CyberAlerts

CVE-2025-1907

Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Instantel Equipment: Micromate Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the device's configuration port and execute commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Micromate are affected: Micromate: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306 Instantel Micromate lacks authentication on a configuration port which could allow an attacker to execute commands if connected. CVE-2025-1907 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2025-1907. A base score of 9.3 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Canada 3.4 RESEARCHER Souvik Kandar of MicroSec (microsec.io) reported this vulnerability to CISA. 4. MITIGATIONS Instantel is actively working on a firmware update to address this vulnerability. In the meantime, Micromate users are advised to implement the following workaround measures: Establish ...

EPSS Score: 0.14%

Source: All CISA Advisories

May 29th, 2025 (18 days ago)

CVE-2025-41438

Consilium Safety CS5000 Fire Panel

Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Consilium Safety Equipment: CS5000 Fire Panel Vulnerabilities: Initialization of a Resource with an Insecure Default, Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain high-level access to and remotely operate the device, potentially putting it into a non-functional state. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Consilium Safety product is affected: CS5000 Fire Panel: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 INITIALIZATION OF A RESOURCE WITH AN INSECURE DEFAULT CWE-1188 The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is possible to change this by SSHing into the device, it has remained unchanged on every installed system observed. This account is not root but holds high-level permissions that could severely impact the device's operation if exploited. CVE-2025-41438 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2025-41438. A base score of 9.3 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.2.2 USE OF HARD-CODED CREDENTIALS CWE-798 The CS5000 Fire Panel is vulnerable due to a hard-coded password that...

EPSS Score: 0.06%

Source: All CISA Advisories

May 29th, 2025 (18 days ago)

Apple Safari Users Vulnerable to Stealthy Browser Attacks

Description: Safari’s inadequate fullscreen mode indicators can be exploited in advanced Browser-in-the-Middle (BitM) attacks, allowing threat actors to steal user credentials without raising suspicion. While not a technical vulnerability, this design oversight enables attackers to combine legitimate web functionalities with social engineering to create highly convincing phishing setups. The discovery comes from SquareX’s “Year of Browser … The post Apple Safari Users Vulnerable to Stealthy Browser Attacks appeared first on CyberInsider.

Source: CyberInsider

May 29th, 2025 (18 days ago)

8,000+ Asus routers popped in 'advanced' mystery botnet plot

Source: TheRegister

May 29th, 2025 (18 days ago)

🏴‍☠️ Akira has just published a new victim : AGME Automated assembly solutions

Description: AGME Automated Assembly Solutions design and manufacture special purpose machines that best meet the automatic assembly needs of d ifferent industries. We are going to upload about 10 GB of corporate data. Lot of empl oyee personal information (DOB, passport id, addresses, phones, e mails, and so on), projects info, financial data, client data, co ntracts and agreements, confidential documents, NDAs, etc.

Source: Ransomware.live

May 29th, 2025 (18 days ago)

🏴‍☠️ Crypto24 has just published a new victim : Choice AG

Description: [AI generated] "Choice AG" is a Switzerland-based company that specializes in providing solutions for investment and risk management. It offers software as well as asset management services that cater towards institutional and private investors alike. Their solutions are geared to help clients manage risk while optimizing investment returns. Services range from portfolio management to risk analysis, covering various types of assets from bonds to real estate.

Source: Ransomware.live

May 29th, 2025 (18 days ago)

Apple Safari exposes users to fullscreen browser-in-the-middle attacks

Description: A weakness in Apple's Safari web browser allows threat actors to leverage the fullscreen browser-in-the-middle (BitM) technique to steal account credentials from unsuspecting users. [...]

Source: BleepingComputer

May 29th, 2025 (18 days ago)

Alleged sale of senior citizen data from Germany and Denmark

Description: Alleged sale of senior citizen data from Germany and Denmark

Source: DarkWebInformer

May 29th, 2025 (18 days ago)

US sanctions firm linked to cyber scams behind $200 million in losses

Description: The U.S. Treasury Department has sanctioned Funnull Technology, a Philippines-based company that supports hundreds of thousands of malicious websites behind cyber scams linked to over $200 million in losses for Americans. [...]

Source: BleepingComputer

May 29th, 2025 (18 days ago)

CVE-2025-5334

Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an...

