CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Changing the narrative on pig butchering scams
Description: Hazel discusses Interpol’s push to rename pig butchering scams as ‘romance baiting’. Plus, catch up on the latest vulnerability research from Talos, and why a recent discovery is a “rare industry win”.
Source: Cisco Talos Blog
February 13th, 2025 (5 months ago)
More victims of China's Salt Typhoon crew emerge – Telcos, unis hit via Cisco bugs
Source: TheRegister
February 13th, 2025 (5 months ago)

CVE-2024-57727
SimpleHelp Path Traversal Vulnerability
Description: SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files may include server configuration files and hashed user passwords.

EPSS Score: 0.47%

Source: CISA KEV
February 13th, 2025 (5 months ago)
Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster
Description: The Dutch Police (Politie) dismantled the ZServers/XHost bulletproof hosting operation after taking offline 127 servers used by the illegal platform. [...]
Source: BleepingComputer
February 13th, 2025 (5 months ago)
[com.instaclustr:cassandra-lucene-index-plugin] Instaclustr Cassandra-Lucene-Index allows bypass of Cassandra RBAC
Description: Summary / Details Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.0-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible to a vulnerability which when successfully exploited could allow authenticated Cassandra users to remotely bypass RBAC to access data and and escalate their privileges. Affected Versions - Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 - versions 4.1.0-1.0.0 through 4.1.8-1.0.0 when installed into Apache Cassandra version 4.x. Required Configuration for Exploit These are the conditions required to enable exploit: Cassandra 4.x Vulnerable version of the Cassandra-Lucene-Index plugin configured for use Data added to tables Lucene index created Cassandra flush has run Mitigation/Prevention Mitigation requires dropping all Lucene indexes and stopping use of the plugin. Exploit will be possible any time the required conditions are met. Solution Upgrade to a fixed version of the Cassandra-Lucene-Index plugin.Review users in Cassandra to validate all superuser privileges. References https://github.com/instaclustr/cassandra-lucene-index/security/advisories/GHSA-mrqp-q7vx-v2cx https://github.com/instaclustr/cassandra-lucene-index/commit/94380b165bd3e597d3e22e47f8cc674ec7c7bf7f https://github.com/advisories/GHSA-mrqp-q7vx-v2cx
Source: Github Advisory Database (Maven)
February 13th, 2025 (5 months ago)

CVE-2024-46910
[org.apache.atlas:apache-atlas] Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user
Description: An authenticated user can perform XSS and potentially impersonate another user. This issue affects Apache Atlas versions 2.3.0 and earlier. Users are recommended to upgrade to version 2.4.0, which fixes the issue. References https://nvd.nist.gov/vuln/detail/CVE-2024-46910 https://lists.apache.org/thread/sqzp34l4cdk21zoq5g31qlsvr7jvb1fy http://www.openwall.com/lists/oss-security/2025/02/12/2 https://github.com/advisories/GHSA-x3v6-f5fr-4wwv

EPSS Score: 0.04%

Source: Github Advisory Database (Maven)
February 13th, 2025 (5 months ago)

CVE-2025-1247
[io.quarkus:quarkus-rest] Quarkus REST Endpoint Request Parameter Leakage Due to Shared Instance
Description: A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information. References https://nvd.nist.gov/vuln/detail/CVE-2025-1247 https://access.redhat.com/security/cve/CVE-2025-1247 https://bugzilla.redhat.com/show_bug.cgi?id=2345172 https://github.com/quarkusio/quarkus/issues/45789 https://github.com/quarkusio/quarkus/commit/02ff9ed45c3928edf2a0f8b906543606fed7cd53 https://github.com/advisories/GHSA-phg3-gv66-q38x

CVSS: HIGH (8.3)

EPSS Score: 0.05%

Source: Github Advisory Database (Maven)
February 13th, 2025 (5 months ago)

CVE-2025-1247
[io.quarkus:quarkus-rest-deployment] Quarkus REST Endpoint Request Parameter Leakage Due to Shared Instance
Description: A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information. References https://nvd.nist.gov/vuln/detail/CVE-2025-1247 https://access.redhat.com/security/cve/CVE-2025-1247 https://bugzilla.redhat.com/show_bug.cgi?id=2345172 https://github.com/quarkusio/quarkus/issues/45789 https://github.com/quarkusio/quarkus/commit/02ff9ed45c3928edf2a0f8b906543606fed7cd53 https://github.com/advisories/GHSA-phg3-gv66-q38x

CVSS: HIGH (8.3)

EPSS Score: 0.05%

Source: Github Advisory Database (Maven)
February 13th, 2025 (5 months ago)
Hacker leaks account data of 12 million Zacks Investment users
Description: Zacks Investment Research (Zacks) last year reportedly suffered another data breach that exposed sensitive information related to roughly 12 million accounts. [...]
Source: BleepingComputer
February 13th, 2025 (5 months ago)
Lawyers Caught Citing AI-Hallucinated Cases Call It a 'Cautionary Tale'
Description: The attorneys filed court documents referencing eight non-existent cases, then admitted it was a "hallucination" by an AI tool.
Source: 404 Media
February 13th, 2025 (5 months ago)