seven years playing the long game, publishing or acquiring harmless extensions, letting them run clean for years to build trust and gain millions of installs, then suddenly flipping them into
Soverli Raises $2.6 Million for Secure Smartphone OS
The sovereign smartphone OS runs along Android or iOS, allowing users to switch between secure, isolated environments.
The post Soverli Raises $2.6 Million for Secure Smartphone OS appeared first on SecurityWeek.
French Interior Ministry confirms cyberattack on email servers
The French Interior Minister confirmed on Friday that the country’s Ministry of the Interior was breached in a cyberattack that compromised e-mail servers. […]