CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
[nicegui] NiceGUI On Air authentication issue
Description: Summary Once a user logins to one browser, all other browsers are logged in without entering password. Even incognito mode. Impact high References https://github.com/zauberzeug/nicegui/security/advisories/GHSA-v6jv-p6r8-j78w https://github.com/zauberzeug/nicegui/commit/1621a4ba6a06676b8094362d36623551e651adc1 https://github.com/advisories/GHSA-v6jv-p6r8-j78w
Source: Github Advisory Database (PIP)
January 6th, 2025 (6 months ago)
A Threat Actor is Allegedly Selling Coinpayment Leads
Description: A Threat Actor is Allegedly Selling Coinpayment Leads
Source: DarkWebInformer
January 6th, 2025 (6 months ago)
Team 1722 Defaced the Website of Revotrads
Description: Team 1722 Defaced the Website of Revotrads
Source: DarkWebInformer
January 6th, 2025 (6 months ago)
IoT's Regulatory Reckoning Is Overdue
Description: New security regulations are more than compliance hurdles — they're opportunities to build better products, restore trust, and lead the next chapter of innovation.
Source: Dark Reading
January 6th, 2025 (6 months ago)
RipperSec Targeted the Website of National Institute of Psychobiology in Israel
Description: RipperSec Targeted the Website of National Institute of Psychobiology in Israel
Source: DarkWebInformer
January 6th, 2025 (6 months ago)
NoName Targeted Many Websites in Poland
Description: NoName Targeted Many Websites in Poland
Source: DarkWebInformer
January 6th, 2025 (6 months ago)
Rey of HELLCAT Ransomware Claims to have Leaked the Data of Car Care Plan (CCP)
Description: Rey of HELLCAT Ransomware Claims to have Leaked the Data of Car Care Plan (CCP)
Source: DarkWebInformer
January 6th, 2025 (6 months ago)
[starcitizentools/tabber-neue] Extension:TabberNeue vulnerable to Cross-site Scripting
Description: Summary There are several sources of arbitrary, unescaped user input being used to construct HTML, which allows any user that can edit pages or otherwise render wikitext to XSS other users. Edit: Only the first XSS can be reproduced in production. Details ✅ Verified and patched in f229cab099c69006e25d4bad3579954e481dc566 https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/blob/2526daa9f8cfdd616c861c8439755cb74a6c8c6e/includes/TabberTransclude.php#L154 This doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This was caused by d8c3db4e5935476e496d979fb01f775d3d3282e6. ❌ Invalid as MediaWiki parser sanitizes dangerous HTML https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/blob/2526daa9f8cfdd616c861c8439755cb74a6c8c6e/includes/Tabber.php#L160 The documentation for Parser::recursiveTagParse() states that it returns unsafe HTML, and the $content being supplied is from user input. This was caused by 95351812613e04717f3ad7844cfcc67e4ede4d11. ❌ Invalid as TabberParsoid is not being used https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/blob/2526daa9f8cfdd616c861c8439755cb74a6c8c6e/includes/TabberParsoid.php#L96 This uses unescaped user input as the attribute of an element, thus allowing the user to break out of the attribute or element and injecting arbitrary attributes to the element, or inserting new ones (such as a script tag). This was caused by 8278e66548...
Source: Github Advisory Database (Composer)
January 6th, 2025 (6 months ago)
A Threat Actor Claims to be Selling Complete Source Code and Gaming Infrastructure to Betrnk Inc
Description: A Threat Actor Claims to be Selling Complete Source Code and Gaming Infrastructure to Betrnk Inc
Source: DarkWebInformer
January 6th, 2025 (6 months ago)
A Threat Actor Claims to be Selling 300 CC from France
Description: A Threat Actor Claims to be Selling 300 CC from France
Source: DarkWebInformer
January 6th, 2025 (6 months ago)