CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-24362	[github/codeql-action] GitHub PAT written to debug artifacts Description: Impact summary In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to the repository would be able to access this artifact, containing any secrets from the environment. For some affected workflow runs, the exposed environment variables in the debug artifacts included a valid GITHUB_TOKEN for the workflow run, which has access to the repository in which the workflow ran, and all the permissions specified in the workflow or job. The GITHUB_TOKEN is valid until the job completes or 24 hours has elapsed, whichever comes first. Environment variables are exposed only from workflow runs that satisfy all of the following conditions: Code scanning workflow configured to scan the Java/Kotlin languages. Running in a repository containing Kotlin source code. Running with debug artifacts enabled. Using CodeQL Action versions <= 3.28.2, and CodeQL CLI versions >= 2.9.2 (May 2022) and <= 2.20.2. The workflow run fails before the CodeQL database is finalized within the github/codeql-action/analyze step. Running in any GitHub environment: GitHub.com, GitHub Enterprise Cloud, and GitHub Enterprise Server. (Note: artifacts are only accessible to users within the same GitHub environment with access to the scanned repo.) The GITHUB_TOKEN exposed in this way would only ha... CVSS: HIGH (7.1) EPSS Score: 0.04% Source: Github Advisory Database (Actions) January 24th, 2025 (5 months ago)
	Rey is Allegedly Selling VPN Access to U.S. City Government and Police Description: Rey is Allegedly Selling VPN Access to U.S. City Government and Police Source: DarkWebInformer January 24th, 2025 (5 months ago)
	Oral Roberts University Mabee Center Has Been Claimed a Victim to RHYSIDA Ransomware Description: Oral Roberts University Mabee Center Has Been Claimed a Victim to RHYSIDA Ransomware Source: DarkWebInformer January 24th, 2025 (5 months ago)
CVE-2025-23006	CISA Adds One Known Exploited Vulnerability to Catalog Description: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-23006 SonicWall SMA1000 Appliances Deserialization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. EPSS Score: 1.37% Source: All CISA Advisories January 24th, 2025 (5 months ago)
	Behind the Blog: Zuckerberg's Kook-ness and Trump Week One Description: This is Behind the Blog, where we share our behind-the-scenes thoughts about how a few of our top stories of the week came together. This week, we discuss Nazis celebrating Elon Musk’s salute, Zuckerberg as a kook, dictating your own threat model and a good block/mute ethos. Source: 404 Media January 24th, 2025 (5 months ago)
	Offensive Linux Security Tools Description: Offensive Linux Security Tools Source: DarkWebInformer January 24th, 2025 (5 months ago)
	Hackers use Windows RID hijacking to create hidden admin account Description: A North Korean threat group has been using a technique called RID hijacking that tricks Windows into treating a low-privileged account as one with administrator permissions. [...] Source: BleepingComputer January 24th, 2025 (5 months ago)
	A Threat Actor Claims to be Selling the Data of IDNIC Description: A Threat Actor Claims to be Selling the Data of IDNIC Source: DarkWebInformer January 24th, 2025 (5 months ago)
	Hacker infects 18,000 "script kiddies" with fake malware builder Description: A threat actor targeted low-skilled hackers, known as "script kiddies," with a fake malware builder that secretly infected them with a backdoor to steal data and take over computers. [...] Source: BleepingComputer January 24th, 2025 (5 months ago)
	Subaru Flaw Allowed Remote Control of Millions of Cars in the US Description: A critical security vulnerability in Subaru's STARLINK-connected vehicle service exposed all Subaru vehicles and customer accounts in the U.S., Canada, and Japan to potential remote hijacking, tracking, and data theft. The flaw, discovered by security researchers Sam Curry and Shubham Shah on November 20, 2024, allowed attackers to unlock, start, stop, and track any Subaru … The post Subaru Flaw Allowed Remote Control of Millions of Cars in the US appeared first on CyberInsider. Source: CyberInsider January 24th, 2025 (5 months ago)