Hackers are exploiting a vulnerability in the Gravity SMTP WordPress plugin to extract configuration data, including API keys ...

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Every security team’s nightmare came true over the weekend: a ...

A security researcher has released RoguePlanet, a Windows zero-day exploit leading to local privilege escalation to SYSTEM.

Attackers are exploiting CVE-2026-4020 in Gravity SMTP to leak API keys, OAuth tokens, and system data from WordPress sites.

CVE-2026-48907 in the Joomla JCE plugin lets unauthenticated attackers drop PHP web shells with a single crafted request.

Amazon has announced compensation and a rescheduled event following Throne and Liberty emergency maintenance yesterday. Today, New World: Aeternum also went into an emergency maintenance to squash ...

Zero-day exploits are the ghosts in the machine, silent, invisible, and devastating when they finally make themselves known. Last week, Microsoft confirmed one of the most serious intrusions in recent ...

CrushFTP, a service that provides users with secure file server software, has recently been targeted by hackers. Unfortunately, it seems as if some customers have been compromised, with thousands of ...

Proof-of-concept exploit code is now public for a vulnerability in Microsoft's Remote Registry client that could be used to take control of a Windows domain by downgrading the security of the ...

Microsoft has released out-of-band (OOB) security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with publicly available proof-of-concept exploit code. WSUS is ...