CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Craft CMS RCE exploit chain used in zero-day attacks to steal data
Description: Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense. [...]
Source: BleepingComputer
April 25th, 2025 (about 2 months ago)
Baltimore City Public Schools data breach affects over 31,000 people
Description: ​Baltimore City Public Schools notified tens of thousands of employees and students of a data breach following an incident in February when unknown attackers hacked into its network. [...]
Source: BleepingComputer
April 25th, 2025 (about 2 months ago)
Cybersecurity Snapshot: Verizon DBIR Finds Attackers Feast on Vulnerability Exploits for Initial Access, While MITRE ATT&CK Adds Mobile, Cloud, ESX...
Description: Check out highlights from this year’s Verizon DBIR, including a surge in zero-day exploits targeting edge devices and VPNs. Plus, find out what’s new in the latest version of MITRE ATT&CK. Also, see what Tenable webinar attendees said about AI security. And get the latest on ransomware preparedness for OT systems and on the FBI’s 2024 cyber crime report.Dive into five things that are top of mind for the week ending April 25.1 - Verizon DBIR: To break in, hackers favor credentials and vulnerabilitiesAs your organization fine-tunes its cyber defenses, here’s an unsurprising yet highly relevant fact: The two most common avenues for cyberattackers to hack into victims’ networks are compromised credentials and exploited vulnerabilities.That’s according to Verizon’s “2025 Data Breach Investigations Report” (DBIR), which was published this week. The report is based on an analysis of 22,000 real-world security incidents — including about 12,200 confirmed breaches — that occurred globally between Nov. 1, 2023 and to Oct. 31, 2024."The DBIR's findings underscore the importance of a multi-layered defense strategy," Chris Novak, VP of Global Cybersecurity Solutions at Verizon Business, said in a statement. "Businesses need to invest in robust security measures, including strong password policies, timely patching of vulnerabilities, and comprehensive security awareness training for employees," he added.Cyber attackers used credential abuse as their initial access vector in 22% of breac...
Source: Tenable Blog
April 25th, 2025 (about 2 months ago)
FBI seeks help to unmask Salt Typhoon hackers behind telecom breaches
Description: The FBI has asked the public for information on Chinese Salt Typhoon hackers behind widespread breaches of telecommunications providers in the United States and worldwide. [...]
Source: BleepingComputer
April 25th, 2025 (about 2 months ago)
Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers
Description: Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, and tamper with logs under certain conditions. The vulnerabilities, flagged by cybersecurity vendor OPSWAT, are listed below - CVE-2025-27610 (CVSS score: 7.5) - A path traversal

CVSS: HIGH (7.5)

Source: TheHackerNews
April 25th, 2025 (about 2 months ago)
[Virtual Event] Anatomy of a Data Breach: And what to do if it happens to you
Source: Dark Reading
April 24th, 2025 (about 2 months ago)
Lazarus hackers breach six companies in watering hole attacks
Description: In a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea. [...]
Source: BleepingComputer
April 24th, 2025 (about 2 months ago)
Frederick Health data breach impacts nearly 1 million patients
Description: ​A ransomware attack in January at Frederick Health Medical Group, a major healthcare provider in Maryland, has led to a data breach affecting nearly one million patients. [...]
Source: BleepingComputer
April 24th, 2025 (about 2 months ago)
Lazarus Group Breached Semiconductor and Software Firms in South Korea
Description: A targeted campaign by the North Korean Lazarus Group, dubbed Operation SyncHole, used a combination of watering hole tactics and software exploits to compromise at least six South Korean organizations between November 2024 and February 2025. These were companies engaged in the fields of software, semiconductor manufacturing, IT, finance, and telecommunications. The campaign exploited vulnerabilities … The post Lazarus Group Breached Semiconductor and Software Firms in South Korea appeared first on CyberInsider.
Source: CyberInsider
April 24th, 2025 (about 2 months ago)
Yale New Haven Health data breach affects 5.5 million patients
Description: Yale New Haven Health (YNHHS) is warning that threat actors stole the personal data of 5.5 million patients in a cyberattack earlier this month. [...]
Source: BleepingComputer
April 24th, 2025 (about 2 months ago)