CyberAlerts

IT-Harvest Launches HarvestIQ.ai

Source: Dark Reading

January 27th, 2025 (5 months ago)

US freezes foreign aid, halting cybersecurity defense and policy funds for allies

Source: TheRegister

January 27th, 2025 (5 months ago)

A Threat Actor Claims to be Selling Military Service Council of Saudi Arabia

Description: A Threat Actor Claims to be Selling Military Service Council of Saudi Arabia

Source: DarkWebInformer

January 27th, 2025 (5 months ago)

DeepSeek halts new signups amid "large-scale" cyberattack

Description: Chinese AI platform DeepSeek has disabled registrations on it DeepSeek-V3 chat platform due to an ongoing "large-scale" cyberattack targeting its services. [...]

Source: BleepingComputer

January 27th, 2025 (5 months ago)

Crisis Simulations: A Top 2025 Concern for CISOs

Description: CISOs are planning to adjust their budgets this year to reflect their growing concerns for cybersecurity preparedness in the event of a cyberattack.

Source: Dark Reading

January 27th, 2025 (5 months ago)

Apple Fixes Zero-Day Flaw Exploited in Attacks Against iPhones

Description: Apple has released a series of security updates across its product ecosystem, addressing multiple vulnerabilities, including a zero-day flaw that has reportedly been exploited in the wild. The updates covering iOS, iPadOS, macOS, watchOS, tvOS, and visionOS, provide fixes for critical security issues that could allow privilege escalation, arbitrary code execution, and denial-of-service attacks. Actively … The post Apple Fixes Zero-Day Flaw Exploited in Attacks Against iPhones appeared first on CyberInsider.

Source: CyberInsider

January 27th, 2025 (5 months ago)

KINGSMAN INDIA Defaced the Websites of GOSRA ISLAMIA DAKHIL MADRASAH and GABTALI ALIM MADRASAH

Description: KINGSMAN INDIA Defaced the Websites of GOSRA ISLAMIA DAKHIL MADRASAH and GABTALI ALIM MADRASAH

Source: DarkWebInformer

January 27th, 2025 (5 months ago)

Bitwarden makes it harder to hack password vaults without MFA

Description: Open-source password manager Bitwarden is adding an extra layer of security for accounts that are not protected by two-factor authentication, requiring email verification before allowing access to accounts. [...]

Source: BleepingComputer

January 27th, 2025 (5 months ago)

CVE-2024-55227

[dolibarr/dolibarr] Dolibarr Cross-site Scripting vulnerability

Description: A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter. References https://nvd.nist.gov/vuln/detail/CVE-2024-55227 https://github.com/Dolibarr/dolibarr/commit/56710ce9b79a97df093f586c90bdaf6cce6a5808 https://github.com/Dolibarr/dolibarr/commit/9aa24d9d9aeab36358c725dae3fe20c9631082e7 https://github.com/Dolibarr/dolibarr/commit/c0250e4c9106b5c889e512a4771f0205d4f99b99 https://gist.github.com/Dqtdqt/9762466cd6ec541ea265ba33b09489ff https://github.com/Dolibarr/dolibarr/security/policy https://github.com/advisories/GHSA-2v3r-gvq5-qqgh

EPSS Score: 0.12%

Source: Github Advisory Database (Composer)

January 27th, 2025 (5 months ago)

CVE-2024-55228

[dolibarr/dolibarr] Dolibarr Cross-site Scripting vulnerability

Description: A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter. References https://nvd.nist.gov/vuln/detail/CVE-2024-55228 https://github.com/Dolibarr/dolibarr/commit/56710ce9b79a97df093f586c90bdaf6cce6a5808 https://github.com/Dolibarr/dolibarr/commit/9aa24d9d9aeab36358c725dae3fe20c9631082e7 https://github.com/Dolibarr/dolibarr/commit/c0250e4c9106b5c889e512a4771f0205d4f99b99 https://gist.github.com/Dqtdqt/a942bbce9a5fc851dce366902411c768 https://github.com/Dolibarr/dolibarr/security/policy https://github.com/advisories/GHSA-x2j8-vjg7-386r

EPSS Score: 0.12%

Source: Github Advisory Database (Composer)

