cyberintel.kalymoon.com · 21548 articles · updated every 4 hours · grows forever
A vulnerability has been found in GROWI up to 7.5.0 and classified as critical . Affected is an unknown function. The manipulation leads to path traversal. This vulnerability is listed as CVE-2026-419…
A vulnerability was found in VectifyAI PageIndex up to f50e52975313c6716c02b20a119577a1929decba and classified as problematic . Affected by this vulnerability is the function toc_transformer of the fi…
A vulnerability was found in aiwaves-cn agents up to e8c4e3c2d19739d3dff59e577d1c97090cc15f59 . It has been classified as problematic . Affected by this issue is the function recall_relevant_memories_…
A vulnerability was found in jishenghua jshERP up to 3.6 . It has been declared as critical . This affects the function getUserByWeixinCode of the file jshERP-boot/src/main/java/com/jsh/erp/service/Us…
A vulnerability was found in inkeep agents 0.58.14 . It has been rated as critical . This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the co…
A vulnerability categorized as critical has been discovered in Cockpit-HQ Cockpit . This issue affects some unknown processing of the component System Logs User Interface . Executing a manipulation ca…
A vulnerability identified as critical has been detected in pgAdmin 4 up to 9.14 . Impacted is an unknown function of the component FileBackedSessionManager . The manipulation leads to path traversal.…
Key Findings Ransomware in Q1 2026: Consolidation at Scale During the first quarter of 2026, we monitored more than 70 active data leak sites (DLS) that collectively listed 2,122 new victims. This fig…
For the latest discoveries in cyber research for the week of 11th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Instructure, the US education technology company behin…
Executive Summary Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations …
A few months ago, I implemented Cloudflare&#;x26;#;39;s Turnstile CAPTCHA on some pages. The reason for implementing these CAPTCHAs is obvious: Bots make up a large percentage of traffic and affect si…
Patching Workflows Built for Weekly Cycles Can't Survive an Era of Hourly Exploits AI is shrinking the window between vulnerability disclosure and active exploitation from weeks to hours. But remediat…
A long-active information stealer is making headlines again, and this time it is targeting more than just passwords. Vidar malware, a credential-harvesting tool in circulation since late 2018, has bee…
Threat actors are executing a sophisticated malvertising campaign targeting macOS users via poisoned Google Ads and deceptive artificial intelligence applications. Researchers recently uncovered an op…
A sophisticated new cyberattack campaign is targeting Windows systems using a fake image file to sneak dangerous malware past security defenses. The operation, named Operation SilentCanvas, tricks vic…
Traditional ransomware disrupts organizations by encrypting data and demanding payment for decryption keys. However, a newly disclosed technique called GhostLock demonstrates a fundamentally different…
Dubai, UAE, May 11th, 2026, CyberNewswire Dubai-founded OTT Cybersecurity LLC also unveils the Agent Trust Protocol (ATP), the first open cryptographic standard for AI agent identity, scope, and actio…
A popular artificial intelligence repository on Hugging Face was recently found hiding dangerous malware that targeted Windows users. The repository, named “Open-OSS/privacy-filter,” had racked up ove…
In a massive, internationally coordinated operation, the Frankfurt am Main Public Prosecutor’s Office – Central Office for Combating Internet Crime (ZIT) and the Federal Criminal Police Office (BKA) h…
The infamous hacking group ShinyHunters has struck again, this time targeting Instructure, the company behind Canvas Learning Management System (LMS). In early May 2026, Instructure confirmed unauthor…
Hackers are once again targeting developers and AI enthusiasts by impersonating popular open-source tools on GitHub. This time, the target is DeepSeek TUI, a legitimate terminal-based intelligent agen…
Cybercriminals are getting creative with how they lure victims into downloading malware, and a new campaign involving a fake version of Anthropic’s Claude AI assistant is raising serious concerns. Att…
Spanish police have arrested the suspected administrator of German dark web marketplace Crimenetwork
ShinyHunters gets away with emails and other data on 200,000 Zara customers