CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Chinese cyberspies use new SSH backdoor in network device hacks
Description: A Chinese hacking group is hijacking the SSH daemon on network appliances by injecting malware into the process for persistent access and covert operations. [...]
Source: BleepingComputer
February 4th, 2025 (5 months ago)
Poisoned Go programming language package lay undetected for 3 years
Source: TheRegister
February 4th, 2025 (5 months ago)
Ransom DDoS Attack Disrupts Bohemia Interactive’s Gaming Servers
Description: Bohemia Interactive, the developer behind Arma Platform and DayZ, has been struggling with a sustained distributed denial-of-service (DDoS) attack that has crippled its online services for over a week. The attack, which initially targeted Arma Reforger and DayZ servers, has left players unable to access official and community servers, leading to widespread frustration and speculation. … The post Ransom DDoS Attack Disrupts Bohemia Interactive’s Gaming Servers appeared first on CyberInsider.
Source: CyberInsider
February 4th, 2025 (5 months ago)
888 Claims to have Leaked the Data of Nutergia Laboratory
Description: 888 Claims to have Leaked the Data of Nutergia Laboratory
Source: DarkWebInformer
February 4th, 2025 (5 months ago)
[@vitest/browser] Vitest browser mode serves arbitrary files
Description: Summary __screenshot-error handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by browser.api.host: true, an attacker can send a request to that handler from remote to get the content of arbitrary files. Details This __screenshot-error handler on the browser mode HTTP server responds any file on the file system. https://github.com/vitest-dev/vitest/blob/f17918a79969d27a415f70431e08a9445b051e45/packages/browser/src/node/plugin.ts#L88-L130 This code was added by https://github.com/vitest-dev/vitest/commit/2d62051f13b4b0939b2f7e94e88006d830dc4d1f. PoC Create a directory and change the current directory to that directory Run npx vitest init browser Run npm run test:browser Run curl http://localhost:63315/__screenshot-error?file=/path/to/any/file Impact Users explicitly exposing the browser mode server to the network by browser.api.host: true may get any files exposed. References https://github.com/vitest-dev/vitest/security/advisories/GHSA-8gvc-j273-4wm5 https://github.com/vitest-dev/vitest/commit/2d62051f13b4b0939b2f7e94e88006d830dc4d1f https://github.com/vitest-dev/vitest/commit/ed9aeba212df04b83ed01810780663ff2cdd0adf https://github.com/advisories/GHSA-8gvc-j273-4wm5
Source: Github Advisory Database (NPM)
February 4th, 2025 (5 months ago)
[vitest] Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening
Description: Summary Arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking (CSWSH) attacks. Details When api option is enabled (Vitest UI enables it), Vitest starts a WebSocket server. This WebSocket server did not check Origin header and did not have any authorization mechanism and was vulnerable to CSWSH attacks. https://github.com/vitest-dev/vitest/blob/9a581e1c43e5c02b11e2a8026a55ce6a8cb35114/packages/vitest/src/api/setup.ts#L32-L46 This WebSocket server has saveTestFile API that can edit a test file and rerun API that can rerun the tests. An attacker can execute arbitrary code by injecting a code in a test file by the saveTestFile API and then running that file by calling the rerun API. https://github.com/vitest-dev/vitest/blob/9a581e1c43e5c02b11e2a8026a55ce6a8cb35114/packages/vitest/src/api/setup.ts#L66-L76 PoC Open Vitest UI. Access a malicious web site with the script below. If you have calc executable in PATH env var (you'll likely have it if you are running on Windows), that application will be executed. // code from https://github.com/WebReflection/flatted const Flatted=function(n){"use strict";function t(n){return t="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(n){return typeof n}:function(n){return n&&"function"==typeof Symbol&&n.constructor===Symbol&&n!==Symbol.prototype?"symbol":typeof n},t(n)}var r=JSON.parse,e=JSON.stringify,o=Object.keys,u=String,f="string",i={...
Source: Github Advisory Database (NPM)
February 4th, 2025 (5 months ago)
Netgear warns users to patch critical WiFi router vulnerabilities
Description: Netgear has fixed two critical remote code execution and authentication bypass vulnerabilities affecting multiple WiFi routers and warned customers to update their devices to the latest firmware as soon as possible. [...]
Source: BleepingComputer
February 4th, 2025 (5 months ago)
A Threat Actor is Selling a Fake Safeguard Bot
Description: A Threat Actor is Selling a Fake Safeguard Bot
Source: DarkWebInformer
February 4th, 2025 (5 months ago)
Guidance on digital forensics and protective monitoring specifications for producers of network devices and appliances
Description: Outlining the expectations for the minimum requirement for forensic visibility, to help network defenders secure organisational networks both before and after a compromise.
Source: NCSC Alerts and Advisories
February 4th, 2025 (5 months ago)
A Threat Actor Claims to be Selling the Data of Transak
Description: A Threat Actor Claims to be Selling the Data of Transak
Source: DarkWebInformer
February 4th, 2025 (5 months ago)