CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

	ChatGPT will soon record, transcribe, and summarize your meetings Description: OpenAI may be planning to challenge Microsoft Teams Copilot integration with a new "Record" feature in ChatGPT. [...] Source: BleepingComputer May 15th, 2025 (about 1 month ago)
	Threat Attack Daily - 15th of May 2025 Description: Threat Attack Daily - 15th of May 2025 Source: DarkWebInformer May 15th, 2025 (about 1 month ago)
	🏴‍☠️ Safepay has just published a new victim : olympusaero.com Description: [AI generated] Olympus Aero Group is an international aerospace company that specializes in sourcing and supplying aftermarket, commercial and regional aircraft engines, as well as aircraft engine material. They also provide strategic engine leasing, engine trading and engine material consignment services. Their partnerships cover a global network of airlines, maintenance providers, lessors and traders. Source: Ransomware.live May 15th, 2025 (about 1 month ago)
	Ransomware Attack Update for the 15th of May 2025 Description: Ransomware Attack Update for the 15th of May 2025 Source: DarkWebInformer May 15th, 2025 (about 1 month ago)
	Windows 10 KB5058379 update triggering BitLocker Recovery after install Description: The Windows 10 KB5058379 cumulative update is triggering unexpected BitLocker recovery prompts on some devices afters it's installed and the computer restarted. [...] Source: BleepingComputer May 15th, 2025 (about 1 month ago)
CVE-2025-1303	Plugin Oficial – Getnet para WooCommerce <= 1.7.3 - Unauthenticated Reflected XSS Description: The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. EPSS Score: 0.05% Source: CVE May 15th, 2025 (about 1 month ago)
CVE-2025-1289	Plugin Oficial – Getnet para WooCommerce <= 1.7.3 - Admin+ Stored XSS Description: The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.03% Source: CVE May 15th, 2025 (about 1 month ago)
CVE-2025-1286	Download HTML TinyMCE Button <= 1.2 - Reflected XSS Description: The Download HTML TinyMCE Button WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.03% Source: CVE May 15th, 2025 (about 1 month ago)
CVE-2025-1033	Badgearoo <= 1.0.14 - Admin+ Stored XSS Description: The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). EPSS Score: 0.03% Source: CVE May 15th, 2025 (about 1 month ago)
CVE-2025-0688	Spiritual Gifts Survey <= 0.9.10 - Unauthenticated CSRF to XSS Description: The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. EPSS Score: 0.05% Source: CVE May 15th, 2025 (about 1 month ago)