CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

Description: This move comes less than a year after the United States banned Kaspersky products, out of the same fear that the company is under Russian government control.
Source: Dark Reading
February 24th, 2025 (5 months ago)
Description: OpenAI says it blocked several North Korean hacking groups from using its ChatGPT platform to research future targets and find ways to hack into their networks. [...]
Source: BleepingComputer
February 24th, 2025 (5 months ago)
Description: Summary A bypass was found for the security feature trustedOrigins. This works for wild card or absolute URLs trustedOrigins configs and opens the victims website to a Open Redirect vulnerability, where it can be used to steal the reset password token of a victims account by changing the "callbackURL" parameter value to a website owned by the attacker. Details Absolute URLs The issue here appears in the middleware, specifically. This protection is not sufficiente and it allows attackers to get a open redirect, by using the payload /\/example.com. We can check this is a valid URL ( or it will be a valid URL because the URL parser fix it for us ), by checking the image bellow: // trustedOrigins = [ "https://example.com" ] validateURL("https://attacker.com", "callbackURL") // ❌ APIError, No Redirect validateURL("/\/attacker.com", "callbackURL") // ✅ Redirect to http://attacker.com Regex The issue here is because the regex is not strong enough [^/\\]*?\.example\.com[/\\]*? ( this is the regex it will be created if we have a wildcard as config ), but we can bypass by using a payload like: // trustedOrigins = [ "*.example.com" ] ┌──────────────────┐ ┌────────────────┐ ┌─────────────────┐ │ None of [ "/\" ] │ ────▶ │ ".example.com" │ ────▶ │ One of [ "/\" ] │ └──────────────────┘ └────────────────┘ └─────────────────┘ demo .example.com / ✅ Redirect to https://example.com d...
Source: Github Advisory Database (NPM)
February 24th, 2025 (5 months ago)

CVE-2025-26803

Description: The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method. References https://nvd.nist.gov/vuln/detail/CVE-2025-26803 https://github.com/phusion/passenger/commit/bb15591646687064ab2d578d5f9660b2a4168017 https://blog.phusion.nl/2025/02/19/passenger-6-0-26 https://github.com/phusion/passenger/compare/release-6.0.25...release-6.0.26 https://github.com/phusion/passenger/releases/tag/release-6.0.26 https://www.phusionpassenger.com/support https://github.com/advisories/GHSA-2cj2-qqxj-5m3r

EPSS Score: 0.18%

Source: Github Advisory Database (RubyGems)
February 24th, 2025 (5 months ago)
Description: Treasury workers don't know who the person is or why he is sending emails from a "Secretary of the Treasury" email address.
Source: 404 Media
February 24th, 2025 (5 months ago)
Description: Russia's National Coordination Center for Computer Incidents (NKTsKI) is warning organizations in the country's credit and financial sector about a breach at LANIT, a major Russian IT service and software provider. [...]
Source: BleepingComputer
February 24th, 2025 (5 months ago)
Source: TheRegister
February 24th, 2025 (5 months ago)
Description: Confirmation by South Korea's data protection agency that the AI chatbot sent data to TikTok's Chinese parent company has spurred a ban in that nation, and is again is calling into question DeepSeek's safety.
Source: Dark Reading
February 24th, 2025 (5 months ago)
Description: Microsoft has released ad-supported versions of its Office desktop apps, which have limited features but allow Windows users to edit their documents for free. [...]
Source: BleepingComputer
February 24th, 2025 (5 months ago)
Description: Summary The application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoint and any other endpoint that accepts callback url. While the server blocks fully qualified URLs (e.g., https://evil.com), it incorrectly allows scheme-less URLs (e.g., //malicious-site.com). This results in the browser interpreting the URL as https://malicious-site.com, leading to unintended redirection. bypass for : https://github.com/better-auth/better-auth/security/advisories/GHSA-8jhw-6pjj-8723 Affected Versions All versions prior to 1.1.19 Details The application’s email verification endpoint (/auth/verify-email) accepts a callbackURL parameter intended to redirect users after successful email verification. While the server correctly blocks fully qualified external URLs (e.g., https://evil.com), it improperly allows scheme-less URLs (e.g., //malicious-site.com). This issue occurs because browsers interpret //malicious-site.com as https://malicious-site.com, leading to an open redirect vulnerability. An attacker can exploit this flaw by crafting a malicious verification link and tricking users into clicking it. Upon successful email verification, the user will be automatically redirected to the attacker's website, which can be used for phishing, malware distribution, or stealing sensitive authentication tokens. Impact Phishing & Credential Theft – Attackers can redirect users to a fake login page, tricking them into enterin...
Source: Github Advisory Database (NPM)
February 24th, 2025 (5 months ago)