CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

	Meta Wins Lawsuit Against Spyware Vendor NSO Group Description: The spyware company must pay the tech giant $168 million in punitive and compensatory damages after a 2019 attack targeting 1,400 devices. Source: Dark Reading May 7th, 2025 (about 2 months ago)
	TikTok Fined €530 Million Over Chinese Access to EU Data Description: European regulators sent an unmistakable message about messing around with GDPR-protected data. How can organizations avoid similar compliance hassles? Source: Dark Reading May 7th, 2025 (about 2 months ago)
	🏴‍☠️ Devman has just published a new victim : https://www.gmanetwork.com/news/ Description: 2.5 million USD Source: Ransomware.live May 7th, 2025 (about 2 months ago)
CVE-2025-31177	Gnuplot: gnuplot heap-buffer overflow on utf8_copy_one Description: gnuplot is affected by a heap buffer overflow at function utf8_copy_one. EPSS Score: 0.02% Source: CVE May 7th, 2025 (about 2 months ago)
CVE-2024-0421	MapPress Maps for WordPress < 2.88.16 - Unauthenticated Arbitrary Private/Draft Post Disclosure Description: The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts. EPSS Score: 0.38% SSVC Exploitation: poc Source: CVE May 7th, 2025 (about 2 months ago)
CVE-2024-0248	EazyDocs < 2.4.0 - Subscriber+ Arbitrary Posts Deletion and Document Management Description: The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was partially fixed in 2.3.9. EPSS Score: 0.26% SSVC Exploitation: poc Source: CVE May 7th, 2025 (about 2 months ago)
	Alleged Data Breach of Electro Depot Description: Alleged Data Breach of Electro Depot Source: DarkWebInformer May 7th, 2025 (about 2 months ago)
	Despite ransom payment, PowerSchool hacker now extorting individual school districts Description: The education tech giant said it is “aware that a threat actor has reached out to multiple school district customers in an attempt to extort them." Source: The Record May 7th, 2025 (about 2 months ago)
	Multiple vulnerabilities in SonicWall SMA 100 series (FIXED) Description: Rapid7 is disclosing three new vulnerabilities in SonicWall SMA 100 series appliances (CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821). An attacker with access to an SMA SSLVPN user account can chain these vulnerabilities for root-level code execution. EPSS Score: 0.1% Source: Rapid7 May 7th, 2025 (about 2 months ago)
	Play Ransomware Group Used Windows Zero-Day Description: Previously, Microsoft reported that Storm-2460 had also used the privilege escalation bug to deploy ransomware on organizations in several countries. Source: Dark Reading May 7th, 2025 (about 2 months ago)