cyberintel.kalymoon.com · 5099 articles · updated every 4 hours · grows forever
Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware
Attackers have exploited a critical Langflow RCE within hours of disclosure, prompting the US Cybersecurity and Infrastructure Security Agency (CISA) to formally flag it for urgent remediation. The fl…
TeamPCP continues is supply chain compromise rampage, with telnyx on PyPI being the latest maliciously modified package. What happened? Telnyx is a widely used software development kit (SDK) for the T…
Through the new program, OpenAI will reward reports covering design or implementation issues leading to material harm. The post OpenAI Launches Bug Bounty Program for Abuse and Safety Risks appeared f…
Other noteworthy stories that might have slipped under the radar: Heritage Bank data breach, new State Department unit tackles cyber threats, LA Metro disruptions. The post In Other News: Palo Alto Re…
Operational technology (OT) at industrial and critical infrastructure sites seem to have been benefitting from a lull in ransomware, and hackers' relative ignorance of OT systems.
Threat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security. Business accounts as…
Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX's pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code (VS Code) e…
The European Commission, the European Union's main executive body, is investigating a security breach after a threat actor gained access to its Amazon cloud infrastructure. [...]
Agentic GRC automates workflows, forcing teams to rethink their role beyond operations. Anecdotes explains why the biggest challenge is shifting from execution to risk leadership. [...]
Exito Media Concepts Announces the 31st Global Edition of the Cyber Security Summit Australia 2026 PR Newswire Asia
CrowdStrike Stock Outlook as Cybersecurity Spending Holds MarketBeat
World Leaks is a cyber extortion operation that steals sensitive data from organizations and threatens to leak it via the dark web if a ransom is not paid. Read more in my article on the Fortra blog.
Cloud Software Group has issued a critical security bulletin detailing two newly discovered vulnerabilities affecting customer-managed NetScaler ADC and NetScaler Gateway appliances. These flaws, trac…
Red Hat has issued a critical security warning regarding malicious code discovered in recent versions of the “xz” compression tools and libraries. Tracked as CVE-2024-3094, this highly sophisticated s…
The official Telnyx Python SDK on PyPI was compromised this morning as part of an escalating, weeks-long supply chain campaign orchestrated by the threat actor group TeamPCP. Malicious versions 4.87.1…
A new wave of cyberattacks is putting financial institutions on high alert, as threat actors ramp up the use of PXA Stealer — a powerful information-stealing malware — against organizations worldwide.…
A highly coordinated cyberespionage campaign has been uncovered targeting a government organization in Southeast Asia, with threat actors deploying a mix of USB-propagated malware, remote access troja…
The UK government has sanctioned Xinbi, described as “the second-largest illicit online marketplace ever”
Many leaders know empowered teams deliver better results, but not all leaders understand how to get there. It all starts with knowing what empowerment truly means. Put simply: Empowerment is the absen…
Die Hackergruppe “Qilin” steht möglicherweise hinter dem Angriff. Studio-M – shutterstock.com Die Linke ist nach eigenen Angaben Opfer einer schweren Cyberattacke geworden und vermutet dahinter russis…
AFC Ajax, the Dutch football club from Amsterdam, disclosed that an unknown hacker gained access to parts of its IT systems and obtained the email addresses of a few hundred people. The hack exploited…
The US Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2026-33017, a recently disclosed code injection vul…