CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

Description: For $4.99, you too could buy "SUMMARY OF JOSEPH COX’S DARK WIRE." It's contents might be AI-generated.
Source: 404 Media
February 24th, 2025 (5 months ago)
Description: Protecting identities has become a top priority for security teams. However, many organizations remain exposed due to blind spots caused by identity sprawl and misplaced trust in identity providers. This blog explores why traditional security measures fall short, how AI-driven attackers are escalating identity threats, and why a proactive, identity-first approach is the only way forward.The identity security game has changed—not just because attackers are inventing new exploits, but because we’ve unintentionally made their job easier. Identity sprawl has opened the doors wide, effectively giving attackers their own “golden ticket” —pun intended— to target what is arguably an organization’s most valuable asset: its identities. Remember when an employee only needed one corporate login and a handful of permissions to access the applications and resources they needed to get their job done? Today, every worker, contractor, service account and even every IoT device is entangled in a complex web of permissions spread across multiple identity providers (IDPs), spanning directory services, such as Microsoft’s Active Directory (AD) and Entra ID; cloud services; SaaS apps; and remote access tools. The rise of IoT has further compounded this challenge by introducing machine identities that seamlessly interact across these environments, increasing both operational complexity and security risks.Identity sprawl is now a major challenge for organizations, with 57% of security professional...
Source: Tenable Blog
February 24th, 2025 (5 months ago)
Source: TheRegister
February 24th, 2025 (5 months ago)
Description: The Australian government has officially banned the use of Kaspersky Lab's cybersecurity products and web services across all government systems, citing national security risks. The ban, outlined in PSPF Direction 002-2025, requires all non-corporate Commonwealth entities to remove existing Kaspersky software and prevent future installations by April 1, 2025. The directive was issued by Stephanie … The post Australia Bans Kaspersky Over National Security Concerns appeared first on CyberInsider.
Source: CyberInsider
February 24th, 2025 (5 months ago)
Description: Google Cloud has announced quantum-safe digital signatures in Google Cloud Key Management Service (Cloud KMS) for software-based keys as a way to bulletproof encryption systems against the threat posed by cryptographically-relevant quantum computers. The feature, currently in preview, coexists with the National Institute of Standards and Technology's (NIST) post-quantum cryptography (PQC)
Source: TheHackerNews
February 24th, 2025 (5 months ago)
Description: Ransomware doesn’t hit all at once—it slowly floods your defenses in stages. Like a ship subsumed with water, the attack starts quietly, below the surface, with subtle warning signs that are easy to miss. By the time encryption starts, it’s too late to stop the flood.  Each stage of a ransomware attack offers a small window to detect and stop the threat before it’s too late. The problem is
Source: TheHackerNews
February 24th, 2025 (5 months ago)
Description: Australia has become the latest country to ban the installation of security software from Russian company Kaspersky, citing national security concerns. "After considering threat and risk analysis, I have determined that the use of Kaspersky Lab, Inc. products and web services by Australian Government entities poses an unacceptable security risk to Australian Government, networks and data,
Source: TheHackerNews
February 24th, 2025 (5 months ago)
Description: The cryptocurrency industry has been rocked by the largest digital asset theft in history, as hackers stole approximately $1.5 billion from Bybit, a Dubai-based crypto exchange. Initial investigations suggest the attackers manipulated a multisig cold wallet by deceiving signers through a compromised user interface (UI), marking a significant evolution in attack tactics. Cybersecurity firms, including … The post Record $1.5 billion Bybit hack undermines trust in crypto security appeared first on CyberInsider.
Source: CyberInsider
February 24th, 2025 (5 months ago)

CVE-2025-0690

Description: The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make this variable to overflow leading to a out-of-bounds write in the heap based buffer. This flaw may be leveraged to corrupt grub's internal critical data and secure boot bypass is not discarded as consequence.

EPSS Score: 0.07%

Source: CVE
February 24th, 2025 (5 months ago)
Description: Nessus Plugin ID 216674 with Info Severity Synopsis Dell SupportAssist OS Recovery is installed on the remote Windows host. Description Dell SupportAssist OS Recovery is installed on the remote Windows host. Solution null Read more at https://www.tenable.com/plugins/nessus/216674
Source: Tenable Plugins
February 24th, 2025 (5 months ago)