Hackers exploited CVE-2025-64328, a FreePBX command injection vulnerability, to infect hundreds of instances with web shells.

Over 900 FreePBX systems remain infected after CVE-2025-64328 exploitation, now listed in CISA KEV amid active attacks.

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach reports, expert analysis, and actionable insights for infosec professionals and ...

GCHQ’s cyber security division has urged businesses to brace for Iranian cyber attacks after Britain backed the US-Israeli ...

A maximum severity vulnerability in the FreeScout helpdesk platform allows hackers to achieve remote code execution without any user interaction or authentication.

A suspected Chinese espionage group exploited hardcoded admin credentials in Dell RecoverPoint for Virtual Machines to deploy ...

A suspected China-linked hacking group has been exploiting a critical, previously unknown vulnerability in Dell Technologies data protection appliances, according to a new report from Google Threat ...

In a blog post, Google Threat Intelligence Group (GTIG) detailed the malicious activity by UNC2814, a cyber-espionage operation with suspected links to China which has been active since 2017. The ...

The malware can remain undetected on a system until a threat actor initiates a connection with the compromised device, a CISA ...

Researchers say threat actors used the sophisticated — and unfortunately named — toolkit to target high-value networks for React2Shell exploitation.

Likely Chinese nation-state hackers used online spreadsheets as infrastructure for hacking campaigns that affected at least ...

This week, Finland's Aleksanteri Kivimäki sentenced. ShinyHunters breaches. Laptop farm rancher sentenced. Oregon state ...