CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
May 5th, 2025 (about 2 months ago)
|
|
Description: Future Association for Microfinance (Egypt)
May 5th, 2025 (about 2 months ago)
|
|
Description: A hacker who tricked people into downloading malware using AI image generation tools plead guilty to two felony counts.
May 5th, 2025 (about 2 months ago)
|
|
Description: The prolific ransomware gang claimed to have taken over the Peruvian government's domain.
May 5th, 2025 (about 2 months ago)
|
|
Description: A new "Bring Your Own Installer" EDR bypass technique is exploited in attacks to bypass SentinelOne's tamper protection feature, allowing threat actors to disable endpoint detection and response (EDR) agents to install the Babuk ransomware. [...]
May 5th, 2025 (about 2 months ago)
|
|
Description: Vulnerable MobSF Versions: <= v4.3.2
Details:
MobSF is a widely adopted mobile application security testing tool used by security teams across numerous organizations. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to internal security teams, audit teams, and external vendors.
MobSF provides a feature that allows users to upload ZIP files for static analysis. Upon upload, these ZIP files are automatically extracted and stored within the MobSF directory. However, this functionality lacks a check on the total uncompressed size of the ZIP file, making it vulnerable to a ZIP of Death (zip bomb) attack.
Due to the absence of safeguards against oversized extractions, an attacker can craft a specially prepared ZIP file that is small in compressed form but expands to a massive size upon extraction. Exploiting this, an attacker can exhaust the server's disk space, leading to a complete denial of service (DoS) not just for MobSF, but also for any other applications or websites hosted on the same server.
Attack Scenario:
Suppose the server hosting MobSF has 5 GB of free disk space..
A malicious user will first create a genuine hello world application code using android studio and inside this code directory (app//src/main/java/APK_PATH/bomb.txt) he'll place a bomb.txt file.
This bomb.txt file will have billions of zeros to increase the file size on...
May 5th, 2025 (about 2 months ago)
|
|
|
Description: Craft CMS contains a potential remote code execution vulnerability via Twig SSTI. You must have administrator access and ALLOW_ADMIN_CHANGES must be enabled for this to work.
https://craftcms.com/knowledge-base/securing-craft#set-allowAdminChanges-to-false-in-production
Note: This is a follow-up to https://github.com/craftcms/cms/security/advisories/GHSA-f3cw-hg6r-chfv
Users should update to the patched versions (4.14.13 and 5.6.15) to mitigate the issue.
References
https://github.com/craftcms/cms/pull/17026
References
https://github.com/craftcms/cms/security/advisories/GHSA-7c58-g782-9j38
https://github.com/craftcms/cms/security/advisories/GHSA-f3cw-hg6r-chfv
https://craftcms.com/knowledge-base/securing-craft#set-allowAdminChanges-to-false-in-production
http://github.com/craftcms/cms/pull/17026
https://github.com/advisories/GHSA-7c58-g782-9j38
May 5th, 2025 (about 2 months ago)
|
|
Description: Goodson is the premier supplier to engine rebuilders around the world . Founded in 1945, Goodson has been providing the finest quality tools, supplies and technical information to the automotive aftermarket ever since. Today, Goodson is 100% Employee-Owned.
May 5th, 2025 (about 2 months ago)
|
|
|
Description: Established in 1891, Visiting Nurse Association (VNA Home Health) is a nonprofit home health agency. We offer a wide range of in-home services for people in and around Kansas City. Our legacy of more than 125 years of excellence in home health comes from our belief that people not only need someone to care for them, they also need someone to care about them. That’s what we do at VNA, and our patients say it’s one of many things that set us apart. As the oldest home health agency in Kansas City and the sixth oldest in the United States, we have history and experience patients can trust. We are governed by a volunteer board of directors that includes many of Kansas City’s most influential business and civic leaders. VNA nurses and therapists average more than ten years of patient care experience, with three to five years experience in home health care. Through our dedication to the health and wellness of this community, we deliver positive clinical outcomes that exceed national averages. We use the latest technology available to meet the changing needs of our community.What we do for our patients may be complex, but our mission is simple: to bring exceptional health care into the homes of everyone we serve.
May 5th, 2025 (about 2 months ago)
|
|
|
Description: ABDA Insurance focuses on providing protection against any losses or damages, such as Fire, Vehicles, Engineering, Liability, Transportation, Heavy Equipment & Machinery, Health Protection and many more. The Company has undergone a number of name changes, as follows : 1982 : PT Asuransi Bina Dharma Arta 1994 : PT Dharmala Insurance 1999 - Present : PT Asuransi Bina Dana Arta Tbk., or known as ABDA Insurance or Asuransi ABDA. The head office is located on the 27th floor of Plaza ABDA, Jl
May 5th, 2025 (about 2 months ago)
|