The Hacker News

FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE

FreePBX patched 2025 flaws allowing SQL injection, file upload attacks, and an auth bypass only when webserver AUTHTYPE was ...

Roblox ban sparks protests in Russia

Russia banned Roblox earlier this month over concerns that it is "rife with inappropriate content that can negatively impact ...
CSO Online

CISA orders immediate patching as GeoServer flaw faces active exploitation

Federal agencies told to fix critical XXE vulnerability (CVE-2025-58360) in GeoServer after attackers gain a head start.
SecurityWeek

Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw

Apple has patched two zero-days tracked as CVE-2025-14174 and CVE-2025-43529, the former impacting Chrome and other browsers.

iOS 26.2—Update Now Warning Issued To All iPhone Users

Apple has released iOS 26.2, fixing 26 iPhone flaws, two of which are already being used in real-life attacks. Here's what ...
The Hacker News

Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild

Apple fixes two exploited WebKit bugs targeting specific users, issuing security updates across iOS, macOS, and Safari.