cyberintel.kalymoon.com · 4752 articles · updated every 4 hours · grows forever
Cisco admins are scrambling to patch a critical flash memory overflow vulnerability in over 200 Cisco Systems IOS XE-based models of wireless access points (APs), caused by a recent flawed software up…
Maintainers of Thymeleaf, a widely used template engine for Java web applications, fixed a rare critical vulnerability that allows unauthenticated attackers to execute malicious code on servers. The v…
In embracing device code phishing, attackers trick victims into handing over account access by using a service's legitimate new-device login flow.
Industry and ad hoc coalitions appear poised to help fill the gap created by NIST's decision to cut back on CVE data enrichment.
Q4 2025 PitchBook Analyst Note: AI Propels Next Phase of Cybersecurity Investment PitchBook
Pretty fantastic video from Japan of a giant squid eating another squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderati…
Optimizing Value and Utility Hinges on AI Scaffolding, Says Aisle's Ondrej Vlcek While the world is in "awe" of how Mythos can find vulnerabilities and chain together exploits, the next step is to ide…
Also: NY State Regs Test Resilience vs Compliance, OT Security Nears Breaking Point In this week's panel, four ISMG editors explore the industry's response to Anthropic's Mythos AI breakthrough, wheth…
Point Predictive's Frank McKenna on Detecting Hidden Signals in Synthetic IDs Fraud detection is moving beyond verification toward identity intelligence. Frank McKenna, co-founder and chief fraud stra…
The European Union Is Cutting Ties With US Tech Companies The European Commission made a significant move towards "digital sovereignty" by awarding a 180 million euro - approximately $213 million - cl…
A global wave of email-borne worms hit industrial control systems (ICS) in the fourth quarter of 2025, marking one of the most concerning threat shifts seen across operational technology (OT) environm…
A known security flaw in several end-of-life TP-Link Wi-Fi routers is being actively targeted by hackers trying to install Mirai-based botnet malware on vulnerable devices. The vulnerability, tracked …
A White House official said the administration is engaging with advanced AI labs about their models and the security of software. The post White House Chief of Staff to Meet With Anthropic CEO Over It…
The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and bypass endpoint security. [...]
A new cybercrime platform called ATHR is making it much easier for attackers to run large-scale phone-based phishing operations, also known as vishing. Instead of relying on malicious links or infecte…
Anthropic has launched Claude Opus 4.7, its latest flagship model, combining improved coding and vision capabilities with automated real-time safeguards to detect and block high-risk cybersecurity req…
A Brazilian cybersecurity researcher has exposed a sophisticated, large-scale supply chain scam involving counterfeit Ledger Nano S Plus hardware wallets sold through a Chinese marketplace, devices en…
A critical vulnerability in the marimo Python notebook platform is now being actively used by attackers to deploy a blockchain-powered backdoor on developer systems. The flaw, tracked as CVE-2026-3998…
A North Korean threat actor known as Sapphire Sleet has launched a new campaign against macOS users, using a fake Zoom SDK update to trick victims into running malicious files that steal passwords, cr…
Coordinated action by FBI, Europol and others seizes infrastructure, makes arrests – and sends warning letters to known DDoS service users
AI models are making rapid gains in vulnerability research and exploit development, raising new cybersecurity risks, a Forescout study finds
The US government is preparing to authorize a version of Anthropic’s Claude Mythos model for use by major US federal agencies, amid concerns that the AI model could rapidly spot cybersecurity vulnerab…
For organizations that want to keep company data within their own systems and have more control over how AI is deployed, Mozilla is offering an alternative to externally hosted AI services with Thunde…
Liongard has announced the expansion of LiongardIQ with new capabilities spanning programmatic AI integration, conversational querying, enhanced network discovery, and deeper identity mapping, extendi…