CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
We’re Answering Your Exposure Management Questions
Description: Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this Exposure Management Academy FAQ, we help CISOs understand exposure management, look at how advanced you might be and outline how to structure a program. You can read the entire Exposure Management Academy series here.Since we started the Exposure Management Academy in March, we’ve received lots of questions. To provide answers, we launched an exposure management FAQ series in April and we’re following that with a few more questions and answers. Do you have a question about exposure management? If so, fill out the form at the bottom of this page and we’ll address your question in a future post.I’m a CISO. What should I know about exposure management?This is a fundamental question we hear from many CISOs. In short, exposure management offers CISOs a unified view of the most significant cyber exposures across their organization’s entire attack surface. Toxic combinations of preventable weaknesses — including vulnerabilities, misconfigurations and excessive permissions — can lead to substantial business exposure if they’re exploited. To effectively practice exposure management, you need to be able to identify these toxic risk combinations that create attack paths leading to your most valuable assets or administrative privileges. Implementing an exposure management program can help you streamline priorit...
Source: Tenable Blog
May 19th, 2025 (about 1 month ago)
Official UK records confirm cyberattacks put NHS patients at risk of clinical harm
Description: Data obtained by Recorded Future News from the U.K.'s National Health Service show that two incidents last year put patients at risk of clinical harm.
Source: The Record
May 19th, 2025 (about 1 month ago)
UK government confirms massive data breach following hack of Legal Aid Agency
Description: A large cache of sensitive data about people who applied for legal aid in the U.K. is potentially in the possession of cybercriminals, the government said.
Source: The Record
May 19th, 2025 (about 1 month ago)
Millions at risk after attackers steal UK legal aid data dating back 15 years
Source: TheRegister
May 19th, 2025 (about 1 month ago)
Why CTEM is the Winning Bet for CISOs in 2025
Description: Continuous Threat Exposure Management (CTEM) has moved from concept to cornerstone, solidifying its role as a strategic enabler for CISOs. No longer a theoretical framework, CTEM now anchors today’s cybersecurity programs by continuously aligning security efforts with real-world risk. At the heart of CTEM is the integration of Adversarial Exposure Validation (AEV), an advanced, offensive
Source: TheHackerNews
May 19th, 2025 (about 1 month ago)
O2 UK VoLTE Leak Exposes Real-Time Location of Any Customer Through a Phone Call
Description: A critical privacy vulnerability in O2 UK's Voice over LTE (VoLTE) system allows any caller to accurately geolocate any O2 customer simply by initiating a phone call, without their consent or knowledge. The flaw, which leaked detailed network identifiers and location metadata during standard SIP signaling, persisted for months with no action from the mobile … The post O2 UK VoLTE Leak Exposes Real-Time Location of Any Customer Through a Phone Call appeared first on CyberInsider.
Source: CyberInsider
May 19th, 2025 (about 1 month ago)
Mozilla Quickly Patches Two Firefox Zero-Days Uncovered by White-Hats
Description: Mozilla has released emergency updates to Firefox and its extended support releases just one day after two critical vulnerabilities were demonstrated during the Pwn2Own Berlin 2025 competition. The flaws, both affecting JavaScript object handling, were exploited in Firefox's content process but failed to break out of the browser's sandbox. Firefox, a flagship browser maintained by … The post Mozilla Quickly Patches Two Firefox Zero-Days Uncovered by White-Hats appeared first on CyberInsider.
Source: CyberInsider
May 19th, 2025 (about 1 month ago)
IT chiefs of UK's massive health service urge vendors to make public security pledge
Source: TheRegister
May 19th, 2025 (about 1 month ago)

CVE-2025-37891
ALSA: ump: Fix buffer overflow at UMP SysEx message conversion
Description: In the Linux kernel, the following vulnerability has been resolved: ALSA: ump: Fix buffer overflow at UMP SysEx message conversion The conversion function from MIDI 1.0 to UMP packet contains an internal buffer to keep the incoming MIDI bytes, and its size is 4, as it was supposed to be the max size for a MIDI1 UMP packet data. However, the implementation overlooked that SysEx is handled in a different format, and it can be up to 6 bytes, as found in do_convert_to_ump(). It leads eventually to a buffer overflow, and may corrupt the memory when a longer SysEx message is received. The fix is simply to extend the buffer size to 6 to fit with the SysEx UMP message.

EPSS Score: 0.02%

Source: CVE
May 19th, 2025 (about 1 month ago)
Stack-based buffer overflow vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor
Description: Multiple laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor contain a stack-based buffer overflow vulnerability.
Source: Japan Vulnerability Notes (JVN)
May 19th, 2025 (about 1 month ago)