CyberAlerts

CVE-2024-57000

Description: An issue in Anyscale Inc Ray between v.2.9.3 and v.2.40.0 allows a remote attacker to execute arbitrary code via a crafted script. References https://nvd.nist.gov/vuln/detail/CVE-2024-57000 https://github.com/honysyang/Ray.git https://github.com/advisories/GHSA-xg2h-7cxj-3gvh

EPSS Score: 0.04%

Source: Github Advisory Database (PIP)

February 12th, 2025 (5 months ago)

Feds Sanction Russian Hosting Provider for Supporting LockBit Attacks

Description: US, UK, and Australian law enforcement have targeted a company called Zservers (and two of its administrators) for providing bulletproof hosting services to the infamous ransomware gang.

Source: Dark Reading

February 12th, 2025 (5 months ago)

Ransomware isn't always about the money: Government spies have objectives, too

Source: TheRegister

February 12th, 2025 (5 months ago)

Sarcoma ransomware claims breach at giant PCB maker Unimicron

Description: A relatively new ransomware operation named 'Sarcoma' has claimed responsibility for an attack against the Unimicron printed circuit boards (PCB) maker in Taiwan. [...]

Source: BleepingComputer

February 12th, 2025 (5 months ago)

DPRK hackers dupe targets into typing PowerShell commands as admin

Description: North Korean state actor 'Kimsuky' (aka 'Emerald Sleet' or 'Velvet Chollima') has been observed using a new tactic inspired from the now widespread ClickFix campaigns. [...]

Source: BleepingComputer

February 12th, 2025 (5 months ago)

CVE-2025-24434

[magento/community-edition] Improper Authorization vulnerability in Magento and Adobe Commerce

Description: Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. References https://nvd.nist.gov/vuln/detail/CVE-2025-24434 https://helpx.adobe.com/security/products/magento/apsb25-08.html https://github.com/advisories/GHSA-fppq-f2m6-xv5c

CVSS: CRITICAL (9.1)

EPSS Score: 0.05%

Source: Github Advisory Database (Composer)

February 12th, 2025 (5 months ago)

CVE-2025-24434

[magento/project-community-edition] Improper Authorization vulnerability in Magento and Adobe Commerce

Description: Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. References https://nvd.nist.gov/vuln/detail/CVE-2025-24434 https://helpx.adobe.com/security/products/magento/apsb25-08.html https://github.com/advisories/GHSA-fppq-f2m6-xv5c

CVSS: CRITICAL (9.1)

EPSS Score: 0.05%

Source: Github Advisory Database (Composer)

February 12th, 2025 (5 months ago)

A Threat Actor Claims to be Selling the Data of E-Tennis

Description: A Threat Actor Claims to be Selling the Data of E-Tennis

Source: DarkWebInformer

February 12th, 2025 (5 months ago)

Arikos is Claiming to Sell the Data of ATA

Description: Arikos is Claiming to Sell the Data of ATA

Source: DarkWebInformer

February 12th, 2025 (5 months ago)

Google fixes flaw that could unmask YouTube users' email addresses

Description: Google has fixed two vulnerabilities that, when chained together, could expose the email addresses of YouTube accounts, causing a massive privacy breach for those using the site anonymously. [...]

Source: BleepingComputer

February 12th, 2025 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-57000	[ray] Command injection in Ray Description: An issue in Anyscale Inc Ray between v.2.9.3 and v.2.40.0 allows a remote attacker to execute arbitrary code via a crafted script. References https://nvd.nist.gov/vuln/detail/CVE-2024-57000 https://github.com/honysyang/Ray.git https://github.com/advisories/GHSA-xg2h-7cxj-3gvh EPSS Score: 0.04% Source: Github Advisory Database (PIP) February 12th, 2025 (5 months ago)
	Feds Sanction Russian Hosting Provider for Supporting LockBit Attacks Description: US, UK, and Australian law enforcement have targeted a company called Zservers (and two of its administrators) for providing bulletproof hosting services to the infamous ransomware gang. Source: Dark Reading February 12th, 2025 (5 months ago)
	Ransomware isn't always about the money: Government spies have objectives, too Source: TheRegister February 12th, 2025 (5 months ago)
	Sarcoma ransomware claims breach at giant PCB maker Unimicron Description: A relatively new ransomware operation named 'Sarcoma' has claimed responsibility for an attack against the Unimicron printed circuit boards (PCB) maker in Taiwan. [...] Source: BleepingComputer February 12th, 2025 (5 months ago)
	DPRK hackers dupe targets into typing PowerShell commands as admin Description: North Korean state actor 'Kimsuky' (aka 'Emerald Sleet' or 'Velvet Chollima') has been observed using a new tactic inspired from the now widespread ClickFix campaigns. [...] Source: BleepingComputer February 12th, 2025 (5 months ago)
CVE-2025-24434	[magento/community-edition] Improper Authorization vulnerability in Magento and Adobe Commerce Description: Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. References https://nvd.nist.gov/vuln/detail/CVE-2025-24434 https://helpx.adobe.com/security/products/magento/apsb25-08.html https://github.com/advisories/GHSA-fppq-f2m6-xv5c CVSS: CRITICAL (9.1) EPSS Score: 0.05% Source: Github Advisory Database (Composer) February 12th, 2025 (5 months ago)
CVE-2025-24434	[magento/project-community-edition] Improper Authorization vulnerability in Magento and Adobe Commerce Description: Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. References https://nvd.nist.gov/vuln/detail/CVE-2025-24434 https://helpx.adobe.com/security/products/magento/apsb25-08.html https://github.com/advisories/GHSA-fppq-f2m6-xv5c CVSS: CRITICAL (9.1) EPSS Score: 0.05% Source: Github Advisory Database (Composer) February 12th, 2025 (5 months ago)
	A Threat Actor Claims to be Selling the Data of E-Tennis Description: A Threat Actor Claims to be Selling the Data of E-Tennis Source: DarkWebInformer February 12th, 2025 (5 months ago)
	Arikos is Claiming to Sell the Data of ATA Description: Arikos is Claiming to Sell the Data of ATA Source: DarkWebInformer February 12th, 2025 (5 months ago)
	Google fixes flaw that could unmask YouTube users' email addresses Description: Google has fixed two vulnerabilities that, when chained together, could expose the email addresses of YouTube accounts, causing a massive privacy breach for those using the site anonymously. [...] Source: BleepingComputer February 12th, 2025 (5 months ago)