CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Valve has officially released the Team Fortress 2 (TF2) Software Development Kit (SDK), giving modders full access to the game’s client and server code. This update allows for extensive modifications, from small gameplay tweaks to full-fledged standalone games built on TF2’s framework. Additionally, Valve has rolled out major updates for its Source engine multiplayer games, …
The post Valve Releases Team Fortress 2 SDK Unlocking Full Modding appeared first on CyberInsider.
February 19th, 2025 (5 months ago)
|
|
|
Description: The authentication bypass vulnerability in the OS for the company's firewall devices is under increasing attack and being chained with other bugs, making it imperative for organizations to mitigate the issue ASAP.
February 19th, 2025 (5 months ago)
|
|
|
Description: In Loving Memory of Humane AI Pin (April 2024-Feb 2025).
February 19th, 2025 (5 months ago)
|
|
|
Description: A Threat Actor Claims to have Leaked The Unified State Register of Real Estate of the Russian Federation
February 19th, 2025 (5 months ago)
|
CVE-2025-20153 |
Description:
A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device.
This vulnerability is due to improper handling of email that passes through an affected device. An attacker could exploit this vulnerability by sending a crafted email through the affected device. A successful exploit could allow the attacker to bypass email filters on the affected device.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-mailpol-bypass-5nVcJZMw
Security Impact Rating: Medium
CVE: CVE-2025-20153
EPSS Score: 0.03%
February 19th, 2025 (5 months ago)
|
|
CVE-2025-20211 |
Description:
A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-xss-GDPgJ58P
Security Impact Rating: Medium
CVE: CVE-2025-20211
CVSS: MEDIUM (6.1) EPSS Score: 0.05%
February 19th, 2025 (5 months ago)
|
|
CVE-2025-20158 |
Description:
A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials with SSH access on the affected device. SSH access is disabled by default.
This vulnerability is due to insufficient validation of user-supplied input by the debug shell of an affected device. An attacker could exploit this vulnerability by sending a crafted SSH client command to the CLI. A successful exploit could allow the attacker to access sensitive information on the underlying operating system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-info-disc-YyxsWStK
Security Impact Rating: Medium
CVE: CVE-2025-20158
CVSS: MEDIUM (4.4) EPSS Score: 0.02%
February 19th, 2025 (5 months ago)
|
|
|
Description: Security researchers at Proofpoint have identified FrigidStealer, a newly discovered MacOS information stealer being distributed through fake browser update scams. The malware is part of a growing trend in web inject attacks, where cybercriminals compromise legitimate websites to serve malicious scripts. The threat actor TA2727 has been observed delivering FrigidStealer alongside malware for Windows and …
The post New macOS Malware FrigidStealer Spreads via Fake Updates appeared first on CyberInsider.
February 19th, 2025 (5 months ago)
|
|
|
Description: For years, defensive security strategies have focused on three core areas: network, endpoint, and email. Meanwhile, the browser, sits across all of them. This article examines three key areas where attackers focus their efforts and how browser-based attacks are evolving. [...]
February 19th, 2025 (5 months ago)
|
|
CVE-2025-0108 |
Description: Palo Alto Networks warns that hackers are actively exploiting a critical authentication bypass flaw (CVE-2025-0108) in PAN-OS firewalls, chaining it with two other vulnerabilities to breach devices in active attacks. [...]
CVSS: HIGH (8.8) EPSS Score: 96.76%
February 19th, 2025 (5 months ago)
|