CrowdCyber.com 1 month ago

AI in the Driver’s Seat: How the ‘Bissa’ Scanner Hijacked 900+ Firms in Weeks

Daily CyberSecurity

AI in the Driver’s Seat: How the ‘Bissa’ Scanner Hijacked 900+ Firms in Weeks

Dr. Tube’s AI-assisted Bissa scanner exploited 900+ companies using React2Shell (CVE-2025-55182) to steal 30,000 .env files. See the AI-led attac...

CrowdCyber.com 1 month ago

Industrialization of the Fraud Ecosystem Blog

Industrialization of the Fraud Ecosystem Blog

Payment fraud has industrialized, and that's a defensive advantage. Learn how standardized attack infrastructure creates detectable patterns that f...

CrowdCyber.com 1 month ago

Bitwarden CLI npm package compromised to steal developer credentials

BleepingComputer

Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing paylo...

CrowdCyber.com 1 month ago

Tropic Trooper APT Takes Aim at Home Routers, Japanese Targets https://www.darkreading.com/threat-intelligence/tropic-trooper-apt-takes-aim-home-routers-japanese-targets

CrowdCyber.com 1 month ago

Trigona ransomware attacks use custom exfiltration tool to steal data

BleepingComputer

Trigona ransomware attacks use custom exfiltration tool to steal data

Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised environments faster and more effi...

CrowdCyber.com 1 month ago

Mailcow Critical Alert: Unauthenticated XSS Threatens Admin Takeover

Daily CyberSecurity

Mailcow Critical Alert: Unauthenticated XSS Threatens Admin Takeover

Unauthenticated attackers can hijack mailcow admin sessions via a critical CVSS 9.3 Stored XSS in Autodiscover logs. Patch to version 2026-03b imme...

CrowdCyber.com 1 month ago

In the Wild: Information Disclosure (CVE-2026-20133) Exploited in Cisco SD-WAN Manager

Daily CyberSecurity

In the Wild: Information Disclosure (CVE-2026-20133) Exploited in Cisco SD-WAN Manager

Cisco warns of active exploitation for CVE-2026-20133 in Catalyst SD-WAN Manager. Unauthenticated attackers can leak OS data. Patch by April 24, 2026.

CrowdCyber.com 1 month ago

Exploits Turn Windows Defender Into Attacker Tool https://www.darkreading.com/cyberattacks-data-breaches/exploits-turn-windows-defender-attacker-tool

CrowdCyber.com 1 month ago

DPRK Fake Job Scams Self-Propagate in 'Contagious Interview' https://www.darkreading.com/cyberattacks-data-breaches/dprk-fake-job-scams-self-propagate-contagious-interview

CrowdCyber.com 1 month ago

'The Gentlemen' Rapidly Rises to Ransomware Prominence https://www.darkreading.com/threat-intelligence/gentlemen-rapidly-rise-ransomware

CrowdCyber.com 1 month ago

'Zealot' Shows What AI's Capable of in Staged Cloud Attack https://www.darkreading.com/cyber-risk/zealot-shows-ai-execute-full-cloud-attacks

CrowdCyber.com 1 month ago

Malicious trading website drops malware that hands your browser to attackers

Malwarebytes

Malicious trading website drops malware that hands your browser to attackers

A fake TradingView AI agent site leads to malware that can take over your browser, steal your accounts and financial data, and open the door to fur...

CrowdCyber.com 1 month ago

Google Fixes Critical RCE Flaw in AI-Based 'Antigravity' Tool https://www.darkreading.com/vulnerabilities-threats/google-fixes-critical-rce-flaw-ai-based-antigravity-tool

CrowdCyber.com 1 month ago

Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk https://www.darkreading.com/cyberattacks-data-breaches/surge-bomgar-rmm-exploitation-demonstrates-supply-chain-risk

CrowdCyber.com 1 month ago

Kyber ransomware gang toys with post-quantum encryption on Windows

BleepingComputer

Kyber ransomware gang toys with post-quantum encryption on Windows

A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints in recent attacks, with one variant implementing Kyber1024 ...

CrowdCyber.com 1 month ago

PTC Windchill Product Lifecycle Management

Karma-X

PTC Windchill Product Lifecycle Management

PTC Windchill's CVE‑2026‑4681: a critical deserialization flaw that can give attackers remote code execution—here's what you need to know.

CrowdCyber.com 1 month ago

Critical 9.1 SSTI Flaws Unmasked in Thymeleaf Template Engine

Daily CyberSecurity

Critical 9.1 SSTI Flaws Unmasked in Thymeleaf Template Engine

Thymeleaf 3.1.4 fixes two critical 9.1 CVSS vulnerabilities. Unauthenticated attackers can bypass security for SSTI. Audit your user input and patc...

CrowdCyber.com 1 month ago

Critical 9.4 CVSS RCE Flaws in n8n Turn Workflows into Backdoors

Karma-X

Critical 9.4 CVSS RCE Flaws in n8n Turn Workflows into Backdoors

Critical n8n RCE vulnerabilities expose workflows to backdoors—patch now.

CrowdCyber.com 1 month ago

Every Old Vulnerability Is Now an AI Vulnerability https://www.darkreading.com/vulnerabilities-threats/every-old-vulnerability-ai-vulnerability

CrowdCyber.com 1 month ago

A fake Slack download is giving attackers a hidden desktop on your machine

Malwarebytes

A fake Slack download is giving attackers a hidden desktop on your machine

This trojanized Slack installer looks normal, but quietly gives attackers an invisible desktop to access your accounts and data. We take a deep div...