Dark Reading

Critical Grandstream VoIP Bug Highlights SMB Security Blind Spot

CVE-2026-2329 allows unauthenticated root-level access to SMB phones, so attackers can intercept calls, commit toll fraud, and impersonate users.
The Hacker News

Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution

Critical CVE-2026-2329 flaw in Grandstream GXP1600 VoIP phones enables unauthenticated RCE, call interception, and credential ...
SecurityWeek

New Paper and Tool Help Security Teams Move Beyond Blind Reliance on CISA’s KEV Catalog

The cybersecurity of business is not the function of CISA. CISA’s remit is to raise the security of FECB agencies, and KEV is ...
Dark Reading

Data Tool to Triage Exploited Vulnerabilities Can Make KEV More Useful

KEV Collider combines data from multiple open source vulnerability frameworks to help cybersecurity teams assess which issues ...
PCQuest on MSN

One command, full recon: Why AutoPentestX matters for Linux pentesters

Many times when performing penetration tests, there is no lack of tools for conducting penetration testing, but rather the issue relates to performing penetration testing in a fractured way.
HotHardware

Millions At Risk As Attackers Exploit This Alarming WinRAR Security Flaw

Remember the WinRAR path handling exploit we reported on back in August? According to Google, that same flaw, officially dubbed CVE-2025-8088, is still being actively exploited, even though versions ...
CoinTelegraph

Truebit exploit exposes smart-contract flaw behind $26M token mint

Truebit lost $26 million after a smart-contract overflow bug let an attacker mint tokens at near-zero cost, sending the TRU price down 99%. A $26 million exploit of the offline computation protocol ...
Game Rant

ARC Raiders Players Have Found a New Exploit That Gives PC Player an Unfair Advantage

Pam's Colecovision was her babysitter, from the age of 4 or 5, but the family only had one game. Over and over, hour after hour, she'd climb and jump through the three levels of Donkey Kong. But the ...
PC Gamer

Action RPG players will exploit anything in the name of efficiency, which is why Path of Exile 2 players are locking themselves in the campaign for profit

Third Person Shooter I wish I wasn't missing out on new quests in Arc Raiders just because I'm not willing to grind the old ones every two months Third Person Shooter Arc Raiders dishes out a hotfix, ...
CSOonline

Webrat turns GitHub PoCs into a malware trap

Security professionals hunting PoCs and exploit code on GitHub might soon walk into a trap, as attackers redirect a known RAT toward them. Researchers have uncovered a stealthy campaign in which the ...
Forbes

Cisco Secure Email Attacks: 0-Day Exploit Confirmed, No Fix Available

“There are no workarounds identified that directly mitigate the risk concerning this attack campaign,” is not what you want to read, having just been informed of a zero-day exploit concerning a Common ...
HHS

Exploit Attempts Surge for React2Shell

Hacker interest is high in a days-old vulnerability in widely used web application framework React, with dozens of organizations already falling victim to it, cybersecurity experts warn. See Also: ...