本周 Metasploit 框架的最新更新为渗透测试人员和红队成员带来重大增强，新增了七个针对常用企业软件的漏洞利用模块。本次更新的亮点包括三个针对 FreePBX 的复杂模块，以及针对 Cacti 和 SmarterMail 的关键远程代码执行（RCE）功能。 此次更新凸显了通过将认证绕 ...

Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native to deliver malicious payloads for Windows and Linux. On Windows, an ...

Six zero-day flaws being exploited are now patched — users urged to update immediately Microsoft’s Patch Tuesday release addresses roughly 60 vulnerabilities overall. Microsoft has confirmed that ...

Ukraine’s Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026-21509, a recently patched vulnerability in multiple versions of Microsoft Office. On January 26, ...

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. This voice experience is generated by AI. Learn more. This ...

Amaranth Dragon, linked to APT41, joins groups exploiting WinRAR CVE-2025-8088 Targets include organizations across Southeast Asia, using custom loaders and Cloudflare-masked servers Vulnerability ...

Russian-state hackers wasted no time exploiting a critical Microsoft Office vulnerability that allowed them to compromise the devices inside diplomatic, maritime, and transport organizations in more ...

A hacking campaign took just days to exploit a newly disclosed security vulnerability in Microsoft Windows version of WinRAR, researchers at Check Point have said. The attackers leveraged ...

Russian-linked hacking group Fancy Bear (APT28) has reportedly exploited a recently disclosed vulnerability in Microsoft Office to conduct cyber-attacks against Ukrainian and EU organizations. The ...

Infrastructure delivering updates for Notepad++—a widely used text editor for Windows—was compromised for six months by suspected China-state hackers who used their control to deliver backdoored ...