Sophos finds fake Claude site spreading DonutLoader and a new Beagle backdoor via DLL sideloading
cyberintel.kalymoon.com · 8988 articles · updated every 4 hours · grows forever
Sophos finds fake Claude site spreading DonutLoader and a new Beagle backdoor via DLL sideloading
Commercial AI models were used to help plan and conduct cyber-attack against operational technology of a water and drainage facility, say researchers
Oasis Security finds critical Cline kanban WebSocket flaw exposing AI coding agents to hijack
Traditional network security tools are undermining data protection, with Forrester and Capital One Software research warning AI adoption is impossible without rethinking data security
SentinelOne believes the PCPJack campaign may be the brainchild of a former TeamPCP member
ACSC warns over a campaign targeting organizations which uses ClickFix to deliver Vidar infostealer malware
This year marks the 10th anniversary of the EU’s adoption of the General Data Protection Regulation , which became mandatory for all companies beginning on May 25, 2018. The aim of the GDPR was simple…
By now, executive boards across industries understand that cyberattacks can be costly. What they often lack, however, is a clear view of which risks pose the biggest threat to their business and why c…
Enterprises migrating between SIEM platforms often have to manually rewrite detection rules because vendors such as Splunk, Microsoft Sentinel, IBM QRadar, and Google Chronicle use different query lan…
A LinkedIn feature that allows paid subscribers to view a list of visitors to their profile should be made available to all EU users free of charge to comply with the region’s General Data Protection …
A critical vulnerability in Ollama poses a direct risk of sensitive information leaks to more than 300,000 internet-exposed servers, researchers have found. The flaw, tracked as CVE-2026-7482, stems f…
Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code to escape the container and do nasty things to IT environments. As a result,…
Over the past decade, Google has introduced a wide range of bug bounty programs for its software and services. The company has now announced that the reward for individuals who discover vulnerabilitie…
Palo Alto Networks warns that a critical zero-day vulnerability has been discovered in the PAN-OS firewall system. The vulnerability has already been exploited by suspected state-sponsored hackers for…
The conversation is straightforward, but the problem behind it is not. The customer bought servers in 2017 and typically refresh every five to six years. Generally, around the 2022 to 2023 timeframe, …
Penetration tests of AI-based systems are revealing a greater percentage of high-risk flaws than those discovered in legacy systems. Security consultancy Cobalt’s annual State of Pentesting Report rev…
Model Context Protocol (MCP) is the connective tissue of modern AI tooling and has quietly become one of the most significant blind spots in modern security programs. Like shadow IT before it, shadow …
Anthropic Claude’s Chrome browser extension, known as Claude in Chrome, has a bug that can allow other malicious extensions to hijack it, compromising trusted AI workflows. Researchers at LayerX Secur…
The five new vulnerabilities discovered in Ivanti’s on-premises mobile endpoint management solution are a “classic example of the legacy trap” that CSOs must avoid, says an expert. “Patch today to sur…
Object First released Object First Fleet Manager, a cloud-based service that simplifies the management of distributed Ootbi backup storage deployments for Veeam Software environments. Built for enterp…
Transilience AI has announced the general availability of its Full Stack Security Operating System for the cloud, platform designed to solve one of enterprise security’s most persistent challenges: br…
OpenAI is rolling out GPT-5.5-Cyber, a variant of its latest AI model, in limited preview for verified cybersecurity professionals and organizations through its Trusted Access for Cyber program. Trust…
Securonix announced the Securonix Threat Research Agent and ThreatWatch for ThreatQ, expanding how security teams research threats, validate exposure, and turn intelligence into documented action. Bui…
Avantra launched Avantra 26, an advancement in AI-driven operations, strengthening native integration with SAP Cloud ALM, and delivering automated visibility across SAP Business Technology Platform (B…