Skip to content
the hacker news Page 12

the hacker news

FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE

FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE

Dec 15, 2025Ravie LakshmananVulnerability / Software Security Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including a critical flaw that could result in an authentication bypass under certain… 

Read More »FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE
Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector

Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector

Dec 15, 2025Ravie LakshmananMalware / Cybercrime Cybersecurity researchers have disclosed details of an active phishing campaign that’s targeting a wide range of sectors in Russia with phishing emails that deliver Phantom Stealer via malicious ISO… 

Read More »Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector
VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption

VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption

Dec 15, 2025Ravie LakshmananRansomware / Cybercrime The pro-Russian hacktivist group known as CyberVolk (aka GLORIAMIST) has resurfaced with a new ransomware-as-a-service (RaaS) offering called VolkLocker that suffers from implementation lapses in test artifacts, allowing users… 

Read More »VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption
CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks

CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks

Dec 13, 2025Ravie LakshmananNetwork Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a high-severity flaw impacting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) catalog, following… 

Read More »CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks
Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild

Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild

Dec 13, 2025Ravie LakshmananZero-Day / Vulnerability Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two security flaws that it said have been exploited… 

Read More »Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild
Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads

Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads

Cybersecurity researchers are calling attention to a new campaign that’s leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access Trojan (RAT) dubbed PyStoreRAT. “These repositories, often themed as development utilities or OSINT… 

Read More »Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads
New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale

New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale

Cybersecurity researchers have documented four new phishing kits named BlackForce, GhostFrame, InboxPrime AI, and Spiderman that are capable of facilitating credential theft at scale. BlackForce, first detected in August 2025, is designed to steal credentials… 

Read More »New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale