A critical zero-day exploit targeting exposed FreePBX 16 and 17 systems. Threat actors are abusing an unauthenticated privilege escalation vulnerability in the commercial Endpoint Manager module, allowing remote code execution (RCE) when the Administrator Control Panel is reachable from the…
Category: EN
Thousands of Citrix NetScaler boxes still sitting ducks despite patches
Shadowserver counts more than 13,000 appliances still wide open – including thousands in US, Germany, and UK Thousands of Citrix NetScaler appliances remain exposed to a trio of security flaws that the vendor patched this week, one of which is…
TransUnion admits 4.5M affected after third-party support app breached
Credit agency offers own services as compensation Credit scoring and monitoring biz TransUnion says that it recently suffered a breach affecting nearly 4.5 million individuals.… This article has been indexed from The Register – Security Read the original article: TransUnion…
China’s Salt Typhoon Hacked Critical Infrastructure Globally for Years
China-linked APT ‘Salt Typhoon’ exploited known router flaws to maintain persistent access across telecom, government, and military networks, giving Beijing’s intelligence services global surveillance reach. The post China’s Salt Typhoon Hacked Critical Infrastructure Globally for Years appeared first on SecurityWeek.…
Webinar: Why Top Teams Are Prioritizing Code-to-Cloud Mapping in Our 2025 AppSec
Picture this: Your team rolls out some new code, thinking everything’s fine. But hidden in there is a tiny flaw that explodes into a huge problem once it hits the cloud. Next thing you know, hackers are in, and your…
Netherlands Confirms China’s Salt Typhoon Targeted Small Dutch Telcos
Salt Typhoon’s primary Dutch targets were small internet service providers and hosting providers This article has been indexed from www.infosecurity-magazine.com Read the original article: Netherlands Confirms China’s Salt Typhoon Targeted Small Dutch Telcos
FreePBX Servers Hit by 0-Day Exploit, Disable Internet Access Advised
FreePBX administrators worldwide have been urged to immediately disable public internet access to their systems after a critical 0-day vulnerability was discovered in the commercial Endpoint Manager module. The Sangoma FreePBX Security Team confirmed that attacker-controlled exploit code can gain…
You Can’t Protect What You Can’t See
A business ecosystem is a borderless entity. Where organizations operate across vast, global networks, achieving a comprehensive view of their digital operations is a major challenge. Security leads, faced with… The post You Can’t Protect What You Can’t See appeared…
Ransomware crooks knock Swedish municipalities offline for measly sum of $168K
Miljödata meltdown leaves 200 local authorities scrambling over 1.5 BTC Sweden’s municipal governments have been knocked offline after ransomware crooks hit IT supplier Miljödata, reportedly demanding the bargain-basement sum of $168,000.… This article has been indexed from The Register –…
Breaking the Passkey Promise: SquareX Discloses Major Passkey Vulnerability at DEF CON 33
Palo Alto, California, 28th August 2025, CyberNewsWire The post Breaking the Passkey Promise: SquareX Discloses Major Passkey Vulnerability at DEF CON 33 appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article: Breaking…