CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Impact
Path traversal attack gives access to existing non-admin users to access and take over other user's repositories. A malicious user then can modify, delete, and arbitrarily repositories as if they were an admin user without explicitly giving them permissions.
Patches
This is patched in v0.8.2
Workarounds
Single user set-ups are not affected. This only affects multi-user Soft Serve set-ups that enable repository creation for users. Otherwise, upgrading is necessary to circumvent the attack.
References
https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-j4jw-m6xr-fv6c
https://github.com/charmbracelet/soft-serve/commit/a8d1bf3f9349c138383b65079b7b8ad97fff78f4
https://github.com/charmbracelet/soft-serve/releases/tag/v0.8.2
https://github.com/advisories/GHSA-j4jw-m6xr-fv6c
January 8th, 2025 (6 months ago)
|
|
|
Description: DEFACER KAMPUNG Defaced the Website of Government Polytechnic Mau
January 8th, 2025 (6 months ago)
|
|
|
Description: Anonymous Sudan Targeted the Website of Bank of Central African States (BEAC)
January 8th, 2025 (6 months ago)
|
|
|
Description: The International Civil Aviation Organization (ICAO), a specialized agency of the United Nations responsible for setting global aviation standards, has confirmed a data breach involving the exposure of over 42,000 recruitment application records. The breach, attributed to a threat actor known as “Natohub,” was first reported on BreachForums, where the stolen data was advertised. In …
The post International Civil Aviation Organization Confirms Data Breach appeared first on CyberInsider.
January 8th, 2025 (6 months ago)
|
|
|
Description: A Threat Actor Claims to be Selling the Data of DE Photo
January 8th, 2025 (6 months ago)
|
|
|
Description: Cybersecurity researchers from WatchTowr Labs have uncovered a troubling method for exploiting abandoned domains linked to backdoors in compromised systems. By purchasing unregistered domains referenced in web shells — backdoors used by hackers — the team managed to commandeer thousands of systems worldwide with minimal effort. This follows their earlier work on vulnerabilities in the …
The post Researchers Hijack Over 4,000 Backdoors Using Expired Domains appeared first on CyberInsider.
January 8th, 2025 (6 months ago)
|
|
|
Description: Low-code/no-code (LCNC) and robotic process automation (RPA) technologies allow companies to speed up development processes and reduce costs, but security is often overlooked. When this happens, the risks can outweigh the benefits.
January 8th, 2025 (6 months ago)
|
|
|
Description: Initial Access Brokers (IABs) are specialized cybercriminals that break into corporate networks and sell stolen access to other attackers. Learn from Specops Software about how IABs operate and how businesses can protect themselves. [...]
January 8th, 2025 (6 months ago)
|
|
|
Description: American football team Green Bay Packers says cybercriminals stole the credit card data of over 8,500 customers after hacking its official Pro Shop online retail store in a September breach. [...]
January 8th, 2025 (6 months ago)
|
|
|
Description: A Threat Actor Claims to be Selling National Institute of Public Administration in the Dominican Republic
January 8th, 2025 (6 months ago)
|