cyberintel.kalymoon.com · 31627 articles · updated every 4 hours · grows forever
arXiv:2605.23059v1 Announce Type: new Abstract: Internet of Things (IoT) security research continues to face a methodological gap between scalable virtual experimentation and realistic device behaviou…
arXiv:2605.23004v1 Announce Type: new Abstract: Botnets are among the most persistent cyber threats, enabling large-scale attacks such as spam, credential theft, and distributed denial-of-service (DDo…
arXiv:2605.22985v1 Announce Type: new Abstract: The rise of autonomous AI agents and the accelerating velocity of corporate data access are stretching the application-centric model of zero trust secur…
arXiv:2605.22842v1 Announce Type: new Abstract: Multi-agent AI pipelines typically assume that agent misconduct originates from model misalignment. We identify a structural failure in this assumption,…
A vulnerability marked as problematic has been reported in huggingface transformers up to 5.2.x . This vulnerability affects the function AutoModelForCausalLM.from_pretrained of the file config.json .…
A vulnerability described as critical has been identified in WineHQ Wine up to 11.0 . This issue affects some unknown processing of the component MIME Handler . Such manipulation leads to incorrect re…
A vulnerability classified as problematic has been found in SPIP up to 4.4.14 . Impacted is an unknown function of the file action/cookie.php of the component ecrire . Performing a manipulation result…
A vulnerability classified as critical was found in Acer NitrorSense up to 3.01.3052 . The affected element is an unknown function. Executing a manipulation can lead to path traversal. This vulnerabil…
A vulnerability, which was classified as critical , has been found in NEC Platforms Aterm MR51FN and Aterm CM51FD . The impacted element is an unknown function. The manipulation leads to os command in…
A vulnerability, which was classified as problematic , was found in NEC Platforms Aterm WX1800HP, Aterm WX5400HP, Aterm WX7800T8, Aterm WX11000T12, Aterm WX3000HP2, Aterm WX4200D5, Aterm GX621A1, Ater…
A vulnerability has been found in MLflow up to 3.9.x and classified as critical . This impacts an unknown function of the file /mlflow-artifacts/mpu/ of the component Multipart Upload Handler . This m…
Written by: Takahiro Sugiyama, Peter Revelant, Mathew Potaczek Introduction In late 2025, Mandiant responded to a security incident involving a compromised web server running KnowledgeDeliver . Knowle…
Written by: Jamie Collier While Russian-speaking threat actors have historically dominated the phishing-as-a-service (PhaaS) landscape, a rival ecosystem is rapidly growing within the Chinese-language…
New TrapDoor supply chain campaign, an active attack deploying 34 malicious packages and over 384 related versions across npm, PyPI, and Crates.io to steal developer credentials and cryptocurrency wal…
The Wireshark Foundation has released Wireshark 4.6.6, addressing a critical security vulnerability in the ROHC (Robust Header Compression) protocol dissector that could allow an attacker to crash the…
A fully autonomous bug-bounty framework called Pentest Agent Suite has been open-sourced, delivering 50 specialized security agents, 26 slash commands, 19 CLI tools, and a cross-IDE installer across s…
A newly identified scareware kit called CypherLoc is locking victims’ browsers and tricking them into calling fake Microsoft support lines. The kit has been linked to roughly 2.8 million attacks since…
GitHub has introduced a major security upgrade to the npm ecosystem with the general availability of staged publishing and new install-time controls, aimed at reducing automated supply chain attacks t…
CISA has issued an urgent alert regarding a critical SQL injection vulnerability in Drupal Core, tracked as CVE-2026-9082, which is now being actively exploited in real-world attacks. The flaw, classi…
If you were hit by ransomware tomorrow, would you pay to get your data back? That’s what more than half of CISOs in a recent survey said their organization would do. It’s a situation more companies ar…
Senior decision-makers are the heaviest users of unapproved AI tools, and they continue using them despite being aware of the security and privacy risks linked to shadow AI, according to TrustedTech’s…
In this Help Net Security video, Ziv Levi, SVP of Technology at CYE, explains why translating cyber risk into dollars is one of the most pressing tasks for security leaders. Boards and executives want…
Source-guided vulnerability research increasingly leans on coding harnesses such as Claude Code, Codex, and Cursor to drive agent-based reviews of application code. A new MIT-licensed project from the…