CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access
Description: The China-lined threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the information technology (IT) supply chain as a means to obtain initial access to corporate networks. That's according to new findings from the Microsoft Threat Intelligence team, which said the Silk Typhoon (formerly Hafnium) hacking
Source: TheHackerNews
March 5th, 2025 (4 months ago)
Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware
Description: New research has uncovered further links between the Black Basta and Cactus ransomware gangs, with members of both groups utilizing the same social engineering attacks and the BackConnect proxy malware for post-exploitation access to corporate networks. [...]
Source: BleepingComputer
March 4th, 2025 (4 months ago)
Broadcom fixes three VMware zero-days exploited in attacks
Description: Broadcom warned customers today about three VMware zero-days, tagged as exploited in attacks and reported by the Microsoft Threat Intelligence Center. [...]
Source: BleepingComputer
March 4th, 2025 (4 months ago)

CVE-2012-0217
Linux Distros Unpatched Vulnerability : CVE-2012-0217
Description: Nessus Plugin ID 217599 with High Severity Synopsis The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched. Description The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier. (CVE-2012-0217)Note that Nessus relies on the presence of the package as reported by the vendor. Solution There is no known solution at this time. Read more at https://www.tenable.com/plugins/nessus/217599
Source: Tenable Plugins
March 4th, 2025 (4 months ago)
Phishers Wreak 'Havoc,' Disguising Attack Inside SharePoint
Description: A complex campaign allows cyberattackers to take over Windows systems by a combining a ClickFix-style attack and sophisticated obfuscation that abuses legitimate Microsoft services.
Source: Dark Reading
March 3rd, 2025 (4 months ago)
New Microsoft 365 outage impacts Teams, causes call failures
Description: Microsoft is investigating a new Microsoft 365 outage that is affecting Teams customers and causing call failures. [...]
Source: BleepingComputer
March 3rd, 2025 (4 months ago)
New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint
Description: A newly uncovered ClickFix phishing campaign is tricking victims into executing malicious PowerShell commands that deploy the Havok post-exploitation framework for remote access to compromised devices. [...]
Source: BleepingComputer
March 3rd, 2025 (4 months ago)
Microsoft links recent Microsoft 365 outage to buggy update
Description: ​Microsoft says a coding issue is behind a now-resolved Microsoft 365 outage over the weekend that affected Outlook and Exchange Online authentication. [...]
Source: BleepingComputer
March 3rd, 2025 (4 months ago)

CVE-2025-0289
Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks
Description: Threat actors have been exploiting a security vulnerability in Paragon Partition Manager's BioNTdrv.sys driver in ransomware attacks to escalate privileges and execute arbitrary code. The zero-day flaw (CVE-2025-0289) is part of a set of five vulnerabilities that was discovered by Microsoft, according to the CERT Coordination Center (CERT/CC). "These include arbitrary kernel memory mapping and

EPSS Score: 0.05%

Source: TheHackerNews
March 3rd, 2025 (4 months ago)
Hackers Use ClickFix Trick to Deploy PowerShell-Based Havoc C2 via SharePoint Sites
Description: Cybersecurity researchers are calling attention to a new phishing campaign that employs the ClickFix technique to deliver an open-source command-and-control (C2) framework called Havoc. "The threat actor hides each malware stage behind a SharePoint site and uses a modified version of Havoc Demon in conjunction with the Microsoft Graph API to obscure C2 communications within trusted, well-known
Source: TheHackerNews
March 3rd, 2025 (4 months ago)