Microsoft and a prominent cybersecurity researcher have gotten into a very public and rather personal exchange of unpleasantries about what responsible cybersecurity disclosures should mean in 2026. A…
cyberintel.kalymoon.com · 8596 articles · updated every 4 hours · grows forever
Microsoft and a prominent cybersecurity researcher have gotten into a very public and rather personal exchange of unpleasantries about what responsible cybersecurity disclosures should mean in 2026. A…
As part of Dark Reading's 20th anniversary package, we asked readers for a cybersecurity-related caption that captures their thoughts about the industry's last two decades.
Nearly 4K industrial control devices vulnerable to Iran-linked hacking campaign Cybersecurity Dive
Zscaler tanks 31% for worst day ever on 'prudent' guidance, sales shakeup CNBC
Someone named “Squid” seems to be a “ West Country legend .” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.
GSK's Nancy Paul on Why Static Governance, Risk and Compliance Fail in AI Era Traditional governance, risk and compliance principles still hold, but periodic, checklist-driven governance is a dangerou…
June Meetings Could Shape Which Entities Must Report Cyber Incidents The Cybersecurity and Infrastructure Security Agency's June town halls will give critical infrastructure operators a final opportun…
Severity and Reachability Metrics Also Essential for Mythos-Era Bug Mitigation If there's one thing artificial intelligence has done, it's multiply bugs, and the annual CVE Program count of new vulner…
Also: Why Traditional Patching Can't Keep Up, Closing the AI Visibility Gap In this week's panel, four ISMG editors discussed what Anthropic's controversial Mythos AI model signals for the future of c…
As AI agents become more numerous and more communicative, keeping track of where to find them is becoming increasingly important. Numerous proprietary agent registries are on the market, but the Linux…
Noteworthy stories that might have slipped under the radar: Trump Mobile exposes customer data, phishers target the 2026 FIFA World Cup, CISA responds to recent supply chain attacks. The post In Other…
Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant's implicit trust in Markdown links and images to trigger…
California Attorney General Rob Bonta filed a lawsuit against 23andMe, now Chrome Holding Co., over the company's failure to protect sensitive customer genetic and personal information. [...]
Threat actors are abusing ChatGPT's content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. [...]
BMM Innovation Group to highlight compliance and cybersecurity services at SBC Summit Americas 2026 Yogonet
Hackers are using a clever trick to get people to install dangerous malware, and most victims have no idea it is happening. By visiting pirated movie and TV show streaming sites, users are met with a …
A browser-based prompt injection technique that transforms any web page into a phishing delivery surface by exploiting ChatGPT’s page summarization feature, rendering attacker-controlled links, fake s…
A new wave of malicious software packages has been caught stealing cloud credentials and CI/CD pipeline secrets from developer machines, raising fresh alarms about the security of the open-source soft…
A newly discovered malicious NuGet package masquerading as an official Sicoob software development kit (SDK) has been caught exfiltrating highly sensitive banking credentials, raising serious concerns…
Ask any developer who has run a container image scan what happens next, and you will hear the same story. The scanner returns 200 CVEs. Most are noise. A handful are real. The report gets closed, the …
A wave of sophisticated supply chain attacks has put millions of software developers on high alert, with threat actors turning everyday developer tools into weapons for stealing credentials, cloud tok…
A new threat actor tracked as JINX-0164 has been running calculated attacks against cryptocurrency organizations, using LinkedIn profiles to lure developers into downloading custom macOS malware. Acti…
A newly analyzed ransomware strain called The Gentlemen is raising serious alarms across the cybersecurity community. Built in the Go programming language and obfuscated with a tool called Garble, it …
Threat actors from the Silent Ransom Group, aka Luna Moth, are escalating attacks by impersonating IT staff in phone calls and even showing up in person to gain direct access to victim systems