cyberintel.kalymoon.com · 27185 articles · updated every 4 hours · grows forever
A vulnerability labeled as problematic has been found in MongoDB Compass . This vulnerability affects unknown code. Executing a manipulation can lead to improperly controlled modification of object pr…
A vulnerability marked as problematic has been reported in Keycloak on Red Hat. This issue affects some unknown processing. The manipulation leads to authorization bypass. This vulnerability is unique…
A vulnerability described as critical has been identified in Arctera InfoScale Operations Manager up to 9.1.2 . Impacted is an unknown function. The manipulation results in sql injection. This vulnera…
A vulnerability classified as critical has been found in Arctera InfoScale up to 7.4.1 . The affected element is an unknown function of the component CmdServer . This manipulation causes improper acce…
A vulnerability classified as problematic was found in Arctera InfoScale VIOM 9.1.3 . The impacted element is an unknown function. Such manipulation leads to cross site scripting. This vulnerability i…
A vulnerability, which was classified as problematic , has been found in Splunk Enterprise and Cloud Platform . This affects an unknown function. Performing a manipulation results in sensitive informa…
A vulnerability, which was classified as problematic , was found in Splunk AI Toolkit up to 5.7.2 . This impacts an unknown function of the file authorize.conf of the component Configuration File Hand…
A vulnerability has been found in Splunk Enterprise and Cloud Platform and classified as problematic . Affected is an unknown function of the file coldToFrozen.sh of the component splunk_archiver App …
A vulnerability was found in cyntler react 1.17.1 and classified as problematic . Affected by this vulnerability is an unknown functionality of the component TXTRenderer . The manipulation results in …
Read about the unique challenges and rewards of securing gaming platforms and how to better protect gaming communities. The post Securing the gaming culture of cultures appeared first on Microsoft Sec…
Compromised @antv npm packages deploy the Mini Shai-Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and targets credentials acros…
A Single Developer Downloaded a Poisoned VS Code Extension, and Now Look GitHub warned late Tuesday that hackers stole roughly 3,800 internal repositories from the Microsoft-owned platform after a dev…
There is a quiet gap inside many SOCs. It sits between the moment Tier 1 says “this should be escalated” and the moment the response team can actually act on it. Too often, the alert moves forward, bu…
A proof-of-concept (PoC) exploit was published for a new Linux Local Privilege Escalation (LPE) vulnerability dubbed “PinTheft.” Discovered by Aaron Esau of the V12 security team, the flaw allows loca…
A dangerous new Android malware called DevilNFC has emerged, combining NFC relay attacks with a Kiosk Mode trap that locks victims inside a fake banking screen until their card data is stolen. The mal…
Verizon DBIR finds 31% of data breaches began with software flaws last year
Barracuda reveals new CypherLoc scareware has featured in nearly three million attacks
The prolific threat group TeamPCP has claimed a hack into GitHub’s internal repositories
China-linked Webworm APT expands beyond Asia, targeting European government organizations and refining its cyber espionage tactics, according to ESET research
Mini Shai-Hulud worm hits Alibaba AntV ecosystem in largest npm supply chain wave to date
Premium Deception campaign uses 250 Android apps to silently sign victims up to paid services
An unauthenticated attacker can exploit the command injection vulnerability to gain remote access to robotic systems, causing significant disruption to the environment.