CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

	New 0-Click Attack Can Geolocate Signal and Discord Users Description: A 15-year-old security researcher, Daniel (@hackermondev), has disclosed a zero-click deanonymization attack capable of revealing a user's approximate location within a 250-mile radius. The attack exploits content delivery network (CDN) caching mechanisms, particularly Cloudflare's caching infrastructure, and affects widely used platforms such as Signal and Discord. Despite responsible disclosure, responses from affected companies have been … The post New 0-Click Attack Can Geolocate Signal and Discord Users appeared first on CyberInsider. Source: CyberInsider January 22nd, 2025 (6 months ago)
CVE-2025-21556	Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products Description: Oracle is urging customers to apply its January 2025 Critical Patch Update (CPU) to address 318 new security vulnerabilities spanning its products and services. The most severe of the flaws is a bug in the Oracle Agile Product Lifecycle Management (PLM) Framework (CVE-2025-21556, CVSS score: 9.9) that could allow an attacker to seize control of susceptible instances. "Easily exploitable CVSS: CRITICAL (9.9) EPSS Score: 0.04% Source: TheHackerNews January 22nd, 2025 (6 months ago)
	Mandatory MFA, Biometrics Make Headway in Middle East, Africa Description: Despite lagging in technology adoption, African and Middle Eastern organizations are catching up, driven by smartphone acceptance and national identity systems. Source: Dark Reading January 22nd, 2025 (6 months ago)
	Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Device Description: Web infrastructure and security company Cloudflare on Tuesday said it detected and blocked a 5.6 Terabit per second (Tbps) distributed denial-of-service (DDoS) attack, the largest ever attack to be reported to date. The UDP protocol-based attack took place on October 29, 2024, targeting one of its customers, an unnamed internet service provider (ISP) from Eastern Asia. The activity originated Source: TheHackerNews January 22nd, 2025 (6 months ago)
	[Virtual Event]: Cybersecurity's Most Promising New and Emerging Technologies Source: Dark Reading January 22nd, 2025 (6 months ago)
	Multiple vulnerabilities in I-O DATA router UD-LT2 Description: UD-LT2 provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities. Source: Japan Vulnerability Notes (JVN) January 22nd, 2025 (6 months ago)
	PowerSchool thieves net decades of Canadian students' records, hit 40-plus US states Source: TheRegister January 22nd, 2025 (6 months ago)
CVE-2025-24461	In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint Description: In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint CVSS: MEDIUM (6.5) EPSS Score: 0.05% Source: CVE January 22nd, 2025 (6 months ago)
CVE-2025-24460	In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool Description: In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool CVSS: MEDIUM (4.3) EPSS Score: 0.05% Source: CVE January 22nd, 2025 (6 months ago)
CVE-2025-24459	In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page Description: In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page CVSS: MEDIUM (4.6) EPSS Score: 0.05% Source: CVE January 22nd, 2025 (6 months ago)