CrowdCyber.com 1 week ago

Second Round of Critical RCE Bugs in n8n Spikes Corporate Risk

Dark Reading

Second Round of Critical RCE Bugs in n8n Spikes Corporate Risk

A new around of vulnerabilities in the popular AI automation platform could let attackers hijack servers and steal credentials, allowing full takeo...

CrowdCyber.com 1 week ago

“SessionReaper” Harvests Roots: Mass Exploitation Campaign Hits Over 200 Magento Sites

Daily CyberSecurity

"SessionReaper" Harvests Roots: Mass Exploitation Campaign Hits Over 200 Magento Sites

"SessionReaper" (CVE-2025-54236) targets Magento stores. Attackers use zombie tokens to gain root access. 200+ sites compromised. Patch now.

CrowdCyber.com 1 week ago

“Update” to Nightmare: eScan Antivirus Hacked to Distribute Malware

Daily CyberSecurity

"Update" to Nightmare: eScan Antivirus Hacked to Distribute Malware

Critical supply chain attack hits eScan antivirus. Hackers hijacked updates to install malware and disable the AV. Manual patch required.

CrowdCyber.com 1 week ago

Cluster Admin for All: Critical Kyverno Flaw (CVSS 10) Shatters Isolation

Daily CyberSecurity

Cluster Admin for All: Critical Kyverno Flaw (CVSS 10) Shatters Isolation

Critical Kyverno flaw CVE-2026-22039 (CVSS 10) allows policy creators to gain cluster admin rights. Update to v1.16.3 to fix privilege escalation &...

CrowdCyber.com 1 week ago

Ivanti warns of two EPMM flaws exploited in zero-day attacks

BleepingComputer

Ivanti warns of two EPMM flaws exploited in zero-day attacks

Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were e...

CrowdCyber.com 1 week ago

Exploited in the Wild: Critical Ivanti EPMM RCE Flaws (CVSS 9.8) Under Attack

Daily CyberSecurity

Exploited in the Wild: Critical Ivanti EPMM RCE Flaws (CVSS 9.8) Under Attack

Ivanti confirms critical EPMM RCE flaws (CVE-2026-1281) are exploited in the wild. Unauthenticated attackers can compromise MDM. Patch immediately.

CrowdCyber.com 1 week ago

Hugging Face abused to spread thousands of Android malware variants

BleepingComputer

Hugging Face abused to spread thousands of Android malware variants

A new Android malware campaign is using the Hugging Face platform as a repository for thousands of variations of an APK payload that collects crede...

CrowdCyber.com 1 week ago

Google disrupts IPIDEA residential proxy networks fueled by malware

BleepingComputer

Google disrupts IPIDEA residential proxy networks fueled by malware

IPIDEA, one of the largest residential proxy networks used by threat actors, was disrupted earlier this week by Google Threat Intelligence Group (G...

CrowdCyber.com 1 week ago

New sandbox escape flaw exposes n8n instances to RCE attacks

BleepingComputer

New sandbox escape flaw exposes n8n instances to RCE attacks

Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, an...

CrowdCyber.com 1 week ago

Aisuru botnet sets new record with 31.4 Tbps DDoS attack

BleepingComputer

Aisuru botnet sets new record with 31.4 Tbps DDoS attack

The Aisuru/Kimwolf botnet launched a new massive distributed denial of service (DDoS) attack in December 2025, peaking at 31.4 Tbps and 200 million...

CrowdCyber.com 1 week ago

Watch out for AT&T rewards phishing text that wants your personal details

Malwarebytes

Watch out for AT&T rewards phishing text that wants your personal details

Recently, we uncovered a realistic, multi-layered data theft phishing campaign targeting AT&T customers.

CrowdCyber.com 1 week ago

AIs are Getting Better at Finding and Exploiting Internet Vulnerabilities

Schneier on Security

AIs are Getting Better at Finding and Exploiting Internet Vulnerabilities - Schneier on Security

Really interesting blog post from Anthropic: In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at mu...

CrowdCyber.com 1 week ago

CVE-2026-24765: PHPUnit Vulnerability Exposes CI/CD Pipelines to RCE https://securityonline.info/cve-2026-24765-phpunit-vulnerability-exposes-ci-cd-pipelines-to-rce/

CrowdCyber.com 1 week ago

CVE-2026-24002: Critical Sandbox Escape Turns Grist Spreadsheets into RCE Weapons https://securityonline.info/cve-2026-24002-critical-sandbox-escape-turns-grist-spreadsheets-into-rce-weapons/

CrowdCyber.com 1 week ago

High-Severity IDOR Flaw Lets Admins Hijack TP-Link Omada Owner Accounts https://securityonline.info/high-severity-idor-flaw-lets-admins-hijack-tp-link-omada-owner-accounts/

CrowdCyber.com 1 week ago

Spies in the Spreadsheet: “Sheet Attack” Uses Google Sheets & AI to Target India https://securityonline.info/spies-in-the-spreadsheet-sheet-attack-uses-google-sheets-ai-to-target-india/

CrowdCyber.com 1 week ago

"Open sesame": Critical vulnerabilities in dormakaba physical access control system enable unlocking arbitrary doors https://www.reddit.com/r/netsec/comments/1qncvtn/open_sesame_critical_vulnerabilities_in_dormakaba/

CrowdCyber.com 1 week ago

Initial access hackers switch to Tsundere Bot for ransomware attacks

BleepingComputer

Initial access hackers switch to Tsundere Bot for ransomware attacks

A prolific initial access broker tracked as TA584 has been observed using the Tsundere Bot alongside XWorm remote access trojan to gain network acc...

CrowdCyber.com 1 week ago

Who Operates the Badbox 2.0 Botnet?

Who Operates the Badbox 2.0 Botnet? – Krebs on Security

CrowdCyber.com 1 week ago

Vibe-Coded 'Sicarii' Ransomware Can't Be Decrypted

Dark Reading

Vibe-Coded

A new ransomware strain that entered the scene last year has poorly designed code and uses Hebrew language that might be a false flag.