CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description:
Web App Scanning Plugin ID 114596 with Medium Severity
Synopsis
Atlassian Jira UserPickerBrowser Information Disclosure
Description
Atlassian Jira misconfiguration can allow a remote and unauthenticated attacker to perform user enumeration against the vulnerable target instance.
Solution
Restrict unauthenticated access to the '/secure/popups/UserPickerBrowser.jsp' endpoint.
Read more at https://www.tenable.com/plugins/was/114596
February 12th, 2025 (5 months ago)
|
|
|
Description:
Web App Scanning Plugin ID 114597 with Info Severity
Synopsis
Atlassian Confluence Public Space Detected
Description
Atlassian Confluence uses spaces to organize content into meaningful categories. Every space has its own set of permissions to control access to its content. By setting a space public, an administrator can make its content available to anyone inside or outside the organization.
Solution
Review the public spaces available and ensure that the anonymous access is expected.
Read more at https://www.tenable.com/plugins/was/114597
February 12th, 2025 (5 months ago)
|
|
|
Description: Taiwan-based printed circuit board (PCB) manufacturer Unimicron Technology Corp. has reportedly suffered a ransomware attack, with cybercriminal group Sarcoma claiming responsibility for the breach. While the company has yet to confirm a data leak, the threat actors have published samples of allegedly stolen documents on their extortion portal, suggesting a compromise of sensitive corporate data. …
The post Taiwanese PCB Giant Unimicron Breached by Sarcoma Ransomware appeared first on CyberInsider.
February 12th, 2025 (5 months ago)
|
|
|
Description: Microsoft on Tuesday released fixes for 63 security flaws impacting its software products, including two vulnerabilities that it said has come under active exploitation in the wild.
Of the 63 vulnerabilities, three are rated Critical, 57 are rated Important, one is rated Moderate, and two are rated Low in severity. This is aside from the 23 flaws Microsoft addressed in its Chromium-based Edge
February 12th, 2025 (5 months ago)
|
CVE-2024-38657 |
Description: Ivanti has released security updates to address multiple security flaws impacting Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA) that could be exploited to achieve arbitrary code execution.
The list of vulnerabilities is below -
CVE-2024-38657 (CVSS score: 9.1) - External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy
EPSS Score: 0.15%
February 12th, 2025 (5 months ago)
|
|
|
Description: More than half of attacks on Indian businesses come from outside the country, while 45% of those targeting consumers come from Cambodia, Myanmar, and Laos.
February 12th, 2025 (5 months ago)
|
|
|
Description: acmailer provided by Extra Innovation Inc. contains a cross-site scripting vulnerability.
February 12th, 2025 (5 months ago)
|
|
|
Description: Prepare your business for potential geopolitical disruptions from a Taiwan invasion. Assess evolving risks, global economic impacts, and strategic measures to safeguard supply chains and critical operations in Asia.
February 12th, 2025 (5 months ago)
|
|
|
Description: In a letter to a US senator, a Florida-based data broker says it obtained sensitive data on US military members from a Lithuanian company, revealing the global nature of commercial online ad surveillance.
February 12th, 2025 (5 months ago)
|
|
|
Description: Multiple network devices provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities.
February 12th, 2025 (5 months ago)
|