The Hacker News

Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution

Critical CVE-2026-2329 flaw in Grandstream GXP1600 VoIP phones enables unauthenticated RCE, call interception, and credential theft.
Searchenginejournal.com

WooCommerce WordPress Plugin Exploit Enables Fraudulent Charges

The WooCommerce Square plugin enables WordPress sites to accept payments through the Square POS, as well as synchronize product inventory data between Square and WooCommerce. Square plugin enables a ...
CoinTelegraph

Trust Wallet will cover $7M lost in Christmas Day hack, CZ says

The malicious Trust Wallet extension has also been exporting users’ personal information, pointing to potential insider activity, according to cybersecurity company SlowMist. Trust Wallet users lost ...
CoinDesk

Balancer DAO Starts Discussing $8M Recovery Plan After $110M Exploit Cut TVL by Two-Thirds

Weeks after suffering a major exploit that drained over $110 million from its Balancer v2 vaults, Balancer DAO has begun discussing a plan to distribute roughly $8 million in recovered assets to ...
Liliputing

Lilbits: iPad-style multitasking on iPhones, and maybe Lenovo didn’t leak any Android PC plans after all

Last week news started to make the rounds that Lenovo has published a web page spelling out the pros (and many cons) of PCs running Android. But Lenovo has since removed that website and claimed that ...
TWCN Tech News

How to configure SMTP server in Windows Server Step by Step

Configuring an SMTP (Simple Mail Transfer Protocol) server on Windows Server is a common task for system administrators who need to enable applications or websites to send email messages. Unlike a ...
Bleeping Computer

Windows Server emergency patches fix WSUS bug with PoC exploit

Microsoft has released out-of-band (OOB) security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with publicly available proof-of-concept exploit code. WSUS is ...
The Hacker News

Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year

Threat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for more than a year. The activity, per ReliaQuest, is the ...
TechSpot

This disposable vape just became a "smokin' fast" web server

Editor's take: Vapes aren't what they were a few years ago. Some now sport screens ranging from the basic – displaying charge and approximate puffs left – to elaborate LEDs showing brand logos with ...
Hackaday

Hosting A Website On A Disposable Vape

For the past years people have been collecting disposable vapes primarily for their lithium-ion batteries, but as these disposable vapes have begun to incorporate more elaborate electronics, these too ...
CoinDesk

Bunni DEX Halts Smart Contracts After Exploit Drains $8.4M Across Chains

Bunni, a decentralized exchange built on Uniswap v4’, paused all smart contract functions after a security breach drained an estimated $8.4 million in crypto. Bunni’s developers have suspended all ...