CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-0604
[org.keycloak:keycloak-ldap-federation] Authentication Bypass Due to Missing LDAP Bind After Password Reset in Keycloak
Description: A flaw was found in Keycloak. When an Active Directory user resets their password, the system updates it without performing an LDAP bind to validate the new credentials against AD. This vulnerability allows users whose AD accounts are expired or disabled to regain access in Keycloak, bypassing AD restrictions. The issue enables authentication bypass and could allow unauthorized access under certain conditions. References https://nvd.nist.gov/vuln/detail/CVE-2025-0604 https://access.redhat.com/security/cve/CVE-2025-0604 https://bugzilla.redhat.com/show_bug.cgi?id=2338993 https://github.com/advisories/GHSA-m3hp-8546-5qmr

CVSS: MEDIUM (5.4)

EPSS Score: 0.05%

Source: Github Advisory Database (Maven)
January 22nd, 2025 (6 months ago)
Cisco warns of denial of service flaw with PoC exploit code
Description: Cisco has released security updates to patch a ClamAV denial-of-service (DoS) vulnerability, which has proof-of-concept (PoC) exploit code. [...]
Source: BleepingComputer
January 22nd, 2025 (6 months ago)

CVE-2025-0282
Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications
Description: Note: The CVEs in this advisory are unrelated to vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in Ivanti’s Connect Secure, Policy Secure and ZTA Gateways. For more information on mitigating CVE -2025-0282 and CVE-2025-0283, see Ivanti Releases Security Updates for Connect Secure, Policy Secure, and ZTA Gateways. Summary The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory in response to exploitation in September 2024 of vulnerabilities in Ivanti Cloud Service Appliances (CSA): CVE-2024-8963, an administrative bypass vulnerability; CVE-2024-9379, a SQL injection vulnerability; and CVE-2024-8190 and CVE-2024-9380, remote code execution vulnerabilities. According to CISA and trusted third-party incident response data, threat actors chained the listed vulnerabilities to gain initial access, conduct remote code execution (RCE), obtain credentials, and implant webshells on victim networks. The actors’ primary exploit paths were two vulnerability chains. One exploit chain leveraged CVE-2024-8963 in conjunction with CVE-2024-8190 and CVE-2024-9380 and the other exploited CVE-2024-8963 and CVE-2024-9379. In one confirmed compromise, the actors moved laterally to two servers. All four vulnerabilities affect Ivanti CSA version 4.6x versions before 519, and two of the vulnerabilities (CVE-2024-9379 and CVE-2024-9380) affect CSA versions 5.0.1 and below; according to Ivanti, t...

CVSS: CRITICAL (9.0)

EPSS Score: 15.33%

Source: All CISA Advisories
January 22nd, 2025 (6 months ago)
Ddarknotevil Claims to be Selling the Data of NEOM
Description: Ddarknotevil Claims to be Selling the Data of NEOM
Source: DarkWebInformer
January 22nd, 2025 (6 months ago)
PowerSchool hacker claims they stole data of 62 million students
Description: The hacker who breached education tech giant PowerSchool claimed in an extortion demand that they've stolen the personal data of 62.4 million students and 9.5 million teachers, BleepingComputer has learned. [...]
Source: BleepingComputer
January 22nd, 2025 (6 months ago)
Hundreds of Subreddits Are Considering Banning All Links to X
Description: Dozens of big subreddits have already banned all Twitter links, and posts about potential bans are some of the most popular on the site.
Source: 404 Media
January 22nd, 2025 (6 months ago)
Give users confidence in your digital infrastructure
Source: TheRegister
January 22nd, 2025 (6 months ago)
Conduent confirms cybersecurity incident behind recent outage
Description: American business services giant and government contractor Conduent confirmed today that a recent outage resulted from what it described as a "cyber security incident." [...]
Source: BleepingComputer
January 22nd, 2025 (6 months ago)
A Threat Actor Claims to be Selling UK Government Email Accounts
Description: A Threat Actor Claims to be Selling UK Government Email Accounts
Source: DarkWebInformer
January 22nd, 2025 (6 months ago)
IPany VPN Breached by Hackers Planting Backdoor on Installer
Description: A China-aligned APT group dubbed PlushDaemon has executed a supply-chain attack on IPany, a South Korean VPN provider, by embedding a sophisticated backdoor named SlowStepper into its installer. According to ESET researchers, the attack, which began in late 2023, targeted users across South Korea, Japan, and China, with particular focus on industries like semiconductors and … The post IPany VPN Breached by Hackers Planting Backdoor on Installer appeared first on CyberInsider.
Source: CyberInsider
January 22nd, 2025 (6 months ago)