CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: DNI is Allegedly Selling Initial Access to Multiple Unidentified Companies in the USA
February 11th, 2025 (5 months ago)
|
|
|
Description: The popular generative AI (GenAI) model allows hallucinations, easily avoidable guardrails, susceptibility to jailbreaking and malware creation requests, and more at critically high rates, researchers find.
February 11th, 2025 (5 months ago)
|
|
|
Description: The Wikimedia Foundation says it will likely roll out features previously used to protect editors in authoritarian countries more widely.
February 11th, 2025 (5 months ago)
|
|
|
Description: The United States, Australia, and the United Kingdom have sanctioned Zservers, a Russia-based bulletproof hosting (BPH) services provider, for supplying essential attack infrastructure for the LockBit ransomware gang. [...]
February 11th, 2025 (5 months ago)
|
|
|
Description: Multi-factor authentication (MFA) has quickly become the standard for securing business accounts. Once a niche security measure, adoption is on the rise across industries. But while it’s undeniably effective at keeping bad actors out, the implementation of MFA solutions can be a tangled mess of competing designs and ideas. For businesses and employees, the reality is that MFA sometimes feels
February 11th, 2025 (5 months ago)
|
|
|
February 11th, 2025 (5 months ago)
|
|
|
Description: Improvements in cyber hygiene and resiliency made it possible for victim organizations to skip paying ransom amounts in 2024.
February 11th, 2025 (5 months ago)
|
CVE-2025-1230 |
Description: Cross-Site Scripting (XSS) vulnerability in Prestashop
Tue, 02/11/2025 - 14:09
Aviso
Affected Resources
Prestashop, 8.1.7 version.
Description
INCIBE has coordinated the publication of a medium severity vulnerability affecting Prestashop - a free open source platform designed to create and manage e-commerce - which has been discovered by David Aparicio Salcedo.This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:CVE-2025-1230: CVSS v3.1: 4.8 | CVSS AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | CWE-79
Identificador
INCIBE-2025-0072
3 - Medium
Solution
The manufacturer is working on a fix for this vulnerability. It is recommended to update to the latest version available.
Detail
CVE-2025-1230: Stored Cross-Site Scripting (XSS) vulnerability in Prestashop 8.1.7, due to the lack of proper validation of user input through ‘//index.php’, affecting the ‘link’ parameter. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.
References list
Prestashop
Etiquetas
0day
...
EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
|
|
Description: Gcore’s latest DDoS Radar report analyzes attack data from Q3–Q4 2024, revealing a 56% YoY rise in the total number of DDoS attacks with the largest attack peaking at a record 2 Tbps. The financial services sector saw the most dramatic increase, with a 117% rise in attacks, while gaming remained the most-targeted industry. This period’s findings emphasize the need for robust, adaptive DDoS
February 11th, 2025 (5 months ago)
|
|
|
Description: Progress Software has addressed multiple high-severity security flaws in its LoadMaster software that could be exploited by malicious actors to execute arbitrary system commands or download any file from the system.
Kemp LoadMaster is a high-performance application delivery controller (ADC) and load balancer that provides availability, scalability, performance, and security for business-critical
February 11th, 2025 (5 months ago)
|