CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Washington Sues T-Mobile Over 2021 Data Breach Impacting 79 Million
Description: Washington Attorney General Bob Ferguson filed a lawsuit against T-Mobile, alleging severe failures in protecting consumer data that resulted in a 2021 breach impacting over 79 million individuals nationwide, including more than 2 million Washingtonians. The breach exposed sensitive data such as Social Security numbers, driver’s license details, and phone numbers, putting millions at risk … The post Washington Sues T-Mobile Over 2021 Data Breach Impacting 79 Million appeared first on CyberInsider.
Source: CyberInsider
January 7th, 2025 (6 months ago)
Telegram Shared Data on 2,253 Users with U.S. Authorities in 2024
Description: Telegram, the popular yet controversial messaging app, has significantly increased its compliance with law enforcement data requests, fulfilling 900 requests from U.S. authorities in 2024. This marks a massive spike in cooperation compared to earlier periods, with data provided affecting 2,253 users, according to newly released transparency figures accessed via Telegram's Transparency Reports bot. The … The post Telegram Shared Data on 2,253 Users with U.S. Authorities in 2024 appeared first on CyberInsider.
Source: CyberInsider
January 7th, 2025 (6 months ago)
New EAGERBEE Variant Targets ISPs and Governments with Advanced Backdoor Capabilities
Description: Internet service providers (ISPs) and governmental entities in the Middle East have been targeted using an updated variant of the EAGERBEE malware framework. The new variant of EAGERBEE (aka Thumtais) comes fitted with various components that allow the backdoor to deploy additional payloads, enumerate file systems, and execute commands shells, demonstrating a significant evolution. "The key
Source: TheHackerNews
January 7th, 2025 (6 months ago)

CVE-2024-9138
Moxa Alerts Users to High-Severity Vulnerabilities in Cellular and Secure Routers
Description: Taiwan-based Moxa has warned of two security vulnerabilities impacting its cellular routers, secure routers, and network security appliances that could allow privilege escalation and command execution. The list of vulnerabilities is as follows - CVE-2024-9138 (CVSS 4.0 score: 8.6) - A hard-coded credentials vulnerability that could allow an authenticated user to escalate privileges and gain

CVSS: HIGH (8.6)

EPSS Score: 0.04%

Source: TheHackerNews
January 7th, 2025 (6 months ago)

CVE-2025-21620
Deno's authorization headers not dropped when redirecting cross-origin
Description: Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Deno'sfetch() redirect handling creates a follow-up redirect request that keeps the original Authorization header, leaking its content to that second domain. This vulnerability is fixed in 2.1.2.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
January 7th, 2025 (6 months ago)

CVE-2025-21618
NiceGUI On Air authentication issue
Description: NiceGUI is an easy-to-use, Python-based UI framework. Prior to 2.9.1, authenticating with NiceGUI logged in the user for all browsers, including browsers in incognito mode. This vulnerability is fixed in 2.9.1.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
January 7th, 2025 (6 months ago)

CVE-2025-21617
Guzzle OAuth Subscriber has insufficient nonce entropy
Description: Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0. Prior to 0.8.1, Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source. This can leave servers vulnerable to replay attacks when TLS is not used. This vulnerability is fixed in 0.8.1.

CVSS: MEDIUM (6.3)

EPSS Score: 0.05%

Source: CVE
January 7th, 2025 (6 months ago)

CVE-2025-21616
Plane has a Cross-site scripting (XSS) via SVG image upload
Description: Plane is an open-source project management tool. A cross-site scripting (XSS) vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
January 7th, 2025 (6 months ago)

CVE-2025-21615
AAT allows data exfiltration by other apps installed on the same device
Description: AAT (Another Activity Tracker) is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from malicious apps installed on the same device.

CVSS: MEDIUM (5.5)

EPSS Score: 0.04%

Source: CVE
January 7th, 2025 (6 months ago)

CVE-2025-21614
go-git clients vulnerable to DoS via maliciously crafted Git server replies
Description: go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
January 7th, 2025 (6 months ago)