CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
PowerSchool previously hacked in August, months before data breach
Description: PowerSchool has published a long-awaited CrowdStrike investigation into its massive December 2024 data breach, which determined that the company was previously hacked over 4 months earlier, in August, and then again in September. [...]
Source: BleepingComputer
March 11th, 2025 (4 months ago)

CVE-2025-2191
Claro A7600-A1 Ping6 Diagnóstico form2pingv6.cgi cross site scripting
Description: A vulnerability, which was classified as problematic, has been found in Claro A7600-A1 RNR4-A72T-2x16_v2110403_CLA_32_160817. Affected by this issue is some unknown functionality of the file /form2pingv6.cgi of the component Ping6 Diagnóstico. The manipulation of the argument ip6addr with the input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Eine problematische Schwachstelle wurde in Claro A7600-A1 RNR4-A72T-2x16_v2110403_CLA_32_160817 entdeckt. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /form2pingv6.cgi der Komponente Ping6 Diagnóstico. Mittels dem Manipulieren des Arguments ip6addr mit der Eingabe mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (4.8)

EPSS Score: 0.03%

Source: CVE
March 11th, 2025 (4 months ago)
Democratizing Security to Improve Security Posture
Description: Analysts weigh in on how democratizing cybersecurity could benefit organizations, particularly SMBs, as threats increase across the landscape.
Source: Dark Reading
March 11th, 2025 (4 months ago)
CISA tags critical Ivanti EPM flaws as actively exploited in attacks
🚨 Marked as known exploited on April 10th, 2025 (3 months ago).
Description: CISA warned U.S. federal agencies to secure their networks against attacks exploiting three critical vulnerabilities affecting Ivanti Endpoint Manager (EPM) appliances. [...]
Source: BleepingComputer
March 11th, 2025 (4 months ago)
Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Infects Over 6,000 Devices
Description: Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. "The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to spread itself automatically over the Internet," security researchers Ofek Vardi and Matan Mittelman said in a technical report shared with

CVSS: HIGH (8.8)

Source: TheHackerNews
March 11th, 2025 (4 months ago)
Here is NASA’s Contract with Clearview AI
Description: The oversight and investigative body of NASA spent $16,000 on the technology, 404 Media previously reported.
Source: 404 Media
March 11th, 2025 (4 months ago)

CVE-2025-2189
Information Disclosure Vulnerability in Tinxy Smart Devices
Description: This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext credentials stored on the vulnerable device.

CVSS: MEDIUM (5.1)

EPSS Score: 0.01%

Source: CVE
March 11th, 2025 (4 months ago)
Username Disclosure
Description: Web App Scanning Plugin ID 114615 with Low Severity Synopsis Username Disclosure Description Web Applications can sometimes expose web applications users in various places such as HTML comments, JavaScript code or API requests. By leveraging this information, an attacker can gather information and build further attacks against the target application. Solution Avoid disclosing usernames in your application content. Read more at https://www.tenable.com/plugins/was/114615
Source: Tenable Plugins
March 11th, 2025 (4 months ago)
GitLab Public Sign-Up Detected
Description: Web App Scanning Plugin ID 114616 with Info Severity Synopsis GitLab Public Sign-Up Detected Description This is an informational notice that the scanner was able to detect a GitLab public sign-up page on the target instance. Solution Ensure that the target instance properly enforce sign-up restrictions such as administrator approval and/or email domains allowlisting depending on the business needs. Read more at https://www.tenable.com/plugins/was/114616
Source: Tenable Plugins
March 11th, 2025 (4 months ago)
GitLab Public Projects Detected
Description: Web App Scanning Plugin ID 114617 with Info Severity Synopsis GitLab Public Projects Detected Description This is an informational notice that the scanner was able to detect public projects on the target GitLab instance. Solution Ensure that the public permissions applied on the detected project are expected. Read more at https://www.tenable.com/plugins/was/114617
Source: Tenable Plugins
March 11th, 2025 (4 months ago)