CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
[grandpa-verifier] ismp-grandpa crate accepted incorrect signatures
Description: A critical vulnerability was discovered in the ismp-grandpa crate, that allowed a malicious prover easily convince the verifier of the finality of arbitrary headers. Description The vulnerability manifests as a verifer that only accepts incorrect signatures of Grandpa precommits and was introduced in this specific commit. Perhaps due to unfamiliarity with core substrate APIs. The if statement should have included a negation check, similar to the previous code, but this was omitted. Causing the verifier to only accept invalid signatures. This vulnerability remained undetected even with integration tests, as the prover was also misconfigured to initialize the Grandpa verifier with the incorrect authority set_id. This causes verification of honest precommit signatures to fail as the message is now malformed, but the verifier indeed only accepts signatures or messages that fail the verification check. But even more devastatingly, the verifier will also accept malicious GRANDPA signatures for any precommit message. This vulnerability has been fixed in this commit and a patch release has been published. Impact This could be used to steal funds or compromise other kinds of cross-chain applications. Patches This vulnerability has been fixed in the latest version of ismp-granpda v15.0.1 Recommendations Users who rely on the compromised versions must upgrade immediately, as all vulnerable versions of the crate has been yanked. References https://github.com/polytope-labs/hyperbrid...
Source: Github Advisory Database (Rust)
January 28th, 2025 (5 months ago)
LinkedIn Removes Accounts of AI 'Co-Workers' Looking for Jobs
Description: An AI LinkedIn profile was "open to work," boasting it’s a better worker than a human.
Source: 404 Media
January 28th, 2025 (5 months ago)
A Threat Actor Claims to be Selling 900+ Unreleased Databases
Description: A Threat Actor Claims to be Selling 900+ Unreleased Databases
Source: DarkWebInformer
January 28th, 2025 (5 months ago)
Engineering giant Smiths Group discloses security breach
Description: London-based engineering giant Smiths Group disclosed a security breach after unknown attackers gained access to the company's systems. [...]
Source: BleepingComputer
January 28th, 2025 (5 months ago)
PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks
Description: A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in Poland and Germany. The attacks have led to the deployment of various payloads, such as Agent Tesla, Snake Keylogger, and a previously undocumented backdoor dubbed TorNet that's delivered by means of PureCrypter. TorNet is so
Source: TheHackerNews
January 28th, 2025 (5 months ago)
A Threat Actor Claims to be Selling the Data of H&M (UAE)
Description: A Threat Actor Claims to be Selling the Data of H&M (UAE)
Source: DarkWebInformer
January 28th, 2025 (5 months ago)
A Threat Actor Claims to be Selling a FUD Browser Stealer
Description: A Threat Actor Claims to be Selling a FUD Browser Stealer
Source: DarkWebInformer
January 28th, 2025 (5 months ago)
Signal will let you sync old messages when linking new devices
Description: Signal is finally adding a new feature that allows users to synchronize their old message history from their primary iOS or Android devices to newly linked devices like desktops and iPads. [...]
Source: BleepingComputer
January 28th, 2025 (5 months ago)
Written by: Nino Isakovic
Description: Written by: Nino Isakovic Introduction Since 2022, Google Threat Intelligence Group (GTIG) has been tracking multiple cyber espionage operations conducted by China-nexus actors utilizing POISONPLUG.SHADOW. These operations employ a custom obfuscating compiler that we refer to as "ScatterBrain," facilitating attacks against various entities across Europe and the Asia Pacific (APAC) region. ScatterBrain appears to be a substantial evolution of ScatterBee, an obfuscating compiler previously analyzed by PWC. GTIG assesses that POISONPLUG is an advanced modular backdoor used by multiple distinct, but likely related threat groups based in the PRC, however we assess that POISONPLUG.SHADOW usage appears to be further restricted to clusters associated with APT41. GTIG currently tracks three known POISONPLUG variants: POISONPLUG POISONPLUG.DEED POISONPLUG.SHADOW POISONPLUG.SHADOW—often referred to as "Shadowpad," a malware family name first introduced by Kaspersky—stands out due to its use of a custom obfuscating compiler specifically designed to evade detection and analysis. Its complexity is compounded by not only the extensive obfuscation mechanisms employed but also by the attackers' highly sophisticated threat tactics. These elements collectively make analysis exceptionally challenging and complicate efforts to identify, understand, and mitigate the associate...
Source: Google Threat Intelligence
January 28th, 2025 (5 months ago)
EnergyWeaponUser is Allegedly Selling Access to an Unidentified Bodycam Company
Description: EnergyWeaponUser is Allegedly Selling Access to an Unidentified Bodycam Company
Source: DarkWebInformer
January 28th, 2025 (5 months ago)