CyberAlerts

CVE-2024-12650

Description: An attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. This could lead to a crash of the application but it does not affected other applications.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE

March 5th, 2025 (4 months ago)

CVE-2024-12281

Homey <= 2.4.2 - Unauthenticated Privilege Escalation in homey_save_profile

Description: The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.2. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the Editor or Shop Manager role.

CVSS: CRITICAL (9.8)

EPSS Score: 0.06%

Source: CVE

March 5th, 2025 (4 months ago)

CVE-2024-11951

Homey Login Register <= 2.4.0 - Unauthenticated Privilege Escalation in homey_register

Description: The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.0. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.

CVSS: CRITICAL (9.8)

EPSS Score: 0.06%

Source: CVE

March 5th, 2025 (4 months ago)

CVE-2024-11153

Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More <= 2.5.0 - Unauthenticated Content Re...

Description: The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE

March 5th, 2025 (4 months ago)

Identity: The New Cybersecurity Battleground

Description: The rapid adoption of cloud services, SaaS applications, and the shift to remote work have fundamentally reshaped how enterprises operate. These technological advances have created a world of opportunity but also brought about complexities that pose significant security threats. At the core of these vulnerabilities lies Identity—the gateway to enterprise security and the number one attack vector

Source: TheHackerNews

March 5th, 2025 (4 months ago)

Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants

Description: The threat actor known as Lotus Panda has been observed targeting government, manufacturing, telecommunications, and media sectors in the Philippines, Vietnam, Hong Kong, and Taiwan with updated versions of a known backdoor called Sagerunex. "Lotus Blossom has been using the Sagerunex backdoor since at least 2016 and is increasingly employing long-term persistence command shells and developing

Source: TheHackerNews

March 5th, 2025 (4 months ago)

Leeds United kick card swipers into Row Z after 5-day cyberattack

Source: TheRegister

March 5th, 2025 (4 months ago)

Beneath the Surface: Detecting and Blocking Hidden Malicious Traffic Distribution Systems

Description: A topological analysis and case studies add nuance to a study of malicious traffic distribution systems. We compare their use by attackers to benign systems. The post Beneath the Surface: Detecting and Blocking Hidden Malicious Traffic Distribution Systems appeared first on Unit 42.

Source: Palo Alto Unit42

March 5th, 2025 (4 months ago)

EFF Launches Rayhunter Open-Source Tool to Detect Cellular Spying

Description: The Electronic Frontier Foundation (EFF) has unveiled Rayhunter, a new open-source tool designed to detect cell-site simulators (CSS) — surveillance devices commonly used by law enforcement and other entities to track mobile users. The tool runs on an inexpensive Orbic RC400L mobile hotspot, making it an accessible solution for activists, journalists, and researchers looking to … The post EFF Launches Rayhunter Open-Source Tool to Detect Cellular Spying appeared first on CyberInsider.

Source: CyberInsider

March 5th, 2025 (4 months ago)

CVE-2025-25015

Kibana arbitrary code execution via prototype pollution

Description: Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by users with the Viewer role. In Kibana versions 8.17.1 and 8.17.2 , this is only exploitable by users that have roles that contain all the following privileges: fleet-all, integrations-all, actions:execute-advanced-connectors

CVSS: CRITICAL (9.9)

EPSS Score: 0.21%

Source: CVE

March 5th, 2025 (4 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-12650	Wago: Vulnerability in libwagosnmp Description: An attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. This could lead to a crash of the application but it does not affected other applications. CVSS: MEDIUM (5.4) EPSS Score: 0.04% Source: CVE March 5th, 2025 (4 months ago)
CVE-2024-12281	Homey <= 2.4.2 - Unauthenticated Privilege Escalation in homey_save_profile Description: The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.2. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the Editor or Shop Manager role. CVSS: CRITICAL (9.8) EPSS Score: 0.06% Source: CVE March 5th, 2025 (4 months ago)
CVE-2024-11951	Homey Login Register <= 2.4.0 - Unauthenticated Privilege Escalation in homey_register Description: The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.0. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role. CVSS: CRITICAL (9.8) EPSS Score: 0.06% Source: CVE March 5th, 2025 (4 months ago)
CVE-2024-11153	Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More <= 2.5.0 - Unauthenticated Content Re... Description: The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users. CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: CVE March 5th, 2025 (4 months ago)
	Identity: The New Cybersecurity Battleground Description: The rapid adoption of cloud services, SaaS applications, and the shift to remote work have fundamentally reshaped how enterprises operate. These technological advances have created a world of opportunity but also brought about complexities that pose significant security threats. At the core of these vulnerabilities lies Identity—the gateway to enterprise security and the number one attack vector Source: TheHackerNews March 5th, 2025 (4 months ago)
	Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants Description: The threat actor known as Lotus Panda has been observed targeting government, manufacturing, telecommunications, and media sectors in the Philippines, Vietnam, Hong Kong, and Taiwan with updated versions of a known backdoor called Sagerunex. "Lotus Blossom has been using the Sagerunex backdoor since at least 2016 and is increasingly employing long-term persistence command shells and developing Source: TheHackerNews March 5th, 2025 (4 months ago)
	Leeds United kick card swipers into Row Z after 5-day cyberattack Source: TheRegister March 5th, 2025 (4 months ago)
	Beneath the Surface: Detecting and Blocking Hidden Malicious Traffic Distribution Systems Description: A topological analysis and case studies add nuance to a study of malicious traffic distribution systems. We compare their use by attackers to benign systems. The post Beneath the Surface: Detecting and Blocking Hidden Malicious Traffic Distribution Systems appeared first on Unit 42. Source: Palo Alto Unit42 March 5th, 2025 (4 months ago)
	EFF Launches Rayhunter Open-Source Tool to Detect Cellular Spying Description: The Electronic Frontier Foundation (EFF) has unveiled Rayhunter, a new open-source tool designed to detect cell-site simulators (CSS) — surveillance devices commonly used by law enforcement and other entities to track mobile users. The tool runs on an inexpensive Orbic RC400L mobile hotspot, making it an accessible solution for activists, journalists, and researchers looking to … The post EFF Launches Rayhunter Open-Source Tool to Detect Cellular Spying appeared first on CyberInsider. Source: CyberInsider March 5th, 2025 (4 months ago)
CVE-2025-25015	Kibana arbitrary code execution via prototype pollution Description: Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by users with the Viewer role. In Kibana versions 8.17.1 and 8.17.2 , this is only exploitable by users that have roles that contain all the following privileges: fleet-all, integrations-all, actions:execute-advanced-connectors CVSS: CRITICAL (9.9) EPSS Score: 0.21% Source: CVE March 5th, 2025 (4 months ago)