CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: NordVPN has announced NordWhisper, a newly developed VPN protocol designed to help users bypass network restrictions while maintaining strong encryption and security standards. The protocol, which mimics regular web traffic, is aimed at ensuring reliable internet access in restrictive environments where traditional VPN connections are often blocked. The NordWhisper protocol was created in response to …
The post NordVPN Introduces New Protocol ‘NordWhisper’ to Bypass Blocks appeared first on CyberInsider.
January 29th, 2025 (5 months ago)
|
|
|
Description: Ransomware attacks have reached an unprecedented scale in the healthcare sector, exposing vulnerabilities that put millions at risk. Recently, UnitedHealth revealed that 190 million Americans had their personal and healthcare data stolen during the Change Healthcare ransomware attack, a figure that nearly doubles the previously disclosed total.
This breach shows just how deeply ransomware
January 29th, 2025 (5 months ago)
|
|
|
Description: Rapid advancements in artificial intelligence (AI) are unlocking new possibilities for the way we work and accelerating innovation in science, technology, and beyond. In cybersecurity, AI is poised to transform digital defense, empowering defenders and enhancing our collective security. Large language models (LLMs) open new possibilities for defenders, from sifting through complex telemetry to secure coding, vulnerability discovery, and streamlining operations. However, some of these same AI capabilities are also available to attackers, leading to understandable anxieties about the potential for AI to be misused for malicious purposes.
Much of the current discourse around cyber threat actors' misuse of AI is confined to theoretical research. While these studies demonstrate the potential for malicious exploitation of AI, they don't necessarily reflect the reality of how AI is currently being used by threat actors in the wild. To bridge this gap, we are sharing a comprehensive analysis of how threat actors interacted with Google's AI-powered assistant, Gemini. Our analysis was grounded by the expertise of Google's Threat Intelligence Group (GTIG), which combines decades of experience tracking threat actors on the front lines and protecting Google, our users, and our customers from government-backed attackers, targeted 0-day exploits, coordinated information operations (IO), and serious cyber crime networks.
We believe the private sector, governments, educational institution...
January 29th, 2025 (5 months ago)
|
CVE-2025-22917 |
Description: A reflected cross-site scripting (XSS) vulnerability in Audemium ERP <=0.9.0 allows remote attackers to execute an arbitrary JavaScript payload in the web browser of a user by including a malicious payload into the 'type' parameter of list.php.
EPSS Score: 0.04%
January 29th, 2025 (5 months ago)
|
|
CVE-2025-22865 |
Description: Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed.
EPSS Score: 0.05%
January 29th, 2025 (5 months ago)
|
|
CVE-2025-0754 |
Description: The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sanitization can allow attackers to inject malicious payloads into service mesh logs, leading to log injection and spoofing attacks. Such injections can mislead logging mechanisms, enabling attackers to manipulate log entries or execute reflected cross-site scripting (XSS) attacks.
EPSS Score: 0.05%
January 29th, 2025 (5 months ago)
|
|
CVE-2025-0752 |
Description: A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy.
EPSS Score: 0.04%
January 29th, 2025 (5 months ago)
|
|
CVE-2025-0750 |
Description: A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmounting critical system directories.
EPSS Score: 0.05%
January 29th, 2025 (5 months ago)
|
|
CVE-2025-0736 |
Description: A flaw was found in Infinispan, when using JGroups with JDBC_PING. This issue occurs when an application inadvertently exposes sensitive information, such as configuration details or credentials, through logging mechanisms. This exposure can lead to unauthorized access and exploitation by malicious actors.
EPSS Score: 0.04%
January 29th, 2025 (5 months ago)
|
|
CVE-2024-7881 |
Description: An unprivileged context can trigger a data
memory-dependent prefetch engine to fetch the contents of a privileged location
and consume those contents as an address that is also dereferenced.
EPSS Score: 0.04%
January 29th, 2025 (5 months ago)
|