CyberAlerts

Configuring Microsoft Outlook 365's 'Report Phishing' add-in

Description: How to report emails to the NCSC's Suspicious Email Reporting Service (SERS) using the 'Report Phishing' add-in for Microsoft Outlook 365.

Source: NCSC Alerts and Advisories

March 12th, 2025 (4 months ago)

Cyber insurance guidance

Description: Cyber security considerations for organisations thinking about taking out cyber insurance.

Source: NCSC Alerts and Advisories

March 12th, 2025 (4 months ago)

Cyber security for construction businesses

Description: Guidance to help the construction industry improve the security and resilience of their business against cyber threats.

Source: NCSC Alerts and Advisories

March 12th, 2025 (4 months ago)

CVE-2024-58087

ksmbd: fix racy issue from session lookup and expire

Description: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count within the lock for lookup to avoid racy issue with session expire.

EPSS Score: 0.1%

Source: CVE

March 12th, 2025 (4 months ago)

CVE-2024-13838

Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.2 - Authenticated (Admin+) Server-Side Request Forgery vi...

Description: The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.2 via the 'call_webhook' method of the Automator_Send_Webhook class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

CVSS: MEDIUM (5.5)

EPSS Score: 0.03%

Source: CVE

March 12th, 2025 (4 months ago)

CVE-2024-12589

Finale Lite – Sales Countdown Timer & Discount for WooCommerce <= 2.19.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via C...

Description: The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the countdown timer in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.03%

Source: CVE

March 12th, 2025 (4 months ago)

CVE-2024-13498

NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.8.1 - Unauthenticated Sensitive Information Exposure

Description: The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.8.1 via file uploads due to insufficient directory listing prevention and lack of randomization of file names. This makes it possible for unauthenticated attackers to extract sensitive data including files uploaded via a form.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE

March 12th, 2025 (4 months ago)

CVE-2025-24912

hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the...

Description: hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail.

CVSS: LOW (3.7)

EPSS Score: 0.26%

Source: CVE

March 12th, 2025 (4 months ago)

Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks

Description: Apple on Tuesday released a security update to address a zero-day flaw that it said has been exploited in "extremely sophisticated" attacks. The vulnerability has been assigned the CVE identifier CVE-2025-24201 and is rooted in the WebKit web browser engine component. It has been described as an out-of-bounds write issue that could allow an attacker to craft malicious web content such that it

EPSS Score: 0.19%

Source: TheHackerNews

March 12th, 2025 (4 months ago)

CVE-2025-2205

GDPR Cookie Compliance <= 4.15.6 - Authenticated (Admin+) Stored Cross-Site Scripting

Description: The GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice – CCPA, DSGVO, RGPD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.15.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVSS: MEDIUM (4.4)

EPSS Score: 0.03%

Source: CVE

March 12th, 2025 (4 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	Configuring Microsoft Outlook 365's 'Report Phishing' add-in Description: How to report emails to the NCSC's Suspicious Email Reporting Service (SERS) using the 'Report Phishing' add-in for Microsoft Outlook 365. Source: NCSC Alerts and Advisories March 12th, 2025 (4 months ago)
	Cyber insurance guidance Description: Cyber security considerations for organisations thinking about taking out cyber insurance. Source: NCSC Alerts and Advisories March 12th, 2025 (4 months ago)
	Cyber security for construction businesses Description: Guidance to help the construction industry improve the security and resilience of their business against cyber threats. Source: NCSC Alerts and Advisories March 12th, 2025 (4 months ago)
CVE-2024-58087	ksmbd: fix racy issue from session lookup and expire Description: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count within the lock for lookup to avoid racy issue with session expire. EPSS Score: 0.1% Source: CVE March 12th, 2025 (4 months ago)
CVE-2024-13838	Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.2 - Authenticated (Admin+) Server-Side Request Forgery vi... Description: The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.2 via the 'call_webhook' method of the Automator_Send_Webhook class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. CVSS: MEDIUM (5.5) EPSS Score: 0.03% Source: CVE March 12th, 2025 (4 months ago)
CVE-2024-12589	Finale Lite – Sales Countdown Timer & Discount for WooCommerce <= 2.19.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via C... Description: The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the countdown timer in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVSS: MEDIUM (6.4) EPSS Score: 0.03% Source: CVE March 12th, 2025 (4 months ago)
CVE-2024-13498	NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.8.1 - Unauthenticated Sensitive Information Exposure Description: The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.8.1 via file uploads due to insufficient directory listing prevention and lack of randomization of file names. This makes it possible for unauthenticated attackers to extract sensitive data including files uploaded via a form. CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: CVE March 12th, 2025 (4 months ago)
CVE-2025-24912	hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the... Description: hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail. CVSS: LOW (3.7) EPSS Score: 0.26% Source: CVE March 12th, 2025 (4 months ago)
	Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks Description: Apple on Tuesday released a security update to address a zero-day flaw that it said has been exploited in "extremely sophisticated" attacks. The vulnerability has been assigned the CVE identifier CVE-2025-24201 and is rooted in the WebKit web browser engine component. It has been described as an out-of-bounds write issue that could allow an attacker to craft malicious web content such that it EPSS Score: 0.19% Source: TheHackerNews March 12th, 2025 (4 months ago)
CVE-2025-2205	GDPR Cookie Compliance <= 4.15.6 - Authenticated (Admin+) Stored Cross-Site Scripting Description: The GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice – CCPA, DSGVO, RGPD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.15.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. CVSS: MEDIUM (4.4) EPSS Score: 0.03% Source: CVE March 12th, 2025 (4 months ago)