cyberintel.kalymoon.com · 4789 articles · updated every 4 hours · grows forever
Attackers can abuse the near-maximum severity flaw in nginx-ui to restart, create, modify, and delete NGINX configuration files.
More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them. [...]
A new malware family named 'AgingFly' has been identified in attacks against local governments and hospitals that steal authentication data from Chromium-based browsers and WhatsApp messenger. [...]
A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authentication. [...]
Why CISOs Must Rethink Trust, MFA and Machine Identity Governance AI-driven phishing emails, voice deepfakes and synthetic identities have changed the threat landscape. Attackers now mimic trusted use…
Forescout's Rik Ferguson on AI-Driven Vulnerability Risks and Visibility Gaps Anthropic's Claude Mythos marks a shift in AI-driven vulnerability discovery, but the bigger challenge facing defenders is…
Fraud Expert Ken Palla on Why Detection Controls Still Lag Behind Fraud continues to climb even as banks invest heavily in detection tools and analytics. The gap between technology spending and fraud …
'We've Yet to Find Any Mission That Can Work Without Power or Water' The Air Force is the first, and so far only, American military service to have an office dedicated to OT cybersecurity, blazing a p…
OpenAI’s new frontier model focused on cybersecurity comes following Anthropic’s launch of Claude Mythos Preview and Project Glasswing
Generative AI is moving from experimentation to everyday enterprise use, often faster than governance models were designed to support. As adoption accelerates, organizations are navigating the evolvin…
Tenable unveiled a new OT asset discovery engine that enables security teams to bring risks associated with cyber-physical systems (OT, IoT, and shadow IT) into a unified view of cyber exposure. With …
Bitdefender has launched GravityZone Extended Email Security, unifying email and endpoint protection in one platform. Built for organizations and MSPs, it uses an ICES approach to deliver continuous p…
Broadcom has announced VMware Tanzu Platform agent foundations, introducing a secure-by-default agentic runtime designed to accelerate the delivery of autonomous AI applications. By extending the trus…
Capsule Security has launched from stealth with a $7 million seed round led by Lama Partners and Forgepoint Capital International. It prevents AI agents from being manipulated, misbehaving, or silentl…
In what was Sweden’s first public mention of the attack, the country’s minister for civil defense said it targeted a heating plant in western Sweden. The post Sweden Blames Pro-Russian Group for Cyber…
Regulatory differences, interconnected digital ecosystems, and the rise of AI have created a complex supply chain Asian organizations must wrangle.
Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or …
Microsoft has awarded $2.3 million to security researchers after receiving nearly 700 submissions during this year's Zero Day Quest hacking contest. [...]
A digitally signed adware tool has deployed payloads running with SYSTEM privileges that disabled antivirus protections on thousands of endpoints, some in the educational, utilities, government, and h…
A group of trusted WordPress plugins quietly carried a hidden backdoor for eight full months, and nobody noticed until the damage had already been done. The attack, uncovered in April 2026, did not be…
Cybercriminals are always looking for smarter ways to bypass security, and their latest method is both simple and effective. Instead of building suspicious new websites, attackers now use Google Cloud…
A sophisticated cyber campaign bearing strong operational similarities to the MuddyWater threat group has been caught sweeping more than 12,000 internet-exposed systems across multiple regions before …
Adobe has released a critical security bulletin on April 14, 2026, to address multiple vulnerabilities in Adobe Acrobat and Reader for Windows and macOS. According to the official advisory, successful…
PHP Composer released urgent security updates to address two critical command injection vulnerabilities. PHP Composer is an essential dependency management tool used globally by developers, making any…