CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
🏴‍☠️ Play has just published a new victim : Breen Construction Services
Description: United States
Source: Ransomware.live
May 5th, 2025 (about 2 months ago)
🏴‍☠️ Play has just published a new victim : Alberta Construction Safety Association
Description: Canada
Source: Ransomware.live
May 5th, 2025 (about 2 months ago)
🏴‍☠️ Play has just published a new victim : Rand Technology
Description: United States
Source: Ransomware.live
May 5th, 2025 (about 2 months ago)
🏴‍☠️ Play has just published a new victim : Downtown Travel
Description: United States
Source: Ransomware.live
May 5th, 2025 (about 2 months ago)
🏴‍☠️ Play has just published a new victim : Novosit
Description: Dominican Republic
Source: Ransomware.live
May 5th, 2025 (about 2 months ago)
🏴‍☠️ Play has just published a new victim : ATI Systems
Description: United States
Source: Ransomware.live
May 5th, 2025 (about 2 months ago)
🏴‍☠️ Rhysida has just published a new victim : Mediprobe Research
Description: Mediprobe Research Mediprobe Research Inc. is a world class dermatology research and clinical trials center. More
Source: Ransomware.live
May 5th, 2025 (about 2 months ago)
Microsoft finds default Kubernetes Helm charts can expose data
Description: Microsoft warns about the security risks posed by default configurations in Kubernetes deployments, particularly those using out-of-the-box Helm charts, which could publicly expose sensitive data. [...]
Source: BleepingComputer
May 5th, 2025 (about 2 months ago)
[@keystone-6/core] Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields
Description: Summary {field}.isFilterable access control can be bypassed in update and delete mutations by adding additional unique filters. These filters can be used as an oracle to probe the existence or value of otherwise unreadable fields. Specifically, when a mutation includes a where clause with multiple unique filters (e.g. id and email), Keystone will attempt to match records even if filtering by the latter fields would normally be rejected by field.isFilterable or list.defaultIsFilterable. This can allow malicious actors to infer the presence of a particular field value when a filter is successful in returning a result. Impact This affects any project relying on the default or dynamic isFilterable behaviour (at the list or field level) to prevent external users from using the filtering of fields as a discovery mechanism. While this access control is respected during findMany operations, it was not completely enforced during update and delete mutations when accepting more than one unique where values in filters. This has no impact on projects using isFilterable: false or defaultIsFilterable: false for sensitive fields, or if you have otherwise omitted filtering by these fields from your GraphQL schema. (See workarounds) Patches This issue has been patched in @keystone-6/core version 6.5.0. Workarounds To mitigate this issue in older versions where patching is not a viable pathway. Set isFilterable: false statically for relevant fields to prevent filtering by them earlier in th...
Source: Github Advisory Database (NPM)
May 5th, 2025 (about 2 months ago)
Unofficial Signal app used by Trump officials investigates hack
Description: TeleMessage, an Israeli company that sells an unofficial Signal message archiving tool used by some U.S. government officials, has suspended all services after reportedly being hacked. [...]
Source: BleepingComputer
May 5th, 2025 (about 2 months ago)