The Hacker News

FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE

FreePBX patched 2025 flaws allowing SQL injection, file upload attacks, and an auth bypass only when webserver AUTHTYPE was ...

Stop using ChatGPT for everything: I use these AI models for research, coding, and more (and which I avoid)

Obsessing over model version matters less than workflow.

OpenAI built an AI coding agent and uses it to improve the agent itself

With the popularity of AI coding tools rising among some software developers, their adoption has begun to touch every aspect ...
Infosecurity Magazine

Malware Discovered in 19 Visual Studio Code Extensions

A new campaign involving 19 malicious Visual Studio Code extensions used a legitimate npm package to embed malware in ...

Hackers exploit unpatched Gogs zero-day to breach 700 servers

An unpatched zero-day vulnerability in Gogs, a popular self-hosted Git service, has enabled attackers to gain remote code ...
The Hacker News

WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor

WIRTE expands AshTag espionage operations, using phishing & DLL sideloading to target Middle East govts with persistent ...