The Hacker News

FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE

FreePBX patched 2025 flaws allowing SQL injection, file upload attacks, and an auth bypass only when webserver AUTHTYPE was ...
Threat Post

Bypass Glitch Allows Malware to Masquerade as Legit Apple Files

Malware can to worm its way onto Macs thanks to a recently discovered code-signing bypass flaw. Masquerading as an official Apple system file sounds like a wonderful way for malware to worm its way ...
Bleeping Computer

Bypassing Windows 10 UAC with mock folders and DLL hijacking

A new technique uses a simplified process of DLL hijacking and mock directories to bypass Windows 10's UAC security feature and run elevated commands without alerting a user. Windows UAC is a ...
TechRadar

Bypass for Windows trusted file label gets unofficial patch

A vulnerability that allowed threat actors to bypass the Windows Mark of the Web (MotW) security mechanism has an unofficial fix thanks to micropatching service 0patch. MoTW automatically flags all ...
Bleeping Computer

New attacks use Windows security bypass zero-day to drop malware

New phishing attacks use a Windows zero-day vulnerability to drop the Qbot malware without displaying Mark of the Web security warnings. When files are downloaded from an untrusted remote location, ...