CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Ransomware Attack Update for the 5th of May 2025
Description: Ransomware Attack Update for the 5th of May 2025
Source: DarkWebInformer
May 5th, 2025 (about 2 months ago)
Luna Moth extortion hackers pose as IT help desks to breach US firms
Description: The data-theft extortion group known as Luna Moth, aka Silent Ransom Group, has ramped up callback phishing campaigns in attacks on legal and financial institutions in the United States. [...]
Source: BleepingComputer
May 5th, 2025 (about 2 months ago)
🏴‍☠️ Termite has just published a new victim : LGM
Description: LGM, filiale du Groupe LGM, accompagne ses clients dans lamélioration de la performance en conception, production, exploitation et maintenance.
Source: Ransomware.live
May 5th, 2025 (about 2 months ago)
'Venom Spider' Targets Hiring Managers in Phishing Scheme
Description: Researchers from Arctic Wolf Labs detailed a new spear-phishing campaign that targets hiring managers and recruiters by posing as a job seeker.
Source: Dark Reading
May 5th, 2025 (about 2 months ago)
[langroid] Langroid Allows XXE Injection via XMLToolMessage
Description: Summary A LLM application leveraging XMLToolMessage class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. Details XMLToolMessage uses lxml without safeguards: https://github.com/langroid/langroid/blob/df6227e6c079ec22bb2768498423148d6685acff/langroid/agent/xml_tool_message.py#L51-L52 lxml is vulnerable to quadratic blowup attacks and processes external entity declarations for local files by default. Check here: https://pypi.org/project/defusedxml/#python-xml-libraries PoC A typical Quadratic blowup XML payload looks like this: ]> &c; Here, &a; expands to 10 characters, &b; expands to 100, and &c; expands to 1000, causing exponential memory usage and potentially crashing the application. Fix Langroid 0.53.4 initializes XMLParser with flags to prevent XML External Entity (XXE), billion laughs, and external DTD attacks by disabling entity resolution, DTD loading, and network access. https://github.com/langroid/langroid/commit/36e7e7db4dd1636de225c2c66c84052b1e9ac3c3 References https://github.com/langroid/langroid/security/advisories/GHSA-pw95-88fg-3j6f https://github.com/langroid/langroid/commit/36e7e7db4dd1636de225c2c66c84052b1e9ac3c3 https://github.com/langroid/langroid/blob/df6227e6c079ec22bb2768498423148d6685acff/langroid/agent/xml_tool_message.py#L51-L52 https://github.com/advisories/GHSA-pw95-88fg-3j6f
Source: Github Advisory Database (PIP)
May 5th, 2025 (about 2 months ago)
[league/commonmark] league/commonmark contains a XSS vulnerability in Attributes extension
Description: Summary Cross-site scripting (XSS) vulnerability in the Attributes extension of the league/commonmark library (versions 1.5.0 through 2.6.x) allows remote attackers to insert malicious JavaScript calls into HTML. Details The league/commonmark library provides configuration options such as html_input: 'strip' and allow_unsafe_links: false to mitigate cross-site scripting (XSS) attacks by stripping raw HTML and disallowing unsafe links. However, when the Attributes Extension is enabled, it introduces a way for users to inject arbitrary HTML attributes into elements via Markdown syntax using curly braces. As a result, even with the secure configuration shown above, an attacker can inject dangerous attributes into applications using this extension via a payload such as: ![](){onerror=alert(1)} Which results in the following HTML: Which causes the JS to execute immediately on page load. Patches Version 2.7.0 contains three changes to prevent this XSS attack vector: All attributes starting with on are considered unsafe and blocked by default Support for an explicit allowlist of allowed HTML attributes Manually-added href and src attributes now respect the existing allow_unsafe_links configuration option Workarounds If upgrading is not feasible, please consider: Disabling the AttributesExtension for untrusted users Filtering the rendered HTML through a library like HTMLPurifier References https://github.com/thephpleague/commonmark/security/advisories/GHSA-3527-qv2q-pfvx h...
Source: Github Advisory Database (Composer)
May 5th, 2025 (about 2 months ago)
Signal chat app clone used by Signalgate's Waltz was apparently an insecure mess
Source: TheRegister
May 5th, 2025 (about 2 months ago)
🏴‍☠️ Nightspire has just published a new victim : Future Association for Microfinance
Description: Future Association for Microfinance (Egypt)
Source: Ransomware.live
May 5th, 2025 (about 2 months ago)
Man Who Hacked Disney With Malicious AI Tool Pleads Guilty
Description: A hacker who tricked people into downloading malware using AI image generation tools plead guilty to two felony counts.
Source: 404 Media
May 5th, 2025 (about 2 months ago)
Peru denies it was hit by ransomware attack following Rhysida claims
Description: The prolific ransomware gang claimed to have taken over the Peruvian government's domain.
Source: The Record
May 5th, 2025 (about 2 months ago)