Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-28230
Incorrect access control in JMBroadcast JMB0150 Firmware v1.0 allows attackers to access hardcoded administrator credentials.
Description: Incorrect access control in JMBroadcast JMB0150 Firmware v1.0 allows attackers to access hardcoded administrator credentials.
Source: CVE
April 18th, 2025 (about 15 hours ago)

CVE-2025-28229
Incorrect access control in Orban OPTIMOD 5950 Firmware v1.0.0.2 and System v2.2.15 allows attackers to bypass authentication and gain...
Description: Incorrect access control in Orban OPTIMOD 5950 Firmware v1.0.0.2 and System v2.2.15 allows attackers to bypass authentication and gain Administrator privileges.
Source: CVE
April 18th, 2025 (about 15 hours ago)

CVE-2025-28228
A credential exposure vulnerability in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09, v01.08, v01.07, and Display v1.4, v1.2 allows...
Description: A credential exposure vulnerability in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09, v01.08, v01.07, and Display v1.4, v1.2 allows unauthorized attackers to access credentials in plaintext.
Source: CVE
April 18th, 2025 (about 15 hours ago)

CVE-2024-29643
An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component.
Description: An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component.
Source: CVE
April 18th, 2025 (about 15 hours ago)
CISA Weighs In on Alleged Oracle Cloud Breach
Description: The agency is recommending that organizations and individuals implement its recommendations to prevent the misuse of stolen data, though Oracle has yet to publicly do the same for its customers.
Source: Dark Reading
April 18th, 2025 (about 15 hours ago)
Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States
Description: Cybersecurity researchers are warning of a "widespread and ongoing" SMS phishing campaign that's been targeting toll road users in the United States for financial theft since mid-October 2024. "The toll road smishing attacks are being carried out by multiple financially motivated threat actors using the smishing kit developed by 'Wang Duo Yu,'" Cisco Talos researchers Azim Khodjibaev, Chetan
Source: TheHackerNews
April 18th, 2025 (about 15 hours ago)
SonicWall SMA VPN devices targeted in attacks since January
🚨 Marked as known exploited on April 18th, 2025 (about 15 hours ago).
Description: A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least January 2025, according to cybersecurity company Arctic Wolf. [...]
Source: BleepingComputer
April 18th, 2025 (about 15 hours ago)
CISA Weighs in on Alleged Oracle Cloud Breach
Description: The agency is recommending that organizations and individuals implement its recommendations to prevent the misuse of stolen data, though Oracle has yet to publicly do the same for its customers.
Source: Dark Reading
April 18th, 2025 (about 15 hours ago)
🏴‍☠️ Akira has just published a new victim : Hubbard, McIlwain, &Brakefield, P.C.
Description: Hubbard, McIlwain, & Brakefield, P.C. is one of the most well-res pected and successful firms in Alabama. We are ready to upload more than 4 GB of data. Not much but inter esting: trial documents, a lot of client data such as financials, personal docs, etc.
Source: Ransomware.live
April 18th, 2025 (about 15 hours ago)
🏴‍☠️ Cloak has just published a new victim : Pc***********.org
Source: Ransomware.live
April 18th, 2025 (about 15 hours ago)