CyberAlerts

CVE-2025-41438

Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Consilium Safety Equipment: CS5000 Fire Panel Vulnerabilities: Initialization of a Resource with an Insecure Default, Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain high-level access to and remotely operate the device, potentially putting it into a non-functional state. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Consilium Safety product is affected: CS5000 Fire Panel: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 INITIALIZATION OF A RESOURCE WITH AN INSECURE DEFAULT CWE-1188 The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is possible to change this by SSHing into the device, it has remained unchanged on every installed system observed. This account is not root but holds high-level permissions that could severely impact the device's operation if exploited. CVE-2025-41438 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2025-41438. A base score of 9.3 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.2.2 USE OF HARD-CODED CREDENTIALS CWE-798 The CS5000 Fire Panel is vulnerable due to a hard-coded password that...

EPSS Score: 0.06%

Source: All CISA Advisories

May 29th, 2025 (12 days ago)

Apple Safari Users Vulnerable to Stealthy Browser Attacks

Description: Safari’s inadequate fullscreen mode indicators can be exploited in advanced Browser-in-the-Middle (BitM) attacks, allowing threat actors to steal user credentials without raising suspicion. While not a technical vulnerability, this design oversight enables attackers to combine legitimate web functionalities with social engineering to create highly convincing phishing setups. The discovery comes from SquareX’s “Year of Browser … The post Apple Safari Users Vulnerable to Stealthy Browser Attacks appeared first on CyberInsider.

Source: CyberInsider

May 29th, 2025 (12 days ago)

8,000+ Asus routers popped in 'advanced' mystery botnet plot

Source: TheRegister

May 29th, 2025 (12 days ago)

🏴‍☠️ Akira has just published a new victim : AGME Automated assembly solutions

Description: AGME Automated Assembly Solutions design and manufacture special purpose machines that best meet the automatic assembly needs of d ifferent industries. We are going to upload about 10 GB of corporate data. Lot of empl oyee personal information (DOB, passport id, addresses, phones, e mails, and so on), projects info, financial data, client data, co ntracts and agreements, confidential documents, NDAs, etc.

Source: Ransomware.live

May 29th, 2025 (12 days ago)

🏴‍☠️ Crypto24 has just published a new victim : Choice AG

Description: [AI generated] "Choice AG" is a Switzerland-based company that specializes in providing solutions for investment and risk management. It offers software as well as asset management services that cater towards institutional and private investors alike. Their solutions are geared to help clients manage risk while optimizing investment returns. Services range from portfolio management to risk analysis, covering various types of assets from bonds to real estate.

Source: Ransomware.live

May 29th, 2025 (12 days ago)

Apple Safari exposes users to fullscreen browser-in-the-middle attacks

Description: A weakness in Apple's Safari web browser allows threat actors to leverage the fullscreen browser-in-the-middle (BitM) technique to steal account credentials from unsuspecting users. [...]

Source: BleepingComputer

May 29th, 2025 (12 days ago)

Alleged sale of senior citizen data from Germany and Denmark

Description: Alleged sale of senior citizen data from Germany and Denmark

Source: DarkWebInformer

May 29th, 2025 (12 days ago)

US sanctions firm linked to cyber scams behind $200 million in losses

Description: The U.S. Treasury Department has sanctioned Funnull Technology, a Philippines-based company that supports hundreds of thousands of malicious websites behind cyber scams linked to over $200 million in losses for Americans. [...]

Source: BleepingComputer

May 29th, 2025 (12 days ago)

CVE-2025-5334

Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an...

Description: Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to private personal information. Under specific circumstances, entries may be unintentionally moved from user vaults to shared vaults when edited by their owners, making them accessible to other users. This issue affects the following versions : * Remote Desktop Manager Windows 2025.1.34.0 and earlier

EPSS Score: 0.05%

Source: CVE

May 29th, 2025 (12 days ago)

CVE-2024-22653

yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasm_section_bcs_append function at section.c.

Description: yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasm_section_bcs_append function at section.c.

