Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Infosys Settles $17.5M Class Action Lawsuit After Sprawling Third-Party Breach
Description: Several major companies in the finance sector were impacted by the third-party breach, prompting them to notify thousands of customers of their compromised data.
Source: Dark Reading
March 19th, 2025 (about 1 month ago)
Half a million people impacted by Pennsylvania State Education Association data breach
Description: More than 500,000 people were impacted by a cyberattack on the Pennsylvania State Education Association (PSEA) that took place in July 2024.
Source: The Record
March 19th, 2025 (about 1 month ago)
CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV) catalog. The high-severity flaw, tracked as CVE-2025-30066 (CVSS score: 8.6), involves the breach of the GitHub Action to inject malicious code that enables a remote

CVSS: HIGH (8.6)

EPSS Score: 63.87%

Source: TheHackerNews
March 19th, 2025 (about 1 month ago)
Lexipol - 672,546 breached accounts
Description: In February 2025, the public safety policy management systems company Lexipol suffered a data breach. Attributed to the self-proclaimed "Puppygirl Hacker Polycule", the breach exposed an extensive number of documents and user records which were subsequently published publicly. The breach included over 670k unique email addresses in the user records, along with names, phone numbers, system-generated usernames and passwords stored as either MD5 or SHA-256 hashes.
Source: HaveIBeenPwnedLatestBreaches
March 19th, 2025 (about 1 month ago)
Sperm donation giant California Cryobank warns of a data breach
Description: US sperm donor giant California Cryobank is warning customers it suffered a data breach that exposed customers' personal information. [...]
Source: BleepingComputer
March 18th, 2025 (about 1 month ago)

CVE-2025-25042
Authenticated Access Control Vulnerability allows Sensitive Information Disclosure in AOS-CX REST Interface
Description: A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further unauthorized access or data breaches.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE
March 18th, 2025 (about 1 month ago)
GitHub Action hack likely led to another in cascading supply chain attack
Description: A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed to have led to the recent breach of "tj-actions/changed-files" that leaked CI/CD secrets. [...]
Source: BleepingComputer
March 18th, 2025 (about 1 month ago)
Western Alliance Bank notifies 21,899 customers of data breach
Description: Arizona-based Western Alliance Bank is notifying nearly 22,000 customers their personal information was stolen in October after a third-party vendor's secure file transfer software was breached. [...]
Source: BleepingComputer
March 18th, 2025 (about 1 month ago)
Western Alliance Bank says nearly 22,000 impacted by file transfer software breach
Description: Phoenix-based Western Alliance Bank filed data breach notices saying about 22,000 people were affected by an incident involving file transfer software.
Source: The Record
March 18th, 2025 (about 1 month ago)
NhacDJ.Vn Allegedly Breached – 100,000 User Records Leaked, Including Emails, Phone Numbers, and Full Names
Description: NhacDJ.Vn Allegedly Breached – 100,000 User Records Leaked, Including Emails, Phone Numbers, and Full Names
Source: DarkWebInformer
March 17th, 2025 (about 1 month ago)