CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Alleged sale of Revolut Business Account Verified for Czech Republic
June 2nd, 2025 (11 days ago)
|
|
Description: TBD
June 2nd, 2025 (11 days ago)
|
|
|
Description: www.diyar.com - Architecture, Engineering & Design
June 2nd, 2025 (11 days ago)
|
CVE-2025-27955 |
Description: Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code.
EPSS Score: 0.1%
June 2nd, 2025 (11 days ago)
|
|
CVE-2025-27953 |
Description: An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component.
EPSS Score: 0.1%
June 2nd, 2025 (11 days ago)
|
|
CVE-2025-23104 |
Description: An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.
EPSS Score: 0.04%
June 2nd, 2025 (11 days ago)
|
|
Description: American cybersecurity company SentinelOne revealed over the weekend that a software flaw triggered a seven-hour-long outage on Thursday. [...]
June 2nd, 2025 (11 days ago)
|
|
Description: Spyware maker NSO Group asked a federal judge to reduce the damages it owes to WhatsApp in a case involving 1,400 infected phones, or set up a new trial.
June 2nd, 2025 (11 days ago)
|
|
🚨 Marked as known exploited on June 2nd, 2025 (11 days ago).
Description: Frequently asked questions about “BadSuccessor,” a zero-day privilege escalation vulnerability in Active Directory domains with at least one Windows Server 2025 domain controller.BackgroundTenable’s Research Special Operations (RSO) and the Identity Content team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a newly disclosed zero-day in Active Directory called BadSuccessor.FAQWhat is BadSuccessor?BadSuccessor is the name of a zero-day privilege escalation vulnerability in Active Directory that was discovered and disclosed by Yuval Gordon, a security researcher at Akamai.According to Gordon, the flaw exists in delegated Managed Service Accounts (dMSAs), a service account type in Active Directory (AD) that was introduced in Windows Server 2025 to enable the migration of non-managed service accounts.What are the vulnerabilities associated with BadSuccessor?As of June 2, Microsoft had not assigned a CVE identifier for BadSuccessor. Microsoft is the CVE Numbering Authority (CNA) for its products. Since there are currently no patches available for BadSuccessor, no CVE has been assigned. If Microsoft does assign a CVE alongside patches for it, we will update this blog accordingly.How is BadSuccessor exploited?To exploit BadSuccessor, an attacker needs to be able to access a user account with specific permissions in AD, and at least one domain controller in the domain needs to be running Windows Server 2025.Based on Akamai’s research, even if an AD do...
June 2nd, 2025 (11 days ago)
|
|
Description: A new campaign redirects users from gaming sites, social media, and even sponsored ads to fake Booking.com websites designed to infect devices with the dangerous AsyncRAT malware. First spotted by Malwarebytes in mid-May, the campaign exploits travelers searching for hotel deals, using deceptive tactics like fake CAPTCHA forms and clipboard hijacking to convince victims to …
The post Fake Booking.com Sites Trick Visitors Into Installing AsyncRAT Malware appeared first on CyberInsider.
June 2nd, 2025 (11 days ago)
|