CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: miyako is Allegedly Selling Access to an Unidentified City Government in Germany
January 7th, 2025 (6 months ago)
|
|
|
Description: Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.
January 7th, 2025 (6 months ago)
|
|
|
Description: Telegram reveals that the communications platform has fulfilled 900 U.S. government requests, sharing the phone number or IP address information of 2,253 users with law enforcement. [...]
January 7th, 2025 (6 months ago)
|
|
|
Description: Impact
Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes.
Patches
matrix-sdk-crypto 0.8.0 adds a new VerificationLevel::VerificationViolation enum variant which indicates that a previously verified identity has been changed.
Workarounds
N/A
References
Patch: https://github.com/matrix-org/matrix-rust-sdk/pull/3795
References
https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-r5vf-wf4h-82gg
https://github.com/matrix-org/matrix-rust-sdk/pull/3795
https://github.com/advisories/GHSA-r5vf-wf4h-82gg
January 7th, 2025 (6 months ago)
|
|
|
Description: Cybersecurity researchers have uncovered firmware security vulnerabilities in the Illumina iSeq 100 DNA sequencing instrument that, if successfully exploited, could permit attackers to brick or plant persistent malware on susceptible devices.
"The Illumina iSeq 100 used a very outdated implementation of BIOS firmware using CSM [Compatibility Support Mode] mode and without Secure Boot or standard
January 7th, 2025 (6 months ago)
|
|
|
Description: A recent campaign targeting browser extensions illustrates that they are the next frontier in identity attacks. Learn more about these attacks from LayerX Security and how to receive a free extension audit. [...]
January 7th, 2025 (6 months ago)
|
CVE-2024-41713 |
Description: Mitel MiCollab contains a path traversal vulnerability that could allow an attacker to gain unauthorized and unauthenticated access. This vulnerability can be chained with CVE-2024-55550, which allows an unauthenticated, remote attacker to read arbitrary files on the server.
EPSS Score: 95.44%
January 7th, 2025 (6 months ago)
|
|
CVE-2024-55550 |
Description: Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an unauthenticated, remote attacker to read arbitrary files on the server.
EPSS Score: 42.72%
January 7th, 2025 (6 months ago)
|
|
CVE-2020-2883 |
Description: Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP or T3.
CVSS: CRITICAL (9.8)
January 7th, 2025 (6 months ago)
|
|
|
Description: We can't put defense on hold until Inauguration Day.
January 7th, 2025 (6 months ago)
|