CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-46397	Xfig: fig2dev stack-overflow Description: In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation at the bezier_spline function. EPSS Score: 0.02% Source: CVE May 15th, 2025 (about 1 month ago)
	Nova Scotia Power Confirms Theft of Customer Data in March Cyberattack Description: Nova Scotia Power has confirmed that customer data was stolen during a cyberattack on its IT systems in March 2025, marking a significant escalation in the scope of the previously disclosed breach. The utility is now directly notifying affected customers and offering credit monitoring services amid concerns about potential identity theft. According to an official … The post Nova Scotia Power Confirms Theft of Customer Data in March Cyberattack appeared first on CyberInsider. Source: CyberInsider May 15th, 2025 (about 1 month ago)
	🏴‍☠️ Blacksuit has just published a new victim : Gloucester County Virginia Description: The Committee is comprised of residents of Gloucester County who are appointed by the Gloucester County Board of Supervisors to serve for a term of 2 years. Meetings are held the third Wednesday of each month in the first floor conference room of County Building One, 6467 Main Street. (The Committee generally does not meet in July and the December meeting is to be announced.) Meetings start at 6:30 PM and are open to the public. Those interested in Committee activities are encourage to attend. Prior to attending, please call the Clean Community Office to verify the location and time of the meeting. Proceedings of the Committee are governed by its Bylaws. The program is administered by a Clean Community Coordinator and supported by hundreds of Gloucester residents and businesses who give generously of their time to help keep the County of Gloucester beautiful, clean, and litter free. Source: Ransomware.live May 15th, 2025 (about 1 month ago)
	Tor Launches ‘oniux’ Tool for Leak-Proof Routing on Linux Description: The Tor Project has introduced a new privacy tool named oniux, offering robust traffic isolation for Linux applications via kernel-level namespace separation and Tor routing. Developed by privacy advocate cve and built on top of the Arti Tor implementation and onionmasq, oniux aims to eliminate common data leakage risks associated with SOCKS-based Tor proxies like … The post Tor Launches ‘oniux’ Tool for Leak-Proof Routing on Linux appeared first on CyberInsider. Source: CyberInsider May 15th, 2025 (about 1 month ago)
	Pen Testing for Compliance Only? It's Time to Change Your Approach Description: Imagine this: Your organization completed its annual penetration test in January, earning high marks for security compliance. In February, your development team deployed a routine software update. By April, attackers had already exploited a vulnerability introduced in that February update, gaining access to customer data weeks before being finally detected. This situation isn't theoretical: it Source: TheHackerNews May 15th, 2025 (about 1 month ago)
	Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper Description: Cybersecurity researchers have discovered a malicious package named "os-info-checker-es6" that disguises itself as an operating system information utility to stealthily drop a next-stage payload onto compromised systems. "This campaign employs clever Unicode-based steganography to hide its initial malicious code and utilizes a Google Calendar event short link as a dynamic dropper for its final Source: TheHackerNews May 15th, 2025 (about 1 month ago)
	Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers Description: A Russia-linked threat actor has been attributed to a cyber espionage operation targeting webmail servers such as Roundcube, Horde, MDaemon, and Zimbra via cross-site scripting (XSS) vulnerabilities, including a then-zero-day in MDaemon, according to new findings from ESET. The activity, which commenced in 2023, has been codenamed Operation RoundPress by the Slovak cybersecurity company. It has Source: TheHackerNews May 15th, 2025 (about 1 month ago)
	5 BCDR Essentials for Effective Ransomware Defense Description: Ransomware has evolved into a deceptive, highly coordinated and dangerously sophisticated threat capable of crippling organizations of any size. Cybercriminals now exploit even legitimate IT tools to infiltrate networks and launch ransomware attacks. In a chilling example, Microsoft recently disclosed how threat actors misused its Quick Assist remote assistance tool to deploy the destructive Source: TheHackerNews May 15th, 2025 (about 1 month ago)
	Valve Denies Steam Breach, Points to External Source of Leaked 2FA SMS Logs Description: Valve has denied claims of a data breach within Steam’s infrastructure, responding to reports that tens of millions of user records — primarily SMS-based two-factor authentication (2FA) messages — had been compromised. The company confirmed that its own systems were not infiltrated and is currently investigating how the leaked data surfaced online. Steam, developed and … The post Valve Denies Steam Breach, Points to External Source of Leaked 2FA SMS Logs appeared first on CyberInsider. Source: CyberInsider May 15th, 2025 (about 1 month ago)
	Google fixes high severity Chrome flaw with public exploit Description: Google has released emergency security updates to patch a high-severity Chrome vulnerability that has a public exploit and can let attackers hijack accounts. [...] Source: BleepingComputer May 15th, 2025 (about 1 month ago)