Apple BootROM exploit exposes unpatchable USB flaw on A12 and A13 devices
cyberintel.kalymoon.com · 7956 articles · updated every 4 hours · grows forever
Apple BootROM exploit exposes unpatchable USB flaw on A12 and A13 devices
ESET details GentleKiller, the EDR-killer framework the Gentlemen ransomware gang gives affiliates
Squidbleed, discovered with the aid of Claude Mythos Preview, has been described as a Heartbleed-style vulnerability. The post Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data appeared f…
It’s Monday again. This week’s threat list looks painfully familiar: abused integrations, fake tools, poisoned websites, ransomware crews trying to shut down security tools, and mobile malware asking …
Earlier this month, I spoke at the Gartner Security & Risk Management Summit about a blind spot most security programs are still not accounting for - how attackers are circumventing AI security progra…
Google has set September 30, 2026, as the day it begins enforcing Android developer verification in the first four countries, and the major device-maker app stores are in from the start. On that date,…
Cybersecurity researchers have disclosed details of a new campaign that delivers CastleStealer by means of a previously unreported malware loader dubbed OXLOADER. According to Elastic Security Labs, t…
A heap over-read in the Squid web proxy can leak another user's cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the sa…
Attackers no longer need to sift through massive credential dumps. They can pay others to do it for them. Flare explores how an emerging underground market searches stolen credential databases for spe…
Klue hack results in data breach at several cybersecurity firms TechCrunch
A newly published academic paper has revealed a critical vulnerability in AI-powered deep-research systems, including those underpinning commercial tools like OpenAI’s Deep Research and Google’s Gemin…
North Korean hackers have turned a widely used developer tool into a weapon, quietly poisoning more than 140 software packages that developers across the world rely on every day. The campaign is sophi…
China’s cyber operations have evolved far beyond what most people imagine when they picture a state-sponsored hacker. Instead of lone government agents breaking into servers, the country now runs an i…
QNAP has released security updates to address multiple vulnerabilities affecting its widely used NAS operating systems, including QTS, QuTS hero, QuTS cloud, and QVP (QVR Pro appliances). The advisory…
pgAdmin 4 version 9.16 has been released, delivering a combination of new features, bug fixes, and critical security updates to strengthen the widely used PostgreSQL management platform. The update in…
GitHub has rolled out a significant security enhancement to GitHub Actions by updating actions/checkout to block unsafe workflows that abuse the pull_request_target event. The pull_request_target trig…
A new and active malware campaign is spreading through WhatsApp, targeting everyday Windows users across more than a dozen countries. The threat uses malicious script files disguised as routine financ…
Microsoft has urged IT administrators to begin preparing for the upcoming Windows 11 version 26H2 update, which is now available for testing through the Windows Insider Program. The release continues …
The NCSC has released guidance for Fortinet customers impacted by the FortiBleed threat campaign
The UK’s data protection regulator the information commissioner has resigned after his position became “untenable”
At least five cybersecurity firms confirmed they have been affected by a breach of business intelligence platform Klue via Salesforce integration
North Korean threat actor Sapphire Sleet has been linked to a supply chain attack targeting Mastra, according to Microsoft security researchers
Plugin registries for AI agents use npm-style scopes like @openclaw/ and @clawhub/ to signal who published a package. But on ClawHub, a registry whose plugins run with Claude, OpenClaw, and other agen…
HackerOne, Huntress, Jamf, OneTrust, Recorded Future, Snyk, and Tanium are among the affected Klue customers. The post More Cybersecurity Firms Disclose Impact From Klue Hack appeared first on Securit…