CyberAlerts

Police Arrest Hacker Behind Attacks on U.S. and NATO Systems

Description: Spanish authorities have arrested an 18-year-old hacker known as “Natohub,” accused of breaching multiple high-profile government and military systems, including databases belonging to NATO, the U.S. Army, and Spain's Ministry of Defense. The hacker, who operated under multiple aliases on dark web forums, carried out at least 40 cyberattacks throughout 2024, targeting both public institutions … The post Police Arrest Hacker Behind Attacks on U.S. and NATO Systems appeared first on CyberInsider.

Source: CyberInsider

February 6th, 2025 (2 months ago)

Hakko Corporation - 9,665 breached accounts

Description: In March 2019, the Japanese solder-related business Hakko Corporation suffered a data breach. The incident exposed almost 10k customer records including email and physical addresses, phone numbers, names, usernames, genders, dates of birth and plain text passwords.

Source: HaveIBeenPwnedLatestBreaches

February 6th, 2025 (2 months ago)

Trump Hotels Allegedly Breached, 164,900 Records Leaked Online

Description: A threat actor known as FutureSeeker has leaked a database allegedly stolen from Trump Hotels, exposing the personal details of over 164,900 individuals. The dataset, allegedly sourced from Trump Hotels' invitations list, was posted on BreachForums yesterday. The leaked records include full names, email addresses, invitation statuses, and timestamps, raising concerns about potential phishing attacks … The post Trump Hotels Allegedly Breached, 164,900 Records Leaked Online appeared first on CyberInsider.

Source: CyberInsider

February 5th, 2025 (2 months ago)

CVE-2025-24860

Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions

Description: Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control language (DCL) statements on affected versions. This issue affects Apache Cassandra: from 4.0.0 through 4.0.15 and from 4.1.0 through 4.1.7 for CassandraNetworkAuthorizer, and from 5.0.0 through 5.0.2 for both CassandraNetworkAuthorizer and CassandraCIDRAuthorizer. Operators using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer on affected versions should review data access rules for potential breaches. Users are recommended to upgrade to versions 4.0.16, 4.1.8, 5.0.3, which fixes the issue.

EPSS Score: 0.04%

Source: CVE

February 5th, 2025 (2 months ago)

CVE-2025-23015

Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions

Description: Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches. This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2. Users are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue.

EPSS Score: 0.04%

Source: CVE

February 5th, 2025 (2 months ago)

A Threat Actor Claims to have Leaked a 2023 Breach of BodyWeb

Description: A Threat Actor Claims to have Leaked a 2023 Breach of BodyWeb

Source: DarkWebInformer