CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, the second of two parts, we look closely at six ways exposure management can help you tame security tool sprawl. You can read part one here and the entire Exposure Management Academy series here.If you’re managing cyber risk, you know there’s one fundamental question you have to answer: Where are we most exposed? On the surface, that might seem like a simple ask. Are you at risk or not? Like many things, in practice it’s a bit tougher to answer — even though you installed all those security tools to keep your organization safe. But those tools might be a big part of the problem. Most enterprises now struggle with taming all the tools and corralling the data they produce. So getting a clear, consistent and comprehensive answer can be a real challenge. Enter exposure management, which gives you the processes and technologies you need to continuously assess the accessibility, exploitability and criticality of digital assets across all systems, applications, devices, resources and identities. As a result, it helps you tame security tool sprawl and works to bind all of that fragmented data together to provide a unified view. Rather than scrambling madly to find the right data when you get a question from your executive team or board, you’ll be able to answer them easily. Last week, we shared how ex...
May 12th, 2025 (about 2 months ago)
|
|
Description: A 45-year-old man arrested in Moldova is charged with a string of cybercrimes against Dutch entities in 2021.
May 12th, 2025 (about 2 months ago)
|
|
Description: Texas Attorney General Ken Paxton has announced a landmark $1.375 billion settlement with Google, resolving claims that the tech giant unlawfully collected and used Texans’ sensitive personal data. The agreement marks the largest single-state privacy settlement in U.S. history and signals a broader trend of intensified enforcement against Big Tech data practices. The case stems …
The post Google to Pay Texas $1.375 Billion in Landmark Privacy Settlement appeared first on CyberInsider.
May 12th, 2025 (about 2 months ago)
|
|
Description: U.K. retailer Co-op is still having trouble with keeping grocery shelves stocked as it continues to respond to an attempted cyberattack that forced it to shut down some systems two weeks ago.
May 12th, 2025 (about 2 months ago)
|
|
Description: "We will catch them all!” said Polish Prime Minister Donald Tusk as the country's government moved to close a Russian consulate after accusing Kremlin-backed operators of being behind a Warsaw mall fire.
May 12th, 2025 (about 2 months ago)
|
|
Description: Detecting leaked credentials is only half the battle. The real challenge—and often the neglected half of the equation—is what happens after detection. New research from GitGuardian's State of Secrets Sprawl 2025 report reveals a disturbing trend: the vast majority of exposed company secrets discovered in public repositories remain valid for years after detection, creating an expanding attack
May 12th, 2025 (about 2 months ago)
|
|
Description: SQL Injection in DomainsPRO
Mon, 05/12/2025 - 12:30
Aviso
Affected Resources
DomainsPRO, 1.2 version.
Description
INCIBE has coordinated the publication of a critical severity vulnerability affecting DomainsPRO v1.2, an Internet domain management tool, which has been discovered by 6h4ack.This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and CWE vulnerability type:CVE-2025-40628: CVSS v4.0: 9.3 | CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N | CWE-89
Identificador
INCIBE-2024-0181
5 - Critical
Solution
The vulnerability has been fixed by the DomainsPRO team in version 1.3.
Detail
CVE-2025-40628: SQL injection vulnerability in DomainsPRO 1.2. This vulnerability could allow an attacker to retrieve, create, update and delete databases via the “d” parameter in the “/article.php” endpoint.
References list
DomainsPRO - The Ultimate AI-Powered Domains
Etiquetas
0day
Update
CNA
Injection
+
Vulnerability
-
...
EPSS Score: 0.04%
May 12th, 2025 (about 2 months ago)
|
|
Description: A critical security flaw in ASUS DriverHub, a utility pre-installed on many ASUS motherboards, can be exploited to achieve remote code execution (RCE) with administrative privileges. ASUS has addressed the issue in a recent update, but the vulnerability window has been open for an indeterminate period, while manual action from impacted users is required to …
The post Critical Flaw in ASUS DriverHub Exposes Users to Remote Code Execution appeared first on CyberInsider.
May 12th, 2025 (about 2 months ago)
|
|
May 12th, 2025 (about 2 months ago)
|
|
|
Description: Reflected Cross-Site Scripting (XSS) in AbanteCart
Mon, 05/12/2025 - 09:58
Aviso
Affected Resources
AbanteCart v1.4.0.
Description
INCIBE has coordinated the publication of 2 medium severity vulnerabilities affecting AbanteCart, an eCommerce Platform. These vulnerabilities have been discovered by 6h4ack.These vulnerabilities have been assigned the following codes, CVSS v4.0 base score, CVSS vector and CWE vulnerability type:CVE-2025-40626 and CVE-2025-40627: CVSS v4.0: 5.1 | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N | CWE-79
Identificador
INCIBE-2025-0229
3 - Medium
Solution
Update to the last version 1.4.1.
Detail
AbanteCart has two Reflected Cross-Site Scripting (XSS) vulnerabilities that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. These vulnerabilities can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. For each vulnerability, the malicious URLs are:CVE-2025-40626: "/about_us?[CARGA_XSS]"CVE-2025-40627: "/eyes?[CARGA_XSS]"
References list
AbanteCart
Etiq...
EPSS Score: 0.06%
May 12th, 2025 (about 2 months ago)
|