CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
0BITS Claims to have Leaked Data of Islamic State of Iraq and Syris
Description: 0BITS Claims to have Leaked Data of Islamic State of Iraq and Syris
Source: DarkWebInformer
February 26th, 2025 (4 months ago)
Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV)
Source: TheRegister
February 26th, 2025 (4 months ago)
A Threat Actor Claims to be Selling 420 Undercover Agents of ETTELA'AT
Description: A Threat Actor Claims to be Selling 420 Undercover Agents of ETTELA'AT
Source: DarkWebInformer
February 26th, 2025 (4 months ago)
Flock Threatens Open Source Developer Mapping Its Surveillance Cameras
Description: The surveillance camera company Flock sent DeFlock a cease-and-desist. DeFlock is fighting back.
Source: 404 Media
February 26th, 2025 (4 months ago)
Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites
Description: A cross-site scripting (XSS) vulnerability in a virtual tour framework has been weaponized by malicious actors to inject malicious scripts across hundreds of websites with the goal of manipulating search results and fueling a spam ads campaign at scale. Security researcher Oleg Zaytsev, in a report shared with The Hacker News, said the campaign – dubbed 360XSS – affected over 350 websites,
Source: TheHackerNews
February 26th, 2025 (4 months ago)
Name That Toon: Ka-Ching!
Description: Feeling creative? Have something to say about cybersecurity? Submit your caption and our panel of experts will reward the winner with a $25 gift card.
Source: Dark Reading
February 26th, 2025 (4 months ago)
VPN Coalition Objects Sweeping Website Blocking Law in France
Description: The VPN Trust Initiative (VTI) has strongly opposed a legal effort in France that seeks to force VPN providers to block access to piracy-related websites. In an official letter, the coalition argues that this measure not only threatens online privacy but also exposes users to heightened cybersecurity risks. This development follows legal action by French … The post VPN Coalition Objects Sweeping Website Blocking Law in France appeared first on CyberInsider.
Source: CyberInsider
February 26th, 2025 (4 months ago)

CVE-2025-20161
Cisco NX-OS Software Command Injection Vulnerability
Description: A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with valid Administrator credentials to execute a command injection attack on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of specific elements within a software image. An attacker could exploit this vulnerability by installing a crafted image. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.  Note: Administrators should validate the hash of any software image before installation.

CVSS: MEDIUM (5.1)

EPSS Score: 0.23%

Source: CVE
February 26th, 2025 (4 months ago)

CVE-2025-20119
Cisco Application Policy Infrastructure Controller Authenticated Local Denial of Service Vulnerability
Description: A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to a race condition with handling system files. An attacker could exploit this vulnerability by doing specific operations on the file system. A successful exploit could allow the attacker to overwrite system files, which could lead to the device being in an inconsistent state and cause a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CVSS: MEDIUM (6.0)

EPSS Score: 0.03%

Source: CVE
February 26th, 2025 (4 months ago)

CVE-2025-20118
Cisco Application Policy Infrastructure Controller Authenticated Command Injection Due to Sensitive Disclosure Vulnerability
Description: A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient masking of sensitive information that is displayed through system CLI commands. An attacker could exploit this vulnerability by using reconnaissance techniques at the device CLI. A successful exploit could allow the attacker to access sensitive information on an affected device that could be used for additional attacks. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CVSS: MEDIUM (4.4)

EPSS Score: 0.02%

Source: CVE
February 26th, 2025 (4 months ago)