CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

Description: William discusses what happens when security is an afterthought rather than baked into processes and highlights the latest of Talos' security research.
Source: Cisco Talos Blog
February 20th, 2025 (5 months ago)
Description: Health Net Federal Services (HNFS) and its parent company, Centene Corporation, have agreed to pay $11,253,400 to settle allegations that HNFS falsely certified compliance with cybersecurity requirements under its Defense Health Agency (DHA) TRICARE contract. [...]
Source: BleepingComputer
February 20th, 2025 (5 months ago)
Description: New Horizons Baking Company Has Fallen Victim to Cactus Ransomware
Source: DarkWebInformer
February 20th, 2025 (5 months ago)
Description: Dark Storm Team Targeted the Website of Bank of Central African States (BEAC)
Source: DarkWebInformer
February 20th, 2025 (5 months ago)
Description: The company, which owns IGN, CNET, PCMag, and dozens more outlets and properties, took down specific information about its diversity commitment on multiple pages on its website over the past several weeks. 
Source: 404 Media
February 20th, 2025 (5 months ago)
Description: The new Cloud Key Management Service is part of Google’s new roadmap for implementing the new NIST-based post-quantum cryptography (PQC) standards.
Source: Dark Reading
February 20th, 2025 (5 months ago)
Source: TheRegister
February 20th, 2025 (5 months ago)
Description: The Chinese state-sponsored Salt Typhoon hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers. [...]
Source: BleepingComputer
February 20th, 2025 (5 months ago)

CVE-2025-0352

Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rapid Response Monitoring Equipment: My Security Account App Vulnerability: Authorization Bypass Through User-Controlled Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attacker to access sensitive information of other users. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rapid Response Monitoring products are affected: My Security Account App API: Versions prior to 7/29/24 3.2 VULNERABILITY OVERVIEW 3.2.1 Authorization Bypass Through User-Controlled Key CWE-639 Rapid Response Monitoring My Security Account App utilizes an API that could be exploited by an attacker to modify request data, potentially causing the API to return information about other users. CVE-2025-0352 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). A CVSS v4 score has also been calculated for CVE-2025-0352. A base score of 8.7 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Emergency Services COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: United States 3.4 RESEARCHER kbots reported this vulnerability to CISA. 4. MITIGATIONS Rapid Response Monitoring reports that this issue was patched on their end and no action is required ...

EPSS Score: 0.04%

Source: All CISA Advisories
February 20th, 2025 (5 months ago)