cyberintel.kalymoon.com · 4653 articles · updated every 4 hours · grows forever
Ontinue uncovers fake Claude Code installer pushing PowerShell stealer abusing Chrome's IElevator2
Two new high-severity vulnerabilities, dubbed ’Dirty Frag’ when chained, have been found in the Linux kernel, affecting most Linux distributions
ThreatFabric finds new TrickMo Android banking trojan variant routing C2 through The Open Network
We find ourselves teetering upon a precipice of our own unwitting construction, and the vertiginous depth of our collective negligence ought to give every security practitioner profound pause. In our …
At DXC Technology, global CISO Mike Baker has established one of the largest agentic security operation centers (SOCs) in the world. To upskill the workforce as part of this journey, he embedded exper…
The security industry is experiencing déjà vu, and most teams haven’t recognized it yet. If you were in the trenches during the early 2000s, you remember the antivirus arms race. IT teams buried under…
A newly disclosed Linux privilege escalation issue dubbed “Dirty Frag” is giving attackers a cleaner path to post-compromise escalation to root privileges. According to Microsoft, a couple of vulnerab…
A malicious Hugging Face repository posing as an OpenAI release delivered infostealer malware to Windows systems and logged 244,000 downloads before being removed, raising fresh concerns about how ent…
The Google Threat Intelligence Group (GTIG) today released evidence of a zero-day exploit developed by a cybercriminal group with the help of AI. It marks the first time the security research group ha…
Dubai-founded OTT Cybersecurity LLC also unveils the Agent Trust Protocol (ATP), the first open cryptographic standard for AI agent identity, scope, and action verification — slated for IETF submissio…
Open-source endpoint detection has long been split between Windows-focused tools built around Sysmon and Linux tools built around eBPF or auditd. Defenders running mixed environments have had to stitc…
Scam attempts continue to reach consumers via email, text messages, social media, online advertising, and phone calls. The volume of exposure has remained stable over the past year, with more than hal…
TrustCloud announced a new version of TrustLens, its third party risk management (TPRM) solution. The new TrustLens agentic AI capabilities focus on delivering four requirements every CISO wants in th…
After introducing optional end-to-end encrypted messaging in 2023, Instagram announced in March 2026 that encryption for direct messages would be discontinued, and the feature was removed on May 8. Th…
German authorities shut down a relaunched version of the criminal marketplace Crimenetwork and arrested its suspected operator. The domain seizure notice (Source: BKA) A special unit of the Spanish Na…
SailPoint has introduced SailPoint Agentic Fabric, a new platform designed to help enterprises secure AI agents and other non-human identities at scale. As organizations deploy autonomous AI agents ac…
Linux kernel developers are reviewing a proposal for an emergency risk mitigation mechanism (“Killswitch”) that would allow administrators to disable vulnerable kernel functions at runtime. The propos…
Alation has introduced Alation AI Governance, a new offering that gives enterprises the system of record they are missing for AI compliance. Enterprises are deploying AI models, agents, and tools fast…
Google’s threat intelligence researchers have linked a zero-day exploit to AI-assisted development by a criminal group. The exploit targeted a popular open-source web-based system administration tool.…
The UK’s data protection regulator, the Information Commissioner’s Office (ICO), fined South Staffordshire Water’s parent company £963,900 over security failures linked to a cyberattack that exposed t…
The second iteration of the German-speaking online crime marketplace had over 22,000 users and more than 100 sellers. The post Resurrected ‘Crimenetwork’ Marketplace Taken Down, Administrator Arrested…
Also called Copy Fail 2 and tracked as CVE-2026-43284 and CVE-2026-43500, the exploit was disclosed before a patch was released. The post New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Att…
Tens of thousands of students studying for final exams around the world have regained access to a key online learning system after a cyberattack had earlier knocked it offline. The post Canvas System …
A malicious version of the plugin was published to the Jenkins Marketplace late last week. The post Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack appeared first on SecurityWeek .