cyberintel.kalymoon.com · 27315 articles · updated every 4 hours · grows forever
A vulnerability classified as critical was found in twigphp Twig up to 2.16.x/3.25.x . Affected by this issue is some unknown functionality. Executing a manipulation can lead to protection mechanism f…
A vulnerability, which was classified as critical , has been found in phenixdigital phoenix_storybook up to 1.0.x . This affects an unknown part of the component Template String Handler . The manipula…
A vulnerability, which was classified as problematic , was found in phenixdigital phoenix_storybook up to 1.0.x . This vulnerability affects unknown code. The manipulation of the argument attr results…
A vulnerability has been found in HCL DominoIQ 14.5.1 and classified as problematic . This issue affects some unknown processing of the component RAG Feature . This manipulation causes missing authori…
A vulnerability was found in phenixdigital phoenix_storybook up to 1.0.x and classified as critical . Impacted is an unknown function in the library lib/phoenix_storybook/live/story/component_iframe_l…
A vulnerability was found in Progress MOVEit Automation up to 2025.0.10/2025.1.6 . It has been classified as problematic . The affected element is an unknown function. Performing a manipulation result…
A vulnerability was found in MediaArea MediaInfoLib 26.01 . It has been declared as critical . The impacted element is an unknown function of the component Channel Handler . Executing a manipulation c…
The AI systems shipping inside enterprises today are fundamentally different from the ones we were building even two years ago, because they have moved well past answering questions and into accessing…
Unit 42 analyzes TamperedChef malware clusters that use trojanized productivity apps and malvertising to deliver stealthy payloads to targets. The post Tracking TamperedChef Clusters via Certificate a…
Akamai Links Attack Growth to AI-Enabled Botnets and Hacktivists Akamai says AI-enabled botnets, geopolitical hacktivism and financially motivated cybercriminals drove a massive rise in DDoS, API and …
Having receive a ransom payment for its attack on Canvas, ShinyHunters and other extortion gangs are only likely to be further incentivised to launch similar attacks in future. Read more in my article…
A new vulnerability in NGINX JavaScript (njs), tracked as CVE‑2026‑8711, allows unauthenticated remote attackers to trigger a heap‑based buffer overflow that can lead to denial‑of‑service and, in some…
Microsoft has disclosed a critical zero-day vulnerability in Windows BitLocker, tracked as CVE-2026-45585, that allows threat actors with physical access to bypass full-disk encryption entirely, poten…
A well-known China-aligned threat group has quietly evolved its attack methods, and its latest toolset reveals just how far it is willing to go to stay hidden. A backdoor called GraphWorm has surfaced…
Hackers are exploiting a decades-old Windows tool to deliver dangerous malware onto unsuspecting systems, with consequences ranging from stolen passwords to full system compromise. The tool is MSHTA, …
Three consecutive releases of Microsoft’s official Python workflow SDK were poisoned with a multi-cloud credential-stealing worm, continuing the group’s relentless 2026 supply chain campaign. The Team…
A seemingly innocent typo in a Go module name has been quietly serving a live backdoor for nearly three years. Security researchers uncovered a malicious package called github.com/shopsprint/decimal t…
ExifTool, a ubiquitous open-source utility for reading and writing file metadata, is at the center of a severe security flaw affecting macOS environments. Discovered by Kaspersky’s Global Research and…
A critical vulnerability in the open-source IP PBX platform FreePBX could allow unauthenticated attackers to access user portals. The issue, tracked as CVE-2026-46376, affects the User Control Panel (…
A critical vulnerability chain affecting Pardus Linux has been disclosed, allowing local users to gain full root privileges without authentication. The issue, assigned a CVSS v3.1 score of 9.3, impact…
Grafana Labs has disclosed a targeted ransomware-linked breach of its GitHub environment, traced to a broader TanStack npm supply chain compromise associated with the “Mini Shai-Hulud” campaign. The i…