CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: A novel technique to stump artificial intelligence (AI) text-based systems increases the likelihood of a successful cyberattack by 60%.
January 2nd, 2025 (6 months ago)
|
|
|
Description: Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure.
The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three shortcomings reside in Power Platform's OData Web API Filter, while the third vulnerability is rooted in the FetchXML
January 2nd, 2025 (6 months ago)
|
|
|
Description: In the past year, cross-domain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple domains – including endpoints, identity systems and cloud environments – so the adversary can infiltrate organizations, move laterally and evade detection. eCrime groups like SCATTERED SPIDER and North Korea-nexus adversaries such as FAMOUS
January 2nd, 2025 (6 months ago)
|
|
|
Description: German prosecutors have charged three Russian-German nationals for acting as secret service agents for Russia.
The individuals, named Dieter S., Alexander J., and Alex D., have been accused of working for a foreign secret service. Dieter S. is also alleged to have participated in sabotage operations as well as taking pictures of military installations with an aim to endanger national security.
January 2nd, 2025 (6 months ago)
|
|
|
Description: Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality, drops an open-source remote access trojan called Quasar RAT onto developer systems.
The heavily obfuscated package, named ethereumvulncontracthandler, was published to npm on December 18, 2024, by a user
January 2nd, 2025 (6 months ago)
|
CVE-2024-11846 |
Description: The does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
EPSS Score: 0.04%
January 2nd, 2025 (6 months ago)
|
|
|
Description: This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
January 2nd, 2025 (6 months ago)
|
|
|
Description: Chinese hackers remotely accessed US Treasury Department workstations after compromising a cloud-based service operated by BeyondTrust.
The post Chinese Hackers Accessed US Treasury Workstations in ‘Major’ Cybersecurity Incident appeared first on SecurityWeek.
January 1st, 2025 (6 months ago)
|
|
|
Description: The recent compromise of Cyberhaven’s Chrome extension appears to be part of a broad campaign that started over a year ago.
The post Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign appeared first on SecurityWeek.
January 1st, 2025 (6 months ago)
|
|
|
Description: Cybercriminals who hacked Rhode Island’s system for health and benefits programs have released files to a site on the dark web,
The post Rhode Islanders’ Data Was Leaked From a Cyberattack on State Health Benefits Website appeared first on SecurityWeek.
January 1st, 2025 (6 months ago)
|