CyberAlerts

Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks

Description: Microsoft has warned that using pre-made templates, such as out-of-the-box Helm charts, during Kubernetes deployments could open the door to misconfigurations and leak valuable data. "While these 'plug-and-play' options greatly simplify the setup process, they often prioritize ease of use over security," Michael Katchinskiy and Yossi Weizman from the Microsoft Defender for Cloud Research team

Source: TheHackerNews

May 6th, 2025 (about 2 months ago)

Proactive threat hunting with Talos IR

Description: Learn more about the framework Talos IR uses to conduct proactive threat hunts, and how we can help you stay one step ahead of emerging threats.

Source: Cisco Talos Blog

May 6th, 2025 (about 2 months ago)

Entra ID Data Protection: Essential or Overkill?

Description: Microsoft Entra ID (formerly Azure Active Directory) is the backbone of modern identity management, enabling secure access to the applications, data, and services your business relies on. As hybrid work and cloud adoption accelerate, Entra ID plays an even more central role — managing authentication, enforcing policy, and connecting users across distributed environments. That prominence also

Source: TheHackerNews

May 6th, 2025 (about 2 months ago)

Lampion Is Back With ClickFix Lures

Description: Lampion malware distributors are now using the social engineering method ClickFix. Read our analysis of a recent campaign. The post Lampion Is Back With ClickFix Lures appeared first on Unit 42.

Source: Palo Alto Unit42

May 6th, 2025 (about 2 months ago)

[webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)

Description: Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)

Source: ExploitDB

May 6th, 2025 (about 2 months ago)

[webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)

Description: Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)

Source: ExploitDB

May 6th, 2025 (about 2 months ago)

CVE-2024-3567

Qemu-kvm: net: assertion failure in update_sctp_checksum()

Description: A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.

EPSS Score: 0.11%

SSVC Exploitation: poc

Source: CVE

May 6th, 2025 (about 2 months ago)

Linux wiper malware hidden in malicious Go modules on GitHub

Description: A supply-chain attack targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub. [...]

Source: BleepingComputer

May 6th, 2025 (about 2 months ago)

Múltiples vulnerabilidades en GIM de TCMAN

Description: Multiple vulnerabilities in TCMAN's GIM Tue, 05/06/2025 - 10:00 Aviso Affected Resources GIM v11. Description INCIBE has coordinated the publication of 6 vulnerabilities of critical severity that affect GIM v11, a software tool that helps in the management of maintenance and management services on the physical assets of an organisation, which have been discovered by Pablo Pardo.These vulnerabilities have been assigned the following codes, CVSS v3.1 base score, CVSS vector and CWE vulnerability type for each vulnerability.CVE-2025-40620 a CVE-2025-40624: CVSS v4.0: 9.8 | CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N | CWE-89CVE-2025-40625: CVSS v4.0: 9.8 | CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N | CWE-434 Identificador INCIBE-2025-0218 5 - Critical Solution The vulnerability has been fixed by the TCMAN team in version 1280. Detail CVE-2025-40620 a CVE-2025-40624: SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier:CVE-2025-40620: ‘User’ parameter of the ‘ValidateUserAndWS’ endpoint.CVE-2025-40621: ‘User’ parameter of the ‘V...

EPSS Score: 0.09%

Source: Incibe CERT

May 6th, 2025 (about 2 months ago)

Background UNC3944, which overlaps with public reporting on Scattered Spider, is a financially-motivated threat actor characterized by its...

Description: Background UNC3944, which overlaps with public reporting on Scattered Spider, is a financially-motivated threat actor characterized by its persistent use of social engineering and brazen communications with victims. In early operations, UNC3944 largely targeted telecommunications-related organizations to support SIM swap operations. However, after shifting to ransomware and data theft extortion in early 2023, they impacted organizations in a broader range of industries. Since then, we have regularly observed UNC3944 conduct waves of targeting against a specific sector, such as financial services organizations in late 2023 and food services in May 2024. Notably, UNC3944 has also previously targeted prominent brands, possibly in an attempt to gain prestige and increased attention by news media. Google Threat Intelligence Group (GTIG) observed a decline in UNC3944 activity after 2024 law enforcement actions against individuals allegedly associated with the group. Threat actors will often temporarily halt or significantly curtail operations after an arrest, possibly to reduce law enforcement attention, rebuild capabilities and/or partnerships, or shift to new tooling to evade detection. UNC3944’s existing ties to a broader community of threat actors could potentially help them recover from law enforcement actions more quickly. Recent public reporting has suggested that threat actors used tactics consistent with Scattered Spider to target a UK retail organization and deploy Dra...