EPSS Score: 0.04%

SSVC Exploitation: poc

Source: CVE

May 29th, 2025 (12 days ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-41438	Consilium Safety CS5000 Fire Panel Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Consilium Safety Equipment: CS5000 Fire Panel Vulnerabilities: Initialization of a Resource with an Insecure Default, Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain high-level access to and remotely operate the device, potentially putting it into a non-functional state. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Consilium Safety product is affected: CS5000 Fire Panel: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 INITIALIZATION OF A RESOURCE WITH AN INSECURE DEFAULT CWE-1188 The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is possible to change this by SSHing into the device, it has remained unchanged on every installed system observed. This account is not root but holds high-level permissions that could severely impact the device's operation if exploited. CVE-2025-41438 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2025-41438. A base score of 9.3 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.2.2 USE OF HARD-CODED CREDENTIALS CWE-798 The CS5000 Fire Panel is vulnerable due to a hard-coded password that... EPSS Score: 0.06% Source: All CISA Advisories May 29th, 2025 (12 days ago)
	Apple Safari Users Vulnerable to Stealthy Browser Attacks Description: Safari’s inadequate fullscreen mode indicators can be exploited in advanced Browser-in-the-Middle (BitM) attacks, allowing threat actors to steal user credentials without raising suspicion. While not a technical vulnerability, this design oversight enables attackers to combine legitimate web functionalities with social engineering to create highly convincing phishing setups. The discovery comes from SquareX’s “Year of Browser … The post Apple Safari Users Vulnerable to Stealthy Browser Attacks appeared first on CyberInsider. Source: CyberInsider May 29th, 2025 (12 days ago)
	8,000+ Asus routers popped in 'advanced' mystery botnet plot Source: TheRegister May 29th, 2025 (12 days ago)
	🏴‍☠️ Akira has just published a new victim : AGME Automated assembly solutions Description: AGME Automated Assembly Solutions design and manufacture special purpose machines that best meet the automatic assembly needs of d ifferent industries. We are going to upload about 10 GB of corporate data. Lot of empl oyee personal information (DOB, passport id, addresses, phones, e mails, and so on), projects info, financial data, client data, co ntracts and agreements, confidential documents, NDAs, etc. Source: Ransomware.live May 29th, 2025 (12 days ago)
	🏴‍☠️ Crypto24 has just published a new victim : Choice AG Description: [AI generated] "Choice AG" is a Switzerland-based company that specializes in providing solutions for investment and risk management. It offers software as well as asset management services that cater towards institutional and private investors alike. Their solutions are geared to help clients manage risk while optimizing investment returns. Services range from portfolio management to risk analysis, covering various types of assets from bonds to real estate. Source: Ransomware.live May 29th, 2025 (12 days ago)
	Apple Safari exposes users to fullscreen browser-in-the-middle attacks Description: A weakness in Apple's Safari web browser allows threat actors to leverage the fullscreen browser-in-the-middle (BitM) technique to steal account credentials from unsuspecting users. [...] Source: BleepingComputer May 29th, 2025 (12 days ago)
	Alleged sale of senior citizen data from Germany and Denmark Description: Alleged sale of senior citizen data from Germany and Denmark Source: DarkWebInformer May 29th, 2025 (12 days ago)
	US sanctions firm linked to cyber scams behind $200 million in losses Description: The U.S. Treasury Department has sanctioned Funnull Technology, a Philippines-based company that supports hundreds of thousands of malicious websites behind cyber scams linked to over $200 million in losses for Americans. [...] Source: BleepingComputer May 29th, 2025 (12 days ago)
CVE-2025-5334	Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an... Description: Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to private personal information. Under specific circumstances, entries may be unintentionally moved from user vaults to shared vaults when edited by their owners, making them accessible to other users. This issue affects the following versions : * Remote Desktop Manager Windows 2025.1.34.0 and earlier EPSS Score: 0.05% Source: CVE May 29th, 2025 (12 days ago)
CVE-2024-22653	yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasm_section_bcs_append function at section.c. Description: yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasm_section_bcs_append function at section.c. EPSS Score: 0.04% SSVC Exploitation: poc Source: CVE May 29th, 2025 (12 days ago)