CrowdCyber.com 2 months ago

Exploited in the Wild: Google Issues Emergency Patch for Chrome Zero-Day (CVE-2026-5281) in Dawn Component

Daily CyberSecurity

Exploited in the Wild: Google Issues Emergency Patch for Chrome Zero-Day (CVE-2026-5281) in Dawn Component

Google warns that CVE-2026-5281 is currently being exploited in the wild. Update Chrome to version 146.0.7680.177 immediately to fix this high-seve...

CrowdCyber.com 2 months ago

Hackers compromise Axios npm package to drop cross-platform malware

BleepingComputer

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Li...

CrowdCyber.com 2 months ago

LangDrained: Path traversal, SQL injection, and Deserialization of untrusted data in LangChain

Reddit - Please wait for verification

CrowdCyber.com 2 months ago

TrueChaos: The TrueConf Zero-Day That Turned Secure Updates Into a Government Espionage Backdoor

Daily CyberSecurity

TrueChaos: The TrueConf Zero-Day That Turned Secure Updates Into a Government Espionage Backdoor

Check Point reveals "TrueChaos," an espionage campaign exploiting a TrueConf zero-day (CVE-2026-3502) to drop malware via fake updates. Patch to 8....

CrowdCyber.com 2 months ago

One POST request, six API keys: breaking into popular MCP servers

Reddit - Please wait for verification

CrowdCyber.com 2 months ago

PSA: That 'Disable NTLMv1' GPO you set years ago? It’s lying to you. LmCompatibilityLevel set to 5 is not enough.

Reddit - Please wait for verification

CrowdCyber.com 2 months ago

TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials https://www.darkreading.com/cloud-security/teampcp-breaches-cloud-saas-instances-stolen-credentials

CrowdCyber.com 2 months ago

Critical 9.3 CVSS RCE Vulnerability Hit in OpenTelemetry Java Agent

Daily CyberSecurity

Critical 9.3 CVSS RCE Vulnerability Hit in OpenTelemetry Java Agent

OpenTelemetry patches a critical 9.3 RCE flaw (CVE-2026-33701) in its Java agent. Unfiltered RMI deserialization allows full system takeover. Updat...

CrowdCyber.com 2 months ago

Critical CrewAI Vulnerabilities Allow RCE and Sandbox Escapes via Prompt Injection

Daily CyberSecurity

Critical CrewAI Vulnerabilities Allow RCE and Sandbox Escapes via Prompt Injection

CERT/CC warns of critical flaws in CrewAI. Insecure fallbacks and prompt injection enable RCE and SSRF. No full patch yet—learn how to secure you...

CrowdCyber.com 2 months ago

The 25-Second Heist: Inside FAUX#ELEVATE’s “Inflated” Phishing Attack on French Corporations https://securityonline.info/faux-elevate-malware-campaign-french-corporate-phishing/

CrowdCyber.com 2 months ago

The Instant Weaponization of Oracle’s 10.0 CVSS “Zero-Day-Like” Flaw https://securityonline.info/oracle-weblogic-rce-vulnerability-cve-2026-21962-exploitation/

CrowdCyber.com 2 months ago

The Malware That Chats Back: Inside G DATA’s Real-Time Notepad Encounter with the “Kiss Loader” Author https://securityonline.info/kiss-loader-malware-notepad-chat-early-bird-injection-analysis/

CrowdCyber.com 2 months ago

AI-Powered Dependency Decisions Introduce, Ignore Security Bugs https://www.darkreading.com/application-security/ai-powered-dependency-decisions-security-bugs

CrowdCyber.com 2 months ago

Axios Under Siege: Critical npm Supply Chain Attack Hijacks Lead Maintainer to Drop Multi-Platform RAT

Daily CyberSecurity

Axios Under Siege: Critical npm Supply Chain Attack Hijacks Lead Maintainer to Drop Multi-Platform RAT

Axios versions 1.14.1 & 0.30.4 have been poisoned. A hijacked maintainer account is dropping a RAT via postinstall scripts. Revert to safe versions...

CrowdCyber.com 2 months ago

AI-Powered 'DeepLoad' Malware Steals Credentials, Evades Detection https://www.darkreading.com/cyberattacks-data-breaches/ai-powered-deepload-steals-credentials-evades-detection

CrowdCyber.com 2 months ago

Scriban’s “Leaky” Cache: A 9.1 CVSS Sandbox Escape Hits 40 Million .NET Installs

Daily CyberSecurity

Scriban's "Leaky" Cache: A 9.1 CVSS Sandbox Escape Hits 40 Million .NET Installs

Scriban’s 9.1 CVSS flaw allows sandbox escapes in .NET apps via a cache bypass. Over 40M downloads affected. Update to version 7.0.0 to secure yo...

CrowdCyber.com 2 months ago

The 30-Year Glitch: RCE and ARM Exploits Uncovered in libpng Reference Library https://securityonline.info/libpng-vulnerability-rce-arm-neon-cve-2026-33636-cve-2026-33416/

CrowdCyber.com 2 months ago

The Weakest Link: Popular Node.js Config Library “Convict” Hit by Prototype Pollution

Daily CyberSecurity

The Weakest Link: Popular Node.js Config Library "Convict" Hit by Prototype Pollution

Node-convict (CVE-2026-33864) faces a 9.4 CVSS Prototype Pollution flaw. Bypass filters and hijack Node.js apps. Update to version 6.2.5 now to sta...

CrowdCyber.com 2 months ago

High-Severity RCE Discovered in Foreman’s WebSocket Proxy https://securityonline.info/foreman-rce-vulnerability-cve-2026-1961-command-injection/

CrowdCyber.com 2 months ago

Critical Fortinet Forticlient EMS flaw now exploited in attacks

BleepingComputer

Critical Fortinet Forticlient EMS flaw now exploited in attacks

Attackers are now actively exploiting a critical vulnerability in Fortinet's FortiClient EMS platform, according to threat intelligence compan...