CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Auto Gedal Has Fallen Victim to BASHE Ransomware
February 18th, 2025 (5 months ago)
|
|
|
Description: Uniek Inc Has Fallen Victim to Cactus Ransomware
February 18th, 2025 (5 months ago)
|
|
|
Description: Z-PENTEST ALLIANCE Claims to have Leaked Access of Visveiling Urk
February 18th, 2025 (5 months ago)
|
|
|
Description: Microsoft once again reminded IT administrators that driver synchronization in Windows Server Update Services (WSUS) will be deprecated on April 18, just 60 days from now. [...]
February 18th, 2025 (5 months ago)
|
|
|
Description: A worker resigned in protest rather than giving Thomas Shedd access to Notify.gov, which they said would allow him to see "all personally identifiable information moving through the Notiy system, including phone numbers," 404 Media has learned.
February 18th, 2025 (5 months ago)
|
|
|
Description: Microsoft is warning the modular and potentially wormable Apple-focused infostealer boasts new capabilities for obfuscation, persistence, and infection, and could lead to a supply chain attack.
February 18th, 2025 (5 months ago)
|
|
|
Description: A Threat Actor is Claiming to Sell VPN Access to an Unidentified Organization in France
February 18th, 2025 (5 months ago)
|
CVE-2025-0108 |
Description: CISA has added two vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2025-0108 Palo Alto PAN-OS Authentication Bypass Vulnerability
CVE-2024-53704 SonicWall SonicOS SSLVPN Improper Authentication Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CVSS: HIGH (8.8) EPSS Score: 96.76%
February 18th, 2025 (5 months ago)
|
|
CVE-2024-53704 |
Description: SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication.
February 18th, 2025 (5 months ago)
|
|
CVE-2025-0108 |
Description: Palo Alto PAN-OS contains an authentication bypass vulnerability in its management web interface. This vulnerability allows an unauthenticated attacker with network access to the management web interface to bypass the authentication normally required and invoke certain PHP scripts.
CVSS: HIGH (8.8) EPSS Score: 96.76%
February 18th, 2025 (5 months ago)
|