Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-29720
Dify v1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi.
Description: Dify v1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi.

EPSS Score: 0.01%

Source: CVE
April 14th, 2025 (9 days ago)
Fortinet Zero-Day Bug May Lead to Arbitrary Code Execution
🚨 Marked as known exploited on April 14th, 2025 (9 days ago).
Description: A threat actor posted about the zero-day exploit on the same day that Fortinet published a warning about known vulnerabilities under active exploitation.
Source: Dark Reading
April 14th, 2025 (9 days ago)
UK appoints security and intelligence specialist as ambassador to France
Description: Sir Thomas Drew — previously a top official in the Foreign Office and a key figure in Britain's response to Russia's invasion of Ukraine — will be the U.K.'s ambassador to France as the two countries prepare to work more closely on security issues.
Source: The Record
April 14th, 2025 (9 days ago)
Chinese APTs Exploit EDR 'Visibility Gap' for Cyber Espionage
Description: Blind spots in network visibility, including in firewalls, IoT devices, and the cloud, are being exploited by Chinese state-backed threat actors with increasing success, according to new threat intelligence. Here's how experts say you can get eyes on it all.
Source: Dark Reading
April 14th, 2025 (9 days ago)
New ResolverRAT malware targets pharma and healthcare orgs worldwide
Description: A new remote access trojan (RAT) called 'ResolverRAT' is being used against organizations globally, with the malware used in recent attacks targeting the healthcare and pharmaceutical sectors. [...]
Source: BleepingComputer
April 14th, 2025 (9 days ago)
TLS Certificate Lifespans to Be Gradually Reduced to 47 Days by 2029
Description: The CA/Browser Forum has formally approved a phased plan to shorten the maximum validity period of publicly trusted SSL/TLS certificates from the current 398 days to just 47 days by March 2029. The proposal, initially submitted by Apple in January 2025, aims to enhance the reliability and resilience of the global Web Public Key Infrastructure … The post TLS Certificate Lifespans to Be Gradually Reduced to 47 Days by 2029 appeared first on CyberInsider.
Source: CyberInsider
April 14th, 2025 (9 days ago)
Taiwan charges Chinese ship captain with breaking subsea cables
Description: The captain of a Chinese-crewed ship has been charged in Taiwan with breaking a subsea cable near the island, the first such formal charge following almost a dozen similar incidents in recent years.
Source: The Record
April 14th, 2025 (9 days ago)
[github.com/gorilla/csrf] gorilla/csrf CSRF vulnerability due to broken Referer validation
Description: Summary gorilla/csrf is vulnerable to CSRF via form submission from origins that share a top level domain with the target origin. Details gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes the request is being served over TLS. It determines this by inspecting the r.URL.Scheme value. However, this value is never populated for "server" requests per the Go spec, and so this check does not run in practice. // URL specifies either the URI being requested (for server // requests) or the URL to access (for client requests). // // For server requests, the URL is parsed from the URI // supplied on the Request-Line as stored in RequestURI. For // most requests, fields other than Path and RawQuery will be // empty. (See [RFC 7230, Section 5.3](https://rfc-editor.org/rfc/rfc7230.html#section-5.3)) // // For client requests, the URL's Host specifies the server to // connect to, while the Request's Host field optionally // specifies the Host header value to send in the HTTP // request. URL *[url](https://pkg.go.dev/net/url).[URL](https://pkg.go.dev/net/url#URL) PoC create trusted origin target.example.test protected with gorilla/csrf and served over TLS hosting form on /submit create attacker origin attack.example.test served over TLS attacker exfiltrates token & cookie combination from target.example.test attacker...
Source: Github Advisory Database (Go)
April 14th, 2025 (9 days ago)
Linux Terminal Shortcuts
Description: Linux Terminal Shortcuts
Source: DarkWebInformer
April 14th, 2025 (9 days ago)
ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading
Description: Cybersecurity researchers have discovered a new, sophisticated remote access trojan called ResolverRAT that has been observed in attacks targeting healthcare and pharmaceutical sectors. "The threat actor leverages fear-based lures delivered via phishing emails, designed to pressure recipients into clicking a malicious link," Morphisec Labs researcher Nadav Lorber said in a report shared with The
Source: TheHackerNews
April 14th, 2025 (9 days ago)