CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: A newly disclosed vulnerability in OpenAI's ChatGPT API allows attackers to trigger Distributed Denial-of-Service (DDoS) attacks against arbitrary websites using OpenAI's own infrastructure. The flaw enables an unauthenticated attacker to overwhelm a target website with HTTP requests originating from OpenAI's Microsoft Azure-hosted servers. OpenAI, a leading artificial intelligence research organization, operates ChatGPT, one of the …
The post Flaw in ChatGPT API Allows Powerful Reflective DDoS Attacks appeared first on CyberInsider.
January 20th, 2025 (6 months ago)
|
|
|
Description: A newly identified Adversary-in-the-Middle (AiTM) phishing kit, dubbed Sneaky 2FA, is being distributed as a Phishing-as-a-Service (PhaaS) operation on Telegram, enabling cybercriminals to bypass multi-factor authentication (MFA) protections for Microsoft 365 accounts. Sekoia’s Threat Detection & Research (TDR) team discovered the phishing kit in December 2024 during routine threat-hunting activities and has since linked it …
The post New AiTM PhaaS Platform ‘Sneaky 2FA’ Targets Microsoft 365 Accounts appeared first on CyberInsider.
January 20th, 2025 (6 months ago)
|
|
|
Description: A Threat Actor is Allegedly Selling the Data of Speedio
January 20th, 2025 (6 months ago)
|
|
|
Description: The Threat actor known as DoNot Team has been linked to a new Android malware as part of highly targeted cyber attacks.
The artifacts in question, named Tanzeem (meaning "organization" in Urdu) and Tanzeem Update, were spotted in October and December 2024 by cybersecurity company Cyfirma. The apps in question have been found to incorporate identical functions, barring minor modifications to the
January 20th, 2025 (6 months ago)
|
|
|
Description: New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks.
"Internet hosts that accept tunneling packets without verifying the sender's identity can be hijacked to perform anonymous attacks and provide access to their networks," Top10VPN said in a study, as part of a collaboration with KU Leuven professor
January 20th, 2025 (6 months ago)
|
|
|
Description: The US Department of Commerce will prohibit the import of components for connected vehicles from China or Russia, as the US continues to ban technology it sees as potential national security threats.
January 20th, 2025 (6 months ago)
|
|
|
Description: For months members of the public have been using GeoSpy, a tool trained on millions of images that can find the location a photo was taken based on soil, architecture, and more. It's GeoGuesser at scale.
January 20th, 2025 (6 months ago)
|
|
|
January 20th, 2025 (6 months ago)
|
|
|
Description: Every week seems to bring news of another data breach, and it’s no surprise why: securing sensitive data has become harder than ever. And it’s not just because companies are dealing with orders of magnitude more data. Data flows and user roles are constantly shifting, and data is stored across multiple technologies and cloud environments. Not to mention, compliance requirements are only getting
January 20th, 2025 (6 months ago)
|
|
|
Description: As the digital world becomes more complicated, the lines between national security and cybersecurity are starting to fade. Recent cyber sanctions and intelligence moves show a reality where malware and fake news are used as tools in global politics. Every cyberattack now seems to have deeper political consequences. Governments are facing new, unpredictable threats that can't be fought with
January 20th, 2025 (6 months ago)
|