Security Boulevard

CVE-2026-1357: WordPress Plugin RCE Exposes Sites to Full Takeover

CVE-2026-1357 exposes a critical WordPress WPvivid plugin flaw, allowing unauthenticated RCE, enabling attackers to upload PHP files and fully compromise sites. The post CVE-2026-1357: WordPress ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users from legitimate sign‑in pages to attacker‑controlled infrastructure.
SecurityWeek

900 Sangoma FreePBX Instances Infected With Web Shells

Hackers exploited CVE-2025-64328, a FreePBX command injection vulnerability, to infect hundreds of instances with web shells.
Security Boulevard

Fake Zoom and Google Meet scams install Teramind: A technical deep dive

On February 24, 2026, we published an article about how a fake Zoom meeting “update” silently installs monitoring software, documenting a campaign that used a convincing fake Zoom waiting room to push ...
National Academies of Sciences%2c Engineering%2c and Medicine

Strengthening Forensic Science in the United States: A Path Forward

Unfortunately, this book can't be printed from the OpenBook. If you need to print pages from this book, we recommend downloading it as a PDF. Visit NAP.edu/10766 to get more information about this ...
GitHub

moonolgerd/k6-test-explorer

A VS Code extension that integrates k6 performance testing with the VS Code Test Explorer. Run,- k6TestExplorer.k6Path: Path to the k6 executable (default: "k6") k6TestExplorer.testPattern: Glob ...
GitHub

teknology-hub/tek-injector

tek-injector is a C/C++ library and program built on top of it for starting a game process and injecting tek-game-runtime into it. The binaries are signed by Nuclearist's code signing certificate, ...