cyberintel.kalymoon.com · 1246 articles · updated every 4 hours · grows forever
Compromised @antv npm packages deploy the Mini Shai-Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and targets credentials acros…
The AI systems shipping inside enterprises today are fundamentally different from the ones we were building even two years ago, because they have moved well past answering questions and into accessing…
Unit 42 analyzes TamperedChef malware clusters that use trojanized productivity apps and malvertising to deliver stealthy payloads to targets. The post Tracking TamperedChef Clusters via Certificate a…
Anthropic Eases Secrecy Rules Around Mythos AI Cybersecurity Program, Allowing Partners to Share Threat Intelligence Tekedia
Disrupting the first reported AI-orchestrated cyber espionage campaign Anthropic
Why Threat Intelligence Is the Missing Link in CTEM Prioritization and Validation The Hacker News
Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other cybercriminals, including Vanilla Tempest and Storm groups, to more effectively distr…
Frontier AI models like Mythos are making vulnerability discovery fast and cheap. Here's how defenders use threat intelligence and agentic processing to prioritize and act at the same speed.
EURAZEO INVESTS IN NEXTRON SYSTEMS, A GERMAN CYBERSECURITY COMPANY SPECIALISED IN THREAT INTELLIGENCE AND CYBER FORENSICS marketscreener.com
Companies often operate in dark with little applied threat intelligence Cybersecurity Dive
Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft without using malware. This incident shows how threat actors can exploit truste…
Since the last update, the TeamPCP supply chain campaign produced its loudest stretch since the March Trivy disclosure: an officially confirmed Checkmarx Jenkins plugin compromise and a new self-sprea…
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovC…
See how built-in security helps keep your growing business running, protect customer trust, and support growth. The post How to better protect your growing business in an AI-powered world appeared fir…
For the latest discoveries in cyber research for the week of 18th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Vodafone, a major international telecom, has sustained…
Google probes exploitation of critical Windows service CVE Cybersecurity Dive
Top Threat Intelligence Tools You Need To Know About EC-Council
Microsoft summons weather events to name threat actors Cybersecurity Dive
5 Techniques for Collecting Cyber Threat Intelligence The Hacker News
Threat Intel: CISOs Have It, But Can’t Use It — Trellix Reveals Why MSSP Alert
NSA and Others Provide Guidance to Counter China State-Sponsored Actors Targeting Critical National Security Agency (NSA) (.gov)