CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Microsoft Introduces New AI Features to Paint and Notepad in Windows 11
Description: Microsoft has rolled out a new wave of AI-powered features to its core Windows 11 applications, Paint, Snipping Tool, and Notepad, available now to Windows Insiders in the Canary and Dev channels. These upgrades, exclusive to Copilot+ PCs running Windows 11, aim to boost creativity, precision, and productivity by integrating generative AI and intelligent automation … The post Microsoft Introduces New AI Features to Paint and Notepad in Windows 11 appeared first on CyberInsider.
Source: CyberInsider
May 23rd, 2025 (29 days ago)
SafeLine WAF: Open Source Web Application Firewall with Zero-Day Detection and Bot Protection
Description: From zero-day exploits to large-scale bot attacks — the demand for a powerful, self-hosted, and user-friendly web application security solution has never been greater. SafeLine is currently the most starred open-source Web Application Firewall (WAF) on GitHub, with over 16.4K stars and a rapidly growing global user base. This walkthrough covers what SafeLine is, how it works, and why it’s
Source: TheHackerNews
May 23rd, 2025 (29 days ago)
TikTok videos now push infostealer malware in ClickFix attacks
Description: Cybercriminals are using TikTok videos to trick users into infecting themselves with Vidar and StealC information-stealing malware in ClickFix attacks. [...]
Source: BleepingComputer
May 23rd, 2025 (29 days ago)
Múltiples vulnerabilidades en Iridium Certus de Intellian Technologies
Description: Multiple vulnerabilities in Intellian Technologies Iridium Certus Fri, 05/23/2025 - 11:37 Aviso Affected Resources Iridium Certus 700, 1.0.1 version. Description INCIBE has coordinated the publication of 4 vulnerabilities, one critical, one high and 2 medium severity affecting Iridium Certus 700, a maritime satellite communication system, which have been discovered by Gabriel González García.These vulnerabilities have been assigned the following codes, CVSS v4.0 base score, CVSS vector and CWE vulnerability type for each vulnerability:CVE-2025-41377: CVSS v4.0: 9.3 [ CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N | CWE-310CVE-2025-41378: CVSS v4.0: 6.9 | CVSS AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N  | CWE-20CVE-2025-41379: CVSS v4.0: 6.3 | CVSS AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N  | CWE-310CVE-2025-41380: CVSS v4.0: 4.8 | CVSS AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N | CWE-798 Identificador INCIBE-2025-0262 5 - Critical Solution The vulnerabilities have been resolved by the Intellian Technologies team in the Q2 2025 release. Detail CVE-2025-41377: cryptographic vulnerability in Iridium Certus 700. This vulnerability allows a user to retrieve the encryption key, resulting in the loading of malicious firmware.CVE-2025-41378: ...

EPSS Score: 0.06%

Source: Incibe CERT
May 23rd, 2025 (29 days ago)
Grandpa-conning crook jailed over sugar-coated drug scam
Source: TheRegister
May 23rd, 2025 (29 days ago)
$50M Malware Platform Danabot Taken Offline in Global Operation
Description: Authorities across multiple continents have taken down Danabot, one of the most prolific malware-as-a-service platforms in recent years, as part of Operation Endgame, an expansive law enforcement campaign targeting the initial access layer of the ransomware ecosystem. The takedown neutralized Danabot's infrastructure, disrupted its botnets, and led to criminal charges against 16 alleged operators linked … The post $50M Malware Platform Danabot Taken Offline in Global Operation appeared first on CyberInsider.
Source: CyberInsider
May 23rd, 2025 (29 days ago)
Windows 11 Notepad gets AI-powered text writing capabilities
Description: Microsoft is testing a new AI-powered text generation feature in Notepad that can let Windows Insiders create content based on custom prompts. [...]
Source: BleepingComputer
May 23rd, 2025 (29 days ago)
U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation
Description: The U.S. Department of Justice (DoJ) on Thursday announced the disruption of the online infrastructure associated with DanaBot (aka DanaTools) and unsealed charges against 16 individuals for their alleged involvement in the development and deployment of the malware, which it said was controlled by a Russia-based cybercrime organization. The malware, the DoJ said, infected more than 300,000
Source: TheHackerNews
May 23rd, 2025 (29 days ago)
Police takes down 300 servers in ransomware supply-chain crackdown
Description: In the latest phase of Operation Endgame, an international law enforcement operation, national authorities from seven countries seized 300 servers and 650 domains used to launch ransomware attacks. [...]
Source: BleepingComputer
May 23rd, 2025 (29 days ago)
GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts
Description: Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites. GitLab Duo is an artificial intelligence (AI)-powered coding assistant that enables users to write,
Source: TheHackerNews
May 23rd, 2025 (29 days ago)