cyberintel.kalymoon.com · 4676 articles · updated every 4 hours · grows forever
In response to Anthropic Mythos, instead of launching another LLM, Google unveiled a broad push toward agentic, AI-driven defense at Google Cloud Next ‘26 to help SOC analysts as they scramble to keep…
Donald Trump’s nominee to lead the Cybersecurity and Infrastructure Security Agency (CISA), Sean Plankey, informed Homeland Security Secretary Markwayne Mullin and the White House that he is withdrawi…
Why “more alerts” isn’t the same as better security If you run security in an enterprise environment, you already know the problem. Generic detection tools generate thousands of alerts, most of them l…
Researchers warn of a new software supply chain attack that resulted in a malicious version of Bitwarden CLI, the terminal version of the extremely popular open-source password manager. The attack is …
China's state-backed groups are now using covert networks of compromised devices to execute attacks in a low-cost, low-risk, and deniable way.
Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication. [...]
Olympic Games, FIFA World Cup offer huge platforms, rich cyberattack surface Cybersecurity Dive
No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks The Hacker News
The group, which researchers at cybersecurity firm ESET named GopherWhisper, has been active since at least November 2023 and was discovered in January 2025 after investigators found a previously unkn…
The campaigns exploited a weakness in telecom infrastructure to allow the unnamed vendors to secretly pose as real cellular providers and pinpoint victims’ locations.
CISA said the unnamed department was infected with malware called “FIRESTARTER” that allowed the hackers to return to the Cisco device in March without re-exploiting the original vulnerabilities.
Also: Updates in KelpDAO, Drift, Hyperbridge Hacks This week, Grinex was exploited, a hacker laundered KelpDAO funds, Circle was sued over $280M Drift hack, Rhea Finance and Volo Protocol were exploit…
NCSC Designs 'SilentGlass' Gadget to Protect Overlooked Computer Peripheral A new device called SilentGlass is designed to safeguard users against an often overlooked threat in modern computing enviro…
Routing Malicious Traffic Through Hacked IoT Devices Is Leading to 'IoC Extinction' Networks comprised of hacked domestic devices underpin a mounting number of Chinese nation-state hacking operations,…
Sean Plankey Abandons Bid After Yearlong Delay as CISA's Leadership Vacuum Deepens Sean Plankey withdrew his nomination after a 13-month stalled process, leaving the U.S. Cybersecurity and Infrastruct…
Socket has confirmed that Bitwarden CLI version 2026.4.0 was compromised as part of the ongoing Checkmarx supply chain campaign, exposing millions of users and thousands of enterprises to credential t…
A North Korean state-sponsored threat group is running an active campaign that tricks software developers into installing malware through fake job interviews and rigged coding tests. The group, tracke…
A rogue npm package named js-logger-pack has been caught quietly turning Hugging Face, a widely trusted AI model hosting platform, into both a malware delivery network and a stolen data storage backen…
North Korea has been running one of the most quietly effective cyber fraud operations in recent years. State-sponsored operatives working for the Pyongyang regime have been posing as legitimate remote…
Google Cloud’s COO advocated for combining general-purpose frontier large language models with task-specific AI agents
A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts. "A…
Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments. [...]
Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised environments faster and more efficiently. [...]