Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
🏴‍☠️ Safepay has just published a new victim : sfhumanesociety.org
Description: [AI generated] Founded in 1868, sfhumanesociety.org is associated with the San Francisco Society for the Prevention of Cruelty to Animals (SFSPCA). As one of the world's pioneer animal welfare organizations, its mission is to save and protect animals, provide care and treatment, advocate for their welfare, and enhance the human-animal bond. It offers services including animal adoption, veterinary care, and community education.
Source: Ransomware.live
May 30th, 2025 (3 days ago)
New Malware “Numero” Masquerading as AI Tool Wrecks Windows Systems
Description: Cisco Talos has uncovered a destructive malware dubbed Numero, a Windows-targeting threat that disguises itself as a legitimate AI video tool installer but ultimately renders victims’ systems unusable. Alongside Numero, Talos also discovered two ransomware families, CyberLock and Lucky_Gh0$t, spreading under the guise of AI software, all part of a rising wave of cyberattacks exploiting … The post New Malware “Numero” Masquerading as AI Tool Wrecks Windows Systems appeared first on CyberInsider.
Source: CyberInsider
May 30th, 2025 (3 days ago)
Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools
Description: Fake installers for popular artificial intelligence (AI) tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the CyberLock and Lucky_Gh0$t ransomware families, and a new malware dubbed Numero. "CyberLock ransomware, developed using PowerShell, primarily focuses on encrypting specific files on the victim's system," Cisco Talos researcher Chetan
Source: TheHackerNews
May 29th, 2025 (4 days ago)
Cybercriminals camouflaging threats as AI tool installers
Description: Cisco Talos has uncovered new threats, including ransomware like CyberLock and Lucky_Gh0$t, and a destructive malware called Numero, all disguised as legitimate AI tool installers to target victims.
Source: Cisco Talos Blog
May 29th, 2025 (4 days ago)
Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor
Description: Over 9,000 ASUS routers are compromised by a novel botnet dubbed "AyySSHush" that was also observed targeting SOHO routers from Cisco, D-Link, and Linksys. [...]
Source: BleepingComputer
May 28th, 2025 (5 days ago)

CVE-2025-20152
Cisco Identity Services Engine RADIUS Denial of Service Vulnerability
Description: A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain RADIUS requests. An attacker could exploit this vulnerability by sending a specific authentication request to a network access device (NAD) that uses Cisco ISE for authentication, authorization, and accounting (AAA). A successful exploit could allow the attacker to cause Cisco ISE to reload. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-restart-ss-uf986G2Q Security Impact Rating: High CVE: CVE-2025-20152

EPSS Score: 0.11%

Source: Cisco Security Advisory
May 21st, 2025 (12 days ago)

CVE-2025-20267
Cisco Identity Services Stored Cross-Site Scripting Vulnerability
Description: A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-stored-xss-Yff54m73 Security Impact Rating: Medium CVE: CVE-2025-20267

EPSS Score: 0.04%

Source: Cisco Security Advisory
May 21st, 2025 (12 days ago)

CVE-2025-20257
Cisco Secure Network Analytics Manager API Authorization Vulnerability
Description: A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with low privileges to generate fraudulent findings that are used to generate alarms and alerts on an affected product. Thi vulnerability is due to insufficient authorization enforcement on a specific API. An attacker could exploit this vulnerability by authenticating as a low-privileged user and performing API calls with crafted input. A successful exploit could allow the attacker to obfuscate legitimate findings in analytics reports or create false indications with alarms and alerts on an affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-apiacv-4B6X5ysw Security Impact Rating: Medium CVE: CVE-2025-20257

EPSS Score: 0.04%

Source: Cisco Security Advisory
May 21st, 2025 (12 days ago)

CVE-2025-20255
Cisco Webex Meetings Services HTTP Cache Poisoning Vulnerability
Description: A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated, remote attacker to manipulate cached HTTP responses within the meeting join service. This vulnerability is due to improper handling of malicious HTTP requests to the affected service. An attacker could exploit this vulnerability by manipulating stored HTTP responses within the service, also known as HTTP cache poisoning. A successful exploit could allow the attacker to cause the Webex Meetings service to return incorrect HTTP responses to clients. Cisco has addressed this vulnerability in the service, and no customer action is necessary to update on-premises software or devices. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cache-Q4xbkQBG Security Impact Rating: Medium CVE: CVE-2025-20255

EPSS Score: 0.02%

Source: Cisco Security Advisory
May 21st, 2025 (12 days ago)
Duping Cloud Functions: An emerging serverless attack vector
Description: Cisco Talos built on Tenable’s discovery of a Google Cloud Platform vulnerability to uncover how attackers could exploit similar techniques across AWS and Azure.
Source: Cisco Talos Blog
May 20th, 2025 (13 days ago)