FreePBX is a popular PBX system built around the open source VoIP system Asterisk. To manage Asterisk more easily, it provides a capable web-based admin interface. Sadly, like so many web applications, it has had its share of vulnerabilities in…
Category: EN
Attackers Actively Exploiting Critical Vulnerability in Service Finder Bookings Plugin
On June 8th, 2025, we received a submission through our Bug Bounty Program for an Authentication Bypass vulnerability in Service Finder Bookings, a WordPress plugin bundled with the Service Finder theme. This theme has been sold to approximately 6,000 customers.…
Delta Electronics DIAScreen
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DIAScreen Vulnerabilities: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to write data outside of the allocated memory…
North Korean hackers stole over $2 billion in crypto so far in 2025, researchers say
Blockchain monitoring firm Elliptic said this year’s total is already an all-time record for the North Korean regime. This article has been indexed from Security News | TechCrunch Read the original article: North Korean hackers stole over $2 billion in…
Don’t connect your wallet: Best Wallet cryptocurrency scam is making the rounds
A text message tried to lure us to a fake Best Wallet site posing as an airdrop event to steal our crypto. This article has been indexed from Malwarebytes Read the original article: Don’t connect your wallet: Best Wallet cryptocurrency…
Nearly a year after attack, US medical scanning biz gets clear image of stolen patient data
No fraud monitoring and no apology after miscreants make off with medical, financial data Florida-based Doctors Imaging Group has admitted that the sensitive medical and financial data of 171,862 patients was stolen during the course of a November 2024 cyberattack.……
New Microsoft Secure Future Initiative (SFI) patterns and practices: Practical guides to strengthen security
Microsoft Secure Future Initiative (SFI) patterns and practices are practical, actionable, insights from practitioners for practitioners based on Microsoft’s implementation of Zero Trust through the Microsoft Secure Future Initiatives. By adopting these patterns, organizations can accelerate their security maturity, reduce implementation friction, and build systems that…
Medusa Ransomware Exploiting GoAnywhere MFT Flaw, Confirms Microsoft
Latest reports suggest the critical GoAnywhere MFT vulnerability (CVE-2025-10035, CVSS 10.0) is actively exploited by the Medusa ransomware gang for unauthenticated RCE. Patch immediately. This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto…
Police and military radio maker BK Technologies cops to cyber break-in
Florida comms outfit serving cops, firefighters, and the military says hackers pinched some employee data but insists its systems stayed online BK Technologies, the Florida-based maker of mission-critical radios for US police, fire, and defense customers, has confessed to a…
OpenAI bans suspected Chinese accounts using ChatGPT to plan surveillance
It also banned some suspected Russian accounts trying to create influence campaigns and malware OpenAI has banned ChatGPT accounts believed to be linked to Chinese government entities attempting to use AI models to surveil individuals and social media accounts.… This…
Commvault Adds Ability to Recover Iceberg Data Lake Tables
Commvault has added an offering to its data protection portfolio specifically designed to backup and restore the Iceberg table structures that are at the foundation of many of the data lakes that are now being more widely deployed in enterprise…
Social Event App Partiful Did Not Collect GPS Locations from Photos
Social event planning app Partiful, also known as “Facebook events for hot people,” has replaced Facebook as the go-to place for sending party invites. However, like Facebook, Partiful also collects user data. The hosts can create online invitations in…
Google’s New AI Doesn’t Just Find Vulnerabilities — It Rewrites Code to Patch Them
Google’s DeepMind division on Monday announced an artificial intelligence (AI)-powered agent called CodeMender that automatically detects, patches, and rewrites vulnerable code to prevent future exploits. The efforts add to the company’s ongoing efforts to improve AI-powered vulnerability discovery, such as…
Qilin Claims Ransomware Attack on Mecklenburg Schools
The Qilin ransomware gang has claimed attacks at Mecklenburg County Public Schools, stealing financial records and childrens’ medical files This article has been indexed from www.infosecurity-magazine.com Read the original article: Qilin Claims Ransomware Attack on Mecklenburg Schools
Public disclosures of AI risk surge among S&P 500 companies
A report by The Conference Board shows companies are flagging concerns about reputational and cyber-risk as they increase deployment. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Public disclosures of AI risk surge…
Physicists just built a quantum lie detector. It works
An international team has confirmed that large quantum systems really do obey quantum mechanics. Using Bell’s test across 73 qubits, they proved the presence of genuine quantum correlations that can’t be explained classically. Their results show quantum computers are not…
Cyber Awareness Month: Cloud and Application Security Best Practices
Cybersecurity Awareness Month is a good time to revisit the role every employee plays in protecting cloud and application environments. This article has been indexed from Fortinet Industry Trends Blog Read the original article: Cyber Awareness Month: Cloud and…
Critical Flaw Exposes 60,000 Redis Servers to Remote Exploitation
A critical Redis flaw, dubbed “RediShell,” has exposed 60,000 unprotected servers to exploitation This article has been indexed from www.infosecurity-magazine.com Read the original article: Critical Flaw Exposes 60,000 Redis Servers to Remote Exploitation
Security bug in India’s income tax portal exposed taxpayers’ sensitive data
TechCrunch verified that the security bug in the Indian Income Tax Department’s e-Filing portal exposed taxpayers’ data to other users. The security researchers who found the flaw say the data leak is now fixed. This article has been indexed from…
Jaguar Land Rover: Production Halted Post-Hack
In a recent podcast interview with Cybercrime Magazine host, David Braue, Scott Schober, Cyber Expert, Author of “Hacked Again,” and CEO of Berkeley Varitronics Systems, covers the recent Jaguar Land Rover hack, the following production halt, what the incident says about…