CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Stateside Has Been Claimed a Victim to INC RANSOM Ransomware
Description: Stateside Has Been Claimed a Victim to INC RANSOM Ransomware
Source: DarkWebInformer
February 21st, 2025 (5 months ago)
Data Leak Exposes TopSec's Role in China’s Censorship-as-a-Service Operations
Description: An analysis of a data leak from a Chinese cybersecurity company TopSec has revealed that it likely offers censorship-as-a-service solutions to prospective customers, including a state-owned enterprise in the country. Founded in 1995, TopSec ostensibly offers services such as Endpoint Detection and Response (EDR) and vulnerability scanning. But it's also providing "boutique" solutions in order
Source: TheHackerNews
February 21st, 2025 (5 months ago)
Apple Drops iCloud's Advanced Data Protection in the U.K. Amid Encryption Backdoor Demands
Description: Apple is removing its Advanced Data Protection (ADP) feature for iCloud from the United Kingdom with immediate effect following government demands for backdoor access to encrypted user data. The development was first reported by Bloomberg. ADP for iCloud is an optional setting that ensures that users' trusted devices retain sole access to the encryption keys used to unlock data stored in its
Source: TheHackerNews
February 21st, 2025 (5 months ago)
Behind the Blog: Chatbots as Gospel, Books and Birds
Description: This week, we discuss the new Murderbot show, ChatGPT for journalism, and birdwatching from afar.
Source: 404 Media
February 21st, 2025 (5 months ago)
Nations Open 'Data Embassies' to Protect Critical Info
Description: Estonia and Monaco back up their citizens' information to a data center in Luxembourg, while Singapore looks to India as its safe haven for data. But geopolitical challenges remain.
Source: Dark Reading
February 21st, 2025 (5 months ago)
RipperSec Targeted the Website of ClearOn
Description: RipperSec Targeted the Website of ClearOn
Source: DarkWebInformer
February 21st, 2025 (5 months ago)
Hacker steals over $1.46 billion of crypto from Bybit ETH cold wallet
Description: Cryptocurrency exchange Bybit revealed today that an unknown attacker stole over $1.46 billion worth of cryptocurrency from one of its ETH cold wallets. [...]
Source: BleepingComputer
February 21st, 2025 (5 months ago)

CVE-2025-24989
CISA Adds One Known Exploited Vulnerability to Catalog
Description: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-24989 Microsoft Power Pages Improper Access Control Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CVSS: HIGH (8.2)

EPSS Score: 25.72%

Source: All CISA Advisories
February 21st, 2025 (5 months ago)

CVE-2025-1544
dingfanzu CMS loadShopInfo.php sql injection
Description: A vulnerability, which was classified as critical, was found in dingfanzu CMS up to 20250210. Affected is an unknown function of the file /ajax/loadShopInfo.php. The manipulation of the argument shopId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine Schwachstelle in dingfanzu CMS bis 20250210 gefunden. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /ajax/loadShopInfo.php. Durch das Manipulieren des Arguments shopId mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.3)

EPSS Score: 0.03%

Source: CVE
February 21st, 2025 (5 months ago)

CVE-2025-1543
iteachyou Dreamer CMS ueditor-1.4.3.3 path traversal
Description: A vulnerability, which was classified as problematic, has been found in iteachyou Dreamer CMS 4.1.3. This issue affects some unknown processing of the file /resource/js/ueditor-1.4.3.3. The manipulation leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Eine Schwachstelle wurde in iteachyou Dreamer CMS 4.1.3 entdeckt. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /resource/js/ueditor-1.4.3.3. Mittels Manipulieren mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 0.05%

Source: CVE
February 21st, 2025 (5 months ago)