CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

Description: Two hacker groups were paid to develop malware targeting victims in the US, Europe, and Asia, as well as various Chinese dissident groups.
Source: Dark Reading
January 14th, 2025 (6 months ago)
Description: Microsoft has released its monthly security update for January of 2025 which includes 159 vulnerabilities, including 10 that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.” 
Source: Cisco Talos Blog
January 14th, 2025 (6 months ago)
Description: Microsoft's January 2025 Patch Tuesday update addresses 159 vulnerabilities, including three previously undisclosed actively exploited zero-day vulnerabilities. The update is applicable to Windows 11 OS Builds 22621.4751 and 22631.4751 and is part of Microsoft's ongoing effort to secure its flagship operating system against emerging threats. New zero-day flaws Microsoft has confirmed three vulnerabilities under active … The post Windows January 2025 Patch Tuesday Fixes 159 Vulnerabilities appeared first on CyberInsider.
Source: CyberInsider
January 14th, 2025 (6 months ago)

CVE-2025-23081

Description: Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - DataTransfer Extension allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects Mediawiki - DataTransfer Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. References https://nvd.nist.gov/vuln/detail/CVE-2025-23081 https://gerrit.wikimedia.org/r/c/mediawiki/extensions/DataTransfer/+/1080451 https://gerrit.wikimedia.org/r/c/mediawiki/extensions/DataTransfer/+/1093931 https://gerrit.wikimedia.org/r/q/I5e1538a3bf66378810f905834c05626e1d2c82f0 https://gerrit.wikimedia.org/r/q/I773c616db781d2f3f30893ad01ef503bf251a2b3 https://gerrit.wikimedia.org/r/q/I7c9de4c8dcdb3276ba923c6bc7c8eef3531324c7 https://gerrit.wikimedia.org/r/q/I9223c31f02f31f1e06e1a8cddf7d539cc8d3a3d9 https://phabricator.wikimedia.org/T379749 https://github.com/advisories/GHSA-c3h5-h73c-29hq

EPSS Score: 0.04%

Source: Github Advisory Database (Composer)
January 14th, 2025 (6 months ago)

CVE-2024-45627

Description: Affected versions: Apache Linkis Metadata Query Service JDBC 1.5.0 before 1.7.0 Description: In Apache Linkis <1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis < 1.6.0 will be affected. We recommend users upgrade the version of Linkis to version 1.7.0. References https://nvd.nist.gov/vuln/detail/CVE-2024-45627 https://lists.apache.org/thread/0zzx8lldwoqgzq98mg61hojgpvn76xsh http://www.openwall.com/lists/oss-security/2025/01/14/1 https://github.com/advisories/GHSA-8cvq-3jjp-ph9p

EPSS Score: 0.04%

Source: Github Advisory Database (Maven)
January 14th, 2025 (6 months ago)
Description: [Darknetlive Archive] Opiates Vendor "DopeKingUSA" Imprisoned for Distributing Fentanyl
Source: DarkWebInformer
January 14th, 2025 (6 months ago)
Description: A new malware campaign has compromised more than&nbsp;5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal data. [...]
Source: BleepingComputer
January 14th, 2025 (6 months ago)
Description: ​North Korean state-backed hacking groups have stolen over $659 million worth of cryptocurrency in multiple crypto-heists, according to a joint statement issued by the United States, South Korea, and Japan on Tuesday. [...]
Source: BleepingComputer
January 14th, 2025 (6 months ago)
Source: TheRegister
January 14th, 2025 (6 months ago)
Description: Microsoft has released the KB5049981 cumulative update for Windows 10 22H2 and Windows 10 21H2, which contains an updated Kernel driver blocklist to prevent Bring Your Own Vulnerable Driver (BYOVD) attacks. [...]
Source: BleepingComputer
January 14th, 2025 (6 months ago)