CrowdCyber
npub1xm6q...7acu
Revolutionizing and Democratizing Cybersecurity
Critical 9.1 SSTI Flaws Unmasked in Thymeleaf Template Engine
Daily CyberSecurity
Critical 9.1 SSTI Flaws Unmasked in Thymeleaf Template Engine
Thymeleaf 3.1.4 fixes two critical 9.1 CVSS vulnerabilities. Unauthenticated attackers can bypass security for SSTI. Audit your user input and patc...
Critical 9.4 CVSS RCE Flaws in n8n Turn Workflows into Backdoors
Karma-X
Critical 9.4 CVSS RCE Flaws in n8n Turn Workflows into Backdoors
Critical n8n RCE vulnerabilities expose workflows to backdoors—patch now.
Every Old Vulnerability Is Now an AI Vulnerability
https://www.darkreading.com/vulnerabilities-threats/every-old-vulnerability-ai-vulnerability
A fake Slack download is giving attackers a hidden desktop on your machine
Malwarebytes
A fake Slack download is giving attackers a hidden desktop on your machine
This trojanized Slack installer looks normal, but quietly gives attackers an invisible desktop to access your accounts and data. We take a deep div...
AI Agent Traps: Understanding How the Web Becomes a Weapon Against AI Agents
Karma-X
AI Agent Traps: Understanding How the Web Becomes a Weapon Against AI Agents
The story about ‘AI Agent Traps’ — malicious web content that hijacks autonomous AI agents. Here’s how it works and how to defend against it.
CanisterWorm: A Geopolitical Wiper Leveraging ICP Canisters and Kubernetes Exploits to Target Iranian Systems
Karma-X
CanisterWorm: A Geopolitical Wiper Leveraging ICP Canisters and Kubernetes Exploits to Target Iranian Systems
CanisterWorm turns Kubernetes into a geopolitical weapon, wiping Iranian machines via ICP canisters—here’s how to stop it.
CISA Adds Critical Apache ActiveMQ RCE Flaw to KEV Catalog
Daily CyberSecurity
CISA Adds Critical Apache ActiveMQ RCE Flaw to KEV Catalog
CISA adds CVE-2026-34197 to KEV. Apache ActiveMQ's Jolokia bridge flaw allows RCE via remote Spring XML loading. Remediate by April 30, 2026. Patch...
EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses
https://www.darkreading.com/vulnerabilities-threats/edr-killer-ecosystem-expansion-requires-stronger-byovd-defenses
Critical MCP Integration Flaw Puts NGINX at Risk
https://www.darkreading.com/application-security/critical-mcp-integration-flaw-nginx-risk
New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
BleepingComputer
New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
A researcher known as "Chaotic Eclipse" has published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed "RedSun," in the ...
Russia Hacked Routers to Steal Microsoft Office Tokens
Russia Hacked Routers to Steal Microsoft Office Tokens – Krebs on Security
Payouts King ransomware uses QEMU VMs to bypass endpoint security
BleepingComputer
Payouts King ransomware uses QEMU VMs to bypass endpoint security
The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and bypass e...
AI-Generated RAT “PHANTOMPULSE” Targets Crypto Sector via Social Engineering
Daily CyberSecurity
AI-Generated RAT "PHANTOMPULSE" Targets Crypto Sector via Social Engineering
Elastic uncovers PHANTOMPULSE: A novel RAT abusing Obsidian plugins and blockchain C2. Stay safe from this AI-assisted campaign targeting crypto fi...
March 2026 CVE Landscape: 31 High-Impact Vulnerabilities Identified, Interlock Ransomware Group Exploits Cisco FMC Zero-Day
March 2026 CVE Landscape: 31 High-Impact Vulnerabilities Identified, Interlock Ransomware Group Exploits Cisco FMC Zero-Day
March 2026 saw a 139% increase in high-impact vulnerabilities, with Recorded Future's Insikt Group® identifying 31 vulnerabilities requiring immed...
Froxlor’s CVSS 10 Flaw Turns Config Files into Persistent Backdoors
Daily CyberSecurity
Froxlor’s CVSS 10 Flaw Turns Config Files into Persistent Backdoors
Froxlor faces two critical flaws, including a CVSS 10. Learn how path traversal and config injection allow persistent RCE. Patch your server manage...
North Korea Uses ClickFix to Target macOS Users' Data
https://www.darkreading.com/application-security/north-korea-clickfix-target-macos-users-data
'BlueHammer' Windows Zero-Day Exploit Signals Microsoft Bug Disclosure Issues
https://www.darkreading.com/vulnerabilities-threats/bluehammer-windows-exploit-microsoft-bug-disclosure-issues
Recently leaked Windows zero-days now exploited in attacks
BleepingComputer
Recently leaked Windows zero-days now exploited in attacks
Threat actors are exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or elevated administrator...
ZionSiphon malware designed to sabotage water treatment systems
BleepingComputer
ZionSiphon malware designed to sabotage water treatment systems
A new malware called ZionSiphon, specifically designed for operational technology, is targeting water treatment and desalination environments to sa...