CrowdCyber
npub1xm6q...7acu
Revolutionizing and Democratizing Cybersecurity
Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks
BleepingComputer
Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks
Fortinet has warned customers that threat actors are still actively exploiting a critical FortiOS vulnerability that allows them to bypass two-fact...
Holiday ColdFusion Attacks Reveal Massive 2.5 Million Request Onslaught
Daily CyberSecurity
Holiday ColdFusion Attacks Reveal Massive 2.5 Million Request Onslaught
GreyNoise reveals a massive Japan-based holiday campaign: 2.5 million attacks targeting 767 CVEs to harvest access for ransomware gangs.
“Headphone Jacking”: Critical Flaws in Popular Earbuds Let Hackers Hijack Your Phone
Daily CyberSecurity
"Headphone Jacking": Critical Flaws in Popular Earbuds Let Hackers Hijack Your Phone
ERNW exposes "Headphone Jacking," a critical Airoha RACE flaw in Sony & JBL chips allowing hackers to eavesdrop and hijack connected smartp...
The iOS 26.2 Trap: New WebKit Integer Overflow Discovered with PoC—Is Your iPhone at Risk?
Daily CyberSecurity
The iOS 26.2 Trap: New WebKit Integer Overflow Discovered with PoC—Is Your iPhone at Risk?
Joseph Goydish uncovers a critical integer overflow in iOS 26.2’s WebKit. Proof of Concept shows how attackers can crash browsers or trigger RCE.
“Prefix Swap” Panic: Sophisticated “Jackson” Imposter Infiltrates Maven Central
Daily CyberSecurity
"Prefix Swap" Panic: Sophisticated "Jackson" Imposter Infiltrates Maven Central
Aikido Security uncovers the first sophisticated malware on Maven Central: a "prefix swap" attack on the Jackson library used to steal data.
PoC Released: MongoBleed Exploit Allows Unauthenticated Attackers to Drain MongoDB Memory
Daily CyberSecurity
PoC Released: MongoBleed Exploit Allows Unauthenticated Attackers to Drain MongoDB Memory
MongoBleed (CVE-2025-14847) allows unauthenticated MongoDB memory leaks. With Joe Desimone's PoC released, upgrade to v8.0.17 or v7.0.28 now!
Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed
BleepingComputer
Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed
A severe vulnerability affecting multiple MongoDB versions, dubbed MongoBleed (CVE-2025-14847), is being actively exploited in the wild, with over ...
Integrating Threat Intelligence and Vulnerability Management: A Modern Approach
Integrating Threat Intelligence and Vulnerability Management: A Modern Approach
Learn how combining threat intelligence and vulnerability management creates a modern approach to risk reduction and how Recorded Future integrates...
Massive Rainbow Six Siege breach gives players billions of credits
BleepingComputer
Massive Rainbow Six Siege breach gives players billions of credits
Ubisoft's Rainbow Six Siege (R6) suffered a breach that allowed hackers to abuse internal systems to ban and unban players, manipulate in-game...
Introducing the 2025 State of Threat Intelligence Report: Threat Intelligence Shifts from Defense to Strategy
Introducing the 2025 State of Threat Intelligence Report: Threat Intelligence Shifts from Defense to Strategy
Discover how 43% of security leaders now use threat intelligence for strategic planning. Explore key insights from the 2025 State of Threat Intelli...
The “lc” Leak: Critical 9.3 Severity LangChain Flaw Turns Prompt Injections into Secret Theft
Daily CyberSecurity
The "lc" Leak: Critical 9.3 Severity LangChain Flaw Turns Prompt Injections into Secret Theft
LangChain patches a critical 9.3 CVSS flaw (CVE-2025-68664) where unescaped "lc" keys allow attackers to steal API secrets via prompt injec...
Trust Wallet confirms extension hack led to $7 million crypto theft
BleepingComputer
Trust Wallet confirms extension hack led to $7 million crypto theft
Several users of the Trust Wallet Chrome extension report having their cryptocurrency wallets drained after installing a compromised extension upda...
MongoDB warns admins to patch severe vulnerability immediately
BleepingComputer
MongoDB warns admins to patch severe vulnerability immediately
MongoDB has warned IT admins to immediately patch a high-severity memory-read vulnerability that may be exploited by unauthenticated attackers remo...
Trust Wallet Chrome extension hack tied to millions in losses
BleepingComputer
Trust Wallet confirms extension hack led to $7 million crypto theft
Several users of the Trust Wallet Chrome extension report having their cryptocurrency wallets drained after installing a compromised extension upda...
Critical Flaw in Livewire Exposes Laravel Apps to Stealthy RCE, PoC Releases
Daily CyberSecurity
Critical Flaw in Livewire Exposes Laravel Apps to Stealthy RCE, PoC Releases
Synacktiv unmasks CVE-2025-54068, a critical Livewire hydration flaw, and Livepyre, a tool that achieves RCE even if the APP_KEY is known.
“Silver Fox” Unmasked: Chinese APT Group Impersonates Indian Tax Officials in Targeted Cyber Campaign
Daily CyberSecurity
"Silver Fox" Unmasked: Chinese APT Group Impersonates Indian Tax Officials in Targeted Cyber Campaign
CloudSEK’s TRIAD unmasks Silver Fox APT, a China-linked group using Valley RAT to target India while hiding behind misattributed tax phishing lures.
High-Severity Flaws in TeamViewer DEX Allow Attackers to Hijack Nomad Services
Daily CyberSecurity
High-Severity Flaws in TeamViewer DEX Allow Attackers to Hijack Nomad Services
TeamViewer patches high-severity flaws in its DEX line, including CVE-2025-44016, which allows attackers to bypass file integrity and execute code.
“LotusBail” Trap: 56,000 Developers Downloaded a Fake WhatsApp API That Works perfectly—While Stealing Everything
Daily CyberSecurity
"LotusBail" Trap: 56,000 Developers Downloaded a Fake WhatsApp API That Works perfectly—While Stealing Everything
Koi Security uncovers lotusbail, a malicious npm package with 56k downloads that functions perfectly while stealing WhatsApp credentials and chats.