Researchers at penetration testing and security company Horizon3.ai have disclosed a series of high-impact vulnerabilities in FreePBX, a widely used open-source VoIP and IP PBX management platform, raising serious concerns for organizations running unpatched systems. The findings detail multiple flaws that attackers could chain together to gain full remote code execution (RCE) on affected FreePBX

Continue Reading

SoundCloud has disclosed on an official post that it recently identified and resolved a security incident involving unauthorized activity within an ancillary service dashboard. The company stated that the issue has been fully contained and that there is no ongoing risk to the security or availability of the platform. Upon discovery, SoundCloud immediately activated its

Continue Reading

Google has announced that it will discontinue its Dark Web Report, a feature for Google account or workspace users designed to scan the dark web for users’ personal information, as part of a broader effort to focus on security tools that offer clearer, more actionable protection for users. According to Google, feedback showed that while

Continue Reading

Apple has released new iOS and iPadOS versions, both 26.2, addressing a broad set of security vulnerabilities across core system components, apps, and the Safari browser engine. The update is available for iPhone 11 and later, as well as supported iPad models, and is recommended for all users. The release fixes issues that could have

Continue Reading

A recent large-scale security analysis published by Flare, a cyber threat intelligence company, has identified thousands of publicly available Docker Hub container images containing exposed secrets. The exposed data includes live credentials for cloud platforms, source control systems, databases, and AI services. The findings point to a widespread and ongoing security risk affecting organizations of

Continue Reading

Security researchers have disclosed a new tracking technique that can be used to monitor activity patterns of WhatsApp and Signal users by exploiting how the apps handle message delivery acknowledgments. The issue was recently highlighted by researchers at Cybernews, following the public release of a proof-of-concept tracking tool. The technique allows an attacker to infer

Continue Reading

A recently patched security flaw in WinRAR, the popular Windows file archiving tool, is currently being exploited by several threat groups. The vulnerability affects Windows versions of the widely used file archiving tool and involves a path traversal issue that can allow malicious files to be placed outside their intended extraction directory. When combined with

Continue Reading

Microsoft has released its latest security update for Windows 10, KB5071546, covering versions 22H2 (ESU) and 21H2 Enterprise LTSC 2021. This update continues extended servicing for organizations still operating Windows 10 and introduces several important security and reliability enhancements. Microsoft is again advising administrators and users that Secure Boot certificates used by most Windows devices

Continue Reading