FreePBX Authentication Bypass Flaw Enables RCE, VoIP Platforms
Critical FreePBX authentication bypass flaw enables unauthorized access and remote code execution on affected PBX systems when misconfigured — patch immediately.
Read More
WhatsApp and Signal Flaw Enables Silent Real-Time Tracking
A subtle messaging protocol flaw allows attackers to track WhatsApp and Signal users in real time and silently drain device batteries using delivery receipt side-channels. This deep-dive explains how the attack works, why metadata matters, and what users and platforms must do next.
Kraken Ransomware Targets Windows, Linux, and VMware ESXi
Kraken ransomware has quickly evolved into a cross-platform threat that can disrupt Windows, Linux, and VMware ESXi environments in a single campaign. By abusing SMB exposure, tunneling through Cloudflared, and using benchmark-driven encryption, the group focuses on high-value data, double extortion, and maximum downtime for large enterprises.
How Commercial Spyware Is Hijacking Signal and WhatsApp
CISA is warning that state-linked threat actors are actively using commercial spyware and remote access trojans to hijack Signal and WhatsApp accounts, weaponize linked devices and deploy zero-click exploits. This article breaks down the campaigns, the tools involved and the specific hardening steps high-value targets should take immediately.
Gladinet File-Sharing Platforms Targeted in Zero-Day Campaign
A critical zero-day vulnerability in Gladinet’s CentreStack file-sharing software is being actively exploited by attackers, allowing full remote system access and potential data exfiltration. Enterprises are urged to apply temporary mitigations until an official patch becomes available.
Lanscope Endpoint Manager Zero-Day Under Attack
Attackers exploit CVE-2025-61932 in Lanscope Endpoint Manager clients to run code and move laterally. Patch MR/DA endpoints now and reduce internet exposure.
Google sues China-based Lighthouse smishing network
Google filed a lawsuit in New York to disrupt “Lighthouse,” a phishing-as-a-service network behind large-scale smishing. Consequently, the case seeks injunctions, domain seizures, and damages. For defenders, the move creates detection windows as operators pivot infrastructure so tighten filters, accelerate takedowns, and harden fraud telemetry now.
Exposed Docker Daemons Fuel ShadowV2 Botnet Attacks
A new cloud native botnet called ShadowV2 is taking aim at organizations worldwide. By abusing exposed Docker daemons and blending into legitimate cloud environments, the malware enables large scale distributed denial of service (DDoS) attacks while evading traditional defenses. With over 24,000 Docker instances exposed online, the potential for exploitation is significant What is ShadowV2?…
Nvidia H200 China Exports: Trade Win for Trump or Risk to US AI?
The Trump administration is reportedly considering licenses that would let Nvidia sell its H200 AI chips to China, reversing earlier restrictions that treated the GPU as too advanced for export. The debate pits Nvidia’s lost China revenue and a fragile tech truce against fresh smuggling indictments, the proposed CHIP Security Act and mounting fears that high-end AI hardware will accelerate China’s weapons and surveillance programmes.
EDR-Redir V2 Blinds Microsoft Defender on Windows 11
EDR-Redir V2 blinds Microsoft Defender by abusing Windows file-system filter drivers with bind links that redirect or corrupt EDR working paths. This practitioner’s guide explains the method, highlights reliable artifacts, and lists resilient mitigations so teams can validate exposure, restore telemetry, and protect Windows 11 fleets without breaking production.