cyberintel.kalymoon.com · 21266 articles · updated every 4 hours · grows forever
A vulnerability was found in photostructure exiftool-vendored.js up to 35.18.x . It has been rated as critical . Affected by this vulnerability is an unknown functionality. Performing a manipulation r…
A vulnerability categorized as problematic has been discovered in Outline up to 1.6.x . Affected by this issue is some unknown functionality of the component shares.create API . Executing a manipulati…
A vulnerability identified as problematic has been detected in Outline up to 1.7.0 . This affects an unknown part of the file /auth/slack.post . The manipulation of the argument team_id/user_id leads …
A vulnerability labeled as critical has been found in WWBN AVideo up to 29.0 . This vulnerability affects the function msgToResourceId of the file plugin/YPTSocket/getWebSocket.json.php of the compone…
A vulnerability marked as problematic has been reported in Outline up to 1.7.0 . This issue affects the function subscriptions.create of the component API Endpoint . This manipulation causes authoriza…
A vulnerability described as critical has been identified in Outline up to 1.6.x . Impacted is the function fs.createWriteStream . Such manipulation leads to path traversal. This vulnerability is docu…
A vulnerability classified as critical has been found in HAARG HTTP::Tiny up to 0.092 on Perl. The affected element is an unknown function of the component HTTP Request Handler . Performing a manipula…
A vulnerability classified as problematic was found in barebox up to 2026.04.0 . The impacted element is the function dhcp_message_type of the component DHCP Handler . Executing a manipulation can lea…
A vulnerability, which was classified as critical , has been found in advplyr audiobookshelf up to 2.33.1 . This affects an unknown function of the file server/controllers/PodcastController.js of the …
A vulnerability, which was classified as problematic , was found in Pi-hole up to 6.4.1 . This impacts an unknown function of the file pihole-FTL-prestart.sh . The manipulation results in incorrect pe…
A vulnerability has been found in QuickJS-NG 0.12.1 and classified as critical . Affected is the function js_mapped_arguments_mark . This manipulation causes privilege escalation. This vulnerability i…
Unit 42 analyzes AD CS exploitation through template misconfigurations and shadow credential misuse while offering behavioral detection for defenders. The post Inside AD CS Escalation: Unpacking Advan…
Apple today released its typical feature update across it&#;x26;#;39;s operating systems (iOS, iPadOS, macOS, tvOS, watchOS, vision OS). With this update, Apple patched 84 different vulnerabilities. U…
In the face of relentless cyberattacks that threaten patient safety, hospitals must strengthen their resilience, with clinical continuity, secure backups and coordinated recovery emerging as critical …
Internal Communications Dumped Online, Revealing Fresh Victims, Repeat Tactics Ransomware group The Gentlemen, a relative newcomer to the cybercrime scene, suffered a leak of its internal communicatio…
ICO Warns Key Security Gaps Led to Exposed Data of Over 630,000 People A British regulator said a major water sector organization failed to use establish cybersecurity safeguards to secure sensitive d…
Cloud Connectivity, Security Operations Providers Reportedly Chop 20%, 7% of Staff Cloudflare cut more than 1,100 workers from its 5,483-person staff, saying the layoffs will align Cloudflare's operat…
A significant supply-chain compromise affecting 84 npm package artifacts across the TanStack namespace. The malicious versions, published to the npm registry at approximately 19:20 and 19:26 UTC, cont…
A fatal authentication bypass vulnerability is actively affecting cPanel and WebHost Manager (WHM) servers worldwide. Tracked as CVE-2026-41940 and bearing an apocalyptic maximum severity score of 9.8…
Security controls can do only so much. Here are four attacks where your employees are usually your first, and only, line of cyber defense.
The Federal Communications Commission eased some restrictions and pushed back deadlines for foreign router manufacturers, but the ban is still in place.
A security researcher has released a proof-of-concept tool named GhostLock that demonstrates how a legitimate Windows file API can be abused in attacks to block access to files stored locally or on SM…