A vulnerability labeled as critical has been found in Xmlsoft libxml2 up to 2.15.3 . The affected element is the function usershell of the component Xmlcatalog Utility . The manipulation results in st…
cyberintel.kalymoon.com · 32915 articles · updated every 4 hours · grows forever
A vulnerability labeled as critical has been found in Xmlsoft libxml2 up to 2.15.3 . The affected element is the function usershell of the component Xmlcatalog Utility . The manipulation results in st…
A vulnerability marked as critical has been reported in Red Hat OpenShift Dev Spaces . The impacted element is an unknown function of the component vscode-java Extension . This manipulation causes arg…
A vulnerability described as critical has been identified in Krajowa Izba Rozliczeniowa SzafirHost up to 1.2.1 . This affects an unknown function of the component JarFile Parser . Such manipulation le…
A vulnerability classified as critical has been found in acl up to 2.5.x . This impacts an unknown function of the component Pathname . Performing a manipulation results in link following. This vulner…
For the latest discoveries in cyber research for the week of 29th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Polymarket, a large cryptocurrency-based prediction m…
I&#;x26;#;39;m in the throes of target host recon for another pentest, and thought I&#;x26;#;39;d share some workflow / automation stuff.
Series A Funding Supports Pre-Training, Reinforcement Learning for Security Models AI security startup Straiker closed a $64 million Series A funding round to expand GPU infrastructure, develop specia…
Emids' CAIO on Why Healthcare Leaders Are Treating AI as an Enterprise Investment Healthcare organizations are moving beyond debating AI's value and focusing on how to scale it. According to Emids' St…
A newly detailed injection technique has put Windows systems in the spotlight, revealing how attackers could abuse a deeply embedded part of the operating system to run malicious code inside another p…
AI-powered agents are no longer just answering questions. They now take actions, manage files, and run code on behalf of users. That shift has opened a dangerous new door, and attackers have already w…
Russia-linked threat group Turla has been quietly expanding its espionage arsenal with a new backdoor called STOCKSTAY, actively targeting government and military organizations in Ukraine since at lea…
A critical security vulnerability in Google’s Gemini CLI has been disclosed, allowing attackers to execute arbitrary code in certain CI/CD environments, particularly GitHub Actions workflows. The issu…
Microsoft has disclosed a critical remote code execution vulnerability in its Office ecosystem that can be exploited through a malicious Excel file. The vulnerability, tracked as CVE-2025-60727, affec…
Dell Technologies has released a critical security advisory addressing multiple vulnerabilities in its Wyse Management Suite (WMS), warning that attackers could exploit these flaws to execute arbitrar…
Group-IB says Millenium RAT, now rewritten in C++, has hit 62,289 devices in 160+ countries
OpenAI is previewing its GPT-5.6 Sol model to a vetted few at the US government's request
PrivacyHawk has announced the general availability of PrivacyHawk Enterprise, a solution that identifies and eliminates the shadow IT accounts, abandoned SaaS subscriptions, and forgotten third-party …
The ShinyHunters extortion group claims to have stolen 3.1 TB of data from the organization. The post Insurance Regulators Group NAIC Hit in Oracle PeopleSoft Hack appeared first on SecurityWeek .
The startup’s platform can identify AI agents and provide visibility into their access, behavior, and risks. The post Straiker Raises $64 Million for AI Security Platform appeared first on SecurityWee…
Indirect prompts hidden in a repository can lead to Claude Code spawning a reverse shell on the developer’s machine. The post Researchers Demo New Claude Code Attack Using Harmless-Looking Repositorie…
An optional ‘username key’ adds another layer by requiring a secondary credential before someone can message users. The post WhatsApp Rolling Out Username Feature to Bolster Phone Number Privacy appea…
New findings unearthed by Infoblox show that more than 236,000 websites are using investment scam templates built using a legitimate Chinese open-source, cross-platform application development framewo…
This week was a reminder that attackers do not always need big tricks. One small mistake, one old access path, one missed patch, and suddenly the door is open. The noise is not all noise, either. Foru…
Business email compromise attacks increasingly rely on convincing impersonation rather than malware, making them harder for employees and traditional email defenses to detect. This webinar explores ho…