Description: Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to private personal information. Under specific circumstances, entries may be unintentionally moved from user vaults to shared vaults when edited by their owners, making them accessible to other users. This issue affects the following versions : * Remote Desktop Manager Windows 2025.1.34.0 and earlier

EPSS Score: 0.05%

Source: CVE

May 29th, 2025 (18 days ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-1907	Instantel Micromate Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Instantel Equipment: Micromate Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the device's configuration port and execute commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Micromate are affected: Micromate: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306 Instantel Micromate lacks authentication on a configuration port which could allow an attacker to execute commands if connected. CVE-2025-1907 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2025-1907. A base score of 9.3 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Canada 3.4 RESEARCHER Souvik Kandar of MicroSec (microsec.io) reported this vulnerability to CISA. 4. MITIGATIONS Instantel is actively working on a firmware update to address this vulnerability. In the meantime, Micromate users are advised to implement the following workaround measures: Establish ... EPSS Score: 0.14% Source: All CISA Advisories May 29th, 2025 (18 days ago)
CVE-2025-41438	Consilium Safety CS5000 Fire Panel Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Consilium Safety Equipment: CS5000 Fire Panel Vulnerabilities: Initialization of a Resource with an Insecure Default, Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain high-level access to and remotely operate the device, potentially putting it into a non-functional state. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Consilium Safety product is affected: CS5000 Fire Panel: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 INITIALIZATION OF A RESOURCE WITH AN INSECURE DEFAULT CWE-1188 The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is possible to change this by SSHing into the device, it has remained unchanged on every installed system observed. This account is not root but holds high-level permissions that could severely impact the device's operation if exploited. CVE-2025-41438 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2025-41438. A base score of 9.3 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.2.2 USE OF HARD-CODED CREDENTIALS CWE-798 The CS5000 Fire Panel is vulnerable due to a hard-coded password that... EPSS Score: 0.06% Source: All CISA Advisories May 29th, 2025 (18 days ago)
	Apple Safari Users Vulnerable to Stealthy Browser Attacks Description: Safari’s inadequate fullscreen mode indicators can be exploited in advanced Browser-in-the-Middle (BitM) attacks, allowing threat actors to steal user credentials without raising suspicion. While not a technical vulnerability, this design oversight enables attackers to combine legitimate web functionalities with social engineering to create highly convincing phishing setups. The discovery comes from SquareX’s “Year of Browser … The post Apple Safari Users Vulnerable to Stealthy Browser Attacks appeared first on CyberInsider. Source: CyberInsider May 29th, 2025 (18 days ago)
	8,000+ Asus routers popped in 'advanced' mystery botnet plot Source: TheRegister May 29th, 2025 (18 days ago)
	🏴‍☠️ Akira has just published a new victim : AGME Automated assembly solutions Description: AGME Automated Assembly Solutions design and manufacture special purpose machines that best meet the automatic assembly needs of d ifferent industries. We are going to upload about 10 GB of corporate data. Lot of empl oyee personal information (DOB, passport id, addresses, phones, e mails, and so on), projects info, financial data, client data, co ntracts and agreements, confidential documents, NDAs, etc. Source: Ransomware.live May 29th, 2025 (18 days ago)
	🏴‍☠️ Crypto24 has just published a new victim : Choice AG Description: [AI generated] "Choice AG" is a Switzerland-based company that specializes in providing solutions for investment and risk management. It offers software as well as asset management services that cater towards institutional and private investors alike. Their solutions are geared to help clients manage risk while optimizing investment returns. Services range from portfolio management to risk analysis, covering various types of assets from bonds to real estate. Source: Ransomware.live May 29th, 2025 (18 days ago)
	Apple Safari exposes users to fullscreen browser-in-the-middle attacks Description: A weakness in Apple's Safari web browser allows threat actors to leverage the fullscreen browser-in-the-middle (BitM) technique to steal account credentials from unsuspecting users. [...] Source: BleepingComputer May 29th, 2025 (18 days ago)
	Alleged sale of senior citizen data from Germany and Denmark Description: Alleged sale of senior citizen data from Germany and Denmark Source: DarkWebInformer May 29th, 2025 (18 days ago)
	US sanctions firm linked to cyber scams behind $200 million in losses Description: The U.S. Treasury Department has sanctioned Funnull Technology, a Philippines-based company that supports hundreds of thousands of malicious websites behind cyber scams linked to over $200 million in losses for Americans. [...] Source: BleepingComputer May 29th, 2025 (18 days ago)
CVE-2025-5334	Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an... Description: Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to private personal information. Under specific circumstances, entries may be unintentionally moved from user vaults to shared vaults when edited by their owners, making them accessible to other users. This issue affects the following versions : * Remote Desktop Manager Windows 2025.1.34.0 and earlier EPSS Score: 0.05% Source: CVE May 29th, 2025 (18 days ago)