CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Why does ICS/OT need specific controls and its own cybersecurity budget today? Because treating ICS/OT security with an IT security playbook isn’t just ineffective—it’s high risk.
In the rapidly evolving domain of cybersecurity, the specific challenges and needs for Industrial Control Systems (ICS) and Operational Technology (OT) security distinctly stand out from traditional IT security. ICS/OT
January 15th, 2025 (6 months ago)
|
|
|
Description: As many as six security vulnerabilities have been disclosed in the popular Rsync file-synchronizing tool for Unix systems, some of which could be exploited to execute arbitrary code on a client.
"Attackers can take control of a malicious server and read/write arbitrary files of any connected client," the CERT Coordination Center (CERT/CC) said in an advisory. "Sensitive data, such as SSH keys,
January 15th, 2025 (6 months ago)
|
|
|
Description: ExpressVPN has integrated ML-KEM, the newly established NIST standard for post-quantum encryption, into its proprietary Lightway VPN protocol. This move solidifies ExpressVPN’s commitment to future-proofing user data against the risks posed by quantum computers, which could render traditional encryption methods obsolete. The transition to ML-KEM follows the release of NIST’s first quantum-resistant encryption standards in …
The post ExpressVPN Adopts NIST-Approved Post-Quantum Encryption appeared first on CyberInsider.
January 15th, 2025 (6 months ago)
|
|
|
Description: The U.S. Department of Justice (DoJ) and the FBI, in coordination with French law enforcement and cybersecurity firm Sekoia.io, have successfully dismantled a widespread PlugX malware operation orchestrated by Chinese state-backed hacking groups, Mustang Panda and Twill Typhoon. This international effort has resulted in the deletion of the malware from over 4,200 infected U.S. computers. …
The post FBI Neutralizes PlugX Malware on 4,200 Computers in the U.S. appeared first on CyberInsider.
January 15th, 2025 (6 months ago)
|
|
|
Description: The merits of choosing passkeys over passwords to help keep your online accounts more secure, and explaining how the technology promises to do this
January 15th, 2025 (6 months ago)
|
|
|
Description: Passkeys are the future of authentication, offering enhanced security and convenience over passwords, but widespread adoption faces challenges that the NCSC is working to resolve.
January 15th, 2025 (6 months ago)
|
|
|
Description: The U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to delete PlugX malware from over 4,250 infected computers as part of a "multi-month law enforcement operation."
PlugX, also known as Korplug, is a remote access trojan (RAT) widely used by threat actors associated with the People's Republic of China (PRC
January 15th, 2025 (6 months ago)
|
|
|
Description: Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution.
Horizon3.ai researcher Naveen Sunkavally, in a technical report detailing the findings, said the "vulnerabilities are trivial to reverse and exploit."
The list of identified flaws is as follows -
January 15th, 2025 (6 months ago)
|
CVE-2024-7344 |
Description: Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks.
Of the 161 flaws, 11 are rated Critical, and 149 are rated Important in severity. One other flaw, a non-Microsoft CVE related to a Windows Secure Boot bypass (CVE-2024-7344), has not been assigned
EPSS Score: 0.04%
January 15th, 2025 (6 months ago)
|
|
|
Description: In 2024, the Taiwanese government saw the daily average of attempted attacks by China double to 2.4 million, with a focus on government targets and telecommunications firms.
January 15th, 2025 (6 months ago)
|