CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-21088 |
Description: Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-21088
https://mattermost.com/security-updates
https://github.com/advisories/GHSA-8j3q-gc9x-7972
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 15th, 2025 (6 months ago)
|
|
CVE-2025-20086 |
Description: Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-20086
https://mattermost.com/security-updates
https://github.com/advisories/GHSA-5m7j-6gc4-ff5g
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 15th, 2025 (6 months ago)
|
|
Description: CISA shared guidance for government agencies and enterprises on using expanded cloud logs in their Microsoft 365 tenants as part of their forensic and compliance investigations. [...]
January 15th, 2025 (6 months ago)
|
|
|
January 15th, 2025 (6 months ago)
|
|
|
Description: Today, CISA released the Microsoft Expanded Cloud Logs Implementation Playbook to help organizations get the most out of Microsoft’s newly introduced logs in Microsoft Purview Audit (Standard). This step-by-step guide enables technical personnel to better detect and defend against advanced intrusion techniques by operationalizing expanded cloud logs.
The playbook details analytical methodologies tied to using these logs. Specifically, the playbook offers:
An overview of the newly introduced logs in Microsoft Purview Audit (Standard) that enable organizations to conduct forensic and compliance investigations by accessing critical events (e.g., mail items accessed, mail items sent, and user searches in SharePoint Online and Exchange Online).
A description of administration/enabling actions and ingestion of these logs to Microsoft Sentinel and Splunk Security Information and Event Management (SIEM) systems.
A discussion of significant events in other M365 services, such as Teams.
CISA encourages organizations to use the playbook to make newly available logs an actionable part of their enterprise cybersecurity operations.
January 15th, 2025 (6 months ago)
|
|
|
Description: A newly discovered botnet of 13,000 MikroTik devices uses a misconfiguration in domain name server records to bypass email protections and deliver malware by spoofing roughly 20,000 web domains. [...]
January 15th, 2025 (6 months ago)
|
|
|
Description: Justice Alito should watch this Pornhub video about calculus.
January 15th, 2025 (6 months ago)
|
|
|
Description: Defensive Linux Security
January 15th, 2025 (6 months ago)
|
|
|
Description: Avery Products Corporation is warning it suffered a data breach after its website was hacked to steal customers' credit cards and personal information. [...]
January 15th, 2025 (6 months ago)
|
|
|
Description: Ironically, cybercriminals now use Google search advertisements to promote phishing sites that steal advertisers' credentials for the Google Ads platform. [...]
January 15th, 2025 (6 months ago)
|