A backdoor sat on PyPI for three hours in March 2026. Nearly 47,000 downloads occurred during the window. The compromised package, LiteLLM, serves as the language-model gateway for CrewAI, DSPy, Micro…
cyberintel.kalymoon.com · 8149 articles · updated every 4 hours · grows forever
A backdoor sat on PyPI for three hours in March 2026. Nearly 47,000 downloads occurred during the window. The compromised package, LiteLLM, serves as the language-model gateway for CrewAI, DSPy, Micro…
Companies that store personal data in cloud key-value databases should handle deletion requests by running the operation and confirming the job is complete. The people making those requests and the re…
Companies keep most of their data and applications in cloud platforms that anyone can reach with the right login. That setup turns each employee holding those credentials into a security variable, and…
The company warned about zero-day attacks exploiting the Exchange Server vulnerability CVE-2026-42897 on May 14. The post Microsoft Patches Exploited Exchange Server Vulnerability appeared first on Se…
GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat …
Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gateways. [...]
The University of Nottingham confirmed on Wednesday that a hacking group gained access to its student records system in a breach affecting both current students and alums. [...]
Deloitte Recognises Beyon Cyber as Region’s Fastest-Growing Cybersecurity Company for Fourth Year Running TechAfrica News
Anthropic launched Claude Fable 5 on June 9, 2026, as the first publicly available model in its new Mythos class, its most capable AI to date, excelling in software engineering, knowledge work, and vi…
The ability for attackers to leverage automatic install script execution in npm will finally come to an end when expected changes arrive from GitHub in July. Coders will still be able to enable the fu…
North Korea's gross domestic product (GDP) has grown, in part because of the cybercrime gains of groups linked to the nation, which target business and financial firms.
Five things to watch in cybersecurity for 2026 Federal News Network
PhilSec 2026: Uniting the Nation's Cybersecurity Leaders Asia Business Outlook
SEALSQ to Join High-Level Roundtable on Quantum Migration GlobeNewswire
ISC2 Survey Says AI Skills Top Training Agendas, But Teams Need to Act Quickly AI now tops cybersecurity training priorities for 47% of security leaders, as critical cyber skills gaps are growing, acc…
Evaluations of Claude Mythos 5 Elevates Offensive Cyber, But Isn't Fully Autonomous Anthropic says its new Claude Mythos 5 model that debuted Tuesday can consistently discover vulnerabilities, build e…
Researchers at the University of Toronto have built a worm that thinks for itself. Using free off-the-shelf AI models it works out how to break into each new computer it encounters, and hijacks the po…
IT software provider Ivanti fixed two vulnerabilities in Ivanti Sentry, a secure mobile gateway appliance formerly called MobileIron Sentry. The flaws could allow unauthenticated remote attackers to g…
Security teams’ patching practices have come under intense pressure over the past year, as active exploitation is up, time-to-exploit windows are accelerating, and vulnerabilities have become attacker…
As companies adopt AI, many insurance firms are explicitly excluding AI risks, while others are forging ahead to create the right framework. What risks can firms reasonably manage?
Bug bounty research inadvertently led organizations to believe they were being breached through their ServiceNow instances.
The new directive gives federal agencies three days to fix the most dangerous flaws, while less severe issues can be deferred.
The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. [...]
Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform Langflow, to write arbitrary files on exposed servers. [...]