CyberAlerts

New Cleo zero-day RCE flaw exploited in data theft attacks

Description: Hackers are actively exploiting a zero-day vulnerability in Cleo managed file transfer software to breach corporate networks and conduct data theft attacks. [...]

Source: BleepingComputer

December 10th, 2024 (7 months ago)

Radiant links $50 million crypto heist to North Korean hackers

Description: Radiant Capital now says that North Korean threat actors are behind the $50 million cryptocurrency heist that occurred after hackers breached its systems in an October 16 cyberattack. [...]

Source: BleepingComputer

December 9th, 2024 (7 months ago)

Ladies.com - 118,809 breached accounts

Description: In 2024, the lesbian dating website ladies.com suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 119k users of the service including email addresses, photos, sexual orientation, genders, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down in mid-2024 and the breach later acknowledged by the site operator in December, along with a breach of the "Senior Dating" website run by the same organisation.

Source: HaveIBeenPwnedLatestBreaches

December 9th, 2024 (7 months ago)

Senior Dating - 765,517 breached accounts

Description: In 2024, the 40+ dating website Senior Dating suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 766k users of the service including email addresses, photos, genders, links to Facebook accounts, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down after the breach was acknowledged by the site operator in December, along with a breach of the "ladies.com" website run by the same organisation.

Source: HaveIBeenPwnedLatestBreaches

December 9th, 2024 (7 months ago)

Anna Jaques Hospital ransomware breach exposed data of 300K patients

Description: Anna Jaques Hospital has confirmed on its website that a ransomware attack it suffered almost precisely a year ago, on December 25, 2023, has exposed sensitive health data for over 316,000 patients. [...]

Source: BleepingComputer

December 8th, 2024 (7 months ago)

Blue Yonder SaaS giant breached by Termite ransomware gang

Description: The Termite ransomware gang has officially claimed responsibility for the November breach of software as a service (SaaS) provider Blue Yonder. [...]

Source: BleepingComputer

December 6th, 2024 (7 months ago)

U.S. org suffered four month intrusion by Chinese hackers

Description: A large U.S. organization with significant presence in China has been reportedly breached by China-based threat actors who persisted on its networks from April to August 2024. [...]

Source: BleepingComputer

December 5th, 2024 (7 months ago)

US arrests Scattered Spider suspect linked to telecom hacks

Description: U.S. authorities have arrested a 19-year-old teenager linked to the notorious Scattered Spider cybercrime gang who is now charged with breaching a U.S. financial institution and two unnamed telecommunications firms. [...]

Source: BleepingComputer

December 5th, 2024 (7 months ago)

CVE-2024-3656

Keycloak: unguarded admin rest api endpoints allows low privilege users to use administrative functionalities

Description: A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.

EPSS Score: 0.09%

Source: CVE

December 5th, 2024 (7 months ago)

White House: Salt Typhoon hacked telcos in dozens of countries

Description: Chinese state hackers, known as Salt Typhoon, have breached telecommunications companies in dozens of countries, President Biden's deputy national security adviser Anne Neuberger said today. [...]

Source: BleepingComputer

December 4th, 2024 (7 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	New Cleo zero-day RCE flaw exploited in data theft attacks Description: Hackers are actively exploiting a zero-day vulnerability in Cleo managed file transfer software to breach corporate networks and conduct data theft attacks. [...] Source: BleepingComputer December 10th, 2024 (7 months ago)
	Radiant links $50 million crypto heist to North Korean hackers Description: Radiant Capital now says that North Korean threat actors are behind the $50 million cryptocurrency heist that occurred after hackers breached its systems in an October 16 cyberattack. [...] Source: BleepingComputer December 9th, 2024 (7 months ago)
	Ladies.com - 118,809 breached accounts Description: In 2024, the lesbian dating website ladies.com suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 119k users of the service including email addresses, photos, sexual orientation, genders, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down in mid-2024 and the breach later acknowledged by the site operator in December, along with a breach of the "Senior Dating" website run by the same organisation. Source: HaveIBeenPwnedLatestBreaches December 9th, 2024 (7 months ago)
	Senior Dating - 765,517 breached accounts Description: In 2024, the 40+ dating website Senior Dating suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 766k users of the service including email addresses, photos, genders, links to Facebook accounts, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down after the breach was acknowledged by the site operator in December, along with a breach of the "ladies.com" website run by the same organisation. Source: HaveIBeenPwnedLatestBreaches December 9th, 2024 (7 months ago)
	Anna Jaques Hospital ransomware breach exposed data of 300K patients Description: Anna Jaques Hospital has confirmed on its website that a ransomware attack it suffered almost precisely a year ago, on December 25, 2023, has exposed sensitive health data for over 316,000 patients. [...] Source: BleepingComputer December 8th, 2024 (7 months ago)
	Blue Yonder SaaS giant breached by Termite ransomware gang Description: The Termite ransomware gang has officially claimed responsibility for the November breach of software as a service (SaaS) provider Blue Yonder. [...] Source: BleepingComputer December 6th, 2024 (7 months ago)
	U.S. org suffered four month intrusion by Chinese hackers Description: A large U.S. organization with significant presence in China has been reportedly breached by China-based threat actors who persisted on its networks from April to August 2024. [...] Source: BleepingComputer December 5th, 2024 (7 months ago)
	US arrests Scattered Spider suspect linked to telecom hacks Description: U.S. authorities have arrested a 19-year-old teenager linked to the notorious Scattered Spider cybercrime gang who is now charged with breaching a U.S. financial institution and two unnamed telecommunications firms. [...] Source: BleepingComputer December 5th, 2024 (7 months ago)
CVE-2024-3656	Keycloak: unguarded admin rest api endpoints allows low privilege users to use administrative functionalities Description: A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise. EPSS Score: 0.09% Source: CVE December 5th, 2024 (7 months ago)
	White House: Salt Typhoon hacked telcos in dozens of countries Description: Chinese state hackers, known as Salt Typhoon, have breached telecommunications companies in dozens of countries, President Biden's deputy national security adviser Anne Neuberger said today. [...] Source: BleepingComputer December 4th, 2024 (7 months ago)