Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances.
“When an authenticated Voyager user clicks on a malicious link, attackers can execute arbitrary code on the server,” Sonar researcher Yaniv Nizry said in a write-up published earlier this week.

The

Amateurish financial scams are common across Africa, and Namibia’s influential former first lady, Monica Geingos, has emerged as a particularly effective host body for these messages.

While Microsoft has boosted the security of Windows Print Spooler in the three years since the disclosure of the PrintNightmare vulnerability, the service remains a spooky threat that organizations cannot afford to ignore.

A drink inspired by the Ceti eel tops even One Piece Devil Fruit and Jujutsu Kaisen cursed hand churros.

It was just one of many questions that Kennedy seemed unprepared to answer during his Senate confirmation hearing.

The threat actor is using a sophisticated network of VPNs and proxies to centrally manage command and control servers from Pyongyang.

Phyllis Fong was heading up an investigation into Elon Musk’s Neuralink.

The drubbing of the Michelle Yeoh-led streaming film now holds a dubious title—one that reflects something much more interesting than simple schadenfreude.

A new variant of the Mirai-based botnet Aquabot targets vulnerable Mitel SIP phones to recruit them into a DDoS botnet. Akamai researchers spotted a new variant of the Mirai-based botnet Aquabot that is targeting vulnerable Mitel SIP phones. Aquabot is a Mirai-based botnet designed for DDoS attacks. Named after the “Aqua” filename, it was first […]

VulnCheck initially disclosed the critical command-injection vulnerability (CVE-2024-40891) six months ago, but Zyxel has yet to mention its existence or offer users a patch to mitigate threats.