Russian hackers are exploiting a known flaw in WinRAR to quietly steal passwords, session cookies, and sensitive files from Ukrainian organizations. The vulnerability, tracked as CVE-2025-8088, was pa…
cyberintel.kalymoon.com · 8108 articles · updated every 4 hours · grows forever
Russian hackers are exploiting a known flaw in WinRAR to quietly steal passwords, session cookies, and sensitive files from Ukrainian organizations. The vulnerability, tracked as CVE-2025-8088, was pa…
A new open-source security platform called SecSuite, developed under the TheSecuredAnalyst project, has been released, combining OSINT reconnaissance, web vulnerability scanning, API security assessme…
A critical security flaw in Wazuh Manager has been disclosed that could allow remote attackers to manipulate security alerts, delete forensic evidence, and tamper with SIEM data across environments. T…
Microsoft’s June 2026 Patch Tuesday cumulative update for Windows 11, KB5094126 (OS Builds 26200.8655 and 26100.8655), has triggered a wave of reports across community forums and enterprise environmen…
A sophisticated malware campaign is quietly targeting Korean users through a well-crafted chain of deception. Threat actors are using innocent-looking shortcut files, built-in Windows tools, and a com…
Two browser extensions masquerading as ad blockers have been caught secretly recording private conversations from ChatGPT, Claude, Gemini, and five other major AI platforms. The extensions, named “Sma…
The Office of the Maine Attorney General has suspended its breach reporting portal
Government departments find hundreds of vulnerabilities after testing frontier models
Access to two Anthropic large language models, Mythos 5 and Fable 5, has effectively been banned to any non-US nationals by the Trump administration
In June 2025, Simon Willison, the engineer who coined the term “prompt injection,” published a warning that circulated widely through the security community. He called it the lethal trifecta — three c…
Your board is asking. Your legal team is asking. Your auditors will be asking: Should AI workloads move to sovereign cloud, or stay on AWS, Azure or GCP? European enterprises have already run this exp…
Every enterprise security team is fighting a workforce problem they cannot see on any org chart. Bots, service accounts, API keys, OAuth tokens, machine certificates — non-human identities now outnumb…
LTM has announced the launch of BlueVerse for iRun, an AI-native managed services offering designed to transform IT operations into a resilient, intelligent, and outcome-driven function. As enterprise…
Microsoft is rolling out workplace check-in via Wi-Fi for Teams and Microsoft Places. Connect to your office network and your in-office presence updates automatically, no manual status change needed. …
Modat has launched native Passive DNS intelligence in Magnify, its internet intelligence platform, unifying IP, device fingerprint, certificate, and passive DNS into a single pivot-driven investigatio…
Phishing remains one of the most stubbornly persistent threats in cybersecurity: humans are tired, distracted, trusting, and susceptible to urgency and authority in ways that no amount of awareness tr…
Someone posted fake VRChat and Discord data breach reports on the system, prompting the Maine AG to take action. The post Maine Disables Data Breach Portal Due to Fake Submissions appeared first on Se…
The platform used more than 9,000 phishing sites, stealing nearly 4 million credit cards and causing roughly $1.9 billion in losses. The post FBI, Google Dismantle ‘Outsider Enterprise’ Phishing Servi…
The extortion group threatens to leak 297 GB of data allegedly stolen from the Council of Europe, including employee personal information. The post ShinyHunters Claims Council of Europe Hack appeared …
French officials say roughly 73,000 government accounts were affected, while the threat actor claims to have stolen messages and user data from the sovereign Tchap platform. The post French Government…
The pharmaceutical giant says the attackers gained access to personal data stored on the compromised systems. The post Ozempic Maker Novo Nordisk Says Hackers Breached IT Systems appeared first on Sec…
Oleksii Oleksiyovych Lytvynenko admitted to working on the development of a loader for the Conti gang. The post Ukrainian Man Pleads Guilty in US to Conti Ransomware Charges appeared first on Security…
An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites. When a site adminis…
Cybersecurity researchers have discovered a network of 152 Google Chrome extensions that act as new tab live wallpaper add-ons to distribute a potentially unwanted program (PUP) family. The cluster sp…