CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Malware campaign 'DollyWay' breached 20,000 WordPress sites
Description: A malware operation dubbed 'DollyWay' has been underway since 2016, compromising over 20,000 WordPress sites globally to redirect users to malicious sites. [...]
Source: BleepingComputer
March 19th, 2025 (3 months ago)
Alleged Data Breach of Silent Prospector
Description: Alleged Data Breach of Silent Prospector
Source: DarkWebInformer
March 19th, 2025 (3 months ago)
Pennsylvania education union data breach hit 500,000 people
Description: The Pennsylvania State Education Association (PSEA), the largest public-sector union in Pennsylvania, is notifying over half a million individuals that attackers stole their personal information in a July 2024 security breach. [...]
Source: BleepingComputer
March 19th, 2025 (3 months ago)
Infosys Settles $17.5M Class Action Lawsuit After Sprawling Third-Party Breach
Description: Several major companies in the finance sector were impacted by the third-party breach, prompting them to notify thousands of customers of their compromised data.
Source: Dark Reading
March 19th, 2025 (3 months ago)
Half a million people impacted by Pennsylvania State Education Association data breach
Description: More than 500,000 people were impacted by a cyberattack on the Pennsylvania State Education Association (PSEA) that took place in July 2024.
Source: The Record
March 19th, 2025 (3 months ago)
CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV) catalog. The high-severity flaw, tracked as CVE-2025-30066 (CVSS score: 8.6), involves the breach of the GitHub Action to inject malicious code that enables a remote

CVSS: HIGH (8.6)

EPSS Score: 63.87%

Source: TheHackerNews
March 19th, 2025 (3 months ago)
Lexipol - 672,546 breached accounts
Description: In February 2025, the public safety policy management systems company Lexipol suffered a data breach. Attributed to the self-proclaimed "Puppygirl Hacker Polycule", the breach exposed an extensive number of documents and user records which were subsequently published publicly. The breach included over 670k unique email addresses in the user records, along with names, phone numbers, system-generated usernames and passwords stored as either MD5 or SHA-256 hashes.
Source: HaveIBeenPwnedLatestBreaches
March 19th, 2025 (3 months ago)
Sperm donation giant California Cryobank warns of a data breach
Description: US sperm donor giant California Cryobank is warning customers it suffered a data breach that exposed customers' personal information. [...]
Source: BleepingComputer
March 18th, 2025 (3 months ago)

CVE-2025-25042
Authenticated Access Control Vulnerability allows Sensitive Information Disclosure in AOS-CX REST Interface
Description: A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further unauthorized access or data breaches.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE
March 18th, 2025 (3 months ago)
GitHub Action hack likely led to another in cascading supply chain attack
Description: A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed to have led to the recent breach of "tj-actions/changed-files" that leaked CI/CD secrets. [...]
Source: BleepingComputer
March 18th, 2025 (3 months ago)