CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2020-2883 |
Description: Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP or T3.
CVSS: CRITICAL (9.8)
January 7th, 2025 (6 months ago)
|
|
Description: We can't put defense on hold until Inauguration Day.
January 7th, 2025 (6 months ago)
|
|
|
Description: The Green Bay Packers American football team is notifying fans that a threat actor hacked its official online retail store in October and injected a card skimmer script to steal customers' personal and payment information. [...]
January 7th, 2025 (6 months ago)
|
|
|
Description: The deal adds Phylum's technology for malicious package analysis, detection, and mitigation to Veracode's software composition analysis portfolio.
January 7th, 2025 (6 months ago)
|
|
|
Description: It's time once again to pay our respects to the once-famous cybersecurity solutions whose usefulness died in the past year. The cybercriminal world collectively mourns the loss of these solutions and the easy access they provide to victim organizations. These solutions, though celebrated in their prime, succumbed to the twin forces of time and advancing threats. Much like a tribute to
January 7th, 2025 (6 months ago)
|
|
|
Description: Washington Attorney General Bob Ferguson filed a lawsuit against T-Mobile, alleging severe failures in protecting consumer data that resulted in a 2021 breach impacting over 79 million individuals nationwide, including more than 2 million Washingtonians. The breach exposed sensitive data such as Social Security numbers, driver’s license details, and phone numbers, putting millions at risk …
The post Washington Sues T-Mobile Over 2021 Data Breach Impacting 79 Million appeared first on CyberInsider.
January 7th, 2025 (6 months ago)
|
|
|
Description: Telegram, the popular yet controversial messaging app, has significantly increased its compliance with law enforcement data requests, fulfilling 900 requests from U.S. authorities in 2024. This marks a massive spike in cooperation compared to earlier periods, with data provided affecting 2,253 users, according to newly released transparency figures accessed via Telegram's Transparency Reports bot. The …
The post Telegram Shared Data on 2,253 Users with U.S. Authorities in 2024 appeared first on CyberInsider.
January 7th, 2025 (6 months ago)
|
|
|
Description: Internet service providers (ISPs) and governmental entities in the Middle East have been targeted using an updated variant of the EAGERBEE malware framework.
The new variant of EAGERBEE (aka Thumtais) comes fitted with various components that allow the backdoor to deploy additional payloads, enumerate file systems, and execute commands shells, demonstrating a significant evolution.
"The key
January 7th, 2025 (6 months ago)
|
|
CVE-2024-9138 |
Description: Taiwan-based Moxa has warned of two security vulnerabilities impacting its cellular routers, secure routers, and network security appliances that could allow privilege escalation and command execution.
The list of vulnerabilities is as follows -
CVE-2024-9138 (CVSS 4.0 score: 8.6) - A hard-coded credentials vulnerability that could allow an authenticated user to escalate privileges and gain
CVSS: HIGH (8.6) EPSS Score: 0.04%
January 7th, 2025 (6 months ago)
|
|
CVE-2025-21620 |
Description: Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Deno'sfetch() redirect handling creates a follow-up redirect request that keeps the original Authorization header, leaking its content to that second domain. This vulnerability is fixed in 2.1.2.
CVSS: HIGH (7.5) EPSS Score: 0.04%
January 7th, 2025 (6 months ago)
|