CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

Description: Valve has officially released the Team Fortress 2 (TF2) Software Development Kit (SDK), giving modders full access to the game’s client and server code. This update allows for extensive modifications, from small gameplay tweaks to full-fledged standalone games built on TF2’s framework. Additionally, Valve has rolled out major updates for its Source engine multiplayer games, … The post Valve Releases Team Fortress 2 SDK Unlocking Full Modding appeared first on CyberInsider.
Source: CyberInsider
February 19th, 2025 (5 months ago)
Description: The authentication bypass vulnerability in the OS for the company's firewall devices is under increasing attack and being chained with other bugs, making it imperative for organizations to mitigate the issue ASAP.
Source: Dark Reading
February 19th, 2025 (5 months ago)
Description: In Loving Memory of Humane AI Pin (April 2024-Feb 2025).
Source: 404 Media
February 19th, 2025 (5 months ago)
Description: A Threat Actor Claims to have Leaked The Unified State Register of Real Estate of the Russian Federation
Source: DarkWebInformer
February 19th, 2025 (5 months ago)

CVE-2025-20153

Description: A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device.   This vulnerability is due to improper handling of email that passes through an affected device. An attacker could exploit this vulnerability by sending a crafted email through the affected device. A successful exploit could allow the attacker to bypass email filters on the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-mailpol-bypass-5nVcJZMw Security Impact Rating: Medium CVE: CVE-2025-20153

EPSS Score: 0.03%

Source: Cisco Security Advisory
February 19th, 2025 (5 months ago)

CVE-2025-20211

Description: A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-xss-GDPgJ58P Security Impact Rating: Medium CVE: CVE-2025-20211

CVSS: MEDIUM (6.1)

EPSS Score: 0.05%

Source: Cisco Security Advisory
February 19th, 2025 (5 months ago)

CVE-2025-20158

Description: A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials with SSH access on the affected device. SSH access is disabled by default. This vulnerability is due to insufficient validation of user-supplied input by the debug shell of an affected device. An attacker could exploit this vulnerability by sending a crafted SSH client command to the CLI. A successful exploit could allow the attacker to access sensitive information on the underlying operating system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-info-disc-YyxsWStK Security Impact Rating: Medium CVE: CVE-2025-20158

CVSS: MEDIUM (4.4)

EPSS Score: 0.02%

Source: Cisco Security Advisory
February 19th, 2025 (5 months ago)
Description: Security researchers at Proofpoint have identified FrigidStealer, a newly discovered MacOS information stealer being distributed through fake browser update scams. The malware is part of a growing trend in web inject attacks, where cybercriminals compromise legitimate websites to serve malicious scripts. The threat actor TA2727 has been observed delivering FrigidStealer alongside malware for Windows and … The post New macOS Malware FrigidStealer Spreads via Fake Updates appeared first on CyberInsider.
Source: CyberInsider
February 19th, 2025 (5 months ago)
Description: For years, defensive security strategies have focused on three core areas: network, endpoint, and email. Meanwhile, the browser, sits across all of them. This article examines three key areas where attackers focus their efforts and how browser-based attacks are evolving. [...]
Source: BleepingComputer
February 19th, 2025 (5 months ago)

CVE-2025-0108

Description: Palo Alto Networks warns that hackers are actively exploiting a critical authentication bypass flaw (CVE-2025-0108) in PAN-OS firewalls, chaining it with two other vulnerabilities to breach devices in active attacks. [...]

CVSS: HIGH (8.8)

EPSS Score: 96.76%

Source: BleepingComputer
February 19th, 2025 (5 months ago)