Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Alleged Data Breach of Customer Support Networks Up for Sale on Dark Web
March 6th, 2025 (about 1 month ago)
|
|
|
Description: The nation-state threat group has been breaching providers of remote management tools, identity management providers, and other IT companies to access networks of targeted entities, according to Microsoft.
March 5th, 2025 (about 1 month ago)
|
|
|
Description: Microsoft warns that Chinese cyber-espionage threat group 'Silk Typhoon' has shifted its tactics, now targeting remote management tools and cloud services in supply chain attacks that give them access to downstream customers. [...]
March 5th, 2025 (about 2 months ago)
|
|
|
Description: The US Justice Department has charged Chinese state security officers along with APT27 and i-Soon hackers for network breaches and cyberattacks that have targeted victims globally since 2011. [...]
March 5th, 2025 (about 2 months ago)
|
|
|
Description: USB drive attacks constitute a significant cybersecurity risk, taking advantage of the everyday use of USB devices to deliver malware and circumvent traditional network security measures. These attacks lead to data breaches, financial losses, and operational disruptions, with lasting impacts on an organization's reputation. An example is the Stuxnet worm discovered in 2010, a malware designed to
March 5th, 2025 (about 2 months ago)
|
|
|
Description: A new scam campaign is targeting company executives by mailing fraudulent ransom notes that falsely claim their corporate networks have been breached. The letters, which impersonate the BianLian ransomware group, demand Bitcoin payments of up to $350,000 under the threat of leaking sensitive company data. However, as Guidepoint security experts have confirmed, these extortion attempts …
The post Fake BianLian Ransom Notes Delivered to Executives via Post Mail appeared first on CyberInsider.
March 5th, 2025 (about 2 months ago)
|
|
|
Description: The Polish Space Agency (POLSA) has been offline since it disconnected its systems from the Internet over the weekend to contain a breach of its IT infrastructure. [...]
March 4th, 2025 (about 2 months ago)
|
|
|
Description: Credential stuffing attacks had a huge impact in 2024, fueled by a vicious circle of infostealer infections and data breaches. But things could be about to get worse still with Computer-Using Agents, a new kind of AI agent that enables low-cost, low-effort automation of common web tasks — including those frequently performed by attackers.
Stolen credentials: The cyber criminal’s weapon of choice
March 4th, 2025 (about 2 months ago)
|
|
|
Description: Rubrik disclosed last month that one of its servers hosting log files was breached, causing the company to rotate potentially leaked authentication keys. [...]
March 3rd, 2025 (about 2 months ago)
|
CVE-2025-27408 |
Description: Summary
Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt, identical passwords across multiple users will result in the same hash, making it easier for attackers to identify and exploit patterns, thereby accelerating the cracking process.
Details
Analysis of the application source code reveals that user passwords are hashed using the SHA3 algorithm without implementing a unique salt per user.
const newUser: AuthenticableEntity = entityRepository.create(signupUserDto)
newUser.password = SHA3(newUser.password).toString()
This approach results in deterministic password hashes, which can be identified by comparing the hashes for users with matching credentials.
PoC
Create two users with the same password (it could be admin or any other authenticatable entity)
Extract their password hashes from the database
Verify that both hashes are identical, confirming the absence of unique salts
Impact
This is a cryptographic weakness vulnerability that affects all users of the system. The lack of a unique salt when hashing passwords reduces protection against database breaches, as attackers who gain access to the database can more efficiently crack user passwords. Since identical passwords result in identical hashes, attackers can use precomputed hash databases (e.g., Rainbow Tables) or offline brute-force attacks to ...
CVSS: MEDIUM (4.8) EPSS Score: 0.02%
March 3rd, 2025 (about 2 months ago)
|