CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CISA and US and International Partners Publish Guidance on Priority Considerations in Product Selection for OT Owners and Operators
Description: Today, CISA—along with U.S. and international partners—released joint guidance Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products. As part of CISA’s Secure by Demand series, this guidance focuses on helping customers identify manufacturers dedicated to continuous improvement and achieving a better cost balance, as well as how Operational Technology (OT) owners and operators should integrate secure by design elements into their procurement process. Critical infrastructure and industrial control systems are prime targets for cyberattacks. The authoring agencies warn that threat actors, when compromising OT components, target specific OT products rather than specific organizations. Many OT products are not designed and developed with Secure by Design principles and often have easily exploited weaknesses. When procuring products, OT owners and operators should select products from manufacturers who prioritize security elements identified in this guidance. For more information on questions to consider during procurement discussions, see CISA’s Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem. To learn more about secure by design principles and practices, visit Secure by Design.
Source: All CISA Advisories
January 13th, 2025 (6 months ago)
Ransomware abuses Amazon AWS feature to encrypt S3 buckets
Description: A new ransomware campaign encrypts Amazon S3 buckets using AWS's Server-Side Encryption with Customer Provided Keys (SSE-C) known only to the threat actor, demanding ransoms to receive the decryption key. [...]
Source: BleepingComputer
January 13th, 2025 (6 months ago)
The Shifting Landscape of Open Source Security
Description: By focusing on vigilant security practices, responsible AI deployment, and alignment with global regulatory standards, the OSS community can make 2025 a transformative year for security.
Source: Dark Reading
January 13th, 2025 (6 months ago)
Skillz (303) Claims to be Selling Access to a Subdomain of Walmart.com
Description: Skillz (303) Claims to be Selling Access to a Subdomain of Walmart.com
Source: DarkWebInformer
January 13th, 2025 (6 months ago)
OneBlood Confirms Data Breach Following Ransomware Attack
Description: Six months after a ransomware attack disrupted operations at OneBlood, the not-for-profit blood center has notified affected individuals that their personal data was stolen during the incident. The breach, which occurred between July 14 and July 29, 2024, involved unauthorized access to sensitive information, including names and Social Security numbers. OneBlood, serving critical blood supply … The post OneBlood Confirms Data Breach Following Ransomware Attack appeared first on CyberInsider.
Source: CyberInsider
January 13th, 2025 (6 months ago)
A Threat Actor Claims to be Selling Access to an Unidentified Netherlands Company
Description: A Threat Actor Claims to be Selling Access to an Unidentified Netherlands Company
Source: DarkWebInformer
January 13th, 2025 (6 months ago)
Ransomware crew abuses AWS native encryption, sets data-destruct timer for 7 days
Source: TheRegister
January 13th, 2025 (6 months ago)
Ransomware on ESXi: The mechanization of virtualized attacks
Description: In 2024, ransomware attacks targeting VMware ESXi servers reached alarming levels, with the average ransom demand skyrocketing to $5 million. With approximately 8,000 ESXi hosts exposed directly to the internet (according to Shodan), the operational and business impact of these attacks is profound. Most of the Ransomware strands that are attacking ESXi servers nowadays, are variants of the
Source: TheHackerNews
January 13th, 2025 (6 months ago)
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January]
Description: The cyber world’s been buzzing this week, and it’s all about staying ahead of the bad guys. From sneaky software bugs to advanced hacking tricks, the risks are real, but so are the ways to protect yourself. In this recap, we’ll break down what’s happening, why it matters, and what you can do to stay secure. Let’s turn awareness into action and keep one step ahead
Source: TheHackerNews
January 13th, 2025 (6 months ago)
Scholastic Data Breach Exposes Info of Over 4 Million Bookworms
Description: Scholastic, the global educational and publishing giant known for producing popular book series like Harry Potter and Goosebumps, has suffered a significant data breach. The breach exposed sensitive information belonging to over 8 million individuals, with 4.2 million unique email addresses identified. The validity of the leaked data was confirmed by the security incident alerting … The post Scholastic Data Breach Exposes Info of Over 4 Million Bookworms appeared first on CyberInsider.
Source: CyberInsider
January 13th, 2025 (6 months ago)