CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: [Darknetlive Archive] Man Sentenced in SLO Murder-for-Hire Case
January 8th, 2025 (6 months ago)
|
|
|
Description: "Where Warlocks Stay Up Late" project speaks to hackers who have played pivotal roles in shaping the field of cybersecurity. The video interviews are complemented by an encyclopedia and an anthropological map.
January 8th, 2025 (6 months ago)
|
|
|
Description: ​Medusind, a leading billing provider for healthcare organizations, is notifying hundreds of thousands of individuals of a data breach that exposed their personal and health information more than a year ago, in December 2023. [...]
January 8th, 2025 (6 months ago)
|
|
|
Description: Over 4,000 abandoned but still active web backdoors were hijacked and their communication infrastructure sinkholed after researchers registered expired domains used for commanding them. [...]
January 8th, 2025 (6 months ago)
|
|
|
Description: Albanian Hacking Tool: Ethical Hacking, Social Media Hacks, Phone Info, and More
January 8th, 2025 (6 months ago)
|
CVE-2023-40273 |
Description: Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider.
This issue affects Apache Airflow Fab Provider: before 1.5.2.
When user password has been changed with admin CLI, the sessions for that user have not been cleared, leading to insufficient session expiration, thus logged users could continue to be logged in even after the password was changed. This only happened when the password was changed with CLI. The problem does not happen in case change was done with webserver thus this is different from CVE-2023-40273 which was addressed in Apache-Airflow 2.7.0
Users are recommended to upgrade to version 1.5.2, which fixes the issue.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-45033
https://github.com/apache/airflow/pull/45139
https://lists.apache.org/thread/yw535346rk766ybzpqtvrl36sjj789st
https://github.com/advisories/GHSA-8863-4qmg-fr45
January 8th, 2025 (6 months ago)
|
|
CVE-2024-54676 |
Description: Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0
Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data.
Users are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-54676
https://lists.apache.org/thread/o0k05jxrt5tp4nm45lj14yfjxmg67m95
http://www.openwall.com/lists/oss-security/2025/01/08/1
https://github.com/apache/openmeetings/commit/1c3426c6d3abbd984a3c01a61decf1242ea38923
https://issues.apache.org/jira/browse/OPENMEETINGS-2787
https://github.com/advisories/GHSA-mjf9-4pcv-vfg7
EPSS Score: 0.18%
January 8th, 2025 (6 months ago)
|
|
|
Description: Using the Cloud Security Principles to evaluate the suitability of a cloud service.
January 8th, 2025 (6 months ago)
|
|
|
Description: Alixsec Targeted Many Websites in Finland
January 8th, 2025 (6 months ago)
|
|
|
Description: Attackers are abusing a Microsoft 365 feature to send payment requests to users, tricking them into logging in to their accounts so attackers can seize control over them.
January 8th, 2025 (6 months ago)
|