Source: Google Threat Intelligence

May 6th, 2025 (about 2 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks Description: Microsoft has warned that using pre-made templates, such as out-of-the-box Helm charts, during Kubernetes deployments could open the door to misconfigurations and leak valuable data. "While these 'plug-and-play' options greatly simplify the setup process, they often prioritize ease of use over security," Michael Katchinskiy and Yossi Weizman from the Microsoft Defender for Cloud Research team Source: TheHackerNews May 6th, 2025 (about 2 months ago)
	Proactive threat hunting with Talos IR Description: Learn more about the framework Talos IR uses to conduct proactive threat hunts, and how we can help you stay one step ahead of emerging threats. Source: Cisco Talos Blog May 6th, 2025 (about 2 months ago)
	Entra ID Data Protection: Essential or Overkill? Description: Microsoft Entra ID (formerly Azure Active Directory) is the backbone of modern identity management, enabling secure access to the applications, data, and services your business relies on. As hybrid work and cloud adoption accelerate, Entra ID plays an even more central role — managing authentication, enforcing policy, and connecting users across distributed environments. That prominence also Source: TheHackerNews May 6th, 2025 (about 2 months ago)
	Lampion Is Back With ClickFix Lures Description: Lampion malware distributors are now using the social engineering method ClickFix. Read our analysis of a recent campaign. The post Lampion Is Back With ClickFix Lures appeared first on Unit 42. Source: Palo Alto Unit42 May 6th, 2025 (about 2 months ago)
	[webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF) Description: Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF) Source: ExploitDB May 6th, 2025 (about 2 months ago)
	[webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR) Description: Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR) Source: ExploitDB May 6th, 2025 (about 2 months ago)
CVE-2024-3567	Qemu-kvm: net: assertion failure in update_sctp_checksum() Description: A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition. EPSS Score: 0.11% SSVC Exploitation: poc Source: CVE May 6th, 2025 (about 2 months ago)
	Linux wiper malware hidden in malicious Go modules on GitHub Description: A supply-chain attack targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub. [...] Source: BleepingComputer May 6th, 2025 (about 2 months ago)
	Múltiples vulnerabilidades en GIM de TCMAN Description: Multiple vulnerabilities in TCMAN's GIM Tue, 05/06/2025 - 10:00 Aviso Affected Resources GIM v11. Description INCIBE has coordinated the publication of 6 vulnerabilities of critical severity that affect GIM v11, a software tool that helps in the management of maintenance and management services on the physical assets of an organisation, which have been discovered by Pablo Pardo.These vulnerabilities have been assigned the following codes, CVSS v3.1 base score, CVSS vector and CWE vulnerability type for each vulnerability.CVE-2025-40620 a CVE-2025-40624: CVSS v4.0: 9.8 \| CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N \| CWE-89CVE-2025-40625: CVSS v4.0: 9.8 \| CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N \| CWE-434 Identificador INCIBE-2025-0218 5 - Critical Solution The vulnerability has been fixed by the TCMAN team in version 1280. Detail CVE-2025-40620 a CVE-2025-40624: SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier:CVE-2025-40620: ‘User’ parameter of the ‘ValidateUserAndWS’ endpoint.CVE-2025-40621: ‘User’ parameter of the ‘V... EPSS Score: 0.09% Source: Incibe CERT May 6th, 2025 (about 2 months ago)
	Background UNC3944, which overlaps with public reporting on Scattered Spider, is a financially-motivated threat actor characterized by its... Description: Background UNC3944, which overlaps with public reporting on Scattered Spider, is a financially-motivated threat actor characterized by its persistent use of social engineering and brazen communications with victims. In early operations, UNC3944 largely targeted telecommunications-related organizations to support SIM swap operations. However, after shifting to ransomware and data theft extortion in early 2023, they impacted organizations in a broader range of industries. Since then, we have regularly observed UNC3944 conduct waves of targeting against a specific sector, such as financial services organizations in late 2023 and food services in May 2024. Notably, UNC3944 has also previously targeted prominent brands, possibly in an attempt to gain prestige and increased attention by news media. Google Threat Intelligence Group (GTIG) observed a decline in UNC3944 activity after 2024 law enforcement actions against individuals allegedly associated with the group. Threat actors will often temporarily halt or significantly curtail operations after an arrest, possibly to reduce law enforcement attention, rebuild capabilities and/or partnerships, or shift to new tooling to evade detection. UNC3944’s existing ties to a broader community of threat actors could potentially help them recover from law enforcement actions more quickly. Recent public reporting has suggested that threat actors used tactics consistent with Scattered Spider to target a UK retail organization and deploy Dra... Source: Google Threat Intelligence May 6th, 2025 (about 2 months ago)