cyberintel.kalymoon.com · 4733 articles · updated every 4 hours · grows forever
Data exposure, operational disruption and financial losses among issues faced by businesses struggling with the rapid rise of AI agents, warns Cloud Security Alliance report
Gentlemen RaaS expands quickly with multi-platform attacks and SystemBC-linked infections
NGate malware abuses HandyPay app to steal NFC card data and PINs in Brazil
Security researchers have revealed a prompt injection flaw in Google’s Antigravity IDE that could be weaponized to bypass its sandbox protections and achieve remote code execution (RCE). The issue cam…
A high-severity authentication flaw in Microsoft’s Azure SRE Agent exposed sensitive agent data to unauthorized network access, according to a confirmed vulnerability disclosure. The issue was identif…
The security defects could be exploited for remote code execution, OS command injection, and WAF detection bypass. The post Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster appeared…
Things are improving, but a researcher has still identified over 1,500 Perforce P4 instances allowing attackers to read files on the server. The post Unsecured Perforce Servers Expose Sensitive Data F…
Masquerading as popular cryptocurrency wallets, the apps can hijack recovery phrases and private keys. The post Dozens of Malicious Crypto Apps Land in Apple App Store appeared first on SecurityWeek .
Angelo Martino of Florida has pleaded guilty to collaborating with the BlackCat cybercrime group while working as a ransomware negotiator. The post Third US Security Expert Admits Helping Ransomware G…
The prompt injection vulnerability in the agentic AI product for filesystem operations was a sanitization issue that allowed for sandbox escape and arbitrary code execution.
Security teams often present MTTR as an internal KPI. Leadership sees it differently: every hour a threat dwells inside the environment is an hour of potential data exfiltration, service disruption, r…
A third individual who was employed as a ransomware negotiator has pleaded guilty to conducting ransomware attacks against U.S. companies in 2023. Angelo Martino, 41, of Land O'Lakes, Florida, teamed …
Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper …
CISA has given U.S. government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploited in attacks. [...]
Ofcom, the United Kingdom's independent communications regulator, has launched an investigation into Telegram based on evidence suggesting it's being used to share child sexual abuse material (CSAM). …
Fraud prevention and user experience don't have to be a tradeoff. IPQS shows how combining identity, device, and network signals stops fraud without adding friction. [...]
BreachLock Named Representative Vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation Cybersecurity Insiders
A critical cross-vendor vulnerability class dubbed “Comment and Control” is a new category of prompt injection attacks that weaponizes GitHub pull request titles, issue bodies, and issue comments to h…
The Cybersecurity and Infrastructure Security Agency (CISA) has released a critical alert regarding a severe software supply chain compromise. The attack targets Axios, a massively popular HTTP client…
A critical vulnerability in the SGLang inference server that allows threat actors to execute arbitrary code. Tracked as CVE-2026-5760, this flaw allows hackers to weaponize standard GGUF machine learn…
A massive malware campaign known as “StealTok” involves at least 12 interrelated browser extensions. These extensions masquerade as TikTok video downloaders but secretly track user activity and harves…
Artificial intelligence is reshaping cybercrime in ways that defenders can no longer treat as distant or theoretical. New frontier AI models are showing a growing ability to find software flaws, under…
A new ransomware-as-a-service (RaaS) operation known as “The Gentlemen” has emerged as a serious threat to corporate networks worldwide. Since appearing around mid-2025, this group has rapidly grown i…
North Korea’s Lazarus Group is pegged for a $290m crypto theft at KelpDAO