CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
A Threat Actor Claims to have Leaked the Data of Brothers of Italy Party
Description: A Threat Actor Claims to have Leaked the Data of Brothers of Italy Party
Source: DarkWebInformer
January 24th, 2025 (5 months ago)
3 Use Cases for Third-Party API Security
Description: Third-party API security requires a tailored approach for different scenarios. Learn how to adapt your security strategy to outbound data flows, inbound traffic, and SaaS-to-SaaS interconnections.
Source: Dark Reading
January 24th, 2025 (5 months ago)
[org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli] XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher`
Description: Impact XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag ( ]> could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.publisher is being used to within a host where external clients can submit XML. A previous release provided an incomplete solution revealed by new testing. Patches This issue has been patched as of version 1.7.4 Workarounds None References Previous Advisory for Incomplete solution MITRE CWE OWASP XML External Entity Prevention Cheat Sheet References https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-59rq-22fm-x8q5 https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-8c3x-hq82-gjcm https://github.com/advisories/GHSA-8c3x-hq82-gjcm
Source: Github Advisory Database (Maven)
January 24th, 2025 (5 months ago)
[org.hl7.fhir.publisher:org.hl7.fhir.publisher.core] XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher`
Description: Impact XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag ( ]> could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.publisher is being used to within a host where external clients can submit XML. A previous release provided an incomplete solution revealed by new testing. Patches This issue has been patched as of version 1.7.4 Workarounds None References Previous Advisory for Incomplete solution MITRE CWE OWASP XML External Entity Prevention Cheat Sheet References https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-59rq-22fm-x8q5 https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-8c3x-hq82-gjcm https://github.com/advisories/GHSA-8c3x-hq82-gjcm
Source: Github Advisory Database (Maven)
January 24th, 2025 (5 months ago)
Rey is Allegedly Selling VPN Access to U.S. City Government and Police
Description: Rey is Allegedly Selling VPN Access to U.S. City Government and Police
Source: DarkWebInformer
January 24th, 2025 (5 months ago)
Oral Roberts University Mabee Center Has Been Claimed a Victim to RHYSIDA Ransomware
Description: Oral Roberts University Mabee Center Has Been Claimed a Victim to RHYSIDA Ransomware
Source: DarkWebInformer
January 24th, 2025 (5 months ago)

CVE-2025-23006
CISA Adds One Known Exploited Vulnerability to Catalog
Description: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-23006 SonicWall SMA1000 Appliances Deserialization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

EPSS Score: 1.37%

Source: All CISA Advisories
January 24th, 2025 (5 months ago)
Behind the Blog: Zuckerberg's Kook-ness and Trump Week One
Description: This is Behind the Blog, where we share our behind-the-scenes thoughts about how a few of our top stories of the week came together. This week, we discuss Nazis celebrating Elon Musk’s salute, Zuckerberg as a kook, dictating your own threat model and a good block/mute ethos.
Source: 404 Media
January 24th, 2025 (5 months ago)
Offensive Linux Security Tools
Description: Offensive Linux Security Tools
Source: DarkWebInformer
January 24th, 2025 (5 months ago)
Hackers use Windows RID hijacking to create hidden admin account
Description: A North Korean threat group has been using a technique called RID hijacking that tricks Windows into treating a low-privileged account as one with administrator permissions. [...]
Source: BleepingComputer
January 24th, 2025 (5 months ago)