January 27th, 2025 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	IT-Harvest Launches HarvestIQ.ai Source: Dark Reading January 27th, 2025 (5 months ago)
	US freezes foreign aid, halting cybersecurity defense and policy funds for allies Source: TheRegister January 27th, 2025 (5 months ago)
	A Threat Actor Claims to be Selling Military Service Council of Saudi Arabia Description: A Threat Actor Claims to be Selling Military Service Council of Saudi Arabia Source: DarkWebInformer January 27th, 2025 (5 months ago)
	DeepSeek halts new signups amid "large-scale" cyberattack Description: Chinese AI platform DeepSeek has disabled registrations on it DeepSeek-V3 chat platform due to an ongoing "large-scale" cyberattack targeting its services. [...] Source: BleepingComputer January 27th, 2025 (5 months ago)
	Crisis Simulations: A Top 2025 Concern for CISOs Description: CISOs are planning to adjust their budgets this year to reflect their growing concerns for cybersecurity preparedness in the event of a cyberattack. Source: Dark Reading January 27th, 2025 (5 months ago)
	Apple Fixes Zero-Day Flaw Exploited in Attacks Against iPhones Description: Apple has released a series of security updates across its product ecosystem, addressing multiple vulnerabilities, including a zero-day flaw that has reportedly been exploited in the wild. The updates covering iOS, iPadOS, macOS, watchOS, tvOS, and visionOS, provide fixes for critical security issues that could allow privilege escalation, arbitrary code execution, and denial-of-service attacks. Actively … The post Apple Fixes Zero-Day Flaw Exploited in Attacks Against iPhones appeared first on CyberInsider. Source: CyberInsider January 27th, 2025 (5 months ago)
	KINGSMAN INDIA Defaced the Websites of GOSRA ISLAMIA DAKHIL MADRASAH and GABTALI ALIM MADRASAH Description: KINGSMAN INDIA Defaced the Websites of GOSRA ISLAMIA DAKHIL MADRASAH and GABTALI ALIM MADRASAH Source: DarkWebInformer January 27th, 2025 (5 months ago)
	Bitwarden makes it harder to hack password vaults without MFA Description: Open-source password manager Bitwarden is adding an extra layer of security for accounts that are not protected by two-factor authentication, requiring email verification before allowing access to accounts. [...] Source: BleepingComputer January 27th, 2025 (5 months ago)
CVE-2024-55227	[dolibarr/dolibarr] Dolibarr Cross-site Scripting vulnerability Description: A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter. References https://nvd.nist.gov/vuln/detail/CVE-2024-55227 https://github.com/Dolibarr/dolibarr/commit/56710ce9b79a97df093f586c90bdaf6cce6a5808 https://github.com/Dolibarr/dolibarr/commit/9aa24d9d9aeab36358c725dae3fe20c9631082e7 https://github.com/Dolibarr/dolibarr/commit/c0250e4c9106b5c889e512a4771f0205d4f99b99 https://gist.github.com/Dqtdqt/9762466cd6ec541ea265ba33b09489ff https://github.com/Dolibarr/dolibarr/security/policy https://github.com/advisories/GHSA-2v3r-gvq5-qqgh EPSS Score: 0.12% Source: Github Advisory Database (Composer) January 27th, 2025 (5 months ago)
CVE-2024-55228	[dolibarr/dolibarr] Dolibarr Cross-site Scripting vulnerability Description: A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter. References https://nvd.nist.gov/vuln/detail/CVE-2024-55228 https://github.com/Dolibarr/dolibarr/commit/56710ce9b79a97df093f586c90bdaf6cce6a5808 https://github.com/Dolibarr/dolibarr/commit/9aa24d9d9aeab36358c725dae3fe20c9631082e7 https://github.com/Dolibarr/dolibarr/commit/c0250e4c9106b5c889e512a4771f0205d4f99b99 https://gist.github.com/Dqtdqt/a942bbce9a5fc851dce366902411c768 https://github.com/Dolibarr/dolibarr/security/policy https://github.com/advisories/GHSA-x2j8-vjg7-386r EPSS Score: 0.12% Source: Github Advisory Database (Composer) January 27th, 2025 (5 months ago)