CISA added FileZen CVE-2026-25108 (CVSS 8.7) to its KEV catalog after active exploitation, affecting versions 4.2.1–4.2.8 and 5.0.0–5.0.10.

Hackers exploited CVE-2025-64328, a FreePBX command injection vulnerability, to infect hundreds of instances with web shells.

A command injection flaw in the Windows Notepad App now gives remote attackers a path to execute code over a network, turning one of the most familiar programs on any PC into a potential entry point ...

Zyxel fixes a handful of worrying router flaws ...

Over 900 FreePBX systems remain infected after CVE-2025-64328 exploitation, now listed in CISA KEV amid active attacks.

Two other flaws were patched by the virtualization vendor, impacting Cloud Foundation, Telco Cloud Platform, and Telco Cloud Infrastructure as well.

Update: In a statement to ZDNet, Fortinet criticized Rapid7 for releasing the study and said a patch would be released by the end of the month. "The security of our customers is always our first ...

Zyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauthenticated attackers to perform OS command ...

Technical details and a public exploit have been published for a critical vulnerability affecting Fortinet's Security Information and Event Management (SIEM) solution that could be leveraged by a ...