CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-7344	New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits Description: Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems. The vulnerability, assigned the CVE identifier CVE-2024-7344 (CVSS score: 6.7), resides in a UEFI application signed by Microsoft's "Microsoft Corporation UEFI CA 2011" third-party UEFI certificate, according to a new EPSS Score: 0.04% Source: TheHackerNews January 16th, 2025 (6 months ago)
	The $10 Cyber Threat Responsible for the Biggest Breaches of 2024 Description: You can tell the story of the current state of stolen credential-based attacks in three numbers: Stolen credentials were the #1 attacker action in 2023/24, and the breach vector for 80% of web app attacks. (Source: Verizon). Cybersecurity budgets grew again in 2024, with organizations now spending almost $1,100 per user (Source: Forrester).  Stolen credentials on criminal forums cost as Source: TheHackerNews January 16th, 2025 (6 months ago)
	Massive Google Ads Phishing Campaign Targets Advertisers Description: Cybercriminals are running a large-scale phishing operation that exploits Google Ads itself to steal advertiser credentials. According to a new Malwarebytes report, the attackers create fraudulent ads that impersonate Google Ads, tricking businesses and individuals into entering their login details on fake Google pages. Stolen accounts are then resold on blackhat forums or used for … The post Massive Google Ads Phishing Campaign Targets Advertisers appeared first on CyberInsider. Source: CyberInsider January 16th, 2025 (6 months ago)
	GDPR Complaints Filed Against TikTok, Xiaomi, Over Data Transfers Description: European privacy advocacy group noyb has filed six General Data Protection Regulation (GDPR) complaints against major Chinese tech companies, including TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi, for allegedly transferring Europeans' personal data to China in violation of EU law. The complaints, lodged in five different countries, argue that China's authoritarian surveillance state lacks adequate … The post GDPR Complaints Filed Against TikTok, Xiaomi, Over Data Transfers appeared first on CyberInsider. Source: CyberInsider January 16th, 2025 (6 months ago)
	Trusted Apps Sneak a Bug Into the UEFI Boot Process Description: Seven system recovery programs contained what amounted to a backdoor for injecting any untrusted file into the system startup process. Source: Dark Reading January 16th, 2025 (6 months ago)
	Infoseccer: Private security biz let guard down, exposed 120K+ files Source: TheRegister January 16th, 2025 (6 months ago)
	Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager Description: Ivanti has rolled out security updates to address several security flaws impacting Avalanche, Application Control Engine, and Endpoint Manager (EPM), including four critical bugs that could lead to information disclosure. All the four critical security flaws, rated 9.8 out of 10.0 on the CVSS scale, are rooted in EPM, and concern absolute path traversal flaws that allow a remote unauthenticated Source: TheHackerNews January 16th, 2025 (6 months ago)
	Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws Description: Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network. According to GuidePoint Security, initial access is said to have been facilitated by means of a JavaScript malware downloaded named Source: TheHackerNews January 16th, 2025 (6 months ago)
	Le Coq Sportif Columbia - 79,712 breached accounts Description: In January 2025, a data breach from the Columbian website for Le Coq Sportif was posted to a popular hacking forum. The data included almost 80k unique email addresses with the breach dating back to May 2023. Impacted data included physical and IP addresses, names, purchases, genders, dates of birth and bcrypt password hashes. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru". Source: HaveIBeenPwnedLatestBreaches January 16th, 2025 (6 months ago)
	Hackers leak configs and VPN credentials for 15,000 FortiGate devices Description: A new hacking group has leaked the configuration files, IP addresses, and VPN credentials for over 15,000 FortiGate devices for free on the dark web, exposing a great deal of sensitive technical information to other cybercriminals. [...] Source: BleepingComputer January 16th, 2025 (6 months ago)