CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

	State Child Protection Society Has Been Claimed a Victim to Funksec Ransomware Description: State Child Protection Society Has Been Claimed a Victim to Funksec Ransomware Source: DarkWebInformer January 1st, 2025 (7 months ago)
	A Threat Actor Claims to be Selling the Data of ASISA Description: A Threat Actor Claims to be Selling the Data of ASISA Source: DarkWebInformer January 1st, 2025 (7 months ago)
	A Threat Actor Claims to have Leaked the Data of an Unidentified Maritime Industry Company in the US Description: A Threat Actor Claims to have Leaked the Data of an Unidentified Maritime Industry Company in the US Source: DarkWebInformer January 1st, 2025 (7 months ago)
	A Threat Actor Claims to be Selling the Data of Carruth Compliance Consulting, Inc Description: A Threat Actor Claims to be Selling the Data of Carruth Compliance Consulting, Inc Source: DarkWebInformer January 1st, 2025 (7 months ago)
	IntelBroker and EnergyWeaponUser Allegedly Leaked the Source Code of Ministry of Environment Description: IntelBroker and EnergyWeaponUser Allegedly Leaked the Source Code of Ministry of Environment Source: DarkWebInformer January 1st, 2025 (7 months ago)
	A Threat Actor is Allegedly Selling Access to an Unidentified Canadian Retail Corp Description: A Threat Actor is Allegedly Selling Access to an Unidentified Canadian Retail Corp Source: DarkWebInformer January 1st, 2025 (7 months ago)
	New "DoubleClickjacking" Exploit Bypasses Clickjacking Protections on Major Websites Description: Threat hunters have disclosed a new "widespread timing-based vulnerability class" that leverages a double-click sequence to facilitate clickjacking attacks and account takeovers in almost all major websites. The technique has been codenamed DoubleClickjacking by security researcher Paulos Yibelo. "Instead of relying on a single click, it takes advantage of a double-click sequence," Yibelo said. Source: TheHackerNews January 1st, 2025 (7 months ago)
	Iranian and Russian Entities Sanctioned for Election Interference Using AI and Cyber Tactics Description: The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Tuesday leveled sanctions against two entities in Iran and Russia for their attempts to interfere with the November 2024 presidential election. The federal agency said the entities – a subordinate organization of Iran's Islamic Revolutionary Guard Corps and a Moscow-based affiliate of Russia's Main Intelligence Source: TheHackerNews January 1st, 2025 (7 months ago)
	An announcement from Paris on Dread Description: An announcement from Paris on Dread Source: DarkWebInformer January 1st, 2025 (7 months ago)
CVE-2024-7341	Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters Description: A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation. EPSS Score: 0.19% Source: CVE January 1st, 2025 (7 months ago)