CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: The Play ransomware gang has exploited a high-severity Windows Common Log File System flaw in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems. [...]
May 7th, 2025 (about 2 months ago)
|
|
Description: Written by: Wesley Shields
Google Threat Intelligence Group (GTIG) has identified a new piece of malware called LOSTKEYS, attributed to the Russian government-backed threat group COLDRIVER (also known as UNC4057, Star Blizzard, and Callisto). LOSTKEYS is capable of stealing files from a hard-coded list of extensions and directories, along with sending system information and running processes to the attacker. Observed in January, March, and April 2025, LOSTKEYS marks a new development in the toolset of COLDRIVER, a group primarily known for credential phishing against high-profile targets like NATO governments, non-governmental organizations (NGOs), and former intelligence and diplomatic officers. GTIG has been tracking COLDRIVER for many years, including their SPICA malware in 2024.
COLDRIVER typically targets high-profile individuals at their personal email addresses or at NGO addresses. They are known for stealing credentials and after gaining access to a target’s account they exfiltrate emails and steal contact lists from the compromised account. In select cases, COLDRIVER also delivers malware to target devices and may attempt to access files on the system.
Recent targets in COLDRIVER’s campaigns have included current and former advisors to Western governments and militaries, as well as journalists, think tanks, and NGOs. The group has also continued targeting individuals connected to Ukraine. We believe the primary goal of COLDRIVER’s operations is intelligence colle...
May 7th, 2025 (about 2 months ago)
|
|
Description: The suspects allegedly operated six platforms that offered distributed denial-of-service attacks for as little as 10 euros.
May 7th, 2025 (about 2 months ago)
|
|
Description: An international law enforcement operation has dismantled a major network of six DDoS-for-hire platforms. The Polish authorities arrested four administrators accused of running six illegal stresser/booter services. Simultaneously, the United States seized nine domains linked to the criminal infrastructure, striking a significant blow to the market for commercialized DDoS attacks. Stresser and booter services remain …
The post Six DDoS-for Hire Services Had Domains Seized and Operators Arrested appeared first on CyberInsider.
May 7th, 2025 (about 2 months ago)
|
CVE-2025-29154 |
Description: HTML injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via the .galera.app/ted/solicitacao_treinamento/, .galera.app/rh/metas/perspectiva_estrategica/edicao/, .galera.app/rh/cadastros/perspectivas/listagem/adc/, .galera.app/escolaridade/listagem/, .galera.app/estados_civis/cadastro/, .galera.app/nivel_hierarquico/listagem/, .galera.app/nivel_decisorio/cadastro/, .galera.app/escolaridade/cadastro/, .galera.app/nivel_decisorio/listagem/, .galera.app/rh/cadastros/perspectivas/listagem/, .galera.app/empresas_grupo/cadastro/, .galera.app/empresas/edicao/, .galera.app/liais/listagem/, .galera.app/noticias/listagem/, .galera.app/gerenciamento-de-ciclo/abertura/cadastrar, .galera.app/colaborador/cadastro/cursos/adc/edicao/, .galera.app/colaborador/cadastro/adc/, .galera.app/cads_aux/escalact/, .galera.app/ncf/tec/cadastro/ct/ .galera.app/rh/metas/painel/, .galera.app/rh/metas/equipe/edicao/, .galera.app/rh/pdi/tipo_recursos/edicao/, .galera.app/rh/pdi/familia_recursos/cadastro/, .galera.app/rh/pdi/fornecedores/edicao/, and .galera.app/rh/pdi/recursos/cadastro/ components.
EPSS Score: 0.08%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-29153 |
Description: SQL Injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via the Data export, filters functions.
EPSS Score: 0.04%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-29152 |
Description: Cross-Site Scripting vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via multiple components, including Strategic Planning Perspective Registration, Training Request, Perspective Editing, Education Registration, Hierarchical Level Registration, Decision Level Registration, Perspective Registration, Company Group Registration, Company Registration, News Registration, Employee Editing, Goal Team Registration, Learning Resource Type Registration, Learning Resource Family Registration, Learning Resource Supplier Registration, and Cycle Maintenance.
EPSS Score: 0.04% SSVC Exploitation: poc
May 7th, 2025 (about 2 months ago)
|
|
Description: Passwords alone aren't cutting it—31% of breaches involve stolen credentials. Learn from Specops Software about how Universal 2nd Factor (U2F) and strong password policies can work together to keep your organization secure. [...]
May 7th, 2025 (about 2 months ago)
|
|
Description: A U.S. federal jury has ordered Israeli spyware vendor NSO Group to pay WhatsApp $167,254,000 in punitive damages and $444,719 in compensatory damages for a 2019 campaign that targeted 1,400 users of the communication app. [...]
May 7th, 2025 (about 2 months ago)
|
|
Description: Europol has announced the takedown of distributed denial of service (DDoS)-for-hire services that were used to launch thousands of cyber-attacks across the world.
In connection with the operation, Polish authorities have arrested four individuals and the United States has seized nine domains that are associated with the now-defunct platforms.
"The suspects are believed to be behind six separate
May 7th, 2025 (about 2 months ago)
|