CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Graphics tablet maker Wacom has disclosed a potential data breach affecting customers who made purchases through its official online store. In a notification letter sent to impacted users, the company revealed that credit card details may have been exposed between November 28, 2024, and January 8, 2025. The incident is still under investigation, but Wacom …
The post Wacom Notifies E-Shop Customers of Credit Card Data Exposure appeared first on CyberInsider.
January 29th, 2025 (5 months ago)
|
|
|
Description: NordVPN has announced NordWhisper, a newly developed VPN protocol designed to help users bypass network restrictions while maintaining strong encryption and security standards. The protocol, which mimics regular web traffic, is aimed at ensuring reliable internet access in restrictive environments where traditional VPN connections are often blocked. The NordWhisper protocol was created in response to …
The post NordVPN Introduces New Protocol ‘NordWhisper’ to Bypass Blocks appeared first on CyberInsider.
January 29th, 2025 (5 months ago)
|
CVE-2025-22604 |
Description: A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution on susceptible instances.
The flaw, tracked as CVE-2025-22604, carries a CVSS score of 9.1 out of a maximum of 10.0.
"Due to a flaw in the multi-line SNMP result parser, authenticated users can inject
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 29th, 2025 (5 months ago)
|
|
|
Description: Ransomware attacks have reached an unprecedented scale in the healthcare sector, exposing vulnerabilities that put millions at risk. Recently, UnitedHealth revealed that 190 million Americans had their personal and healthcare data stolen during the Change Healthcare ransomware attack, a figure that nearly doubles the previously disclosed total.
This breach shows just how deeply ransomware
January 29th, 2025 (5 months ago)
|
|
|
Description: Rapid advancements in artificial intelligence (AI) are unlocking new possibilities for the way we work and accelerating innovation in science, technology, and beyond. In cybersecurity, AI is poised to transform digital defense, empowering defenders and enhancing our collective security. Large language models (LLMs) open new possibilities for defenders, from sifting through complex telemetry to secure coding, vulnerability discovery, and streamlining operations. However, some of these same AI capabilities are also available to attackers, leading to understandable anxieties about the potential for AI to be misused for malicious purposes.
Much of the current discourse around cyber threat actors' misuse of AI is confined to theoretical research. While these studies demonstrate the potential for malicious exploitation of AI, they don't necessarily reflect the reality of how AI is currently being used by threat actors in the wild. To bridge this gap, we are sharing a comprehensive analysis of how threat actors interacted with Google's AI-powered assistant, Gemini. Our analysis was grounded by the expertise of Google's Threat Intelligence Group (GTIG), which combines decades of experience tracking threat actors on the front lines and protecting Google, our users, and our customers from government-backed attackers, targeted 0-day exploits, coordinated information operations (IO), and serious cyber crime networks.
We believe the private sector, governments, educational institution...
January 29th, 2025 (5 months ago)
|
|
CVE-2025-24826 |
Description: Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4625.
CVSS: MEDIUM (6.7) EPSS Score: 0.04%
January 29th, 2025 (5 months ago)
|
|
CVE-2025-24810 |
Description: Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege and accessing the settings screen.
CVSS: MEDIUM (4.8) EPSS Score: 0.04%
January 29th, 2025 (5 months ago)
|
|
CVE-2025-24800 |
Description: Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chain interoperability. A critical vulnerability was discovered in the ismp-grandpa crate, that allowed a malicious prover easily convince the verifier of the finality of arbitrary headers. This could be used to steal funds or compromise other kinds of cross-chain applications. This vulnerability is fixed in 15.0.1.
CVSS: CRITICAL (9.3) EPSS Score: 0.05%
January 29th, 2025 (5 months ago)
|
|
CVE-2025-24482 |
Description: A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect default permissions and allows for DLLs to be executed with higher level permissions.
CVSS: HIGH (7.0) EPSS Score: 0.04%
January 29th, 2025 (5 months ago)
|
|
CVE-2025-24481 |
Description: An Incorrect Permission Assignment Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect permissions being assigned to the remote debugger port and can allow for unauthenticated access to the system configuration.
CVSS: HIGH (7.0) EPSS Score: 0.04%
January 29th, 2025 (5 months ago)
|