CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: BayMark Health Services, North America's largest provider of substance use disorder (SUD) treatment and recovery services, is notifying an undisclosed number of patients that attackers stole their personal and health information in a September 2024 breach. [...]
January 9th, 2025 (6 months ago)
|
|
|
Description: Meta's decision to specifically allow users to call LGBTQ+ people "mentally ill" has sparked widespread backlash at the company.
January 9th, 2025 (6 months ago)
|
|
|
Description: Hazel gets inspired by watching Wendy Nather’s recent keynote, and explores ways to challenge security assumptions.
January 9th, 2025 (6 months ago)
|
|
|
Description: Catalonia City Local Police Data Allegedly for Sale by Threat Actor Jackyseller
January 9th, 2025 (6 months ago)
|
|
|
Description: Anonymous Guys Targets Ukrainian Government Websites in DDoS Attack
January 9th, 2025 (6 months ago)
|
CVE-2025-0282 |
Description: Two stack-based buffer overflow issues were disclosed in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA. CVE-2025-0282, the more severe of the two issues, has been exploited in the wild against Ivanti Connect Secure devices.
CVSS: CRITICAL (9.0) EPSS Score: 15.33%
January 9th, 2025 (6 months ago)
|
|
|
Description: AI generated slop is tricking people into thinking an already devastating series of wildfires in Los Angeles are even worse than they are — and using it to score political points.
January 9th, 2025 (6 months ago)
|
|
|
Description: Vulnerability Summary
A type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations (Django, SQLAlchemy, Pydantic). The vulnerability occurs when multiple GraphQL types are mapped to the same underlying model while using the relay node interface.
Affected Components
Strawberry GraphQL relay integration
Specifically impacts implementations using:
Django integration
SQLAlchemy integration
Pydantic integration
Technical Details
The vulnerability manifests when:
Multiple GraphQL types inherit from relay.Node
These types are mapped to the same database model
The global node field is used for type resolution
Example of vulnerable code:
from fruits.models import Fruit
import strawberry_django
import strawberry
@strawberry_django.type(Fruit)
class FruitType(relay.Node):
name: strawberry.auto
@strawberry_django.type(Fruit)
class SpecialFruitType(relay.Node):
secret_name: strawberry.auto
@strawberry.type
class Query:
node: relay.Node = strawberry_django.node()
Security Impact
When querying for a specific type using the global node field (e.g., FruitType:some-id), the resolver may incorrectly return an instance of a different type mapped to the same model (e.g., SpecialFruitType). This can lead to:
Information disclosure if the alternate type exposes sensitive fields
Potential privilege escalation if the alternate type contains data intended for restricted access
Note
Even with knowledge of the correct t...
January 9th, 2025 (6 months ago)
|
|
|
Description: A new version of the Banshee info-stealing malware for macOS has been evading detection over the past two months by adopting string encryption from Apple's XProtect. [...]
January 9th, 2025 (6 months ago)
|
|
|
Description: [Darknetlive Archive] Italian Man Allegedly Hired a Hitman on the Darkweb
January 9th, 2025 (6 months ago)
|