FreePBX Authentication Bypass Flaw Enables RCE, VoIP Platforms
Critical FreePBX authentication bypass flaw enables unauthorized access and remote code execution on affected PBX systems when misconfigured — patch immediately.
Read More
SoundCloud blocks VPN users with 403 error during ongoing issue
SoundCloud users relying on VPN connections experienced persistent 403 errors due to an ongoing service disruption. The issue blocked streaming, logins, and other key functions, raising questions about backend restrictions and traffic filtering within the platform.
Fake OSINT GitHub Repos Used to Spread PyStoreRAT Malware
Cybercriminals are abusing fake OSINT GitHub repos to distribute PyStoreRAT, a JavaScript-based RAT that delivers diverse malware modules through deceptive open-source tools.
WhatsApp and Signal Flaw Enables Silent Real-Time Tracking
A subtle messaging protocol flaw allows attackers to track WhatsApp and Signal users in real time and silently drain device batteries using delivery receipt side-channels. This deep-dive explains how the attack works, why metadata matters, and what users and platforms must do next.
UK issues major LastPass data breach fine following 2022 incident
UK regulators have fined LastPass for security failures linked to the 2022 breach that exposed vault metadata for 16 million users. The incident revealed significant operational gaps and raised industry-wide questions about password-management safety.
ThreatsDay Bulletin: Spyware Alerts and Emerging Global Malware
This week’s ThreatsDay Bulletin highlights rising spyware alerts, global scanning activity, and new Linux backdoor threats essential insight for defenders and SOC teams.
ClickFix AI Attack Uses Grok and ChatGPT to Deliver Malware
A new ClickFix-style attack abuses Grok and ChatGPT to deliver malware by convincing users to run malicious commands disguised as troubleshooting advice. This article explains how the attack works and how defenders can detect and prevent it.
LinkedIn-Related Data Exposure Sparks Global Phishing Risk
A massive misconfigured database exposed billions of LinkedIn-related records, enabling attackers to refine phishing, impersonation, and identity-based attacks. This investigative report examines how the leak happened and why its long-tail impact will persist for years.
Microsoft 365 Services in Australia, Major Outage Impacts Users
Microsoft 365 suffered a widespread outage across Australia, causing authentication failures, email disruptions and Teams connection issues. Although services gradually recovered, the incident exposed cloud reliability concerns for businesses that rely heavily on Microsoft’s ecosystem.
Critical Infrastructure Under Attack: Russia-Backed Cybercrime
The U.S. Justice Department indicted a Ukrainian national for her role in Russia-backed cyberattacks targeting critical infrastructure — a move highlighting the resurgence of politically motivated malware campaigns against essential services.