Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Old AT&T data leak repackaged to link SSNs, DOBs to 49M phone numbers
Description: A threat actor has re-released data from a 2021 AT&T breach affecting 70 million customers, this time combining previously separate files to directly link Social Security numbers and birth dates to individual users. [...]
Source: BleepingComputer
June 5th, 2025 (about 21 hours ago)

CVE-2025-5419
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
Description: Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

EPSS Score: 0.12%

Source: CISA KEV
June 5th, 2025 (about 21 hours ago)
Alleged breach of Weguest – 2.5M Records Exposed via API Misconfiguration
Description: Alleged breach of Weguest – 2.5M Records Exposed via API Misconfiguration
Source: DarkWebInformer
June 5th, 2025 (about 22 hours ago)
[yiisoft/yii2-redis] Yii 2 Redis may expose AUTH paramters in logs in case of connection failure
Description: Impact On failing connection extension writes commands sequence to logs. AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs. References https://github.com/yiisoft/yii2-redis/security/advisories/GHSA-g3p6-82vc-43jh https://github.com/yiisoft/yii2-redis/commit/962252d2c57c187181e67bb66da3f27b4698358d https://github.com/advisories/GHSA-g3p6-82vc-43jh
Source: Github Advisory Database (Composer)
June 5th, 2025 (about 22 hours ago)
BidenCash busted as Feds nuke stolen credit card bazaar
Source: TheRegister
June 5th, 2025 (about 22 hours ago)
Designing a Windows Service for Security
Description: Designing a security-focused Windows Service? Learn more from ThreatLocker about the core components for real-time monitoring, threat detection, and system hardening to defend against malware and ransomware. [...]
Source: BleepingComputer
June 5th, 2025 (about 22 hours ago)
Iran-linked hackers target Kurdish and Iraqi officials in long-running cyberespionage campaign
Description: The group has been operating since at least 2017, initially breaching systems belonging to the Kurdistan Regional Government and have expanded their reach to the Central Government of Iraq as well as a telecommunications provider in Uzbekistan.
Source: The Record
June 5th, 2025 (about 23 hours ago)
Alleged breach of Slate & Tell – 5M Jewelry Customer Records Exposed
Description: Alleged breach of Slate & Tell – 5M Jewelry Customer Records Exposed
Source: DarkWebInformer
June 5th, 2025 (about 23 hours ago)
Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hardcoded Credentials
Description: Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks. "Several widely used extensions [...] unintentionally transmit sensitive data over simple HTTP," Yuanjing Guo, a security researcher in the Symantec's Security Technology and Response
Source: TheHackerNews
June 5th, 2025 (about 23 hours ago)

CVE-2025-30184
CyberData 011209 SIP Emergency Intercom
Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: CyberData Equipment: 011209 SIP Emergency Intercom Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Missing Authentication for Critical Function, SQL Injection, Insufficiently Protected Credentials, Path Traversal: '.../...//' 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, cause a denial-of-service condition, or achieve code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following CyberData products are affected: 011209 SIP Emergency Intercom: Versions prior to 22.0.1 3.2 VULNERABILITY OVERVIEW 3.2.1 Authentication Bypass Using an Alternate Path or Channel CWE-288 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path. CVE-2025-30184 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2025-30184. A base score of 9.3 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.2.2 Missing Authentication for Critical Function CWE-306 011209 Intercom exposes features that could allow an unauthenticated to gain access and cause a denial-of-service condition or system disruption. CVE-2025-26468 has been assign...
Source: All CISA Advisories
June 5th, 2025 (about 23 hours ago)