CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
The Crowded Battle: Key Insights from the 2025 State of Pentesting Report
Description: In the newly released 2025 State of Pentesting Report, Pentera surveyed 500 CISOs from global enterprises (200 from within the USA) to understand the strategies, tactics, and tools they use to cope with the thousands of security alerts, the persisting breaches and the growing cyber risks they have to handle. The findings reveal a complex picture of progress, challenges, and a shifting mindset
Source: TheHackerNews
May 20th, 2025 (about 1 month ago)
🏴‍☠️ Morpheus has just published a new victim : Landmark Properties
Description: **Website**: landmarkproperties.com **Revenue**: $1.5 Billion Landmark Properties is a fully integrated real estate firm specializing in development, construction, management, investment, and consul
Source: Ransomware.live
May 20th, 2025 (about 1 month ago)
Duping Cloud Functions: An emerging serverless attack vector
Description: Cisco Talos built on Tenable’s discovery of a Google Cloud Platform vulnerability to uncover how attackers could exploit similar techniques across AWS and Azure.
Source: Cisco Talos Blog
May 20th, 2025 (about 1 month ago)
Session Migrates to Its Own Blockchain Network for Better Control and Security
Description: Encrypted messaging platform Session will complete its long-anticipated migration from the Oxen Service Node Network to its newly developed Session Network on May 21, 2025. The move aims to consolidate its infrastructure under a unified brand and introduce a new Ethereum-compatible token to support its decentralized ecosystem. The transition marks a pivotal evolution in Session's … The post Session Migrates to Its Own Blockchain Network for Better Control and Security appeared first on CyberInsider.
Source: CyberInsider
May 20th, 2025 (about 1 month ago)
Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization
Description: Threat hunters have exposed the tactics of a China-aligned threat actor called UnsolicitedBooker that targeted an unnamed international organization in Saudi Arabia with a previously undocumented backdoor dubbed MarsSnake. ESET, which first discovered the hacking group's intrusions targeting the entity in March 2023 and again a year later, said the activity leverages spear-phishing emails using
Source: TheHackerNews
May 20th, 2025 (about 1 month ago)
Decommissioning assets
Description: How to retire digital assets (such as data, software, or hardware) from operation.
Source: NCSC Alerts and Advisories
May 20th, 2025 (about 1 month ago)
Go-Based Malware Deploys XMRig Miner on Linux Hosts via Redis Configuration Abuse
Description: Cybersecurity researchers are calling attention to a new Linux cryptojacking campaign that's targeting publicly accessible Redis servers. The malicious activity has been codenamed RedisRaider by Datadog Security Labs. "RedisRaider aggressively scans randomized portions of the IPv4 space and uses legitimate Redis configuration commands to execute malicious cron jobs on vulnerable systems,"
Source: TheHackerNews
May 20th, 2025 (about 1 month ago)
Cross-Site Scripting (XSS) almacenado en Koibox
Description: Stored Cross-Site Scripting (XSS) in Koibox Tue, 05/20/2025 - 09:37 Aviso Affected Resources Koibox, versions prior to e8cbce2. Description INCIBE has coordinated the publication of a medium severity vulnerability affecting Koibox, a management software for beauty centres. This vulnerability has been discovered by David Padilla Alvarado.This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and CWE vulnerability type:CVE-2025-40633: CVSS v4.0: 5.1 | CVSS AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N | CWE-79 Identificador INCIBE-2025-0249 3 - Medium Solution The vulnerability has been resolved by Koibox team in version e8cbce2. Detail CVE-2025-40633: A Stored Cross-Site Scripting (XSS) vulnerability has been found in Koibox for versions prior to e8cbce2. This vulnerability allows an authenticated attacker to upload an image containing malicious JavaScript code as profile picture in the '/es/dashboard/clientes/ficha/' endpoint. References list Koibox Etiquetas Update CNA Vulnerability ...

EPSS Score: 0.05%

Source: Incibe CERT
May 20th, 2025 (about 1 month ago)
Virgin Media O2 patches hole that let callers snoop on your coordinates
Source: TheRegister
May 20th, 2025 (about 1 month ago)
Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts
Description: Cybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker tools to validate stolen email addresses against TikTok and Instagram APIs. All three packages are no longer available on PyPI. The names of the Python packages are below - checker-SaGaF (2,605 downloads) steinlurks (1,049 downloads) sinnercore (3,300 downloads)
Source: TheHackerNews
May 20th, 2025 (about 1 month ago)