Menu

25 Latest Articles Current Articles | Archives | Search
15

FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE

Master Code Fu posted on December 15, 2025 16:35
Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including a critical flaw that could result in an authentication bypass under certain configurations. The shortcomings, discovered by Horizon3.ai and reported to the project maintainers on September 15, 2025, are listed below - CVE-2025-61675 (CVSS score: 8.6) - Numerous

[Read the rest of this article...]

Posted in: Security News
Actions: E-mail | Permalink | Comments (0) RSS comment feed
15

⚡ Weekly Recap: Apple 0-Days, WinRAR Exploit, LastPass Fines, .NET RCE, OAuth Scams & More

Master Code Fu posted on December 15, 2025 16:35
If you use a smartphone, browse the web, or unzip files on your computer, you are in the crosshairs this week. Hackers are currently exploiting critical flaws in the daily software we all rely on—and in some cases, they started attacking before a fix was even ready. Below, we list the urgent updates you need to install right now to stop these active threats. ⚡ Threat of the Week Apple and

[Read the rest of this article...]

Posted in: Security News
Actions: E-mail | Permalink | Comments (0) RSS comment feed
15

A Browser Extension Risk Guide After the ShadyPanda Campaign

Master Code Fu posted on December 15, 2025 16:35
In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions on a massive scale. A threat group dubbed ShadyPanda spent seven years playing the long game, publishing or acquiring harmless extensions, letting them run clean for years to build trust and gain millions of installs, then suddenly flipping them into

[Read the rest of this article...]

Posted in: Security News
Actions: E-mail | Permalink | Comments (0) RSS comment feed
15

Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector

Master Code Fu posted on December 15, 2025 16:35
Cybersecurity researchers have disclosed details of an active phishing campaign that's targeting a wide range of sectors in Russia with phishing emails that deliver Phantom Stealer via malicious ISO optical disc images. The activity, codenamed Operation MoneyMount-ISO by Seqrite Labs, has primarily singled out finance and accounting entities, with those in the procurement, legal, payroll

[Read the rest of this article...]

Posted in: Security News
Actions: E-mail | Permalink | Comments (0) RSS comment feed
15

VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption

Master Code Fu posted on December 15, 2025 16:35
The pro-Russian hacktivist group known as CyberVolk (aka GLORIAMIST) has resurfaced with a new ransomware-as-a-service (RaaS) offering called VolkLocker that suffers from implementation lapses in test artifacts, allowing users to decrypt files without paying an extortion fee. According to SentinelOne, VolkLocker (aka CyberVolk 2.x) emerged in August 2025 and is capable of targeting both Windows

[Read the rest of this article...]

Posted in: Security News
Actions: E-mail | Permalink | Comments (0) RSS comment feed
Page 1 of 10First   Previous   [1]  2  3  4  5  6  7  8  9  10  Next   Last