Mail2Shell zero-click attack lets hackers hijack FreeScout mail servers

A maximum severity vulnerability in the FreeScout helpdesk platform allows hackers to achieve remote code execution without any user interaction or authentication.
Hackaday

This Week In Security: Getting Back Up To Speed

Over the course of nearly 300 posts, Jonathan Bennett set a very high bar for this column, so we knew it needed to be placed in the hands of somebody who could do it justice.

Wikipedia hit by self-propagating JavaScript worm that vandalized pages

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis.
India West

Cyber Chief Madhu Gottumukkala Investigated For Uploading Files On ChatGPT

WASHINGTON, DC – The acting head of the nation’s cyber defense agency, Madhu Gottumukkala, uploaded sensitive government contracting material into a publicly accessible version of ChatGPT last summer, ...