CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
MacOS 26 ‘Tahoe’ Is the End of the Road for Intel-based Apple Computers
Description: Apple has officially announced that macOS 26 “Tahoe” will be the final version of its desktop operating system to support Intel-based Macs, effectively drawing the curtain on the architecture that powered Macs for nearly two decades. The news came not during the widely viewed WWDC keynote but rather in a quieter moment of the Platforms … The post MacOS 26 ‘Tahoe’ Is the End of the Road for Intel-based Apple Computers appeared first on CyberInsider.
Source: CyberInsider
June 10th, 2025 (12 days ago)
Apple tries to contain itself with lightweight Linux VMs for macOS
Source: TheRegister
June 10th, 2025 (12 days ago)
Peep show: 40K IoT cameras worldwide stream secrets to anyone with a browser
Source: TheRegister
June 10th, 2025 (12 days ago)
M&S online ordering system operational 46 days after cyber shutdown
Source: TheRegister
June 10th, 2025 (12 days ago)
Cloud brute-force attack cracks Google users' phone numbers in minutes
Source: TheRegister
June 10th, 2025 (12 days ago)

CVE-2025-32433
CISA Adds Erlang SSH and Roundcube Flaws to Known Exploited Vulnerabilities Catalog
🚨 Marked as known exploited on June 10th, 2025 (12 days ago).
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two critical security flaws impacting Erlang/Open Telecom Platform (OTP) SSH and Roundcube to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-32433 (CVSS score: 10.0) - A missing authentication for a critical

CVSS: CRITICAL (10.0)

Source: TheHackerNews
June 10th, 2025 (12 days ago)
🏴‍☠️ Bert has just published a new victim : S5 Agency World
Description: S5 Agency World is a global port agency operating in over 360 ports, specializing in vessel and cargo services.
Source: Ransomware.live
June 10th, 2025 (12 days ago)

CVE-2025-5952
Zend.To NSSDropoff.php exec os command injection
Description: A vulnerability, which was classified as critical, has been found in Zend.To up to 6.10-6 Beta. This issue affects the function exec of the file NSSDropoff.php. The manipulation of the argument file_1 leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 6.10-7 is able to address this issue. It is recommended to upgrade the affected component. This affects a rather old version of the software. The vendor recommends updating to the latest release. Eine Schwachstelle wurde in Zend.To bis 6.10-6 Beta entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion exec der Datei NSSDropoff.php. Mittels dem Manipulieren des Arguments file_1 mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 6.10-7 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.

CVSS: MEDIUM (6.9)

EPSS Score: 2.14%

Source: CVE
June 10th, 2025 (12 days ago)

CVE-2025-5935
Open5GS AMF/MME emm-sm.c common_register_state denial of service
Description: A vulnerability was found in Open5GS up to 2.7.3. It has been declared as problematic. Affected by this vulnerability is the function common_register_state of the file src/mme/emm-sm.c of the component AMF/MME. The manipulation of the argument ran_ue_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 62cb99755243c9c38e4c060c5d8d0e158fe8cdd5. It is recommended to apply a patch to fix this issue. In Open5GS bis 2.7.3 wurde eine problematische Schwachstelle ausgemacht. Dabei geht es um die Funktion common_register_state der Datei src/mme/emm-sm.c der Komponente AMF/MME. Mittels Manipulieren des Arguments ran_ue_id mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. Der Patch wird als 62cb99755243c9c38e4c060c5d8d0e158fe8cdd5 bezeichnet. Als bestmögliche Massnahme wird Patching empfohlen.

CVSS: MEDIUM (6.9)

EPSS Score: 0.08%

Source: CVE
June 10th, 2025 (12 days ago)

CVE-2025-3076
Elementor Pro <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description: The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_text’ parameter in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.03%

Source: CVE
June 10th, 2025 (12 days ago)