CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: 888 Claims to have Leaked the Data of AXA COLPATRIA
January 6th, 2025 (6 months ago)
|
|
|
Description: A fake Telegram Premium app delivers information-stealing malware, in a prime example of the rising threat of adversaries leveraging everyday applications, researchers say.
January 6th, 2025 (6 months ago)
|
|
|
Description: These latest attacks follow a long string of cyberattacks and breaches targeting US and global telecom and ISP companies.
January 6th, 2025 (6 months ago)
|
|
|
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today that the Treasury Department breach disclosed last week did not impact other federal agencies. [...]
January 6th, 2025 (6 months ago)
|
|
|
Description: With Windows 10's end-of-support date set for October 14, 2025, cybersecurity experts at ESET warn that Germany could face a significant security crisis. Approximately 32 million Windows 10 devices, representing 65% of the country's PCs, remain on the soon-to-be-outdated operating system. ESET has urged individuals and businesses to immediately transition to newer platforms to avoid …
The post ESET Warns 32 Million Germans They Need to Move From Windows 10 appeared first on CyberInsider.
January 6th, 2025 (6 months ago)
|
|
|
Description: A new campaign exploits the trust of unsuspecting gamers, luring victims into downloading information-stealing malware disguised as beta versions of video games. The campaign, detailed in a Malwarebytes report, primarily targets users through Discord direct messages, emails, or text messages, often presented as personal requests from “game developers” seeking beta testers. Targeting Discord users Victims …
The post Discord Users Targeted by Fake Game Sites Spreading Info-Stealers appeared first on CyberInsider.
January 6th, 2025 (6 months ago)
|
|
|
Description: Chinese state-sponsored hacking group Salt Typhoon also hacked Charter Communications and Windstream Holdings. The revelation, which was made in an exclusive Wall Street Journal report, marks a significant escalation in a campaign targeting America’s critical communications infrastructure, now encompassing nine major telecom providers. The breach, linked to Chinese intelligence operatives, exploited unpatched vulnerabilities and weak …
The post Charter and Windstream Join List of U.S. Telcos Hacked by China appeared first on CyberInsider.
January 6th, 2025 (6 months ago)
|
CVE-2025-22376 |
Description: Impact
Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source (https://github.com/guzzle/oauth-subscriber/blob/0.8.0/src/Oauth1.php#L192). This can leave servers vulnerable to replay attacks when TLS is not used.
Patches
Upgrade to version 0.8.1 or higher.
Workarounds
No.
References
Issue is similar to https://nvd.nist.gov/vuln/detail/CVE-2025-22376.
References
https://github.com/guzzle/oauth-subscriber/security/advisories/GHSA-237r-r8m4-4q88
https://github.com/guzzle/oauth-subscriber/commit/92b619b03bd21396e51c62e6bce83467d2ce8f53
https://github.com/guzzle/oauth-subscriber/blob/0.8.0/src/Oauth1.php#L192
https://github.com/guzzle/oauth-subscriber/releases/tag/0.8.1
https://github.com/advisories/GHSA-237r-r8m4-4q88
EPSS Score: 0.04%
January 6th, 2025 (6 months ago)
|
|
|
Description: The malware, operated by China-backed cyberattackers, has been significantly fortified with new evasive and post-infection capabilities.
January 6th, 2025 (6 months ago)
|
|
|
Description: [Darknetlive Archive] Major Xanax Vendor Sentenced to Prison
January 6th, 2025 (6 months ago)
|