CyberAlerts

Spectral Capital Files Quantum Cybersecurity Patent

Source: Dark Reading

January 27th, 2025 (5 months ago)

IT-Harvest Launches HarvestIQ.ai

Source: Dark Reading

January 27th, 2025 (5 months ago)

US freezes foreign aid, halting cybersecurity defense and policy funds for allies

Source: TheRegister

January 27th, 2025 (5 months ago)

A Threat Actor Claims to be Selling Military Service Council of Saudi Arabia

Description: A Threat Actor Claims to be Selling Military Service Council of Saudi Arabia

Source: DarkWebInformer

January 27th, 2025 (5 months ago)

DeepSeek halts new signups amid "large-scale" cyberattack

Description: Chinese AI platform DeepSeek has disabled registrations on it DeepSeek-V3 chat platform due to an ongoing "large-scale" cyberattack targeting its services. [...]

Source: BleepingComputer

January 27th, 2025 (5 months ago)

Crisis Simulations: A Top 2025 Concern for CISOs

Description: CISOs are planning to adjust their budgets this year to reflect their growing concerns for cybersecurity preparedness in the event of a cyberattack.

Source: Dark Reading

January 27th, 2025 (5 months ago)

Apple Fixes Zero-Day Flaw Exploited in Attacks Against iPhones

Description: Apple has released a series of security updates across its product ecosystem, addressing multiple vulnerabilities, including a zero-day flaw that has reportedly been exploited in the wild. The updates covering iOS, iPadOS, macOS, watchOS, tvOS, and visionOS, provide fixes for critical security issues that could allow privilege escalation, arbitrary code execution, and denial-of-service attacks. Actively … The post Apple Fixes Zero-Day Flaw Exploited in Attacks Against iPhones appeared first on CyberInsider.

Source: CyberInsider

January 27th, 2025 (5 months ago)

KINGSMAN INDIA Defaced the Websites of GOSRA ISLAMIA DAKHIL MADRASAH and GABTALI ALIM MADRASAH

Description: KINGSMAN INDIA Defaced the Websites of GOSRA ISLAMIA DAKHIL MADRASAH and GABTALI ALIM MADRASAH

Source: DarkWebInformer

January 27th, 2025 (5 months ago)

CVE-2025-24354

[github.com/imgproxy/imgproxy] imgproxy is vulnerable to SSRF against 0.0.0.0

Description: Summary Imgproxy does not block the 0.0.0.0 address, even with IMGPROXY_ALLOW_LOOPBACK_SOURCE_ADDRESSES set to false. This can expose services on the local host. Details imgproxy protects against SSRF against a loopback address with the following check (source): if !config.AllowLoopbackSourceAddresses && ip.IsLoopback() { return ErrSourceAddressNotAllowed } This check is insufficient to prevent accessing services on the local host, as services may receive traffic on 0.0.0.0. Go's IsLoopback (source) strictly follows the definition of loopback IPs beginning with 127. 0.0.0.0 is not blocked. References https://github.com/imgproxy/imgproxy/security/advisories/GHSA-j2hp-6m75-v4j4 https://nvd.nist.gov/vuln/detail/CVE-2025-24354 https://github.com/imgproxy/imgproxy/commit/3d4fed6842aa8930ec224d0ad75b0079b858e081 https://github.com/advisories/GHSA-j2hp-6m75-v4j4

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: Github Advisory Database (Go)

January 27th, 2025 (5 months ago)

Bitwarden makes it harder to hack password vaults without MFA

Description: Open-source password manager Bitwarden is adding an extra layer of security for accounts that are not protected by two-factor authentication, requiring email verification before allowing access to accounts. [...]

Source: BleepingComputer

January 27th, 2025 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	Spectral Capital Files Quantum Cybersecurity Patent Source: Dark Reading January 27th, 2025 (5 months ago)
	IT-Harvest Launches HarvestIQ.ai Source: Dark Reading January 27th, 2025 (5 months ago)
	US freezes foreign aid, halting cybersecurity defense and policy funds for allies Source: TheRegister January 27th, 2025 (5 months ago)
	A Threat Actor Claims to be Selling Military Service Council of Saudi Arabia Description: A Threat Actor Claims to be Selling Military Service Council of Saudi Arabia Source: DarkWebInformer January 27th, 2025 (5 months ago)
	DeepSeek halts new signups amid "large-scale" cyberattack Description: Chinese AI platform DeepSeek has disabled registrations on it DeepSeek-V3 chat platform due to an ongoing "large-scale" cyberattack targeting its services. [...] Source: BleepingComputer January 27th, 2025 (5 months ago)
	Crisis Simulations: A Top 2025 Concern for CISOs Description: CISOs are planning to adjust their budgets this year to reflect their growing concerns for cybersecurity preparedness in the event of a cyberattack. Source: Dark Reading January 27th, 2025 (5 months ago)
	Apple Fixes Zero-Day Flaw Exploited in Attacks Against iPhones Description: Apple has released a series of security updates across its product ecosystem, addressing multiple vulnerabilities, including a zero-day flaw that has reportedly been exploited in the wild. The updates covering iOS, iPadOS, macOS, watchOS, tvOS, and visionOS, provide fixes for critical security issues that could allow privilege escalation, arbitrary code execution, and denial-of-service attacks. Actively … The post Apple Fixes Zero-Day Flaw Exploited in Attacks Against iPhones appeared first on CyberInsider. Source: CyberInsider January 27th, 2025 (5 months ago)
	KINGSMAN INDIA Defaced the Websites of GOSRA ISLAMIA DAKHIL MADRASAH and GABTALI ALIM MADRASAH Description: KINGSMAN INDIA Defaced the Websites of GOSRA ISLAMIA DAKHIL MADRASAH and GABTALI ALIM MADRASAH Source: DarkWebInformer January 27th, 2025 (5 months ago)
CVE-2025-24354	[github.com/imgproxy/imgproxy] imgproxy is vulnerable to SSRF against 0.0.0.0 Description: Summary Imgproxy does not block the 0.0.0.0 address, even with IMGPROXY_ALLOW_LOOPBACK_SOURCE_ADDRESSES set to false. This can expose services on the local host. Details imgproxy protects against SSRF against a loopback address with the following check (source): if !config.AllowLoopbackSourceAddresses && ip.IsLoopback() { return ErrSourceAddressNotAllowed } This check is insufficient to prevent accessing services on the local host, as services may receive traffic on 0.0.0.0. Go's IsLoopback (source) strictly follows the definition of loopback IPs beginning with 127. 0.0.0.0 is not blocked. References https://github.com/imgproxy/imgproxy/security/advisories/GHSA-j2hp-6m75-v4j4 https://nvd.nist.gov/vuln/detail/CVE-2025-24354 https://github.com/imgproxy/imgproxy/commit/3d4fed6842aa8930ec224d0ad75b0079b858e081 https://github.com/advisories/GHSA-j2hp-6m75-v4j4 CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: Github Advisory Database (Go) January 27th, 2025 (5 months ago)
	Bitwarden makes it harder to hack password vaults without MFA Description: Open-source password manager Bitwarden is adding an extra layer of security for accounts that are not protected by two-factor authentication, requiring email verification before allowing access to accounts. [...] Source: BleepingComputer January 27th, 2025 (5 months ago)