CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Four different countries, including the United States and Germany, were included in the latest international operation alongside Europol's support.
May 8th, 2025 (about 2 months ago)
|
|
Description: Cybersecurity researchers have exposed what they say is an "industrial-scale, global cryptocurrency phishing operation" engineered to steal digital assets from cryptocurrency wallets for several years.
The campaign has been codenamed FreeDrain by threat intelligence firms SentinelOne and Validin.
"FreeDrain uses SEO manipulation, free-tier web services (like gitbook.io, webflow.io, and github.io
May 8th, 2025 (about 2 months ago)
|
CVE-2025-45846 |
Description: ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack overflow via the torrentsindex parameter in the formBTClinetSetting function.
EPSS Score: 0.05%
May 8th, 2025 (about 2 months ago)
|
|
CVE-2025-45845 |
Description: TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyGuestCfg function.
EPSS Score: 0.08%
May 8th, 2025 (about 2 months ago)
|
|
CVE-2025-45844 |
Description: TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiBasicCfg function.
EPSS Score: 0.08%
May 8th, 2025 (about 2 months ago)
|
|
CVE-2025-45842 |
Description: TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyCfg function.
EPSS Score: 0.08%
May 8th, 2025 (about 2 months ago)
|
|
CVE-2025-43926 |
Description: An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys. When fetching user data via GetUserData, these keys and values are retrieved and given as a whole to other function calls, which then might use these keys/values to affect permissions or other settings.
EPSS Score: 0.03%
May 8th, 2025 (about 2 months ago)
|
|
CVE-2025-4098 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 8.4
ATTENTION: Low attack complexity
Vendor: Horner Automation
Equipment: Cscape
Vulnerability: Out-of-bounds Read
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Horner Automation Cscape, a control system application programming software, are affected:
Cscape: Version 10.0 (10.0.415.2) SP1
3.2 VULNERABILITY OVERVIEW
3.2.1 OUT-OF-BOUNDS READ CWE-125
Horner Automation Cscape version 10.0 (10.0.415.2) SP1 is vulnerable to an out-of-bounds read vulnerability that could allow an attacker to disclose information and execute arbitrary code on affected installations of Cscape.
CVE-2025-4098 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2025-4098. A base score of 8.4 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).
3.3 BACKGROUND
CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: United States
3.4 RESEARCHER
Michael Heinzl reported this vulnerability to CISA.
4. MITIGATIONS
Horner Automation has released Cscape version 10.1 SP1 for download.
For more information, see Horner Automation's release ...
EPSS Score: 0.02%
May 8th, 2025 (about 2 months ago)
|
|
Description: Ransomware operations are using legitimate Kickidler employee monitoring software for reconnaissance, tracking their victims' activity, and harvesting credentials after breaching their networks. [...]
May 8th, 2025 (about 2 months ago)
|
|
Description: Selenis is part of the IMG Group, a family-owned multin
ational with presence in the polymers industry since 19
59. Selenis is a premium supplier of innovative copolye
sters for a diverse range of applications.
We are going to upload more than 70GB of essential corp
orate documents such as: a lot of detailed client perso
nal information and documents (passports, medical recor
ds, drivers licenses), confidential court files, financ
ial data of clients, NDAs, etc.
We have made the process of downloading company data as
simple as possible for our users. All you need is any
torrent client (like Vuze, Utorrent, qBittorrent or Tra
nsmission to use magnet links). You will find the torre
nt file above.
1. Open uTorrent, or any another torrent client.
2. Add torrent file or paste the magnet URL to upload t
he data safely.
3. Archives have no password.
MAGNET URL: magnet:?xt=urn:btih:3E617C6AA6203015473D6D2
2A3AF0F247EC9FB0E&dn=selenis.com&tr=udp://tracker.openb
ittorrent.com:80/announce&tr=udp://tracker.opentrackr.o
rg:1337/announce
May 8th, 2025 (about 2 months ago)
|