Hackers exploited CVE-2025-64328, a FreePBX command injection vulnerability, to infect hundreds of instances with web shells.

Over 900 FreePBX systems remain infected after CVE-2025-64328 exploitation, now listed in CISA KEV amid active attacks.

OpenClaw jumped from 1,000 to 21,000 exposed deployments in a week. Here's how to evaluate it in Cloudflare's Moltworker sandbox for $10/month — without touching your corporate network.

A command injection flaw in the Windows Notepad App now gives remote attackers a path to execute code over a network, turning one of the most familiar programs on any PC into a potential entry point ...

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach reports, expert analysis, and actionable insights for infosec professionals and ...

Safe coding is a collection of software design practices and patterns that allow for cost-effectively achieving a high degree ...

AI agents now operate across enterprise systems, creating new risk via prompt injection, plugins, and persistent memory. Here ...

"Microsoft is turning Notepad into a slow, feature-heavy mess we don't need." The post Microsoft Added AI to Notepad and It Created a Security Failure Because the AI Was Stupidly Easy for Hackers to ...

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...

Security researchers disclose critical vulnerabilities in Anthropic’s Claude Code that allow remote code execution and credential theft.