Threat actors are actively exploiting a critical chained vulnerability in LiteLLM, a popular open-source AI gateway proxy, allowing unauthenticated remote code execution (RCE) on vulnerable deployment…
cyberintel.kalymoon.com · 8155 articles · updated every 4 hours · grows forever
Threat actors are actively exploiting a critical chained vulnerability in LiteLLM, a popular open-source AI gateway proxy, allowing unauthenticated remote code execution (RCE) on vulnerable deployment…
Microsoft has expanded Microsoft Defender’s capabilities to monitor, detect, and disrupt attacks that abuse Remote Procedure Call (RPC), a core Windows protocol long exploited by threat actors for lat…
A newly evolved strain of Android malware known as NFCShare is being spread through fake versions of legitimate banking apps, putting mobile users across Europe at serious risk. The malware is designe…
A new and dangerous threat has emerged in the gaming world, one that turns a beloved pastime into a gateway for cybercrime. Weedhack, a Minecraft-focused Malware-as-a-Service (MaaS) operation, has bee…
Google has released an emergency security update for Chrome, patching a critical zero-day vulnerability actively exploited in the wild. The Stable channel has been updated to version 149.0.7827.102/.1…
A $12 domain, 72 hours of patience, and your finance team’s credentials — why authentication tells you who sent the email, never where the link goes, and how detection at the click closes the gap your…
Fortinet has disclosed a critical security vulnerability in its FortiSandbox product line that could allow unauthenticated remote attackers to execute arbitrary OS commands through the web interface. …
Security operations center (SOC) automation has become one of the biggest trends in cybersecurity. Organizations are investing heavily in AI, orchestration, and automated response technologies in purs…
Meta’s WhatsApp demands contempt ruling after users report NSO Group-linked phishing
Speaking at Infosecurity Europe, Ashish Shrestha, former CISO at Jaguar Land Rover revealed why he wanted over 30,000 employees to change their passwords in the immediate aftermath of the incident
Check Point says a critical vulnerability in its Remote Access VPN and Mobile Access solutions has been exploited by Qilin
The flaw, CVE-2026-11645, can allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page
Critical phpBB authentication bypass lets attackers hijack any account with one request
Most dev teams use AI coding assistants but only 30% have full governance in place
Checkmarx report warns that business pressure is among the reason security leaders let security compliance slip
Researchers from the University of Toronto developed a computer worm prototype powered by an AI agent that successfully self-replicated to different systems within a simulated computer network. The wo…
Cybercriminals are increasingly reshaping familiar social-engineering campaigns around the way employees use AI, with separate advisories from Microsoft and Google documenting how attackers are adapti…
Check Point has issued emergency hotfixes for a pair of vulnerabilities affecting VPN deployments that still use the deprecated Internet Key Exchange version 1 (IKEv1) protocol, warning that one of th…
Mythos Preview can develop working exploits from newly disclosed software vulnerabilities in hours, cutting down a process that has historically taken days or weeks, according to Anthropic. Anthropic’…
Apple has previewed a set of new child safety features coming to iPhone, iPad, and the Mac later this year, expanding parental controls with tools that help families manage app access, web browsing, c…
Apple’s next generation of Apple Intelligence, the company’s personal intelligence system, expands its capabilities and introduces new security features in Passwords. Automatically Fix Passwords (Sour…
Google has fixed 74 vulnerabilities in Chrome, including a high-severity zero-day (CVE-2026-11645) that has been exploited in the wild. “Google is aware that an exploit for CVE-2026-11645 exists in th…
A command injection vulnerability (CVE-2026-42271) in BerryAI’s LiteLLM open-source AI gateway is being exploited by attackers, the US Cybersecurity and Infrastructure Security Agency (CISA) confirmed…
Rockwell Automation has announced the launch of three enhanced offerings within the SecureOT solution suite: OT Cybersecurity Assessment Suite, SecureOT Platform Managed Services and Managed Secure Re…