CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-0131
NVIDIA GPU kernel driver for Windows and Linux contains a vulnerability where a potential user-mode attacker could read  a buffer with an incorrect...
Description: NVIDIA GPU kernel driver for Windows and Linux contains a vulnerability where a potential user-mode attacker could read  a buffer with an incorrect length. A successful exploit of this vulnerability might lead to denial of service.

CVSS: MEDIUM (4.4)

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)
First Apple-notarized porn app available to iPhone users in Europe
Description: The first Apple-notarized porn app, "Hot Tub," is now available to iPhone users in Europe through the alternative app marketplace, AltStore PAL. [...]
Source: BleepingComputer
February 4th, 2025 (5 months ago)

CVE-2025-24959
[zx] ZX Allows Environment Variable Injection for dotenv API
Description: Impact This vulnerability is an Environment Variable Injection issue in dotenv.stringify, affecting google/zx version 8.3.1. An attacker with control over environment variable values can inject unintended environment variables into process.env. This can lead to arbitrary command execution or unexpected behavior in applications that rely on environment variables for security-sensitive operations. Applications that process untrusted input and pass it through dotenv.stringify are particularly vulnerable. Patches This issue has been patched in version 8.3.2. Users should immediately upgrade to this version to mitigate the vulnerability. Workarounds If upgrading is not feasible, users can mitigate the vulnerability by sanitizing user-controlled environment variable values before passing them to dotenv.stringify. Specifically, avoid using ", ', and backticks in values, or enforce strict validation of environment variables before usage. References Issue Report Security Policy Google Vulnerability Disclosure Patch References https://github.com/google/zx/security/advisories/GHSA-qwp8-x4ff-5h87 https://nvd.nist.gov/vuln/detail/CVE-2025-24959 https://github.com/google/zx/pull/1094 https://github.com/google/zx/commit/5ba714d14ecf0555a74d4db96622840ac19839c5 https://github.com/webpod/envapi/blob/v0.2.1/src/main/ts/envapi.ts#L74-L77 https://github.com/advisories/GHSA-qwp8-x4ff-5h87

EPSS Score: 0.04%

Source: Github Advisory Database (NPM)
February 3rd, 2025 (5 months ago)
Interactive Online Training for Cybersecurity Professionals; Earn CPE Credits
Source: Dark Reading
February 3rd, 2025 (5 months ago)
EMEA CISOs Plan 2025 Cloud Security Investment
Source: Dark Reading
February 3rd, 2025 (5 months ago)
DNSFilter's Annual Security Report Reveals Worrisome Spike in Malicious DNS Requests
Source: Dark Reading
February 3rd, 2025 (5 months ago)
TSA’s airport facial-recog tech faces audit probe
Source: TheRegister
February 3rd, 2025 (5 months ago)
Name That Edge Toon: In the Cloud
Description: Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.
Source: Dark Reading
February 3rd, 2025 (5 months ago)
Ransomware Groups Weathered Raids, Profited in 2024
Description: Cybercriminals posted nearly 6,000 breaches to data-leak sites last year — and despite significant takedowns, continued to thrive in a record-breaking year for ransomware.
Source: Dark Reading
February 3rd, 2025 (5 months ago)
Amazon Redshift gets new default settings to prevent data breaches
Description: Amazon has announced key security enhancements for Redshift, a popular data warehousing solution, to help prevent data exposures due to misconfigurations and insecure default settings. [...]
Source: BleepingComputer
February 3rd, 2025 (5 months ago)