CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Windows 11 KB5062553 & KB5062552 cumulative updates released
Description: Microsoft has released Windows 11 KB5062553 and KB5062552 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. [...]
Source: BleepingComputer
July 8th, 2025 (4 days ago)
Windows 10 KB5062554 cumulative update released with 13 changes, fixes
Description: Microsoft has released the KB5062554 cumulative update for Windows 10 22H2 and Windows 10 21H2, with thirteen new fixes or changes. [...]
Source: BleepingComputer
July 8th, 2025 (4 days ago)
Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play
Description: Cybersecurity researchers have discovered an Android banking malware campaign that has leveraged a trojan named Anatsa to target users in North America using malicious apps published on Google's official app marketplace. The malware, disguised as a "PDF Update" to a document viewer app, has been caught serving a deceptive overlay when users attempt to access their banking application, claiming
Source: TheHackerNews
July 8th, 2025 (4 days ago)
🏴‍☠️ Play has just published a new victim : Tyree Oil
Description: United States
Source: Ransomware.live
July 8th, 2025 (4 days ago)
🏴‍☠️ Play has just published a new victim : Wood, Patel & Associates
Description: United States
Source: Ransomware.live
July 8th, 2025 (4 days ago)
🏴‍☠️ Play has just published a new victim : Wfmt
Description: United States
Source: Ransomware.live
July 8th, 2025 (4 days ago)

CVE-2025-52579
Emerson ValveLink Products
Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Emerson Equipment: ValveLink Products Vulnerabilities: Cleartext Storage of Sensitive Information in Memory, Protection Mechanism Failure, Uncontrolled Search Path Element, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker with access to the system to read sensitive information stored in cleartext, tamper with parameters, and run un-authorized code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following ValveLink products are affected: ValveLink SOLO: All versions prior to ValveLink 14.0 ValveLink DTM: All versions prior to ValveLink 14.0 ValveLink PRM: All versions prior to ValveLink 14.0 ValveLink SNAP-ON: All versions prior to ValveLink 14.0 3.2 VULNERABILITY OVERVIEW 3.2.1 CLEARTEXT STORAGE OF SENSITIVE INFORMATION IN MEMORY CWE-316 The product stores sensitive information in cleartext in memory. The sensitive memory might be saved to disk, stored in a core dump, or remain uncleared if the product crashes, or if the programmer does not properly clear the memory before freeing it. CVE-2025-52579 has been assigned to this vulnerability. A CVSS v3 base score of 9.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L). A CVSS v4 score has also been calculated for CVE-2025-52579. A base score of 9.3 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/...

EPSS Score: 0.03%

Source: All CISA Advisories
July 8th, 2025 (4 days ago)

CVE-2025-53480
CheckUser: Reflected Cross-Site Scripting (XSS) in Special:Investigate (Account information tab) via unsanitized i18n messages
Description: The CheckUser extension’s Special:Investigate page has a vulnerability in the Account information tab, where specific internationalized messages are rendered without proper escaping. Attackers can exploit this by appending ?uselang=x-xss to the URL, causing reflected XSS when the UI renders affected message keys. This issue affects Mediawiki - CheckUser extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

EPSS Score: 0.03%

Source: CVE
July 8th, 2025 (4 days ago)
'Save Our Signs' Wants to Save the Real History of National Parks Before Trump Erases It
Description: Trump wants to erase any "negative" content from educational sites at National Parks. A group of data preservationists asks visitors to help them document placards and monuments, before they disappear.
Source: 404 Media
July 8th, 2025 (4 days ago)
🏴‍☠️ Sarcoma has just published a new victim : Milberg
Description: Why did the ransomware victims' law firm start offering yoga classes? Because they wanted to teach their clients how to stay flexible when dealing with unexpected "attacks"! A law firm that helps ransomware victims got hit themselves? Looks like they have not just clients in hostage, but their own data too! The archive contains data of the following companies: https://thesandersfirm.com/ https://aronovaassociates.com/ https://sgafirm.com/ https://milberg.com/ P.S. We get it, you’re some top-notch lawyers doing everything you can to dodge the fallout with legal tricks, but you still have a shot at a sweet deal for now.Geo: USA - Leak size: 3 TB - Contains: Sensitive information
Source: Ransomware.live
July 8th, 2025 (4 days ago)