CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-0187	Community by PeepSo < 6.3.1.2 - Reflected XSS Description: The Community by PeepSo WordPress plugin before 6.3.1.2 does not sanitise and escape various parameters and generated URLs before outputting them back attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin EPSS Score: 0.44% SSVC Exploitation: poc Source: CVE May 22nd, 2025 (30 days ago)
	Chinese snoops tried to break into US city utilities, says Talos Source: TheRegister May 22nd, 2025 (30 days ago)
	Chinese-speaking hackers targeting US municipalities with Cityworks bug Description: Since January, cybersecurity experts have seen Chinese-speaking hackers exploiting a bug impacting a tool used by local governments to manage critical infrastructure assets and other services. Source: The Record May 22nd, 2025 (30 days ago)
CVE-2025-45472	Insecure permissions in autodeploy-layer v1.2.0 allows attackers to escalate privileges and compromise the customer cloud account. Description: Insecure permissions in autodeploy-layer v1.2.0 allows attackers to escalate privileges and compromise the customer cloud account. EPSS Score: 0.04% Source: CVE May 22nd, 2025 (30 days ago)
CVE-2025-45468	Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attackers to escalate privileges and compromise the customer cloud account. Description: Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attackers to escalate privileges and compromise the customer cloud account. EPSS Score: 0.04% Source: CVE May 22nd, 2025 (30 days ago)
	Russia-aligned hackers target Tajikistan in new espionage campaign Description: The hackers used phishing emails containing government-themed lure documents to gain access to targeted systems. Source: The Record May 22nd, 2025 (30 days ago)
	Hackers use fake Ledger apps to steal Mac users’ seed phrases Description: Cybercriminal campaigns are using fake Ledger apps to target macOS users and their digital assets by deploying malware that attempts to steal seed phrases that protect access to digital cryptocurrency wallets. [...] Source: BleepingComputer May 22nd, 2025 (30 days ago)
	Alleged Sale of Cracked DarkVision v2.35 Description: Alleged Sale of Cracked DarkVision v2.35 Source: DarkWebInformer May 22nd, 2025 (30 days ago)
	Turkey Dismantles Chinese Spy Network Using Fake Cell Towers Description: Turkish intelligence has dismantled what officials describe as the most advanced foreign espionage operation ever uncovered on its soil, a Chinese-run spy ring that used IMSI-catcher technology to monitor Uyghur dissidents and Turkish government officials in five major cities. The operation, led by Turkey's National Intelligence Organization (MIT), culminated in the arrest of seven Chinese … The post Turkey Dismantles Chinese Spy Network Using Fake Cell Towers appeared first on CyberInsider. Source: CyberInsider May 22nd, 2025 (30 days ago)
	Russian hacker group Killnet returns with new identity Description: Earlier this month, Killnet claimed it had hacked Ukraine’s drone-tracking system after disappearing from public view in 2023. Source: The Record May 22nd, 2025 (30 days ago)