SecurityWeek

900 Sangoma FreePBX Instances Infected With Web Shells

Hackers exploited CVE-2025-64328, a FreePBX command injection vulnerability, to infect hundreds of instances with web shells.
SecurityWeek

SolarWinds Patches Four Critical Serv-U Vulnerabilities

SolarWinds has patched four critical-severity remote code execution vulnerabilities in the Serv-U enterprise file transfer product.
Bleeping Computer

The biggest cybersecurity and cyberattack stories of 2025

2025 was a big year for cybersecurity, with major cyberattacks, data breaches, threat groups reaching new notoriety levels, and, of course, zero-day vulnerabilities exploited in incidents. Some ...
Forbes

Microsoft And CISA Issue Critical New Alert, Windows Attacks Confirmed

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. The latest Microsoft warning, echoed by America’s Cyber ...
Hosted on MSN

Microsoft's December patch fixes three zero-day flaws including one critical exploited vulnerability — update your PC right now

If you’ve been putting off updating your laptop or desktop PC, now is a good time to do so as Microsoft just released its December Patch Tuesday which contains fixes for 57 unique flaws including ...
Bleeping Computer

CISA: VMware ESXi flaw now exploited in ransomware attacks

CISA confirmed on Wednesday that ransomware gangs have begun exploiting a high-severity VMware ESXi sandbox escape vulnerability that was used in zero-day attacks since at least February 2024.
PC World

Microsoft fixes critical Office zero-day security flaw. Update ASAP!

PCWorld reports that Microsoft released critical security updates fixing 15 Office vulnerabilities, including 14 remote code execution flaws affecting Excel, Word, Outlook, and Access. One zero-day ...
Hosted on MSN

CISA flags actively exploited Office relic alongside fresh HPE flaw

CISA has added a pair of security holes to its actively exploited list, warning that attackers are now abusing a maximum-severity bug in HPE's OneView management software and a years-old flaw in ...
Dark Reading

Maximum Severity HPE OneView Flaw Exploited in the Wild

A maximum-severity vulnerability in OneView, HPE's software-defined management platform, has come under attack, according to the Cybersecurity and Infrastructure Security Agency (CISA). CVE-2025-37164 ...
Security Boulevard

Inside Modern API Attacks: What We Learn from the 2026 API ThreatStats Report

API security has been a growing concern for years. However, while it was always seen as important, it often came second to application security or hardening infrastructure.  In 2025, the picture ...
Computer Weekly

Microsoft patches 112 CVEs on first Patch Tuesday of 2026

Microsoft has pushed fixes for 112 common vulnerabilities and exposures (CVEs) on the first Patch Tuesday of 2026, among them a number of zero-day flaws that were either publicly disclosed or actively ...