CrowdCyber.com 6 hours ago

The Christmas Heist: How Shai-Hulud Hijacked Trust Wallet for an $8.5M Score

Daily CyberSecurity

The Christmas Heist: How Shai-Hulud Hijacked Trust Wallet for an $8.5M Score

Trust Wallet hit by an $8.5M heist after Shai-Hulud hackers poisoned the NPM supply chain. Binance is fully compensating affected version 2.68 users.

CrowdCyber.com 8 hours ago

RondoDox botnet exploits React2Shell flaw to breach Next.js servers

BleepingComputer

RondoDox botnet exploits React2Shell flaw to breach Next.js servers

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware a...

CrowdCyber.com 13 hours ago

Hackers drain $3.9M from Unleash Protocol after multisig hijack

BleepingComputer

Hackers drain $3.9M from Unleash Protocol after multisig hijack

The decentralized intellectual property platform Unleash Protocol has lost around $3.9 million worth of cryptocurrency after someone executed an un...

CrowdCyber.com 17 hours ago

Urban VPN Proxy Surreptitiously Intercepts AI Chats

Schneier on Security

Urban VPN Proxy Surreptitiously Intercepts AI Chats - Schneier on Security

This is pretty scary: Urban VPN Proxy targets conversations across ten AI platforms: ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSe...

CrowdCyber.com 19 hours ago

New ErrTraffic service enables ClickFix attacks via fake browser glitches

BleepingComputer

New ErrTraffic service enables ClickFix attacks via fake browser glitches

A new cybercrime tool called ErrTraffic allows threat actors to automate ClickFix attacks by generating 'fake glitches' on compromised we...

CrowdCyber.com 21 hours ago

IBM warns of critical API Connect auth bypass vulnerability

BleepingComputer

IBM warns of critical API Connect auth bypass vulnerability

IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could allow attackers to ac...

CrowdCyber.com 23 hours ago

Chrome extension slurps up AI chats after users installed it for privacy

Malwarebytes

Chrome extension slurps up AI chats after users installed it for privacy

The extension disclosed its AI data collection, but not in a way most users would recognize—or knowingly agree to.

CrowdCyber.com yesterday

CISA orders feds to patch MongoBleed flaw exploited in attacks

BleepingComputer

CISA orders feds to patch MongoBleed flaw exploited in attacks

CISA ordered U.S. federal agencies to patch an actively exploited MongoDB vulnerability (MongoBleed) that can be exploited to steal credentials, AP...

CrowdCyber.com yesterday

Copilot's No-Code AI Agents Liable to Leak Company Data

Dark Reading

Copilot

Microsoft puts the power of AI in the hands of everyday non-technical Joes. It

CrowdCyber.com yesterday

The Christmas Drain: How a Backdoor in Trust Wallet v2.68 Stole $7M

Daily CyberSecurity

The Christmas Drain: How a Backdoor in Trust Wallet v2.68 Stole $7M

A malicious update to Trust Wallet v2.68.0 enabled a $7M Christmas Day heist. Users must update to v2.69.0 immediately to secure their funds.

CrowdCyber.com yesterday

CVE-2025-52691 (CVSS 10): Critical SmarterMail Flaw Opens Servers to Unauthenticated Attacks

Daily CyberSecurity

CVE-2025-52691 (CVSS 10): Critical SmarterMail Flaw Opens Servers to Unauthenticated Attacks

SmarterMail hits a 10/10 CVSS severity! CVE-2025-52691 allows unauthenticated RCE via arbitrary file uploads. Update to Build 9413 immediately!

CrowdCyber.com yesterday

Zoom Stealer browser extensions harvest corporate meeting intelligence

BleepingComputer

Zoom Stealer browser extensions harvest corporate meeting intelligence

A newly discovered campaign, which researchers call Zoom Stealer, is affecting 2.2 million Chrome, Firefox, and Microsoft Edge users through 18 ext...

CrowdCyber.com yesterday

CISA Alert: MongoBleed Added to KEV Catalog as 80,000+ Servers Face Active Exploitation

Daily CyberSecurity

CISA Alert: MongoBleed Added to KEV Catalog as 80,000+ Servers Face Active Exploitation

CISA adds MongoBleed (CVE-2025-14847) to its KEV Catalog after confirming active exploitation. 80,000+ MongoDB servers are at risk. Patch by Jan 19!

CrowdCyber.com yesterday

The Year Linux Went “Rusty”: 2025’s Most Audacious Kernel Breakthroughs

Daily CyberSecurity

The Year Linux Went "Rusty": 2025's Most Audacious Kernel Breakthroughs

From Meta adopting the Steam Deck scheduler to the first Rust CVE, 2025 was the year Linux matured, clashed, and conquered. Read the full year-end ...

CrowdCyber.com 2 days ago

Microsoft Is Finally Killing RC4

Schneier on Security

Microsoft Is Finally Killing RC4 - Schneier on Security

After twenty-six years, Microsoft is finally upgrading the last remaining instance of the encryption algorithm RC4 in Windows. of the most visible ...

CrowdCyber.com 2 days ago

EmEditor Compromised: “WALSHAM” Imposter Poisons Official Installer with Spyware

Daily CyberSecurity

EmEditor Compromised: "WALSHAM" Imposter Poisons Official Installer with Spyware

EmEditor confirms its official site was compromised, redirecting users to a malicious MSI signed by WALSHAM INVESTMENTS LIMITED to steal sensitive ...

CrowdCyber.com 2 days ago

Chinese state hackers use rootkit to hide ToneShell malware activity

BleepingComputer

Chinese state hackers use rootkit to hide ToneShell malware activity

A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in atta...

CrowdCyber.com 2 days ago

CVE-2025-54322 (CVSS 10): AI Agents Uncover Critical Zero-Day in Global Networking Gear

Daily CyberSecurity

CVE-2025-54322 (CVSS 10): AI Agents Uncover Critical Zero-Day in Global Networking Gear

pwn.ai reveals CVE-2025-54322, the first remotely exploitable zero-day found by autonomous AI agents, targeting Xspeeder SD-WAN gear globally.

CrowdCyber.com 2 days ago

Trust Wallet says 2,596 wallets drained in $7 million crypto theft attack

BleepingComputer

Trust Wallet says 2,596 wallets drained in $7 million crypto theft attack

Trust Wallet says attackers who compromised its browser extension right before Christmas have drained approximately $7 million from nearly 3,000 cr...

CrowdCyber.com 2 days ago

The Hidden Cost of AI Security Debt

The Hidden Cost of AI Security Debt

Learn more about how AI accelerates security debt through insecure code, third-party risk, and shadow AI—and how governance can turn AI into a de...