Critical CVE-2026-2329 flaw in Grandstream GXP1600 VoIP phones enables unauthenticated RCE, call interception, and credential theft.

Threat actors now have the ability to exploit a new zero-day vulnerability in the Chrome browser, Google has advised IT ...

Sovereign factory AI is the starting point for a secure coding assistant. Enterprises need to embrace a data-first security approach, one that protects sensitive information at the point of retrieval ...

Underground Telegram channels shared SmarterMail exploit PoCs and stolen admin credentials within days of disclosure. Flare explains how monitoring these communities reveals rapid weaponization of CVE ...

The US cybersecurity agency CISA on Friday warned of two RoundCube Webmail vulnerabilities being exploited in the wild. Prevalent within government and enterprise networks, RoundCube Webmail is a ...

A critical vulnerability in BeyondTrust Remote Support is facing an increase in threat activity, with hackers deploying ...

CVE-2026-1357 exposes a critical WordPress WPvivid plugin flaw, allowing unauthenticated RCE, enabling attackers to upload PHP files and fully compromise sites. The post CVE-2026-1357: WordPress ...

Microsoft patches CVE-2026-20841, a high-severity Windows Notepad flaw that could allow code execution via malicious Markdown ...

CVE-2026-2329 allows unauthenticated root-level access to SMB phones, so attackers can intercept calls, commit toll fraud, and impersonate users.

A convincing lookalike of the popular Huorong Security antivirus has been used to deliver ValleyRAT, a sophisticated Remote ...

Researchers say threat actors used the sophisticated — and unfortunately named — toolkit to target high-value networks for ...

India's cybersecurity agency, CERT-In, has issued a high-severity warning regarding multiple vulnerabilities in Google Chrome that could allow for remote attacks, particularly affecting users with ...