Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions

11/07/2026 0 Comments 0 tags

Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution. The vulnerability has been described

URGENT – Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat

10/07/2026 0 Comments 0 tags

Progress Software has told ShareFile customers to shut down the Windows servers running their Storage Zone Controllers, confirming to The Hacker News that it is responding to a “credible external

Six New U-Boot Flaws Could Let Malicious Images Crash Devices or Run Code at Boot

10/07/2026 0 Comments 0 tags

Researchers at firmware security firm Binarly have found six new flaws in U-Boot, the small program that starts up hardware as varied as home routers, smart cameras, and the management chips inside

Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages

10/07/2026 0 Comments 0 tags

Unknown threat actors compromised the Injective Labs SDK project’s GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and

Laser Attack Resets Tangem Wallet Passwords on Cards That Can’t Be Patched

10/07/2026 0 Comments 0 tags

Researchers at Ledger’s Donjon security team have shown that a precisely timed laser pulse, aimed at the chip inside a Tangem crypto wallet card, can reset the card’s password to anything the

Researcher Details WhatsApp-to-Host Attack Chain Using Three OpenClaw Flaws

10/07/2026 0 Comments 0 tags

Details have emerged about three now-patched security flaws in the OpenClaw personal artificial intelligence (AI) assistant that, if successfully exploited, could enable credential theft, privilege escalation, and arbitrary code execution

New MODBEACON RAT Uses gRPC Streaming for Encrypted C2 Traffic

10/07/2026 0 Comments 0 tags

The China-linked cybercrime group known as Silver Fox has been attributed to a new Rust-based remote access trojan (RAR) called MODBEACON. Chinese cybersecurity company QiAnXin said that while the threat

Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access

10/07/2026 0 Comments 0 tags

A threat actor has been targeting organizations spanning multiple sectors with voice-based fake security requests that prompt Microsoft 365 users to enroll a new Entra passkey with an aim to

Study of 281 Free Android VPN Apps Finds Traffic Leaks, Unencrypted Data, and Tracking

10/07/2026 0 Comments 0 tags

Researchers ran 281 of the most popular free VPN apps on the Google Play Store through a new testing system and found that many fail at the basics people install

Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites

10/07/2026 0 Comments 0 tags

A cybercrime crew left one of its own servers wide open on the internet for three weeks, and it exposed the operation’s inner workings: the hacking tools, the activity logs,