Tool: AST-based security scanner for AI-generated code (MCP server)
https://www.reddit.com/r/netsec/comments/1qxm75b/tool_astbased_security_scanner_for_aigenerated/
CrowdCyber
npub1xm6q...7acu
Revolutionizing and Democratizing Cybersecurity
Apple Pay phish uses fake support calls to steal payment details
Malwarebytes
Apple Pay phish uses fake support calls to steal payment details
This Apple Pay phishing campaign is designed to funnel victims into fake Apple Support calls, where scammers steal payment details.
EnCase Driver Weaponized as EDR Killers Persist
Dark Reading
EnCase Driver Weaponized as EDR Killers Persist
The forensic tool
CISA warns of SmarterMail RCE flaw used in ransomware attacks
BleepingComputer
CISA warns of SmarterMail RCE flaw used in ransomware attacks
The Cybersecurity & Infrastructure Security Agency (CISA) in the U.S. has issued a warning about CVE-2026-24423, an unauthenticated remote code exe...
The Invisible Proxy: NGINX Hijacked for Silent SEO Poisoning
Daily CyberSecurity
The Invisible Proxy: NGINX Hijacked for Silent SEO Poisoning
Hackers are hijacking NGINX servers via malicious config injections. Datadog warns of silent traffic redirection for SEO poisoning. Check your prox...
CVE-2025-13375: Critical IBM Crypto Flaw (CVSS 9.8) Exposes HSMs
Daily CyberSecurity
CVE-2025-13375: Critical IBM Crypto Flaw (CVSS 9.8) Exposes HSMs
IBM warns of critical flaw CVE-2025-13375 (CVSS 9.8) in CCA software. Unauthenticated attackers can hijack HSMs. Update to v7.5.53/v8.4.84 now.
DKnife Linux toolkit hijacks router traffic to spy, deliver malware
BleepingComputer
DKnife Linux toolkit hijacks router traffic to spy, deliver malware
A newly discovered toolkit called DKnife has been used since 2019 to hijack traffic at the edge-device level and deliver malware in espionage campa...
Open the wrong “PDF” and attackers gain remote access to your PC
Malwarebytes
Open the wrong “PDF” and attackers gain remote access to your PC
The DEAD#VAX campaign tricks users into installing AsyncRAT by disguising a virtual hard disk as a PDF attachment.
Macs Under Siege: New Infostealers Spread via WhatsApp & Fake Apps
Daily CyberSecurity
Macs Under Siege: New Infostealers Spread via WhatsApp & Fake Apps
Microsoft warns: Infostealers now target macOS & use WhatsApp worms. "Eternidade" & "Crystal PDF" steal credentials via cross-platf...
CrashFix: New ClickFix Variant Deliberately Breaks Browsers to Deploy RAT
Daily CyberSecurity
CrashFix: New ClickFix Variant Deliberately Breaks Browsers to Deploy RAT
Microsoft warns of "CrashFix": malicious extensions crash browsers to trick users into running a "fix" that installs a RAT. Beware ...
“PDF” Poison: Popular JavaScript Library Patches Critical Injection and Crash Flaws
Daily CyberSecurity
"PDF" Poison: Popular JavaScript Library Patches Critical Injection and Crash Flaws
Critical jsPDF flaws (CVE-2026-24133) allow XSS & DoS via malicious BMPs. Update to v4.1.0 immediately to prevent browser crashes and code injection.
Ransomware gang uses ISPsystem VMs for stealthy payload delivery
BleepingComputer
Ransomware gang uses ISPsystem VMs for stealthy payload delivery
Ransomware operators are hosting and delivering malicious payloads at scale by abusing virtual machines (VMs) provisioned by ISPsystem, a legitimat...
Phantom in the Machine: Inside Salt Typhoon’s “SnappyBee” Backdoor
Daily CyberSecurity
Phantom in the Machine: Inside Salt Typhoon’s "SnappyBee" Backdoor
Darktrace dissects SnappyBee (Deed RAT), a stealthy Salt Typhoon backdoor. Learn how it uses DLL side-loading & memory hooking to evade modern AV.
Popular n8n Platform Hit by Triple Threat of RCE Flaws
Daily CyberSecurity
Popular n8n Platform Hit by Triple Threat of RCE Flaws
Critical n8n flaws (CVE-2026-25053, 25056) allow attackers to hijack servers via Git & Merge nodes. Update to v2.5.0 now to prevent RCE.
Stealth Injection: Silver Fox APT Upgrades “ValleyRat” with Rare PoolParty Tech
Daily CyberSecurity
Stealth Injection: Silver Fox APT Upgrades "ValleyRat" with Rare PoolParty Tech
Silver Fox APT targets users with fake LINE installers delivering ValleyRat. New campaign uses rare "PoolParty" injection to evade detection.
CISA warns of five-year-old GitLab flaw exploited in attacks
BleepingComputer
CISA warns of five-year-old GitLab flaw exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems against a five-year-old GitLab ...
'Semantic Chaining' Jailbreak Dupes Gemini Nano Banana, Grok 4
Dark Reading
'Semantic Chaining' Jailbreak Dupes Gemini Nano Banana, Grok 4
If an attacker splits a malicious prompt into discrete chunks, some large language models (LLMs) will get lost in the details and miss the true int...
Supply Chain Poison: Lotus Blossom Hits Notepad++ to Deploy “Chrysalis”
Daily CyberSecurity
Supply Chain Poison: Lotus Blossom Hits Notepad++ to Deploy "Chrysalis"
Lotus Blossom compromises Notepad++ infrastructure to deploy "Chrysalis" malware. Rapid7 reveals the group using Microsoft Warbird to evade...
CISA: VMware ESXi flaw now exploited in ransomware attacks
BleepingComputer
CISA: VMware ESXi flaw now exploited in ransomware attacks
CISA confirmed on Wednesday that ransomware gangs have begun exploiting a high-severity VMware ESXi sandbox escape vulnerability that was used in z...
EDR killer tool uses signed kernel driver from forensic software
BleepingComputer
EDR killer tool uses signed kernel driver from forensic software
Hackers are abusing a legitimate but long-revoked EnCase kernel driver in an EDR killer that can detect 59 security tools in attempts to deactivate...