CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Using data from machine learning tools, we predict a surge in cloud attacks leveraging reworked Linux Executable and Linkage Format (ELF) files.
The post The Evolution of Linux Binaries in Targeted Cloud Operations appeared first on Unit 42.
June 10th, 2025 (7 days ago)
|
|
Description: Multiple vulnerabilities in DM Corporative CMS by Dmacroweb
Tue, 06/10/2025 - 11:23
Aviso
Affected Resources
DM Corporative CMS, versions prior to 2025.01.
Description
INCIBE has coordinated the publication of 9 vulnerabilities: 4 of critical severity and 5 of medium severity, affecting DM Corporative CMS of Dmacroweb, a content management system. The vulnerabilities have been discovered by Oscar Atienza.These vulnerabilities have been assigned the following code, CVSS v4.0 base score, CVSS vector and CWE vulnerability type:CVE-2025-40654 to CVE-2025-40657: CVSS v4.0: 9.3 | CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N | CWE-89CVE-2025-40658 to CVE-2025-40661: CVSS v4.0: 6.9 | CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N | CWE-639CVE-2025-40662: CVSS v4.0: 6.9 | CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N | CWE-200
Identificador
INCIBE-2025-0305
5 - Critical
Solution
The vulnerabilities have been fixed by the Dmacroweb team in version 2025.01.
Detail
A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases. The list of assigned parameters and identifiers is as follows:CVE-2025-40654: name and cod parameters in /antbuspre.asp.CVE-2025-40655: na...
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
June 10th, 2025 (7 days ago)
|
|
Description: Data of over +40,000 individuals has been accessed. The data includes email addresses, passwords, dates, login URLs, names, and regions
June 10th, 2025 (7 days ago)
|
|
Description: Russia's Federal Security Service (FSB) has reportedly intercepted private messages between Russian citizens and Ukrainian Telegram channel bots, initiating treason investigations based on the contents, according to human rights NGO First Department. The revelation underscores escalating digital surveillance and raises concerns about Telegram's security posture amid Russia's deepening crackdown on dissent. Shades on Telegram The …
The post Russian NGO Warns the FSB Is Intercepting Telegram Messages to Prosecute Users appeared first on CyberInsider.
June 10th, 2025 (7 days ago)
|
|
Description: Apple has officially announced that macOS 26 “Tahoe” will be the final version of its desktop operating system to support Intel-based Macs, effectively drawing the curtain on the architecture that powered Macs for nearly two decades. The news came not during the widely viewed WWDC keynote but rather in a quieter moment of the Platforms …
The post MacOS 26 ‘Tahoe’ Is the End of the Road for Intel-based Apple Computers appeared first on CyberInsider.
June 10th, 2025 (7 days ago)
|
|
June 10th, 2025 (7 days ago)
|
|
June 10th, 2025 (7 days ago)
|
|
June 10th, 2025 (7 days ago)
|
|
June 10th, 2025 (7 days ago)
|
CVE-2025-32433 |
🚨 Marked as known exploited on June 10th, 2025 (8 days ago).
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two critical security flaws impacting Erlang/Open Telecom Platform (OTP) SSH and Roundcube to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities in question are listed below -
CVE-2025-32433 (CVSS score: 10.0) - A missing authentication for a critical
CVSS: CRITICAL (10.0)
June 10th, 2025 (8 days ago)
|