cyberintel.kalymoon.com · 4741 articles · updated every 4 hours · grows forever
A proof-of-concept (PoC) exploit has been publicly released for a newly disclosed vulnerability in Microsoft’s Snipping Tool that allows attackers to silently steal users’ Net-NTLM credential hashes b…
A well-known advanced persistent threat group called SideWinder has launched a highly targeted phishing campaign against South Asian government organizations, using a fake Chrome PDF viewer and a pixe…
Meta Bug Bounty and PortSwigger have formed a partnership to help security researchers sharpen their skills, collaborate more closely, and improve vulnerability discovery. The initiative combines Meta…
For $4,000 and a cut of the take, a lone criminal can now run a fully automated voice-phishing operation via ATHR, a plaform that spoofs emails alerts from Google, Microsoft, and Coinbase, buries a ph…
Cloud deployment and hosting platform Vercel has suffered a security breach that resulted in attackers accessing some of its internal systems and compromising Vercel credentials of a “limited subset o…
Application Security Engineer (DevSecOps / Azure DevOps) BEWAHARVEST | Philippines | Hybrid – No longer accepting applications As an Application Security Engineer (DevSecOps / Azure DevOps), you will …
Organizations in healthcare, finance, and other sensitive industries want to use large AI models without exposing private data to the cloud servers running those models. A cryptographic technique call…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco C…
ESET foresees stronger growth in APAC in 2026 CRN Asia
A critical flaw in Anthropic’s Model Context Protocol (MCP) exposes over 150 million downloads to potential compromise. The vulnerability could enable full system takeover across up to 200,000 servers…
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning about severe vulnerabilities in Gardyn Home Kit smart garden systems. Carrying a maximum severity score of 9.3…
A British man has pleaded guilty in the United States to his role in a large cybercrime scheme that used SMS phishing, company network intrusions, and SIM swapping to steal at least $1 million in virt…
Cybersecurity researchers, working in partnership with OpenAI, have uncovered a fascinating and severe vulnerability in iTerm2, a widely used macOS terminal emulator. According to Califio, the flaw ab…
New Rules Will Jolt Maritime Cybersecurity Market Amid Geopolitical Anxiety A Coast Guard rule imposing standards on operational technology systems in ports and larger U.S.-flagged commercial vessels …
Complaints Allege Tempus AI Lacked Consent to Use, Share Data With Pharma Cos. A healthcare artificial intelligence firm that sells genetic information from an acquired database holding the results of…
KPMG Survey Finds Organizations Must Transform Ops to Scale AI A new KPMG survey shows that while most enterprises have an AI strategy, only a small fraction are seeing real ROI. Enterprises getting i…
Security researchers have uncovered a highly sophisticated attack campaign that weaponizes a legitimate, digitally signed Intel utility to secretly deploy malware, all without touching a single line o…
A newly identified malware campaign is raising serious concerns across the cybersecurity community by delivering two very different threats at the same time. Attackers are now using a single, obfuscat…
Stolen OAuth tokens, which are at the root of these breaches, "are the new attack surface, the new lateral movement," a researcher noted.
A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, has been discovered following an investigation into a Gentlemen ransomware attack carried out by a gang affi…
A set of 26 malicious apps on Apple App Store impersonate popular wallets, such as Metamask, Coinbase, Trust Wallet, and OneKey, to steal recovery or seed phrases and drain them of cryptocurrency asse…
State-sponsored North Korean hackers are likely behind the $290 million crypto-heist that impacted the KelpDAO DeFi project on Saturday. [...]
Outsiders Could Exploit Misconfig to Stream Commands, Credentials A misconfiguration in Microsoft's Azure SRE Agent may have allowed any Azure account holder from any company to tap into another organ…