CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

Description: A relatively new ransomware operation named 'Sarcoma' has claimed responsibility for an attack against the Unimicron printed circuit boards (PCB) maker in Taiwan. [...]
Source: BleepingComputer
February 12th, 2025 (5 months ago)
Description: North Korean state actor 'Kimsuky' (aka 'Emerald Sleet' or 'Velvet Chollima') has been observed using a new tactic inspired from the now widespread ClickFix campaigns. [...]
Source: BleepingComputer
February 12th, 2025 (5 months ago)

CVE-2025-24434

Description: Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. References https://nvd.nist.gov/vuln/detail/CVE-2025-24434 https://helpx.adobe.com/security/products/magento/apsb25-08.html https://github.com/advisories/GHSA-fppq-f2m6-xv5c

CVSS: CRITICAL (9.1)

EPSS Score: 0.05%

Source: Github Advisory Database (Composer)
February 12th, 2025 (5 months ago)

CVE-2025-24434

Description: Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. References https://nvd.nist.gov/vuln/detail/CVE-2025-24434 https://helpx.adobe.com/security/products/magento/apsb25-08.html https://github.com/advisories/GHSA-fppq-f2m6-xv5c

CVSS: CRITICAL (9.1)

EPSS Score: 0.05%

Source: Github Advisory Database (Composer)
February 12th, 2025 (5 months ago)
Description: A Threat Actor Claims to be Selling the Data of E-Tennis
Source: DarkWebInformer
February 12th, 2025 (5 months ago)
Description: Arikos is Claiming to Sell the Data of ATA
Source: DarkWebInformer
February 12th, 2025 (5 months ago)
Description: Google has fixed two vulnerabilities that, when chained together, could expose the email addresses of YouTube accounts, causing a massive privacy breach for those using the site anonymously. [...]
Source: BleepingComputer
February 12th, 2025 (5 months ago)
Description: Cloud-based RDP Remote Desktop Protocol solutions offer a centralized dashboard to manage user access, security policies, and monitor usage from one location. Learn more from TruGrid about how their SecureRDP platform provides a secure, scalable, and cost-efficient alternative to VPN-based RDP implementations. [...]
Source: BleepingComputer
February 12th, 2025 (5 months ago)
Description: A subgroup of the Russian state-sponsored hacking group APT44, also known as 'Seashell Blizzard' and 'Sandworm', has been targeting critical organizations and governments in a multi-year campaign dubbed 'BadPilot.' [...]
Source: BleepingComputer
February 12th, 2025 (5 months ago)
Description: Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical severity problems. [...]
Source: BleepingComputer
February 12th, 2025 (5 months ago)