CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
🏴‍☠️ Akira has just published a new victim : Making Tech Happen
Description: Making Tech Happen is a software solutions provider based in Sant a Rosa, CA. We are going to upload more than 8 GB of corporate documents such as: employee personal documents (passports, driver licenses, SSN s), accounting files, lots of projects files, etc. A diary record of one of employees as a bonus.
Source: Ransomware.live
May 20th, 2025 (about 1 month ago)
AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation
Description: Cybersecurity researchers have discovered risky default identity and access management (IAM) roles impacting Amazon Web Services that could open the door for attackers to escalate privileges, manipulate other AWS services, and, in some cases, even fully compromise AWS accounts. "These roles, often created automatically or recommended during setup, grant overly broad permissions, such as full S3
Source: TheHackerNews
May 20th, 2025 (about 1 month ago)
South Asian Ministries Hit by SideWinder APT Using Old Office Flaws and Custom Malware
Description: High-level government institutions in Sri Lanka, Bangladesh, and Pakistan have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder. "The attackers used spear phishing emails paired with geofenced payloads to ensure that only victims in specific countries received the malicious content," Acronis researchers Santiago Pontiroli, Jozsef Gegeny, and Prakas
Source: TheHackerNews
May 20th, 2025 (about 1 month ago)
Malicious VPN Extensions on Chrome Web Store Intercept User Data
Description: A new wave of malicious browser extensions, some posing as VPN extensions, has been found on the Chrome Web Store, blending functional features with covert surveillance and code execution capabilities. These dual-purpose extensions, active since at least February 2024, were part of a broader campaign orchestrated by an unidentified threat actor who has created over … The post Malicious VPN Extensions on Chrome Web Store Intercept User Data appeared first on CyberInsider.
Source: CyberInsider
May 20th, 2025 (about 1 month ago)
How Exposure Management Can Efficiently and Effectively Improve Cyber Resilience for State and Local Governments
Description: State and local governments must grapple with resource constraints even as they face increased demand for cybersecurity vigilance to protect critical infrastructure and essential services. Here’s how exposure management can help.State and local governments play a crucial role in the daily lives of communities, including managing the critical infrastructure we rely on every day, such as water systems, transportation networks, power grids, and emergency services. These institutions are on the front lines of delivering and safeguarding these essential services. A successful cyber attack on even a small municipality can disrupt daily operations, compromise sensitive data and threaten public safety.As digital threats grow more advanced and persistent, protecting state and local systems is no longer just a technical issue, it is a fundamental part of securing the nation’s most vital functions. To address this growing challenge, state and local governments need comprehensive statewide cybersecurity strategies aligned with recognized cybersecurity best practices and standards, sustainable funding and coordinated support to defend against ever evolving threats.Cyber threats against state and local governmentsAs frontline operators of critical infrastructure, state and local governments face an increasingly complex and evolving cyber threat landscape. For example, in 2023, Volt Typhoon, a state-sponsored threat actor backed by the People’s Republic of China (PRC), launched a prolong...
Source: Tenable Blog
May 20th, 2025 (about 1 month ago)
Dutch government passes law to criminalize cyber-espionage
Description: The Netherlands has updated its digital security laws to criminalize cyber-espionage and increase penalties for computer-related offenses.
Source: The Record
May 20th, 2025 (about 1 month ago)

CVE-2025-37892
mtd: inftlcore: Add error check for inftl_read_oob()
Description: In the Linux kernel, the following vulnerability has been resolved: mtd: inftlcore: Add error check for inftl_read_oob() In INFTL_findwriteunit(), the return value of inftl_read_oob() need to be checked. A proper implementation can be found in INFTL_deleteblock(). The status will be set as SECTOR_IGNORE to break from the while-loop correctly if the inftl_read_oob() fails.

EPSS Score: 0.04%

Source: CVE
May 20th, 2025 (about 1 month ago)
Ransomware attack on food distributor spells more pain for UK supermarkets
Source: TheRegister
May 20th, 2025 (about 1 month ago)
Ransomware attack hits supplier of refrigerated groceries to British supermarkets
Description: Peter Green Chilled, which ships refrigerated food to supermarkets, is the latest company in the U.K.'s grocery sector to announce disruption from a cyberattack.
Source: The Record
May 20th, 2025 (about 1 month ago)
🏴‍☠️ Ransomhouse has just published a new victim : Tri State Electric
Description: Tri-State Electric is a full service electrical contractor company, servicing the Sun City region with a proven track record of delivering on time and on budget electrical installations. We can perform and comfortably manage any job electrically.
Source: Ransomware.live
May 20th, 2025 (about 1 month ago)