CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Google says hackers abuse Gemini AI to empower their attacks
Description: Multiple state-sponsored groups are experimenting with the AI-powered Gemini assistant from Google to increase productivity and to conduct research on potential infrastructure for attacks or for reconnaissance on targets. [...]
Source: BleepingComputer
February 1st, 2025 (5 months ago)

CVE-2025-0929
Múltiples vulnerabilidades en TeamCal Neo
Description: Multiple vulnerabilities in TeamCal Neo Fri, 01/31/2025 - 13:14 Aviso Affected Resources TeamCal Neo: 3.8.2 version. Description INCIBE has coordinated the publication of 2 vulnerabilities: one critical and one of medium severity, affecting Lewe's TeamCal Neo, an online calendar by days to manage events and absences of work teams, which have been discovered by Ignacio Garcia Mestre (Br4v3n).These vulnerabilities have been assigned the following codes, CVSS v3.1 base score, CVSS vector and CWE vulnerability type for each vulnerability.CVE-2025-0929: CVSS v3.1: 9.8 | CVSS AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | CWE-89CVE-2025-0930: CVSS v3.1: 6.1 | CVSS AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | CWE-79 Identificador INCIBE-2025-0051 5 - Critical Solution There is no reported solution at this time. Detail CVE-2025-0929: SQL injection vulnerability in TeamCal Neo, version 3.8.2. This could allow an attacker to retrieve, update and delete all database information by injecting a malicious SQL statement via the ‘abs’ parameter in ‘/teamcal/src/index.php’.CVE-2025-0930: Reflected Cross-Site Scripting (XSS) in TeamCal Neo, version 3.8.2. This allows an attacker to execute malicious JavaScript code, after injecting code via the ‘abs’ parameter in ‘/teamcal/src/index.php’. Ref...

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: Incibe CERT
February 1st, 2025 (5 months ago)
Musk’s DOGE Brings in HR Consultant Focused on ‘Non-Woke’ DEI 'Aligned With Our Faith’
Description: “It’s simply just a non-woke version, offering employers an alternative approach to diversity and inclusion.”
Source: 404 Media
February 1st, 2025 (5 months ago)
Who Made this Radioactive Saharan Dust Cloud?
Description: Just how radioactive was that Saharan dust cloud that engulfed Europe in 2022?
Source: 404 Media
February 1st, 2025 (5 months ago)
U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network
Description: U.S. and Dutch law enforcement agencies have announced that they have dismantled 39 domains and their associated servers as part of efforts to disrupt a network of online marketplaces originating from Pakistan. The action, which took place on January 29, 2025, has been codenamed Operation Heart Blocker. The vast array of sites in question peddled phishing toolkits and fraud-enabling tools and
Source: TheHackerNews
February 1st, 2025 (5 months ago)

CVE-2025-22150
Fedora 41 : nodejs20 (2025-76fc32d433)
Description: Nessus Plugin ID 214858 with High Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-76fc32d433 advisory. Rebase to 20.18.2 Resolves: CVE-2025-22150 CVE-2025-23085 CVE-2025-23083Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected 1:nodejs20 package. Read more at https://www.tenable.com/plugins/nessus/214858

CVSS: MEDIUM (6.8)

EPSS Score: 0.04%

Source: Tenable Plugins
February 1st, 2025 (5 months ago)

CVE-2025-0638
Fedora 41 : rust-routinator (2025-bbabead4d7)
Description: Nessus Plugin ID 214859 with High Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-bbabead4d7 advisory. ## New * ASPA support is now always compiled in and available if `enable-aspa` is set. The `aspa` Cargo feature has been removed. ([#990]) * If merging mutliple ASPA objects for a single customer ASN results in more than 16,380 provider ASNs, the ASPA is dropped. (Note that ASPA objects with more than 16,380 provider ASNs are already rejected during parsing.) ([#996]) * New `archive-stats` command that shows some statistics of an RRDP archive. ([#982]) * Re-enabled the use of GZIP compression in HTTP request sent by the RRDP collector. Measures to deal with exploding data have been implemented in [rpki-rs#319]. ([#997]) ## Bug fixes * Fixed an issue with checking the file names in manifests that let to a crash when non-ASCII characters are used. ([rpki-rs#320], reported by Haya Schulmann and Niklas Vogel of Goethe University Frankfurt/ATHENE Center and assigned [CVE-2025-0638]) * The validation HTTP endpoints now accept prefixes with non-zero host bits. ([#987]) * Removed duplicate `rtr_client_reset_queries` in HTTP metrics. ([#992] by [@sleinen]) * Improved disk space consumption of the new RRDP archives by re-using empty spa...

EPSS Score: 0.04%

Source: Tenable Plugins
February 1st, 2025 (5 months ago)

CVE-2025-23084
Fedora 41 : nodejs18 (2025-e330d34ecc)
Description: Nessus Plugin ID 214860 with Medium Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-e330d34ecc advisory. Update to version 18.20.6 (rhbz#2341760) (rhbz#2340936) (rhbz#2300997) Resolves CVE-2025-23084Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected 1:nodejs18 package. Read more at https://www.tenable.com/plugins/nessus/214860

CVSS: MEDIUM (5.6)

EPSS Score: 0.04%

Source: Tenable Plugins
February 1st, 2025 (5 months ago)
BeyondTrust Zero-Day Breach Exposes 17 SaaS Customers via Compromised API Key
Description: BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company's Remote Support SaaS instances by making use of a compromised API key. The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to enable unauthorized access by resetting local application passwords. The breach was first flagged
Source: TheHackerNews
February 1st, 2025 (5 months ago)
Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists
Description: Meta-owned WhatsApp on Friday said it disrupted a campaign that involved the use of spyware to target journalists and civil society members. The campaign, which targeted around 90 members, involved the use of spyware from an Israeli company known as Paragon Solutions. The attackers were neutralized in December 2024. In a statement to The Guardian, the encrypted messaging app said it has reached
Source: TheHackerNews
February 1st, 2025 (5 months ago)