cyberintel.kalymoon.com · 4860 articles · updated every 4 hours · grows forever
OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a recent supply chain attack. [...]
The FBI Atlanta Field Office and Indonesian authorities have dismantled the "W3LL" global phishing platform, seizing infrastructure and arresting the alleged developer in what is described as the firs…
A critical vulnerability in the wolfSSL SSL/TLS library can weaken security via improper verification of the hash algorithm or its size when checking Elliptic Curve Digital Signature Algorithm (ECDSA)…
Less Talk, More Security: Cyber Lessons Learned from Munich Center for European Policy Analysis (CEPA)
The cybersecurity industry is obsessing over Anthropic’s new model, Claude Mythos Preview, and its effects on cybersecurity. Anthropic said that it is not releasing it to the general public because of…
American Corporations Upping Spend on AI and Technology Cybersecurity now ranks among the most significant business risks shaping corporate strategy, even as many companies acknowledge they lack the c…
A dangerous Python-based backdoor called VIPERTUNNEL has been quietly making its way into enterprise networks, hiding inside a fake DLL file and using multiple layers of code obfuscation to stay undet…
An Iran-backed cyber threat group called CyberAv3ngers has grown from a noise-making hacktivist outfit into a serious threat targeting critical infrastructure across the United States. The group, form…
The Apache Software Foundation has released emergency security updates to address multiple vulnerabilities in Apache Tomcat. The latest advisories highlight a critical patching error that inadvertentl…
Cybercriminals are increasingly turning to tools that already live inside Windows to carry out attacks — and MSBuild.exe has become one of their favorites. This Microsoft-signed build utility, trusted…
The cybersecurity community is on high alert after the disclosure of a critical security flaw in Axios, a widely used promise-based HTTP client for Node.js and browsers. Security researcher Jason Saay…
A critical vulnerability was disclosed in Marimo, an open-source reactive Python notebook platform. Less than 10 hours later, attackers successfully weaponized the flaw to steal sensitive cloud creden…
Web server administrators must prioritize updating their infrastructure, as Nginx 1.29.8 and the parallel FreeNginx project have officially released critical updates. Released on April 7, 2026, these …
Proving the ROI the company gets from SOC operations is a persistent challenge for SOC leaders and CISOs. Financial leadership may view investing money into security as something that doesn’t drive va…
Mozilla has publicly criticized Microsoft for deploying its AI assistant, Copilot, onto Windows systems without user consent, a practice the Firefox maker describes as prioritizing corporate revenue o…
Cybercriminals are now weaponizing the very tools that developers and IT teams trust the most. By abusing the automated notification features built into GitHub and Jira, threat actors are delivering c…
The W3LL phishing kit has been associated with fraud attempts totaling $20m
Security researchers warn of Mirax, an emerging Android banking trojan using MaaS, remote access and residential proxies to target European users
Attackers are abusing Microsoft 365 mailbox rules to hide activity, exfiltrate data and retain access after account compromise, researchers warn
A critical pre-authentication remote code execution vulnerability in Marimo, an open-source Python notebook platform owned by AI cloud company CoreWeave, was exploited in the wild less than 10 hours a…
Financial fraud losses in the United States reached $16.6 billion in 2024, up from $4.2 billion in 2020. Behind those numbers is a structural problem: the teams responsible for stopping fraud, fraud i…
ZeroID is an open-source identity platform that implements an identity and credentialing layer specifically for autonomous agents and multi-agent systems. The attribution problem The core issue ZeroID…
In this Help Net Security interview, Art Manion, Deputy Director at Tharros, examines why vulnerability data across repositories stays inconsistent and hard to trust. The problem starts with systems n…
On April 7 and 8, Dutch police arrested eight suspects in a nationwide operation targeting users of the VerifTools platform as part of an identity fraud investigation. The suspects, all men aged 20 to…