Bleeping Computer

New CrushFTP zero-day exploited in attacks to hijack servers

CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on ...
Bleeping Computer

Twilio denies breach following leak of alleged Steam 2FA codes

Twilio has denied in a statement for BleepingComputer that it was breached after a threat actor claimed to be holding over 89 million Steam user records with one-time access codes. The threat actor, ...