CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-24160 |
Description: MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do.
EPSS Score: 0.1% SSVC Exploitation: poc
May 9th, 2025 (about 2 months ago)
|
|
Description: On Dark Reading's 19-year anniversary, Editor-in-Chief Kelly Jackson Higgins stops by Informa TechTarget's RSAC 2025 Broadcast Alley studio to discuss how things have changed since the early days of breaking Windows and browsers, lingering challenges, and what's next beyond AI.
May 9th, 2025 (about 2 months ago)
|
|
Description: Infrastructure and digital assets from the cryptocurrency mixer eXch — believed to be involved with the laundering of funds from the ByBit hack — are now in the hands of German authorities.
May 9th, 2025 (about 2 months ago)
|
|
Description: Law enforcement authorities have dismantled a botnet that infected thousands of routers over the last 20 years to build two networks of residential proxies known as Anyproxy and 5socks. [...]
May 9th, 2025 (about 2 months ago)
|
|
Description: Google is implementing a new Chrome security feature that uses the built-in 'Gemini Nano' large-language model (LLM) to detect and block tech support scams while browsing the web. [...]
May 9th, 2025 (about 2 months ago)
|
|
Description: The North Korean threat actors behind the Contagious Interview campaign have been observed using updated versions of a cross-platform malware called OtterCookie with capabilities to steal credentials from web browsers and other files.
NTT Security Holdings, which detailed the new findings, said the attackers have "actively and continuously" updated the malware, introducing versions v3 and v4 in
May 9th, 2025 (about 2 months ago)
|
|
Description: A joint law enforcement operation undertaken by Dutch and U.S. authorities has dismantled a criminal proxy network that's powered by thousands of infected Internet of Things (IoT) and end-of-life (EoL) devices, enlisting them into a botnet for providing anonymity to malicious actors.
In conjunction with the domain seizure, Russian nationals, Alexey Viktorovich Chertkov, 37, Kirill Vladimirovich
May 9th, 2025 (about 2 months ago)
|
|
May 9th, 2025 (about 2 months ago)
|
|
CVE-2025-46192 |
Description: SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_payment_update.php via the order_id POST parameter.
EPSS Score: 0.04%
May 9th, 2025 (about 2 months ago)
|
|
CVE-2025-46191 |
Description: Arbitrary File Upload in user_payment_update.php in SourceCodester Client Database Management System 1.0 allows unauthenticated users to upload arbitrary files via the uploaded_file_cancelled field. Due to the absence of proper file extension checks, MIME type validation, and authentication, attackers can upload executable PHP files to a web-accessible directory (/files/). This allows them to execute arbitrary commands remotely by accessing the uploaded script, resulting in full Remote Code Execution (RCE) without authentication.
EPSS Score: 0.15%
May 9th, 2025 (about 2 months ago)
|