Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: An affidavit unsealed in Washington, D.C., alleges that the two “targeted vulnerable children online, coercing them into producing degrading and explicit content under threat and manipulation."
April 30th, 2025 (1 day ago)
|
|
Description: Commvault, a leading provider of data protection solutions, says a nation-state threat actor who breached its Azure environment didn't gain access to customer backup data. [...]
April 30th, 2025 (1 day ago)
|
|
Description: The FBI has shared 42,000 phishing domains tied to the LabHost cybercrime platform, one of the largest global phishing-as-a-service (PhaaS) platforms that was dismantled in April 2024. [...]
April 30th, 2025 (1 day ago)
|
|
Description: Southwood Financial specializes in private student loan solutions
and debt settlement services aimed at helping borrowers achieve
financial stability. SWF FUNDING LLC and EduCap Inc. have also be
en impacted and lost their data.
We are going to to upload more than 370 GB of these companies. In
the archives you will find the following: personal information o
f employees and borrowers (SSNs, passports and so on), financial
data (audits, payment details, reports), a lot of corporate NDAs,
etc.
April 30th, 2025 (1 day ago)
|
|
Description: Co-op Food has disclosed a cyberattack targeting its internal systems, leading to disruptions in back-office and customer support operations. While the incident prompted precautionary security measures, all retail stores, funeral homes, and quick commerce services remain open and fully operational. In a statement shared with our newsroom, a Co-op spokesperson confirmed that the company “recently …
The post Co-op Food Supermarket Chain Hit by Disruptive Cyberattack appeared first on CyberInsider.
April 30th, 2025 (1 day ago)
|
|
Description: Opportunistic threat actors targeted Portuguese and Spanish speakers by spoofing Portugal's national airline in a campaign offering compensation for delayed or disrupted flights.
April 30th, 2025 (1 day ago)
|
CVE-2025-46342 |
Description: Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selector(s) in their match statements are mistakenly not applied during admission review request processing due to a missing error propagation in function `GetNamespaceSelectorsFromNamespaceLister` in `pkg/utils/engine/labels.go`. As a consequence, security-critical mutations and validations are bypassed, potentially allowing attackers with K8s API access to perform malicious operations. This issue has been patched in versions 1.13.5 and 1.14.0.
CVSS: HIGH (8.6)
April 30th, 2025 (1 day ago)
|
|
CVE-2025-4122 |
Description: A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been rated as critical. Affected by this issue is the function sub_435E04. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. Eine kritische Schwachstelle wurde in Netgear JWNR2000v2 1.0.0.11 ausgemacht. Dies betrifft die Funktion sub_435E04. Durch Beeinflussen des Arguments host mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren.
CVSS: MEDIUM (5.3)
April 30th, 2025 (1 day ago)
|
|
CVE-2025-32974 |
Description: XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider TextAreas with default content type. When editing a page, XWiki warns since version 15.9 when there is content on the page like a script macro that would gain more rights due to the editing. This analysis doesn't consider certain kinds of properties, allowing a user to put malicious scripts in there that will be executed after a user with script, admin, or programming rights edited the page. Such a malicious script could impact the confidentiality, integrity and availability of the whole XWiki installation. This issue has been patched in versions 15.10.8 and 16.2.0.
CVSS: CRITICAL (9.1)
April 30th, 2025 (1 day ago)
|
|
CVE-2025-32973 |
Description: XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, when a user with programming rights edits a document in XWiki that was last edited by a user without programming rights and contains an XWiki.ComponentClass, there is no warning that this will grant programming rights to this object. An attacker who created such a malicious object could use this to gain programming rights on the wiki. For this, the attacker needs to have edit rights on at least one page to place this object and then get an admin user to edit that document. This issue has been patched in versions 15.10.12, 16.4.3, and 16.8.0-rc-1.
CVSS: CRITICAL (9.1)
April 30th, 2025 (1 day ago)
|