InfoWorld

Open WebUI bug turns the ‘free model’ into an enterprise backdoor

The bug allows attacker-controlled model servers to inject code, steal session tokens, and, in some cases, escalate to remote ...

Trust Wallet links $8.5 million crypto theft to Shai-Hulud NPM attack

Trust Wallet believes the compromise of its web browser to steal roughly $8.5 million from over 2,500 crypto wallets is ...

This WebUI vulnerability allows remote code execution - here's how to stay safe

Open WebUI carried CVE-2025-64496, a high-severity code injection flaw in Direct Connection features Exploitation could ...

Trust Wallet’s $7M hack shows where crypto-friendly SMEs may be vulnerable

Key takeawaysThe December 2025 Trust Wallet hack shows that vulnerabilities in crypto tools can affect crypto-friendly SMEs, ...
InfoQ

DuckDB's WebAssembly Client Allows Querying Iceberg Datasets in the Browser

DuckDB has recently introduced end-to-end interaction with Iceberg REST Catalogs directly within a browser tab, requiring no ...
The Hacker News

ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories

Weekly cybersecurity roundup covering exploited vulnerabilities, malware campaigns, legal actions, and nation-state attacks ...
GovInfoSecurity

Cryptohack Roundup: Alleged Fraud Kingpin Deported to China

This week, an alleged fraud kingpin deported to China, Bitfinex hacker gained early release, Unleash Protocol's $3.9M hack, ...
FinanceFeeds

Fintechs Brace for Bot Attacks as Fraud Attempts Surge

Bot attacks are soaring as part of an overall increase in fraud attempts. With fintechs among attackers’ favorite targets, ...
Infosecurity Magazine

High-Severity Flaw in Open WebUI Affects AI Connections

The flaw, tracked as CVE-2025-64496 and discovered by Cato Networks researchers, impacts Open WebUI versions 0.6.34 and older ...
Security Boulevard

Understanding Implicit Identity Authentication Methods

A deep dive into implicit identity authentication methods for software development, covering oauth 2.0 flows, security risks, and modern alternatives for single-page applications.