cyberintel.kalymoon.com · 20436 articles · updated every 4 hours · grows forever
A vulnerability classified as critical was found in Huawei HarmonyOS and EMUI . This affects an unknown part of the component Projection Module . Executing a manipulation can lead to permission issues…
A vulnerability, which was classified as critical , has been found in Huawei HarmonyOS and EMUI . This vulnerability affects unknown code of the component Distributed File System Module . The manipula…
A vulnerability, which was classified as problematic , was found in GUIMARD Apache::Session::Generate::SHA256 up to 1.3.18 on Perl. This issue affects the function rand . The manipulation results in g…
A vulnerability has been found in TONYC Imager::File::GIF up to 1.002 on Perl and classified as critical . Impacted is the function i_readgif_multi_low of the file imgif.c . This manipulation causes o…
A vulnerability was found in Huawei HarmonyOS 5.1.0/6.0.0 and classified as problematic . The affected element is an unknown function of the component Security Control Module . Such manipulation leads…
A vulnerability was found in Huawei HarmonyOS 6.0.0/6.1.0 . It has been classified as critical . The impacted element is an unknown function. Performing a manipulation results in improper access contr…
Unit 42 analyzes the evolution of Gremlin stealer. This variant uses advanced obfuscation, crypto clipping and session hijacking to compromise data. The post Gremlin Stealer's Evolved Tactics: Hiding …
A state-aligned hacking group known as FrostyNeighbor has resurfaced with a fresh wave of cyberattacks targeting government organizations in Ukraine, using a carefully designed infection chain that is…
A high-severity privilege escalation vulnerability has been discovered in VMware Fusion, Broadcom’s popular macOS virtualization software, allowing local attackers to gain root-level access on affecte…
A nation-state malware known as Kazuar has resurfaced with a far more dangerous design than anyone expected. What once started as a relatively standard backdoor has now grown into a fully modular, pee…
TeamPCP is quietly turning trusted development tools into entry points for large scale credential theft. By slipping malicious code into popular CI/CD components, the group has shown how easily attack…
In a severe blow to web hosting environments worldwide, administrators are racing against the clock to patch a massive wave of security vulnerabilities affecting cPanel and WebHost Manager (WHM). Thre…
A critical vulnerability in the Amazon Redshift JDBC driver has put enterprise applications at severe risk of Remote Code Execution (RCE). Threat actors can exploit this newly disclosed flaw simply by…
As artificial intelligence frameworks become central to enterprise operations, a critical flaw in a popular AI platform has exposed organizations to serious security risks from threat actors. Within h…
Cybercriminals behind the Tycoon 2FA phishing kit have added a powerful new weapon to their playbook. By combining their well-known phishing infrastructure with OAuth Device Code abuse, they can now s…
A suspected China-linked threat actor targeted the Indian branch of a global manufacturer leveraging an open source offensive toolkit
The moment every boardroom dreads There is a moment in almost every ransomware negotiation — usually around 36 hours, when legal, IT and the CFO are all in the same room — when someone says it out lou…
Unlike most cyber security regulations, the EU’s Cyber Resilience Act is about product safety rather than processes or certification, extending the CE mark from the physical side of products to softwa…
Waymo recently crossed a major milestone: Over 170 million autonomous miles driven without a single serious crash or injury. For years, autonomous driving was treated as a promise that was always just…
Cisco has disclosed a max-severity authentication bypass vulnerability affecting its Catalyst SD-WAN Controller and Catalyst SD-WAN Manager platforms, warning that the flaw has already been found to b…
Rocky Linux has introduced a Security Repository that allows the distribution to ship urgent security fixes ahead of upstream Enterprise Linux when public exploit code exists and upstream patches are …
A critical cross-site scripting (XSS) vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursday. A permanent fix is still in the works. …
Helping a friend recover a stolen phone, Infoblox researchers uncovered a thriving Telegram-based underground marketplace selling unlocking tools and phishing infrastructure used to monetize stolen iP…
Akamai has entered into a definitive agreement to acquire LayerX, a provider of browser-based AI usage control and secure enterprise browser (SEB) technology. LayerX’s solutions will extend Akamai’s p…