A sophisticated supply chain attack has targeted the Mastra-AI npm ecosystem, with researchers from Microsoft and Socket identifying over 141 compromised packages designed to silently deploy an infost…
cyberintel.kalymoon.com · 8060 articles · updated every 4 hours · grows forever
A sophisticated supply chain attack has targeted the Mastra-AI npm ecosystem, with researchers from Microsoft and Socket identifying over 141 compromised packages designed to silently deploy an infost…
The Bureau of Industry and Security (BIS) has issued a landmark “Is Informed” letter to Anthropic CEO Dario Amodei, mandating that the company obtain an individually validated export license before sh…
Eastman Kodak has confirmed a cybersecurity incident after the ShinyHunters extortion group posted a threat on its dark web leak site, claiming to have stolen over 2.2 million records containing custo…
Fortra has disclosed a critical security vulnerability in its Core Privileged Access Manager (BoKS) that could allow remote attackers to execute arbitrary commands on affected systems. CVE-2026-9862 i…
CISA has added a critical Oracle PeopleSoft vulnerability, tracked as CVE-2026-35273, to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. The flaw affects…
SANS Institute study finds few SOCs have built AI into defined workflows, despite widespread adoption
Aikido Security has discovered at least 15 IDE plugins on the JetBrains Marketplace
Ukraine has been added to the EU Cybersecurity Reserve, which provides incident response services against large-scale incidents
The 2026 Verizon Data Breach Investigations Report analyzed more than 22,000 confirmed data breaches across 145 countries. Its findings point to a single uncomfortable truth: organizations cannot patc…
Organizations racing to embed AI into business operations are realizing that the risk management frameworks they’ve relied on for decades aren’t built for the behaviors, failure modes, and ethical com…
A design flaw in the Vertex AI software development kit (SDK) for Python, Google Cloud’s managed platform for building, training, and deploying AI agents, could allow hijacking and poisoning of models…
Apple will unify the email domains used by Sign in with Apple and iCloud+ Hide My Email under a shared domain, private.icloud.com, later this summer. Hide My Email is a service included with iCloud+, …
Ukraine can now call on emergency cyber support from the European Union during large-scale cybersecurity incidents. The move follows a decision by the Council of the European Union to add the country …
Chainguard launched Athena, an industry coalition that pools open source vulnerability findings and remediates them under embargo before public disclosure. The group went live with more than two dozen…
The Android 17 rollout has started for supported Pixel devices, delivering new security and privacy capabilities before expanding to other devices later this year. Security and privacy updates Google …
Microsoft has acknowledged the local elevation of privilege issue in Microsoft Defender that can be triggered via the “RoguePlanet” exploit, and is “working to provide a high quality security update t…
VelocityEHS has announced the launch of QR Codes for Incident Management, a new feature designed to eliminate friction in safety reporting and help organizations surface incidents and near misses, ide…
The browser updates address multiple memory safety bugs that could potentially lead to remote code execution. The post Chrome and Firefox Updated to Patch Critical, High-Severity Vulnerabilities appea…
Oracle has released its June 2026 Critical Security Patch Update to fix vulnerabilities in Communications, EBS, Enterprise Manager and other products. The post Oracle’s Second Monthly Security Updates…
The public PoC code exploits a race condition in Microsoft Defender to spawn a command prompt with System privileges. The post Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day appeared first on S…
The attackers deployed a new Go-based backdoor that uses Microsoft Teams servers for command-and-control. The post Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack appeared first …
The industrial automation giant has fixed security holes in Logix, CompactLogix, Flex, RSLinx, and FactoryTalk products. The post Rockwell Automation Patches Vulnerabilities in ICS Controllers and Sof…
The UK will ban adolescents under 16 years old from user-to-user social-media platforms, despite age-verification issues and privacy concerns.
Cybersecurity researchers have flagged a "coordinated malware campaign" on the JetBrains Marketplace that has published no less than 15 malicious plugins capable of exfiltrating artificial intelligenc…