CyberIntel ⬡ News
★ Saved ◆ Cyber Reads

// Cyber
Intel Feed

cyberintel.kalymoon.com  ·  35081 articles  ·  updated every 4 hours · grows forever

35081Total
26472Full Text
Jul 10, 2026Latest
◈ Women in Cyber ◉ Threat Intelligence ◎ How-To & Tutorials ⬡ Vulnerabilities & CVEs 🔍 Digital Forensics ◍ Incident Response & DFIR ◆ Security Tools & Reviews ◇ Industry News & Leadership ✉ Email Security 🛡 Active Threats ⚠ Critical CVEs ◐ Insider Threat & DLP ◌ Quantum Computing ◬ AI & Machine Learning
🔥 Trending Topics · Last 48h
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-46529 | Evince ev-application.c ev_spawn command injection

A vulnerability was found in Evince and classified as critical . The impacted element is the function ev_spawn of the file ev-application.c . Executing a manipulation can lead to command injection. Th…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-46529 | Atril ev-application.c ev_spawn command injection

A vulnerability was found in Atril . It has been classified as critical . This affects the function ev_spawn of the file ev-application.c . The manipulation leads to command injection. This vulnerabil…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-46529 | Xreader ev-application.c ev_spawn command injection

A vulnerability was found in Xreader . It has been declared as critical . This impacts the function ev_spawn of the file ev-application.c . The manipulation results in command injection. This vulnerab…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-42538 | DFIR-IRIS up to 2.4.27 cross site scripting

A vulnerability was found in DFIR-IRIS up to 2.4.27 . It has been rated as problematic . Affected is an unknown function. This manipulation causes cross site scripting. This vulnerability is registere…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-42543 | DFIR-IRIS up to 2.4.27 cross-site request forgery

A vulnerability categorized as problematic has been discovered in DFIR-IRIS up to 2.4.27 . Affected by this vulnerability is an unknown functionality. Such manipulation leads to cross-site request for…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-2518 | wpxpo FastX Plugin up to 1.0.2 on WordPress Plugin Installation ultp_install_callback authorization

A vulnerability identified as critical has been detected in wpxpo FastX Plugin up to 1.0.2 on WordPress. Affected by this issue is the function ultp_install_callback of the component Plugin Installati…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-9018 | themewant Easy Elements for Elementor Plugin up to 1.4.5 on WordPress Login/Register easyel_handle_register privileges management

A vulnerability labeled as critical has been found in themewant Easy Elements for Elementor Plugin up to 1.4.5 on WordPress. This affects the function easyel_handle_register of the component Login/Reg…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-4070 | pftool Alfie Plugin up to 1.2.1 on WordPress GET Parameter alfie_manage delete cross-site request forgery

A vulnerability marked as problematic has been reported in pftool Alfie Plugin up to 1.2.1 on WordPress. This vulnerability affects the function alfie_manage of the component GET Parameter Handler . T…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-44409 | ZTE MU5250 BD_FLYMODEMV1.0.0B27 Configuration information disclosure

A vulnerability described as problematic has been identified in ZTE MU5250 BD_FLYMODEMV1.0.0B27 . This issue affects some unknown processing of the component Configuration Handler . The manipulation r…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-3481 | burlingtonbytes WP Blockade Plugin up to 0.9.14 on WordPress Endpoint render_shortcode_preview shortcode cross site scripting

A vulnerability classified as problematic has been found in burlingtonbytes WP Blockade Plugin up to 0.9.14 on WordPress. Impacted is the function render_shortcode_preview of the component Endpoint . …

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-6864 | manchumahara CBX 5 Star Rating & Review Plugin up to 1.0.7 on WordPress page cross site scripting

A vulnerability classified as problematic was found in manchumahara CBX 5 Star Rating & Review Plugin up to 1.0.7 on WordPress. The affected element is an unknown function. Such manipulation of the ar…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-7249 | shapedplugin Location Weather Plugin up to 3.0.2 on WordPress splw_update_block_options authorization

A vulnerability, which was classified as critical , has been found in shapedplugin Location Weather Plugin up to 3.0.2 on WordPress. The impacted element is the function splw_update_block_options . Pe…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-7509 | helgatheviking KIA Subtitle Plugin up to 4.0.1 on WordPress Shortcode before cross site scripting

A vulnerability, which was classified as problematic , was found in helgatheviking KIA Subtitle Plugin up to 4.0.1 on WordPress. This affects the function before of the component Shortcode Handler . E…

VulDB Read →
⬡ Vulnerabilities & CVEs May 22, 2026
CVE-2026-9104 | dartiss Draft List Plugin 2.6.3 on WordPress cross site scripting

A vulnerability has been found in dartiss Draft List Plugin 2.6.3 on WordPress and classified as problematic . This impacts an unknown function. The manipulation leads to cross site scripting. This vu…

VulDB Read →
◉ Threat Intelligence May 22, 2026
Cross-Platform NPM Stealer, (Fri, May 22nd)

I found a Node.js stealer that looked pretty well obfuscated. The file was not running out-of-the-box because it was uploaded on VT as “extracted-decoded.js” (and reformated). The SHA256 is 049300…

SANS ISC Read →
◇ Industry News & Leadership May 22, 2026
Mini Shai-Hulud Attack Forces npm to Reset Bypass-2FA Publishing Tokens

The npm registry made an urgent platform-wide move last week after supply chain attacks threatened thousands of developers. On May 19, npm invalidated every granular access token with write access tha…

Cybersecurity News Read →
◇ Industry News & Leadership May 22, 2026
Hackers Can Weaponize Lenovo Driver to Terminate EDR Processes

Hackers can weaponize a legitimately signed Lenovo driver to terminate security processes, highlighting a dangerous Bring Your Own Vulnerable Driver (BYOVD) attack vector that can bypass endpoint prot…

Cybersecurity News Read →
◇ Industry News & Leadership May 22, 2026
Google folds CodeMender into agent ecosystem amid push for AI-led AppSec

Google is expanding the role of its CodeMender security agent from autonomous vulnerability remediation toward a larger agentic development ecosystem, signalling a broader push toward AI-driven AppSec…

CSO Online Read →
◇ Industry News & Leadership May 22, 2026
New infosec products of the week: May 22, 2026

Here’s a look at the most interesting products from the past week, featuring releases from ASAPP, Babel Street, CTERA, Forward, Riverbed, and Trust3 AI. Babel Street targets AI-driven threats with new…

Help Net Security Read →
◇ Industry News & Leadership May 22, 2026
The new economics of fraud: Cheaper, faster, more convincing

Scams have become one of the fastest-growing consumer risks, driven by AI-enabled impersonation, social engineering, and sophisticated attack methods, according to Visa’s Spring 2026 Biannual Threats …

Help Net Security Read →
◇ Industry News & Leadership May 22, 2026
Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack

Hackers accessed Grafana’s GitHub repositories after a token compromised in the TanStack attack was not rotated. The post Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack a…

Security Week Read →
◇ Industry News & Leadership May 22, 2026
China's Webworm Uses Discord, Microsoft Graphs to Hack EU Govts.

The advanced persistent threat group also relied on SOCKS proxies like SoftEther VPN, tunneling tools that act as a middleman between victim and attacker.

Dark Reading Read →
◇ Industry News & Leadership May 22, 2026
Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data. Tracked as CVE-2026-20223 (CV…

The Hacker News Read →
◇ Industry News & Leadership May 22, 2026
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, …

The Hacker News Read →
← Prev 543 / 1462 Next →