CrowdCyber
npub1xm6q...7acu
Revolutionizing and Democratizing Cybersecurity
Fake AI Chrome extensions with 300K users steal credentials, emails
BleepingComputer
Fake AI Chrome extensions with 300K users steal credentials, emails
A set of 30 malicious Chrome extensions that have been installed by more than 300,000 users are masquerading as AI assistants to steal credentials,...
Google says hackers are abusing Gemini AI for all attacks stages
BleepingComputer
Google says hackers are abusing Gemini AI for all attacks stages
Google Threat Intelligence Group (GTIG) has published a new report warning about AI model extraction/distillation attacks, in which private-sector ...
Windows 11 Notepad flaw let files execute silently via Markdown links
BleepingComputer
Windows 11 Notepad flaw let files execute silently via Markdown links
Microsoft has fixed a "remote code execution" vulnerability in Windows 11 Notepad that allowed attackers to execute local or remote programs by tri...
Apple Zero-Day (CVE-2026-20700) Exploited in the Wild
Daily CyberSecurity
Apple Zero-Day (CVE-2026-20700) Exploited in the Wild
Urgent: Apple patches zero-day CVE-2026-20700 in dyld. The flaw is being exploited in the wild against specific targets. Update to iOS 26.3 now.
Warlock Gang Breaches SmarterTools Via SmarterMail Bugs
https://www.darkreading.com/application-security/warlock-gang-breaches-smartertools-smartermail-bugs
TransUnion's Real Networks Deal Focuses on Robocall Blocking
https://www.darkreading.com/cyber-risk/transunion-s-real-networks-deal-focuses-on-robocall-blocking
Crazy ransomware gang abuses employee monitoring tool in attacks
BleepingComputer
Crazy ransomware gang abuses employee monitoring tool in attacks
A member of the Crazy ransomware gang is abusing legitimate employee monitoring software and the SimpleHelp remote support tool to maintain persist...
LummaStealer infections surge after CastleLoader malware campaigns
BleepingComputer
LummaStealer infections surge after CastleLoader malware campaigns
A surge in LummaStealer infections has been observed, driven by social engineering campaigns leveraging the ClickFix technique to deliver the Castl...
Sandbox Breakout: Critical SandboxJS Flaw (CVE-2026-25881) Allows Host Takeover
Daily CyberSecurity
Sandbox Breakout: Critical SandboxJS Flaw (CVE-2026-25881) Allows Host Takeover
Critical SandboxJS flaw CVE-2026-25881 allows sandbox escape via prototype pollution. Malicious code can modify host logic & execute RCE. Update to...
Open Security Architecture - 15 new security patterns with NIST 800-53 mappings (free, CC BY-SA 4.0)
https://www.reddit.com/r/netsec/comments/1qzzxv2/open_security_architecture_15_new_security/
Malicious 7-Zip site distributes installer laced with proxy tool
BleepingComputer
Malicious 7-Zip site distributes installer laced with proxy tool
A fake 7-Zip website is distributing a trojanized installer of the popular archiving tool that turns the user's computer into a residential pr...
Patch Tuesday, February 2026 Edition
Patch Tuesday, February 2026 Edition – Krebs on Security
Null Byte Nightmare: Critical WPvivid Backup Flaw (CVSS 9.8) Exposes 800K WordPress Sites
Daily CyberSecurity
Null Byte Nightmare: Critical WPvivid Backup Flaw (CVSS 9.8) Exposes 800K WordPress Sites
Critical WPvivid Backup flaw CVE-2026-1357 (CVSS 9.8) allows unauthenticated file upload via null byte key. Update to v0.9.124 to prevent RCE.
Microsoft Patches 6 Actively Exploited Zero-Days
https://www.darkreading.com/vulnerabilities-threats/microsoft-fixes-6-actively-exploited-zero-days
SolarWinds WHD Attacks Highlight Risks of Exposed Apps
https://www.darkreading.com/vulnerabilities-threats/solarwinds-whd-attacks-exposed-apps
New Linux botnet SSHStalker uses old-school IRC for C2 comms
BleepingComputer
New Linux botnet SSHStalker uses old-school IRC for C2 comms
A newly documented Linux botnet named SSHStalker is using the IRC (Internet Relay Chat) communication protocol for command-and-control (C2) operati...
Handshake Halt: GnuTLS 3.8.12 Fixes TLS 1.3 Crash & CPU Exhaustion
Daily CyberSecurity
Handshake Halt: GnuTLS 3.8.12 Fixes TLS 1.3 Crash & CPU Exhaustion
GnuTLS v3.8.12 fixes high-severity DoS flaws (CVE-2026-1584). Malicious TLS 1.3 handshakes can crash servers. Update now to prevent outages.
Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws
BleepingComputer
Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws
Today is Microsoft's February 2026 Patch Tuesday with security updates for 58 flaws, including 6 actively exploited and three publicly disclos...