CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Pat McFadden, the most senior minister in Britain’s Cabinet Office, told the CYBERUK conference that Beijing had “the sophistication, the scale and the seriousness” to pose an exceptional national security challenge.
May 7th, 2025 (about 1 month ago)
|
CVE-2025-20969 |
Description: Improper input validation in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows local attackers to access data within Samsung Gallery.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
May 7th, 2025 (about 1 month ago)
|
|
CVE-2025-20968 |
Description: Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery.
CVSS: HIGH (7.2) EPSS Score: 0.05%
May 7th, 2025 (about 1 month ago)
|
|
CVE-2025-20967 |
Description: Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read and write arbitrary file with the privilege of Samsung Gallery.
CVSS: MEDIUM (5.1) EPSS Score: 0.02%
May 7th, 2025 (about 1 month ago)
|
|
CVE-2025-20966 |
Description: Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across multiple user profiles.
CVSS: MEDIUM (4.6) EPSS Score: 0.02%
May 7th, 2025 (about 1 month ago)
|
|
Description: Alleged Sale of Confidential Pakistan Defense Production Data, Including Strategic Plans with China and Turkey
May 6th, 2025 (about 1 month ago)
|
|
CVE-2025-4043 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 6.1
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Milesight
Equipment: UG65-868M-EA
Vulnerability: Improper Access Control for Volatile Memory Containing Boot Code
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow any user with admin privileges to inject arbitrary shell commands.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of UG65-868M-EA, an industrial gateway, are affected:
UG65-868M-EA: Firmware versions prior to 60.0.0.46
3.2 VULNERABILITY OVERVIEW
3.2.1 Improper Access Control for Volatile Memory Containing Boot Code CWE-1274
An admin user can gain unauthorized write access to the /etc/rc.local file on the device, which is executed on a system boot.
CVE-2025-4043 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N).
A CVSS v4 score has also been calculated for CVE-2025-4043. A base score of 6.1 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N).
3.3 BACKGROUND
CRITICAL INFRASTRUCTURE SECTORS: Energy
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: China
3.4 RESEARCHER
Joe Lovett of Pen Test Partners reported this vulnerability to CISA.
4. MITIGATIONS
Milesight released the latest firmware Version 60.0.0.46 for the UG65 gateway. Users can download the latest firmware from ...
EPSS Score: 0.03%
May 6th, 2025 (about 1 month ago)
|
|
May 4th, 2025 (about 1 month ago)
|
|
Description: The Irish Data Protection Commission (DPC) has imposed a €530 million fine on TikTok, concluding a major inquiry into the social media giant's unlawful transfers of personal data belonging to European Economic Area (EEA) users to China, and its failure to meet key transparency obligations under the GDPR. The investigation, conducted by the DPC in …
The post TikTok Fined €530 Million in Ireland Over Data Transfers to China appeared first on CyberInsider.
May 2nd, 2025 (about 1 month ago)
|
|
Description: Ireland's Data Protection Commission (DPC) on Tuesday fined popular video-sharing platform TikTok €530 million ($601 million) for infringing data protection regulations in the region by transferring European users' data to China.
"TikTok infringed the GDPR regarding its transfers of EEA [European Economic Area] User Data to China and its transparency requirements," the DPC said in a statement. "
May 2nd, 2025 (about 1 month ago)
|