Hackers exploited CVE-2025-64328, a FreePBX command injection vulnerability, to infect hundreds of instances with web shells.

Over 900 FreePBX systems remain infected after CVE-2025-64328 exploitation, now listed in CISA KEV amid active attacks.

Hardware manufacturer Zyxel quietly released an update fixing a critical vulnerability that gives hackers the ability to control tens of thousands of firewall devices remotely. The vulnerability, ...

Spam and several of the most common vulnerabilities are on the decline, according to a report issued this week, but there has been a marked increase in new types of attacks, such as shell command ...

The Salt Project has issued a secondary fix for a command injection vulnerability after the first attempt to patch the issue partially failed. The vulnerability, tracked as CVE-2020-28243, impacts ...

A new variant of the Mirai-based botnet malware Aquabot has been observed actively exploiting CVE-2024-41710, a command injection vulnerability in Mitel SIP phones. The activity was discovered by ...

Threat actors can exploit a security vulnerability in the Rust standard library to target Windows systems in command injection attacks. GitHub rated this vulnerability as critical severity with a ...

A command injection flaw in the Windows Notepad App now gives remote attackers a path to execute code over a network, turning ...

OpenClaw jumped from 1,000 to 21,000 exposed deployments in a week. Here's how to evaluate it in Cloudflare's Moltworker sandbox for $10/month — without touching your corporate network.