cyberintel.kalymoon.com · 7763 articles · updated every 4 hours · grows forever
WhatsApp on Monday officially announced the start of global reservations of usernames with an aim to protect the privacy of more than three billion users on the messaging platform. The optional featur…
Microsoft has found a malicious Chrome extension that posed as the AI search engine Perplexity and quietly logged what people searched for. It routed every query and every character typed into the add…
Microsoft has extended Windows Server 2022 hotpatching until October 2027, one year after the mainstream end date of October 2026. [...]
WhatsApp is finally allowing users to reserve usernames, a privacy feature that lets them hide their phone numbers from people not in their contact list. [...]
Interesting research on a new class of weak RSA keys: keys with lots of zeros. It turns out that these keys are out in the wild. The badkeys project is an open-source service that checks public keys f…
Series A Funding Supports Pre-Training, Reinforcement Learning for Security Models AI security startup Straiker closed a $64 million Series A funding round to expand GPU infrastructure, develop specia…
Emids' CAIO on Why Healthcare Leaders Are Treating AI as an Enterprise Investment Healthcare organizations are moving beyond debating AI's value and focusing on how to scale it. According to Emids' St…
A newly detailed injection technique has put Windows systems in the spotlight, revealing how attackers could abuse a deeply embedded part of the operating system to run malicious code inside another p…
AI-powered agents are no longer just answering questions. They now take actions, manage files, and run code on behalf of users. That shift has opened a dangerous new door, and attackers have already w…
Russia-linked threat group Turla has been quietly expanding its espionage arsenal with a new backdoor called STOCKSTAY, actively targeting government and military organizations in Ukraine since at lea…
A critical security vulnerability in Google’s Gemini CLI has been disclosed, allowing attackers to execute arbitrary code in certain CI/CD environments, particularly GitHub Actions workflows. The issu…
Microsoft has disclosed a critical remote code execution vulnerability in its Office ecosystem that can be exploited through a malicious Excel file. The vulnerability, tracked as CVE-2025-60727, affec…
Dell Technologies has released a critical security advisory addressing multiple vulnerabilities in its Wyse Management Suite (WMS), warning that attackers could exploit these flaws to execute arbitrar…
Group-IB says Millenium RAT, now rewritten in C++, has hit 62,289 devices in 160+ countries
OpenAI is previewing its GPT-5.6 Sol model to a vetted few at the US government's request
PrivacyHawk has announced the general availability of PrivacyHawk Enterprise, a solution that identifies and eliminates the shadow IT accounts, abandoned SaaS subscriptions, and forgotten third-party …
The ShinyHunters extortion group claims to have stolen 3.1 TB of data from the organization. The post Insurance Regulators Group NAIC Hit in Oracle PeopleSoft Hack appeared first on SecurityWeek .
The startup’s platform can identify AI agents and provide visibility into their access, behavior, and risks. The post Straiker Raises $64 Million for AI Security Platform appeared first on SecurityWee…
Indirect prompts hidden in a repository can lead to Claude Code spawning a reverse shell on the developer’s machine. The post Researchers Demo New Claude Code Attack Using Harmless-Looking Repositorie…
An optional ‘username key’ adds another layer by requiring a secondary credential before someone can message users. The post WhatsApp Rolling Out Username Feature to Bolster Phone Number Privacy appea…
New findings unearthed by Infoblox show that more than 236,000 websites are using investment scam templates built using a legitimate Chinese open-source, cross-platform application development framewo…
This week was a reminder that attackers do not always need big tricks. One small mistake, one old access path, one missed patch, and suddenly the door is open. The noise is not all noise, either. Foru…
Business email compromise attacks increasingly rely on convincing impersonation rather than malware, making them harder for employees and traditional email defenses to detect. This webinar explores ho…
Attackers have begun exploiting a critical vulnerability (CVE-2026-46817) in the Oracle E-Business Suite (EBS) financial application, according to threat intelligence company Defused. [...]