CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
April 29th, 2025 (about 1 month ago)
|
|
Description: Cybersecurity company SentinelOne has revealed that a China-nexus threat cluster dubbed PurpleHaze conducted reconnaissance attempts against its infrastructure and some of its high-value customers.
"We first became aware of this threat cluster during a 2024 intrusion conducted against an organization previously providing hardware logistics services for SentinelOne employees," security
April 29th, 2025 (about 1 month ago)
|
|
Description: A spear-phishing campaign sent Trojanized versions of legitimate word-processing software to members of the World Uyghur Congress as part of China's continued cyber-espionage activity against the ethnic minority.
April 29th, 2025 (about 1 month ago)
|
|
April 29th, 2025 (about 1 month ago)
|
|
Description: At the RSA Conference, former CISA chief Chris Krebs said recent efforts by China-linked hacking groups makes it more important than ever to grow the federal cyber workforce.
April 29th, 2025 (about 1 month ago)
|
|
Description: The House Select Committee on the Chinese Communist Party (CCP) has subpoenaed China Mobile, China Telecom, and China Unicom after the three state-owned firms failed to respond to a formal congressional inquiry regarding their potential ties to Chinese military and intelligence agencies. The subpoenas demand full compliance by May 7, 2025, and escalate a bipartisan …
The post U.S. Subpoenas Chinese Telecom Giants Over National Security Risks and Data Privacy Concerns appeared first on CyberInsider.
April 25th, 2025 (about 2 months ago)
|
|
Description: One of the ways threat actors keep up with the constantly evolving cyber defense landscape is by raising the level of sophistication of their attacks. This trend can be seen across many of our engagements, particularly when responding to China-nexus groups. These actors have demonstrated the ability to create custom malware ecosystems, identify and use zero-day vulnerabilities in security and other appliances, leverage proxy networks akin to botnets, target edge devices and platforms that traditionally lack endpoint detection and response, and employ custom obfuscators in their malware. They take these extra steps to evade detection, stifle analysis, and ultimately stay on systems for longer periods of time.
However, not all successful attacks are highly complex and technical. Many times attackers will take advantage of the opportunities that are made available to them. This includes using credentials stolen in infostealer operations to gain initial access. Mandiant has seen such a rise in infostealer use that stolen credentials are now the second highest initial infection vector, making up 16% of our investigations. Other ways attackers are taking advantage of opportunities is by exploiting gaps and risks introduced in cloud migrations, and targeting unsecured data repositories to obtain credentials and other sensitive information.
Today we released M-Trends 2025, the 16th edition of our annual report, to help organizations stay ahead of all types of attacks. We dive de...
April 24th, 2025 (about 2 months ago)
|
|
Description: 450k USD
April 24th, 2025 (about 2 months ago)
|
|
|
Description: One of the ways threat actors keep up with the constantly evolving cyber defense landscape is by raising the level of sophistication of their attacks. This trend can be seen across many of our engagements, particularly when responding to China-nexus groups. These actors have demonstrated the ability to create custom malware ecosystems, identify and use zero-day vulnerabilities in security and other appliances, leverage proxy networks akin to botnets, target edge devices and platforms that traditionally lack endpoint detection and response, and employ custom obfuscators in their malware. They take these extra steps to evade detection, stifle analysis, and ultimately stay on systems for longer periods of time.
However, not all successful attacks are highly complex and technical. Many times attackers will take advantage of the opportunities that are made available to them. This includes using credentials stolen in infostealer operations to gain initial access. Mandiant has seen such a rise in infostealer use that stolen credentials are now the second highest initial infection vector, making up 16% of our investigations. Other ways attackers are taking advantage of opportunities is by exploiting gaps and risks introduced in cloud migrations, and targeting unsecured data repositories to obtain credentials and other sensitive information.
Today we released M-Trends 2025, the 16th edition of our annual report, to help organizations stay ahead of all types of attacks. We dive de...
April 23rd, 2025 (about 2 months ago)
|
|
Description: Impact
Attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is deployed, provided the application server has the necessary permissions. This can be accomplished either by modifying the FileRef directly in the database or by supplying a harmful value in the fileRef parameter of the /files endpoint of the generic REST API.
Arbitrary file reading on the operating system where the Jmix process is running.
The severity of the vulnerability is mitigated by the fact that the application UI and the generic REST API are typically accessible only to authenticated users. Additionally, the /files endpoint in Jmix requires specific permissions and is disabled by default.
Workarounds
A workaround for those who are unable to upgrade: Fix Path Traversal in Jmix Application.
Credit
Cai, Qi Qi of Siemens China Cybersecurity Testing Center - Shadowless Lab
References
https://github.com/jmix-framework/jmix/security/advisories/GHSA-jx4g-3xqm-62vh
https://docs.jmix.io/jmix/files-vulnerabilities.html
https://docs.jmix.io/jmix/files-vulnerabilities.html#fix-path-traversal-in-jmix-application
https://github.com/advisories/GHSA-jx4g-3xqm-62vh
April 22nd, 2025 (about 2 months ago)
|