cyberintel.kalymoon.com · 29787 articles · updated every 4 hours · grows forever
A vulnerability labeled as problematic has been found in Dylan Kuhn Geo Mashup Plugin up to 1.13.18 on WordPress. This affects an unknown part. Executing a manipulation can lead to cross site scriptin…
A vulnerability marked as problematic has been reported in SpabRice Nyla Plugin up to 1.7 on WordPress. This vulnerability affects unknown code. The manipulation leads to basic cross site scripting. T…
A vulnerability described as critical has been identified in MediaArea MediaInfoLib 26.01 . This issue affects some unknown processing of the component ID3v2 Parser . The manipulation results in heap-…
A vulnerability classified as problematic has been found in ZTE ZXUniPOS NDS-LTE 24.30.40CP02/24.40.40 . Impacted is an unknown function. This manipulation causes use of a cryptographic primitive with…
A vulnerability classified as critical was found in sambitraj STUDENT-MANAGEMENT-SYSTEM up to 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5 . The affected element is an unknown function of the component Da…
A vulnerability, which was classified as problematic , has been found in SourceCodester/oretnom23 Hospitals Patient Records Management System 1.0 . The impacted element is an unknown function of the f…
A vulnerability, which was classified as critical , was found in haojing8312 WorkClaw up to 0.6.4 . This affects the function is_dangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of…
A vulnerability has been found in teableio teable up to 1.9.x and classified as problematic . This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the …
A vulnerability was found in GPAC up to 2.4.0 and classified as problematic . Affected is the function MergeFragment of the file src/isomedia/isom_intern.c of the component MP4Box . The manipulation r…
A vulnerability was found in ThingsBoard up to 4.3.1.1 . It has been classified as critical . Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision o…
Executive Summary During the March–April 2026 reporting period, AI use in offensive operations advanced from development and planning to real-time operational deployment. Multiple independent cases, i…
A new wave of phishing operations is quietly changing the way cybercriminals steal financial data from everyday people. Rather than relying on traditional SMS messages that carriers can easily flag an…
The European Union is on the verge of issuing its largest-ever penalty under the Digital Markets Act, targeting Alphabet’s Google for allegedly manipulating search results to favor its own services ov…
ConnectWise has disclosed a high-impact security vulnerability in its Automate platform that could allow attackers to bypass critical security checks and execute malicious code under specific conditio…
A newly disclosed vulnerability in Apache CXF, tracked as CVE-2026-44930, is raising concerns among enterprise users relying on its XKMS (XML Key Management Specification) services. The flaw, classifi…
A newly disclosed security issue in Memcached has raised concerns after developers confirmed a timing side-channel vulnerability in its SASL authentication mechanism that could allow attackers to infe…
Hackers are targeting software developers by creating fake installation pages for two popular AI coding tools, Gemini CLI and Claude Code. The attackers are using a technique called SEO poisoning to p…
Windows administrators are facing a disruptive bug in Windows Server 2016 following Microsoft’s May 12, 2026, security update KB5087537. The update introduced a critical flaw that caused domain contro…
Iran's Nimbus Manticore pushes AI-built MiniFast backdoor via phishing and SEO poisoning
CERT-In urges 12-hour patching of exposed flaws as AI compresses exploitation timelines
I’ve spent years building compliance into security products. FedRAMP and Department of War Impact Level authorizations, vulnerability management pipelines: They all follow the same pattern. Build the …
A malicious package campaign across npm, PyPI, and Crates.io has put developer workstations back under scrutiny, after researchers said it targeted developer workflows and AI coding assistant files. R…
At the Span Cyber Security Arena conference, I sat down with Eric Woodruff, Chief Identity Architect at Semperis, to talk about how organizations perceive identity and the challenges those perceptions…
Microsoft has released patches for a high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint that may be exploited in low-complexity attacks. It affects the SharePoint Server …