CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-21589 |
Description: Juniper Networks has released security updates to address a critical security flaw impacting Session Smart Router, Session Smart Conductor, and WAN Assurance Router products that could be exploited to hijack control of susceptible devices.
Tracked as CVE-2025-21589, the vulnerability carries a CVSS v3.1 score of 9.8 and a CVS v4 score of 9.3.
"An Authentication Bypass Using an Alternate Path or
February 18th, 2025 (5 months ago)
|
|
Description: The China-linked threat actor known as Winnti has been attributed to a new campaign dubbed RevivalStone that targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024.
The activity, detailed by Japanese cybersecurity company LAC, overlaps with a threat cluster tracked by Trend Micro as Earth Freybug, which has been assessed to be a subset within the APT41
February 18th, 2025 (5 months ago)
|
|
|
Description: Is AI really reshaping the cyber threat landscape, or is the constant drumbeat of hype drowning out actual, more tangible, real-world dangers? According to Picus Labs’ Red Report 2025 which analyzed over one million malware samples, there's been no significant surge, so far, in AI-driven attacks. Yes, adversaries are definitely continuing to innovate, and while AI will certainly start playing a
February 18th, 2025 (5 months ago)
|
|
CVE-2025-26465 |
Description: The Qualys Threat Research Unit (TRU) has disclosed two critical vulnerabilities in OpenSSH—CVE-2025-26465 and CVE-2025-26466 — affecting both the client and server components. The first allows machine-in-the-middle (MitM) attacks against the OpenSSH client when the VerifyHostKeyDNS option is enabled. The second enables an asymmetric denial-of-service (DoS) attack that consumes both memory and CPU, affecting both …
The post OpenSSH Vulnerabilities Exposed Millions to Multi-Year Risks appeared first on CyberInsider.
EPSS Score: 11.5%
February 18th, 2025 (5 months ago)
|
|
|
Description: Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol (LDAP) and SMB/FTP services.
"This pass-back style attack leverages a vulnerability that allows a malicious actor to alter the MFP's configuration and cause the MFP
February 18th, 2025 (5 months ago)
|
|
|
Description: Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to stay under the radar.
MageCart is the name given to a malware that's capable of stealing sensitive payment information from online shopping sites. The attacks are known to
February 18th, 2025 (5 months ago)
|
|
|
February 18th, 2025 (5 months ago)
|
|
|
Description: Posted by Gynvael Coldwind on Feb 17Hi,
This isn't really a problem a vendor can solve in firmware (apart from
offering configuration via cloud, which has its own issues).
Even if they would enable TLS/SSL by default, it would just give one a
false sense of security, since:
- the certificates would be invalid (public CAs don't give out certs for IP
addresses),
- they would be easy to clone (due to being self-signed and/or being easy
to extract from a similar device),
-...
February 18th, 2025 (5 months ago)
|
|
CVE-2025-26778 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Gallery allows Stored XSS. This issue affects Gallery: from n/a through 2.2.1.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
February 18th, 2025 (5 months ago)
|
|
CVE-2025-26775 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 BEAR allows Stored XSS. This issue affects BEAR: from n/a through 1.1.4.4.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
February 18th, 2025 (5 months ago)
|