SecurityWeek

900 Sangoma FreePBX Instances Infected With Web Shells

Hackers exploited CVE-2025-64328, a FreePBX command injection vulnerability, to infect hundreds of instances with web shells.
The Hacker News

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

While the Windows maker did not attribute the activity to a specific threat actor, the use of VS Code tasks and Vercel ...
CSO Online

Your personal OpenClaw agent may also be taking orders from malicious websites

A critical OpenClaw flaw allowed malicious websites to connect to locally running agents, brute-force passwords without ...
TMCnet

Oasis Security Research Team Discovers Critical Vulnerability in OpenClaw

Responsible Disclosure and Fix Oasis Security reported this vulnerability to the OpenClaw security team with full technical details, root cause analysis, and proof-of-concept code. The team classified ...