CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
[github.com/clidey/whodb/core] WhoDB allows parameter injection in DB connection URIs leading to local file inclusion
Description: Summary The application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. Details The application uses string concatenation to build database connection URIs which are then passed to corresponding libraries responsible for setting up the database connections. This string concatenation is done unsafely and without escaping or encoding the user input. This allows an user, in many cases, to inject arbitrary parameters into the URI string. These parameters can be potentially dangerous depending on the libraries used. One of these dangerous parameters is allowAllFiles in the library github.com/go-sql-driver/mysql. Should this be set to true, the library enables running the LOAD DATA LOCAL INFILE query on any file on the host machine (in this case, the machine that WhoDB is running on). Source: https://github.com/go-sql-driver/mysql/blob/7403860363ca112af503b4612568c3096fecb466/infile.go#L128 By injecting &allowAllFiles=true into the connection URI and connecting to any MySQL server (such as an attacker-controlled one), the attacker is able to read local files. PoC As this vulnerability does not require sending requests manually and can all be done using the WhoDB UI, screenshots are provided instead of HTTP requests. For this proof-of-concept, a clean instance of WhoDB and MySQL were set up using podman (docker is a suitable alternative): podman network create whodb-poc...
Source: Github Advisory Database (Go)
February 6th, 2025 (5 months ago)
UNDERGROUND-NET Defaced and Leaked the Data of SM Health Care Sdn Bhd
Description: UNDERGROUND-NET Defaced and Leaked the Data of SM Health Care Sdn Bhd
Source: DarkWebInformer
February 6th, 2025 (5 months ago)
[vllm] vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache
Description: Summary Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Details Prefix caching makes use of Python's built-in hash() function. As of Python 3.12, the behavior of hash(None) has changed to be a predictable constant value. This makes it more feasible that someone could try exploit hash collisions. Impact The impact of a collision would be using cache that was generated using different content. Given knowledge of prompts in use and predictable hashing behavior, someone could intentionally populate the cache using a prompt known to collide with another prompt in use. Solution We address this problem by initializing hashes in vllm with a value that is no longer constant and predictable. It will be different each time vllm runs. This restores behavior we got in Python versions prior to 3.12. Using a hashing algorithm that is less prone to collision (like sha256, for example) would be the best way to avoid the possibility of a collision. However, it would have an impact to both performance and memory footprint. Hash collisions may still occur, though they are no longer straight forward to predict. To give an idea of the likelihood of a collision, for randomly generated hash values (assuming the hash generation built into Python is uniformly distributed), with a cache capacity of 50,000 messages and an average prompt length of 300, a collision will occur on avera...
Source: Github Advisory Database (PIP)
February 6th, 2025 (5 months ago)

CVE-2024-57610
[sylius/sylius] Sylius allows unrestricted brute-force attacks on user accounts
Description: A rate limiting issue in Sylius v2.0.2 allows a remote attacker to perform unrestricted brute-force attacks on user accounts, significantly increasing the risk of account compromise and denial of service for legitimate users. References https://nvd.nist.gov/vuln/detail/CVE-2024-57610 https://github.com/Sylius/Sylius https://github.com/nca785/CVE-2024-57610 https://sylius.com https://github.com/advisories/GHSA-2hjh-495w-hmxc

EPSS Score: 0.05%

Source: Github Advisory Database (Composer)
February 6th, 2025 (5 months ago)
Changing the tide: Reflections on threat data from 2024
Description: Thorsten examines last year’s CVE list and compares it to recent Talos Incident Response trends. Plus, get all the details on the new vulnerabilities disclosed by Talos’ Vulnerability Research Team.
Source: Cisco Talos Blog
February 6th, 2025 (5 months ago)
'For Immediate Compliance': FEMA Workers Responding to Wildfires Ordered to Say 'Alien' Instead of 'Immigrant'
Description: "This is the most 1984 email I've ever seen," one worker said.
Source: 404 Media
February 6th, 2025 (5 months ago)
A Threat Actor is Allegedly Selling IDF Bank Accounts
Description: A Threat Actor is Allegedly Selling IDF Bank Accounts
Source: DarkWebInformer
February 6th, 2025 (5 months ago)
Kimsuky hackers use new custom RDP Wrapper for remote access
Description: The North Korean hacking group known as Kimsuky was observed in recent attacks using a custom-built RDP Wrapper and proxy tools to directly access infected machines. [...]
Source: BleepingComputer
February 6th, 2025 (5 months ago)
Dems want answers on national security risks posed by hiring freeze, DOGE
Source: TheRegister
February 6th, 2025 (5 months ago)
A Threat Actor Claims to be Selling the Data of an Unidentified SMS Provider in Iran
Description: A Threat Actor Claims to be Selling the Data of an Unidentified SMS Provider in Iran
Source: DarkWebInformer
February 6th, 2025 (5 months ago)