CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: A Threat Actor Claims to have Leaked Data of Telkomsel
February 1st, 2025 (5 months ago)
|
|
|
Description: Multiple state-sponsored groups are experimenting with the AI-powered Gemini assistant from Google to increase productivity and to conduct research on potential infrastructure for attacks or for reconnaissance on targets. [...]
February 1st, 2025 (5 months ago)
|
|
|
Description: “It’s simply just a non-woke version, offering employers an alternative approach to diversity and inclusion.”
February 1st, 2025 (5 months ago)
|
|
|
Description: Just how radioactive was that Saharan dust cloud that engulfed Europe in 2022?
February 1st, 2025 (5 months ago)
|
|
|
Description: U.S. and Dutch law enforcement agencies have announced that they have dismantled 39 domains and their associated servers as part of efforts to disrupt a network of online marketplaces originating from Pakistan.
The action, which took place on January 29, 2025, has been codenamed Operation Heart Blocker.
The vast array of sites in question peddled phishing toolkits and fraud-enabling tools and
February 1st, 2025 (5 months ago)
|
CVE-2025-0638 |
Description:
Nessus Plugin ID 214859 with High Severity
Synopsis
The remote Fedora host is missing one or more security updates.
Description
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-bbabead4d7 advisory. ## New * ASPA support is now always compiled in and available if `enable-aspa` is set. The `aspa` Cargo feature has been removed. ([#990]) * If merging mutliple ASPA objects for a single customer ASN results in more than 16,380 provider ASNs, the ASPA is dropped. (Note that ASPA objects with more than 16,380 provider ASNs are already rejected during parsing.) ([#996]) * New `archive-stats` command that shows some statistics of an RRDP archive. ([#982]) * Re-enabled the use of GZIP compression in HTTP request sent by the RRDP collector. Measures to deal with exploding data have been implemented in [rpki-rs#319]. ([#997]) ## Bug fixes * Fixed an issue with checking the file names in manifests that let to a crash when non-ASCII characters are used. ([rpki-rs#320], reported by Haya Schulmann and Niklas Vogel of Goethe University Frankfurt/ATHENE Center and assigned [CVE-2025-0638]) * The validation HTTP endpoints now accept prefixes with non-zero host bits. ([#987]) * Removed duplicate `rtr_client_reset_queries` in HTTP metrics. ([#992] by [@sleinen]) * Improved disk space consumption of the new RRDP archives by re-using empty spa...
EPSS Score: 0.04%
February 1st, 2025 (5 months ago)
|
|
|
Description: BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company's Remote Support SaaS instances by making use of a compromised API key.
The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to enable unauthorized access by resetting local application passwords. The breach was first flagged
February 1st, 2025 (5 months ago)
|
|
|
Description: Meta-owned WhatsApp on Friday said it disrupted a campaign that involved the use of spyware to target journalists and civil society members.
The campaign, which targeted around 90 members, involved the use of spyware from an Israeli company known as Paragon Solutions. The attackers were neutralized in December 2024.
In a statement to The Guardian, the encrypted messaging app said it has reached
February 1st, 2025 (5 months ago)
|
|
|
Description: Cybersecurity researchers have discovered a malvertising campaign that's targeting Microsoft advertisers with bogus Google ads that aim to take them to phishing pages that are capable of harvesting their credentials.
"These malicious ads, appearing on Google Search, are designed to steal the login information of users trying to access Microsoft's advertising platform," Jérôme Segura, senior
February 1st, 2025 (5 months ago)
|
|
CVE-2025-23001 |
Description: A Host Header Injection vulnerability exists in CTFd 3.7.5, due to the application failing to properly validate or sanitize the Host header. An attacker can manipulate the Host header in HTTP requests, which may lead to phishing attacks, reset password, or cache poisoning.
EPSS Score: 0.05%
February 1st, 2025 (5 months ago)
|