CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-24783	[org.apache.cocoon:cocoon-sitemap-impl] Apache Cocoon vulnerable to Incorrect Usage of Seeds in Pseudo-Random Number Generator Description: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon. This issue affects Apache Cocoon: all versions. When a continuation is created, it gets a random identifier. Because the random number generator used to generate these identifiers was seeded with the startup time, it may not have been sufficiently unpredictable, and an attacker could use this to guess continuation ids and look up continuations they should not have had access to. As a mitigation, you may enable the "session-bound-continuations" option to make sure continuations are not shared across sessions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. References https://nvd.nist.gov/vuln/detail/CVE-2025-24783 https://lists.apache.org/thread/pk86jp5cvn41432op8wv1k8p14mp27nz https://github.com/apache/cocoon/blob/32a4e41183ba74351d85060011151b2d58acfc52/blocks/cocoon-forms/cocoon-forms-impl/src/main/java/org/apache/cocoon/forms/formmodel/CaptchaField.java#L70 https://github.com/apache/cocoon/blob/32a4e41183ba74351d85060011151b2d58acfc52/core/cocoon-sitemap/cocoon-sitemap-impl/src/main/java/org/apache/cocoon/components/flow/ContinuationsManagerImpl.java#L112 https://github.com/advisories/GHSA-pff9-53m5-qr56 EPSS Score: 0.04% Source: Github Advisory Database (Maven) January 27th, 2025 (5 months ago)
	A Threat Actor Claims to be Selling Multiple Traders Leads Data Description: A Threat Actor Claims to be Selling Multiple Traders Leads Data Source: DarkWebInformer January 27th, 2025 (5 months ago)
	Microsoft Teams phishing attack alerts coming to everyone next month Description: Microsoft reminded Microsoft 365 admins that its new brand impersonation protection feature for Teams Chat will be available for all customers by mid-February 2025. [...] Source: BleepingComputer January 27th, 2025 (5 months ago)
	Google takes action after coder reports 'most sophisticated attack I've ever seen' Source: TheRegister January 27th, 2025 (5 months ago)
	A Threat Actor Claims to have Leaked Sensitive Information of Pirelli Tire LLC Description: A Threat Actor Claims to have Leaked Sensitive Information of Pirelli Tire LLC Source: DarkWebInformer January 27th, 2025 (5 months ago)
	Clone2Leak attacks exploit Git flaws to steal credentials Description: A set of three distinct but related attacks, dubbed 'Clone2Leak,' can leak credentials by exploiting how Git and its credential helpers handle authentication requests. [...] Source: BleepingComputer January 27th, 2025 (5 months ago)
	DeepSeek Mania Shakes AI Industry to Its Core Description: /// Why a relatively unknown Chinese-developed AI model has turned the AI industry on its head. Source: 404 Media January 27th, 2025 (5 months ago)
	IntelBroker, EnergyWeaponUser, and Alex218 Claim to have Leaked the Data of Asia Recruit Malaysia Description: IntelBroker, EnergyWeaponUser, and Alex218 Claim to have Leaked the Data of Asia Recruit Malaysia Source: DarkWebInformer January 27th, 2025 (5 months ago)
	Counter Claims to have Leaked the Data of Pt. Deen Dayal Upadhyay Management College (DDUMC) Description: Counter Claims to have Leaked the Data of Pt. Deen Dayal Upadhyay Management College (DDUMC) Source: DarkWebInformer January 27th, 2025 (5 months ago)
	A Threat Actor Claims to have Leaked the Data of Atlas Pakistan (Pvt.) Ltd Description: A Threat Actor Claims to have Leaked the Data of Atlas Pakistan (Pvt.) Ltd Source: DarkWebInformer January 27th, 2025 (5 months ago)