CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: A relatively new ransomware operation named 'Sarcoma' has claimed responsibility for an attack against the Unimicron printed circuit boards (PCB) maker in Taiwan. [...]
February 12th, 2025 (5 months ago)
|
|
|
Description: North Korean state actor 'Kimsuky' (aka 'Emerald Sleet' or 'Velvet Chollima') has been observed using a new tactic inspired from the now widespread ClickFix campaigns. [...]
February 12th, 2025 (5 months ago)
|
CVE-2025-24434 |
Description: Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-24434
https://helpx.adobe.com/security/products/magento/apsb25-08.html
https://github.com/advisories/GHSA-fppq-f2m6-xv5c
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
February 12th, 2025 (5 months ago)
|
|
CVE-2025-24434 |
Description: Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-24434
https://helpx.adobe.com/security/products/magento/apsb25-08.html
https://github.com/advisories/GHSA-fppq-f2m6-xv5c
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
February 12th, 2025 (5 months ago)
|
|
|
Description: A Threat Actor Claims to be Selling the Data of E-Tennis
February 12th, 2025 (5 months ago)
|
|
|
Description: Arikos is Claiming to Sell the Data of ATA
February 12th, 2025 (5 months ago)
|
|
|
Description: Google has fixed two vulnerabilities that, when chained together, could expose the email addresses of YouTube accounts, causing a massive privacy breach for those using the site anonymously. [...]
February 12th, 2025 (5 months ago)
|
|
|
Description: Cloud-based RDP Remote Desktop Protocol solutions offer a centralized dashboard to manage user access, security policies, and monitor usage from one location. Learn more from TruGrid about how their SecureRDP platform provides a secure, scalable, and cost-efficient alternative to VPN-based RDP implementations. [...]
February 12th, 2025 (5 months ago)
|
|
|
Description: A subgroup of the Russian state-sponsored hacking group APT44, also known as 'Seashell Blizzard' and 'Sandworm', has been targeting critical organizations and governments in a multi-year campaign dubbed 'BadPilot.' [...]
February 12th, 2025 (5 months ago)
|
|
|
Description: Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical severity problems. [...]
February 12th, 2025 (5 months ago)
|