CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: A novel tapjacking technique can exploit user interface animations to bypass Android's permission system and allow access to sensitive data or trick users into performing destructive actions, such as wiping the device. [...]
July 8th, 2025 (2 days ago)
|
|
Description: The Justice Department confirmed the arrest in a statement, unsealing a nine-count indictment on Tuesday accusing Xu and co-defendant Zhang Yu of being involved in “computer intrusions between February 2020 and June 2021, including the indiscriminate HAFNIUM computer intrusion campaign that compromised thousands of computers worldwide, including in the United States.”
July 8th, 2025 (2 days ago)
|
|
July 8th, 2025 (2 days ago)
|
CVE-2025-7363 |
Description: The TitleIcon extension for MediaWiki is vulnerable to stored XSS through the #titleicon_unicode parser function. User input passed to this function is wrapped in an HtmlArmor object without sanitization and rendered directly into the page header, allowing attackers to inject arbitrary JavaScript.
This issue affects Mediawiki - TitleIcon extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
EPSS Score: 0.03%
July 8th, 2025 (2 days ago)
|
|
CVE-2025-7362 |
Description: The MsUpload extension for MediaWiki is vulnerable to stored XSS via the msu-continue system message, which is inserted into the DOM without proper sanitization. The vulnerability occurs in the file upload UI when the same filename is uploaded twice.
This issue affects Mediawiki - MsUpload extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
EPSS Score: 0.03%
July 8th, 2025 (2 days ago)
|
|
CVE-2025-53479 |
Description: The CheckUser extension’s Special:CheckUser interface is vulnerable to reflected XSS via the rev-deleted-user message. This message is rendered without proper escaping, making it possible to inject JavaScript through the uselang=x-xss language override mechanism.
This issue affects Mediawiki - CheckUser extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
EPSS Score: 0.03%
July 8th, 2025 (2 days ago)
|
|
Description: The attack was described as a “clear example of an organisation linked to the Russian state using ‘proxies’ — in this case British men — to carry out very serious criminal activity in this country on their behalf."
July 8th, 2025 (2 days ago)
|
|
Description: In yet another instance of threat actors repurposing legitimate tools for malicious purposes, it has been discovered that hackers are exploiting a popular red teaming tool called Shellter to distribute stealer malware.
The company behind the software said a company that had recently purchased Shellter Elite licenses leaked their copy, prompting malicious actors to weaponize the tool for
July 8th, 2025 (2 days ago)
|
|
Description: Today is Microsoft's July 2025 Patch Tuesday, which includes security updates for 137 flaws, including one publicly disclosed zero-day vulnerability in Microsoft SQL Server. [...]
July 8th, 2025 (2 days ago)
|
|
Description: Microsoft has released Windows 11 KB5062553 and KB5062552 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. [...]
July 8th, 2025 (2 days ago)
|