A vulnerability was found in kasparsd Widget Context Plugin up to 1.3.3 on WordPress. It has been classified as problematic . Affected by this vulnerability is the function save_widget_context_setting…
cyberintel.kalymoon.com · 34874 articles · updated every 4 hours · grows forever
A vulnerability was found in kasparsd Widget Context Plugin up to 1.3.3 on WordPress. It has been classified as problematic . Affected by this vulnerability is the function save_widget_context_setting…
A vulnerability was found in registrationformbuilder Vedrixa Forms Plugin up to 1.1.1 on WordPress. It has been declared as critical . Affected by this issue is the function wp_localize_script of the …
A vulnerability was found in smub Slider by Soliloquy Plugin up to 2.8.1 on WordPress. It has been rated as problematic . This affects the function map_meta_cap of the component Configuration Handler …
A vulnerability categorized as problematic has been discovered in cssigniterteam AudioIgniter Music Player Plugin up to 2.0.2 on WordPress. This vulnerability affects the function handle_playlist_endp…
A vulnerability identified as problematic has been detected in metaphorcreations Ditty Plugin up to 3.1.65 on WordPress. This issue affects the function init of the component AJAX Endpoint . The manip…
A vulnerability labeled as critical has been found in TeamViewer DEX up to 9.1 . Impacted is an unknown function of the component Backend API Endpoint . The manipulation results in missing authorizati…
A vulnerability marked as critical has been reported in jetmonsters MotoPress Hotel Booking Plugin up to 6.0.1 on WordPress. The affected element is an unknown function. This manipulation causes missi…
A vulnerability described as critical has been identified in techjewel FluentCRM Plugin up to 2.9.87 on WordPress. The impacted element is the function _fc_bounce_key . Such manipulation of the argume…
Open-source framework ROADtools is being misused by threat actors for cloud intrusions. Learn how to identify its malicious use. The post Paved With Intent: ROADtools and Nation-State Tactics in the C…
Google has publicly released proof-of-concept (PoC) exploit code for a critical, still-unpatched vulnerability in the Chromium codebase, potentially exposing millions of users across Chrome, Microsoft…
Hackers have found a new and alarming way to weaponize one of the most trusted platforms in the AI world. A threat actor linked to North Korea has embedded second-stage malware inside Hugging Face, th…
The FBI has issued a new cybersecurity warning about a rapidly emerging phishing-as-a-service (PhaaS) platform named Kali365, which is actively targeting Microsoft 365 users to steal access tokens and…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations …
Splunk has released security updates addressing multiple vulnerabilities across Splunk Enterprise, Splunk Cloud Platform, and the Splunk AI Toolkit that could lead to denial-of-service (DoS) condition…
Total figure for fraudulent transactions Apple has blocked since 2020 now stands at over $11bn
The infostealer payload in this campaign collect a vast amount of data, from collaboration authentication keys to cryptocurrency wallets
The “retro” way “The thing about the old days is… they are the old days” – Slim Charles , The Wire Protecting a specified network perimeter was the main focus of enterprise security strategy for sever…
I spent two days at a substation connecting a major offshore wind farm to the grid. The control room featured three new AI-ready dashboards and a board mandate to “leverage machine learning for resili…
The average cost of downtime has reached $600 billion for the Global 2000, a 50% increase in two years. According to Splunk’s The Hidden Costs of Downtime report, unplanned outages and service degrada…
Probing how a CPU isolates user code from kernel code is messy work. Researchers patch kernels, write drivers, or boot stripped-down bare-metal programs, and any of those choices change variables they…
Microsoft 365 access tokens are being targeted by an emerging Phishing-as-a-Service (PhaaS) platform called Kali365, the FBI is warning. First observed in April 2026, Kali365 has been distributed thro…
The Cybersecurity and Infrastructure Security Agency launched a new nomination form that lets researchers, vendors, and industry partners report known exploited vulnerabilities for possible inclusion …
Keepnet, an Extended Human Risk Management (xHRM) platform, today announced that its voice and SMS phishing simulation data contributed to the 2026 Verizon Data Breach Investigations Report (DBIR). Th…
Proton Pass, a secure, end-to-end encrypted password manager, added credential sharing through AI access tokens, allowing users to give AI agents access to selected items and monitor activity. To gain…