cyberintel.kalymoon.com · 22388 articles · updated every 4 hours · grows forever
A sophisticated threat actor breached DigiCert’s internal support environment in early April 2026 by tricking support analysts into executing a disguised malicious screensaver file, ultimately obtaini…
The Apache Software Foundation has released a critical security update for Apache HTTP Server, patching five vulnerabilities, including a dangerous double-free flaw capable of enabling Remote Code Exe…
A security researcher has discovered that Microsoft Edge decrypts every stored password into process memory the moment the browser launches and keeps them there as cleartext, regardless of whether the…
The npm ecosystem has long been a target for supply chain attacks, where threat actors exploit the open nature of public package registries to push malicious code into developer environments. With pnp…
Google has published the May 2026 Android Security Bulletin, alerting the ecosystem to a highly severe remote code execution (RCE) flaw. Tracked as CVE-2026-0073, this critical vulnerability resides d…
A fake website claiming to offer an official macOS version of the popular text editor Notepad++ has been making rounds online, raising serious cybersecurity concerns across the tech community. The sit…
Meta has announced that Instagram will officially discontinue its optional end-to-end encrypted direct message feature on May 8, 2026. The feature was initially rolled out for testing in 2021 to provi…
Meta has disclosed a medium-severity security vulnerability in WhatsApp that could allow threat actors to exploit Instagram Reels integration to trigger arbitrary URL processing on victim devices, pot…
Tracking Advanced Persistent Threat (APT) groups has never been a simple task. For years, security organizations have relied on identifying consistent behaviors, tools, and infrastructure to pin activ…
Threat actors are increasingly turning to Amazon’s own cloud email infrastructure to deliver phishing messages that look completely genuine, passing every standard security check along the way. Phishi…
OpenAI announced its intention to expand the Trusted Access for Cyber program for cyber defenders at the federal, state and local government levels
Team Cymru’s Stephen Campbell warned that small US defense contractors are not well prepared to face cyber intrusions through edge devices
Security vendor Trellix has suffered a breach involving unauthorized access
The UK's National Cyber Security Centre is urging organizations to prepare for glut of new software updates
ISACA report warns that while AI has become the norm, many organizations are yet to formally apply safety or security policies around its use
Every CISO eventually faces the same tension: You know your security program needs to mature, but the budget and headcount to do it all aren’t there. That tension is especially sharp when it comes to …
Hiring fake IT workers has been a growing problem in recent years — but it’s often a problem very few want to admit to. From Fortune 500 companies down to smaller organizations, remote hiring practice…
With prompt injection and other attack pathways consistently surfacing across agentic AI deployments, security watchdogs have stepped in, collectively, to draw some hard boundaries. A joint advisory f…
The Trump administration is in early discussions about whether advanced AI models should be vetted before public release, according to reporting from the New York Times , the Wall Street Journal, and …
Sind IT-Mitarbeiter unzufrieden, kann das an schlechten Führungskräften oder an einer unzureichenden IT-Strategie liegen. Foto: fizkes – shutterstock.com Unternehmen können die für sie allgemein schle…
A robust cybersecurity program needs a range of skilled people, yet many CISOs continue to face an ongoing skills shortage — and the squeeze may only get worse as AI gains traction. Some 95% of cybers…
A newly identified malware campaign is abusing Microsoft’s Phone Link feature to intercept SMS-based one-time passwords and other sensitive mobile data directly from Windows systems. The activity, fir…
Open-source databases are facing a bit of a memory problem as AI helps surface decades-old buffer overflow issues in widely used components. Security researchers have disclosed a set of high and criti…
Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of which “may lead to unauthori…