CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

Description: DNI is Allegedly Selling Initial Access to Multiple Unidentified Companies in the USA
Source: DarkWebInformer
February 11th, 2025 (5 months ago)
Description: The popular generative AI (GenAI) model allows hallucinations, easily avoidable guardrails, susceptibility to jailbreaking and malware creation requests, and more at critically high rates, researchers find.
Source: Dark Reading
February 11th, 2025 (5 months ago)
Description: The Wikimedia Foundation says it will likely roll out features previously used to protect editors in authoritarian countries more widely.
Source: 404 Media
February 11th, 2025 (5 months ago)
Description: ​The United States, Australia, and the United Kingdom have sanctioned Zservers, a Russia-based bulletproof hosting (BPH) services provider, for supplying essential attack infrastructure for the LockBit ransomware gang. [...]
Source: BleepingComputer
February 11th, 2025 (5 months ago)
Description: Multi-factor authentication (MFA) has quickly become the standard for securing business accounts. Once a niche security measure, adoption is on the rise across industries. But while it’s undeniably effective at keeping bad actors out, the implementation of MFA solutions can be a tangled mess of competing designs and ideas. For businesses and employees, the reality is that MFA sometimes feels
Source: TheHackerNews
February 11th, 2025 (5 months ago)
Description: Improvements in cyber hygiene and resiliency made it possible for victim organizations to skip paying ransom amounts in 2024.
Source: Dark Reading
February 11th, 2025 (5 months ago)

CVE-2025-1230

Description: Cross-Site Scripting (XSS) vulnerability in Prestashop Tue, 02/11/2025 - 14:09 Aviso Affected Resources Prestashop, 8.1.7 version. Description INCIBE has coordinated the publication of a medium severity vulnerability affecting Prestashop - a free open source platform designed to create and manage e-commerce - which has been discovered by David Aparicio Salcedo.This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:CVE-2025-1230: CVSS v3.1: 4.8 | CVSS AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | CWE-79 Identificador INCIBE-2025-0072 3 - Medium Solution The manufacturer is working on a fix for this vulnerability. It is recommended to update to the latest version available. Detail CVE-2025-1230: Stored Cross-Site Scripting (XSS) vulnerability in Prestashop 8.1.7, due to the lack of proper validation of user input through ‘//index.php’, affecting the ‘link’ parameter. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details. References list Prestashop Etiquetas 0day ...

EPSS Score: 0.04%

Source: Incibe CERT
February 11th, 2025 (5 months ago)
Description: Gcore’s latest DDoS Radar report analyzes attack data from Q3–Q4 2024, revealing a 56% YoY rise in the total number of DDoS attacks with the largest attack peaking at a record 2 Tbps. The financial services sector saw the most dramatic increase, with a 117% rise in attacks, while gaming remained the most-targeted industry. This period’s findings emphasize the need for robust, adaptive DDoS
Source: TheHackerNews
February 11th, 2025 (5 months ago)
Description: Progress Software has addressed multiple high-severity security flaws in its LoadMaster software that could be exploited by malicious actors to execute arbitrary system commands or download any file from the system. Kemp LoadMaster is a high-performance application delivery controller (ADC) and load balancer that provides availability, scalability, performance, and security for business-critical
Source: TheHackerNews
February 11th, 2025 (5 months ago)