CyberAlerts

Adidas Falls Victim to Third-Party Data Breach

Description: Though Adidas said that no payment or financial information was affected in the breach, individuals who contacted the compamy's customer service help desk were impacted.

Source: Dark Reading

May 27th, 2025 (23 days ago)

DragonForce ransomware abuses MSP’s SimpleHelp RMM to encrypt customers

Description: The DragonForce ransomware operation successfully breached a managed service provider and used its SimpleHelp remote monitoring and management (RMM) platform to steal data and deploy encryptors on downstream customers' systems. [...]

Source: BleepingComputer

May 27th, 2025 (23 days ago)

Alleged Data Breach of I Paid A Bribe

Description: Alleged Data Breach of I Paid A Bribe

Source: DarkWebInformer

May 27th, 2025 (23 days ago)

CVE-2025-5222

Icu: stack buffer overflow in the srbroot::addtag function

Description: A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.

EPSS Score: 0.02%

Source: CVE

May 27th, 2025 (23 days ago)

Alleged Sale of FortiVPN Access to an Unidentified Business Services Company in USA

Description: Alleged Sale of FortiVPN Access to an Unidentified Business Services Company in USA

Source: DarkWebInformer

May 27th, 2025 (23 days ago)

CVE-2025-46173

code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) via the name field in the feedback form.

Description: code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) via the name field in the feedback form.

EPSS Score: 0.01%

Source: CVE

May 27th, 2025 (23 days ago)

Alleged Sale of Data from an Unidentified Company in Hong Kong

Description: Alleged Sale of Data from an Unidentified Company in Hong Kong

Source: DarkWebInformer

May 27th, 2025 (23 days ago)

[lomkit/laravel-rest-api] Laravel Rest Api has a Search Validation Bypass

Description: A validation bypass vulnerability was discovered prior to version 2.13.0, where multiple validations defined for the same attribute could be silently overridden. Due to how the framework merged validation rules across multiple contexts (such as index, store, and update actions), malicious actors could exploit this behavior by crafting requests that bypass expected validation rules, potentially injecting unexpected or dangerous parameters into the application. Impact: This could lead to unauthorized data being accepted or processed by the API, depending on the context in which the validation was bypassed. Patch: The issue was fixed in PR #172 by ensuring that multiple rule definitions are merged correctly rather than overwritten. References https://github.com/Lomkit/laravel-rest-api/security/advisories/GHSA-69rh-hccr-cxrj https://github.com/Lomkit/laravel-rest-api/pull/172 https://github.com/Lomkit/laravel-rest-api/commit/88b14587b4efd7e59d7379658c606d325bb513b4 https://github.com/advisories/GHSA-69rh-hccr-cxrj

Source: Github Advisory Database (Composer)

May 27th, 2025 (23 days ago)

🏴‍☠️ Qilin has just published a new victim : Cape Robbin Inc

Description: Cape Robbin is the ultimate runway-inspired fashion brand for women’s shoes, offering a combination of style and affordability. Featuring bold heels and chic sandals, each designed with the fashion-conscious woman in mind. Cape Robbin is a ...

Source: Ransomware.live

May 27th, 2025 (23 days ago)

Iranian pleads guilty to launching Baltimore ransomware attack, faces 30 years behind bars

Description: Sina Gholinejad admitted to using the Robbinhood ransomware variant to extort ransom payments from dozens of victims.

Source: The Record

May 27th, 2025 (23 days ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	Adidas Falls Victim to Third-Party Data Breach Description: Though Adidas said that no payment or financial information was affected in the breach, individuals who contacted the compamy's customer service help desk were impacted. Source: Dark Reading May 27th, 2025 (23 days ago)
	DragonForce ransomware abuses MSP’s SimpleHelp RMM to encrypt customers Description: The DragonForce ransomware operation successfully breached a managed service provider and used its SimpleHelp remote monitoring and management (RMM) platform to steal data and deploy encryptors on downstream customers' systems. [...] Source: BleepingComputer May 27th, 2025 (23 days ago)
	Alleged Data Breach of I Paid A Bribe Description: Alleged Data Breach of I Paid A Bribe Source: DarkWebInformer May 27th, 2025 (23 days ago)
CVE-2025-5222	Icu: stack buffer overflow in the srbroot::addtag function Description: A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution. EPSS Score: 0.02% Source: CVE May 27th, 2025 (23 days ago)
	Alleged Sale of FortiVPN Access to an Unidentified Business Services Company in USA Description: Alleged Sale of FortiVPN Access to an Unidentified Business Services Company in USA Source: DarkWebInformer May 27th, 2025 (23 days ago)
CVE-2025-46173	code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) via the name field in the feedback form. Description: code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) via the name field in the feedback form. EPSS Score: 0.01% Source: CVE May 27th, 2025 (23 days ago)
	Alleged Sale of Data from an Unidentified Company in Hong Kong Description: Alleged Sale of Data from an Unidentified Company in Hong Kong Source: DarkWebInformer May 27th, 2025 (23 days ago)
	[lomkit/laravel-rest-api] Laravel Rest Api has a Search Validation Bypass Description: A validation bypass vulnerability was discovered prior to version 2.13.0, where multiple validations defined for the same attribute could be silently overridden. Due to how the framework merged validation rules across multiple contexts (such as index, store, and update actions), malicious actors could exploit this behavior by crafting requests that bypass expected validation rules, potentially injecting unexpected or dangerous parameters into the application. Impact: This could lead to unauthorized data being accepted or processed by the API, depending on the context in which the validation was bypassed. Patch: The issue was fixed in PR #172 by ensuring that multiple rule definitions are merged correctly rather than overwritten. References https://github.com/Lomkit/laravel-rest-api/security/advisories/GHSA-69rh-hccr-cxrj https://github.com/Lomkit/laravel-rest-api/pull/172 https://github.com/Lomkit/laravel-rest-api/commit/88b14587b4efd7e59d7379658c606d325bb513b4 https://github.com/advisories/GHSA-69rh-hccr-cxrj Source: Github Advisory Database (Composer) May 27th, 2025 (23 days ago)
	🏴‍☠️ Qilin has just published a new victim : Cape Robbin Inc Description: Cape Robbin is the ultimate runway-inspired fashion brand for women’s shoes, offering a combination of style and affordability. Featuring bold heels and chic sandals, each designed with the fashion-conscious woman in mind. Cape Robbin is a ... Source: Ransomware.live May 27th, 2025 (23 days ago)
	Iranian pleads guilty to launching Baltimore ransomware attack, faces 30 years behind bars Description: Sina Gholinejad admitted to using the Robbinhood ransomware variant to extort ransom payments from dozens of victims. Source: The Record May 27th, 2025 (23 days ago)