CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

Description: The Pwn2Own Automotive 2025 hacking competition has wrapped up, with security researchers uncovering 49 unique zero-day vulnerabilities across various automotive and charging systems. The event, which took place over three days, saw researchers awarded a total of $886,250 for their discoveries. Sina Kheirkhah of Summoning Team emerged as the “Master of Pwn,” securing the top … The post Pwn2Own Automotive Ends With 49 Zero-Days, $886k in Payouts appeared first on CyberInsider.
Source: CyberInsider
January 24th, 2025 (5 months ago)
Description: The U.S. Department of Justice (DoJ) on Thursday indicted two North Korean nationals, a Mexican national, and two of its own citizens for their alleged involvement in the ongoing fraudulent information technology (IT) worker scheme that seeks to generate revenue for the Democratic People's Republic of Korea (DPRK) in violation of international sanctions. The action targets Jin Sung-Il (진성일), Pak
Source: TheHackerNews
January 24th, 2025 (5 months ago)
Description: PayPal, Inc. has agreed to pay a $2 million penalty to the New York State Department of Financial Services (DFS) after an investigation found that cybersecurity failures led to the exposure of sensitive customer information, including Social Security Numbers (SSNs). The breach stemmed from a December 2022 cybersecurity event in which unmasked customer data was … The post PayPal Fined $2M for Cybersecurity Lapse Exposing User Data appeared first on CyberInsider.
Source: CyberInsider
January 24th, 2025 (5 months ago)
Description: Google has launched a new feature called Identity Check for supported Android devices that locks sensitive settings behind biometric authentication when outside of trusted locations. "When you turn on Identity Check, your device will require explicit biometric authentication to access certain sensitive resources when you're outside of trusted locations," Google said in a post announcing the
Source: TheHackerNews
January 24th, 2025 (5 months ago)
Source: TheRegister
January 24th, 2025 (5 months ago)
Description: At Black Hat and DEF CON, cybersecurity experts were asked to game out how Taiwan could protect its communications and power infrastructure in case of invasion by China.
Source: Dark Reading
January 24th, 2025 (5 months ago)

CVE-2025-22964

Description: DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerability caused by insufficient input sanitization and validation in the "table" parameter. This flaw allows attackers to inject malicious SQL queries by directly incorporating user-supplied input into database queries without proper escaping or validation. Exploiting this issue enables unauthorized access, manipulation of data, or exposure of sensitive information, posing significant risks to the integrity and confidentiality of the application.

EPSS Score: 0.04%

Source: CVE
January 24th, 2025 (5 months ago)

CVE-2025-0650

Description: A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.

EPSS Score: 0.05%

Source: CVE
January 24th, 2025 (5 months ago)

CVE-2024-57947

Description: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo: fix initial map fill The initial buffer has to be inited to all-ones, but it must restrict it to the size of the first field, not the total field size. After each round in the map search step, the result and the fill map are swapped, so if we have a set where f->bsize of the first element is smaller than m->bsize_max, those one-bits are leaked into future rounds result map. This makes pipapo find an incorrect matching results for sets where first field size is not the largest. Followup patch adds a test case to nft_concat_range.sh selftest script. Thanks to Stefano Brivio for pointing out that we need to zero out the remainder explicitly, only correcting memset() argument isn't enough.

EPSS Score: 0.05%

Source: CVE
January 24th, 2025 (5 months ago)