Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
China-Backed Threat Actor 'UNC5174' Using Open Source Tools in Stealthy Attacks
Description: Sysdig researchers detailed an ongoing campaign from China-backed threat actor UNC5174, which is using open source hacking tools to stay under the radar.
Source: Dark Reading
April 15th, 2025 (7 days ago)
Google adds Android auto-reboot to block forensic data extractions
Description: Google is rolling out a new security mechanism on Android devices that will automatically reboot locked, unused devices after three consecutive days of inactivity, restoring memory to an encrypted state. [...]
Source: BleepingComputer
April 15th, 2025 (7 days ago)
Inside the Economy of AI Spammers Getting Rich By Exploiting Disasters and Misery
Description: How AI spammers monetized the LA fires and other natural disasters.
Source: 404 Media
April 15th, 2025 (7 days ago)
Microsoft warns of CPU spikes when typing in classic Outlook
Description: Microsoft warned Windows users of increased CPU usage when typing while using recent versions of the classic Outlook email client. [...]
Source: BleepingComputer
April 15th, 2025 (7 days ago)

CVE-2025-3608
A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable...
Description: A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2.

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (7 days ago)

CVE-2025-32103
CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files...
Description: CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC share pathnames, bypassing SecurityManager restrictions.

EPSS Score: 0.08%

Source: CVE
April 15th, 2025 (7 days ago)

CVE-2025-32102
CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SSRF via the host and port parameters in a command=telnetSocket request to the...
Description: CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SSRF via the host and port parameters in a command=telnetSocket request to the /WebInterface/function/ URI.

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (7 days ago)
🏴‍☠️ Akira has just published a new victim : Inductors Inc.
Description: Inductors Inc. is the premier franchised distributor of inductive components specializing in power and RF products. We are ready to upload more than 6 GB of essential corporate docu ments such as: corporate NDA’s, corporate licenses, agreements an d contracts, financial data (audits, payment details, reports), i nsurance documents, etc.
Source: Ransomware.live
April 15th, 2025 (7 days ago)
EU confirms issuing ‘burner phones’ to top officials but denies practice caused by Trump
Description: The European Commission said it does issue "burner phones" to officials, but there has been no specific guidance recommending that they be used while on missions in the U.S.
Source: The Record
April 15th, 2025 (7 days ago)
Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds
Description: Everybody knows browser extensions are embedded into nearly every user’s daily workflow, from spell checkers to GenAI tools. What most IT and security people don’t know is that browser extensions’ excessive permissions are a growing risk to organizations. LayerX today announced the release of the Enterprise Browser Extension Security Report 2025, This report is the first and only report to merge
Source: TheHackerNews
April 15th, 2025 (7 days ago)