CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: South African Airways (SAA) is a passenger and freight airline that is owned and operated by the South African government. Saa is a member of the Star Alliance network and is headquartered in Johannesburg, South Africa
May 16th, 2025 (about 1 month ago)
|
|
|
Description: Part 1
May 16th, 2025 (about 1 month ago)
|
|
Description: Check out a study that outlines the risks and benefits of open-source AI tools. Meanwhile, the NCSC unpacks use cases for new, alternative encryption technologies. Plus, ISACA urges orgs to begin their post-quantum cryptography migration. And get the latest on assessing software productsā security; cyber attacks against critical infrastructure; and more!Dive into six things that are top of mind for the week ending May 16.1 - Study: Orgs embrace open source AI, but cyber risk concerns loomAs organizations increasingly adopt open-source artificial intelligence (AI) technologies, they also worry about facing higher risks than those posed by proprietary AI products.Thatās according to the report āOpen source technology in the age of AIā from McKinsey Co., the Patrick J. McGovern Foundation and Mozilla, based on a global survey of 700-plus technology leaders and senior developers.Specifically, while respondents cite benefits like lower costs and ease of use, they consider open source AI tools to be riskier in areas like cybersecurity, compliance and intellectual property.If your organization is looking at or already adopting open source AI products, here are risk mitigation recommendations from the report:Implement strong guardrails, such as automated content filtering, input / output validation and human oversight.Use standardized benchmarks to conduct regular risk assessments.Run AI models in trusted execution environments.Protect model repositories with strong access control...
May 16th, 2025 (about 1 month ago)
|
|
Description: In an open letter, NHS suppliers were warned that ransomware incidents have been getting more severe and frequent in recent months.
May 16th, 2025 (about 1 month ago)
|
|
Description: Cybersecurity researchers are calling attention to a new botnet malware called HTTPBot that has been used to primarily single out the gaming industry, as well as technology companies and educational institutions in China.
"Over the past few months, it has expanded aggressively, continuously leveraging infected devices to launch external attacks," NSFOCUS said in a report published this week. "By
May 16th, 2025 (about 1 month ago)
|
|
May 16th, 2025 (about 1 month ago)
|
|
Description: Data is the lifeblood of productivity, and protecting sensitive data is more critical than ever. With cyber threats evolving rapidly and data privacy regulations tightening, organizations must stay vigilant and proactive to safeguard their most valuable assets. But how do you build an effective data protection framework?
In this article, we'll explore data protection best practices from meeting
May 16th, 2025 (about 1 month ago)
|
|
Description: For at least six months, Procolored, a well-known manufacturer of UV and DTF printers, hosted malware-laden software downloads on its website, infecting users with backdoors and cryptocurrency stealers. The incident first came to light when Cameron Coward, creator of the Serial Hobbyism YouTube channel, attempted to review a $6,000 Procolored UV printer. Upon inserting the ā¦
The post Procolored Printers Distributed Malware-Infested Software for Six Months appeared first on CyberInsider.
May 16th, 2025 (about 1 month ago)
|
|
Description: A social engineering campaign is targeting U.S. government officials and their contacts through AI-generated voice calls and malicious text messages, the FBI warns. The impersonation campaign, active since April 2025, exploits trust in public figures to hijack accounts and expand access across sensitive networks. The FBI issued a Public Service Announcement disclosing that the attackers ā¦
The post Senior U.S. Officials Impersonated in AI-Powered Vishing Campaign appeared first on CyberInsider.
May 16th, 2025 (about 1 month ago)
|
|
Description: Path Traversal vulnerability in PNETLab
Fri, 05/16/2025 - 11:12
Aviso
Affected Resources
PNETLab v4.2.10.
Description
INCIBE has coordinated the publication of a high severity vulnerability affecting PNETLab version 4.2.10, a tool to create, share and practice Networking Lab with multi-vendors.This vulnerability has been discovered by Sam Bagheri.This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and CWE vulnerability type:CVE-2025-40629: CVSS v4.0: 8.7 | CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N| CWE-22
Identificador
INCIBE-2025-0246
4 - High
Solution
No hay soluciĆ³n reportada por el momento.
Detail
CVE-2025-40629: The application PNETLab 4.2.10 does not properly sanitize user inputs in its file access mechanisms. This allows attackers to perform directory traversal by manipulating file paths in HTTP requests. Specifically, the application is vulnerable to requests that access sensitive files outside the intended directory.
References list
PNETLab
Etiquetas
0day
CNA
Vulnerability
...
EPSS Score: 0.29%
May 16th, 2025 (about 1 month ago)
|