A newly disclosed FFmpeg flaw dubbed 'PixelSmash' could be exploited for remote code execution on Jellyfin servers under certain conditions, and can also trigger a denial-of-service condition in appli…
cyberintel.kalymoon.com · 7954 articles · updated every 4 hours · grows forever
A newly disclosed FFmpeg flaw dubbed 'PixelSmash' could be exploited for remote code execution on Jellyfin servers under certain conditions, and can also trigger a denial-of-service condition in appli…
The JaredFromSubway Ethereum MEV (Maximal Extractable Value) bot suffered a $15 million loss after an attacker manipulated the opportunity-detection logic by creating fake cryptocurrency trading oppor…
An ongoing malware campaign is targeting WhatsApp users in multiple countries with deceptive messages that push VBScript files, leading to remote system access. [...]
BarracudaONE Named Best Unified Cybersecurity Platform in 2026 Cybersecurity Stars Awards citybiz
Researchers and Vendor Both Cite Previously Leaked Credentials, Brute-Force Attacks The FortiBleed campaign harvesting and selling working credentials for 80,000 Fortinet firewalls and SSL-VPN gateway…
EU Projects Seek to Protect Fast New Network, Secure Information Sharing The mobile communications technology known as 6G still hasn’t been standardized and its earliest commercial deployments are yea…
A newly identified ransomware group is using remote management software and scripted attack tools to compromise organizations and deploy a sophisticated encryption threat called Prinz Eugen. The campa…
A sophisticated supply chain attack on market intelligence platform Klue has compromised Salesforce data across at least nine organizations, including several high-profile cybersecurity firms, with th…
Apple has addressed a high-severity vulnerability in the Beats Studio Buds that could allow nearby attackers to eavesdrop on users via the device’s microphone, even when the earbuds are not actively p…
AI-powered iOS applications are increasingly leaking large language model (LLM) API credentials through network traffic, exposing developers to large-scale abuse of their LLM accounts and cloud resour…
Microsoft Entra Conditional Access Policies (CAPs), a core security control for Azure and Microsoft 365 tenants, were recently found vulnerable to a bypass technique involving Nested App Authenticatio…
A newly discovered botnet called AryStinger has quietly hijacked more than 4,300 routers across the globe, turning them into a silent army of attack proxies. The threat actors behind this campaign are…
An attacker broke into competitive-intelligence vendor Klue, stole OAuth tokens its customers use to connect to Salesforce and other platforms, and accessed data across multiple customer environments …
AI coding agents are making it easier than ever to produce software. Ensuring that software is secure before deployment is another matter — one that AWS thinks AI should help with too. As enterprises …
Attackers are using multiple online channels — including GitHub, YouTube, and VirusTotal — to build an illusion of trust to spread a cross-platform clipboard hijacker.
Cybersecurity researchers have disclosed details of four vulnerabilities in Dify, an open-source agentic workflow platform with more than 146,000 GitHub stars, that could allow attackers to stealthily…
Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack after unknown threat actors managed to tamper with the official release channels and push backdoor code. "Attacke…
A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers manipulate an agent into executing arbitrary commands on its host system sim…
Microsoft has confirmed that Windows 11 version 26H2 will be the next feature update and that devices running Windows 11 24H2 and 25H2 will be able to upgrade using a small enablement package. [...]
Transicon partners with Siemens to help SMEs strengthen cyber security PES Media
Microsoft has announced a significant update to its Microsoft 365 security and compliance features, introducing enhanced controls that allow organizations to block Copilot and other connected experien…
A Heartbleed-style heap buffer overread lurking in Squid Proxy since 1997 can silently leak HTTP headers, including passwords and API keys, from other users on the same proxy. Security researchers at …
Apple BootROM exploit exposes unpatchable USB flaw on A12 and A13 devices
ESET details GentleKiller, the EDR-killer framework the Gentlemen ransomware gang gives affiliates