CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-0620
Samba: smbd doesn't pick up group membership changes when re-authenticating an expired smb session
Description: A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.

CVSS: MEDIUM (6.6)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE
June 6th, 2025 (28 days ago)
Off-brand IoT devices are still vulnerable to BadBox botnet, FBI says
Description: TV streaming devices, digital projectors and other IoT devices are being infected with BadBox 2.0 malware after the original campaign was stifled by German law enforcement.
Source: The Record
June 6th, 2025 (28 days ago)
Cellebrite Buys Corellium to Strengthen Its Phone Cracking Abilities
Description: Cellebrite has announced its intention to acquire Corellium, a pioneer in ARM-based virtualization technology, in a $170 million deal set to reshape the digital forensics and mobile security testing landscape. The acquisition, expected to close this summer pending regulatory approval, will integrate Corellium’s virtualized device emulation into Cellebrite’s suite of tools used by law enforcement, … The post Cellebrite Buys Corellium to Strengthen Its Phone Cracking Abilities appeared first on CyberInsider.
Source: CyberInsider
June 6th, 2025 (28 days ago)
Synthetic Data Is Here to Stay, but How Secure Is It?
Description: Synthetic data offers organizations a way to develop AI while maintaining privacy compliance but requires careful management to prevent re-identification risks and ensure model accuracy.
Source: Dark Reading
June 6th, 2025 (28 days ago)
Critical Fortinet flaws now exploited in Qilin ransomware attacks
Description: The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely. [...]
Source: BleepingComputer
June 6th, 2025 (28 days ago)
Microsoft Helps CBI Dismantle Indian Call Centers Behind Japanese Tech Support Scam
Description: India's Central Bureau of Investigation (CBI) has revealed that it has arrested four individuals and dismantled two illegal call centers that were found to be engaging in a sophisticated transnational tech support scam targeting Japanese citizens. The law enforcement agency said it conducted coordinated searches at 19 locations across Delhi, Haryana, and Uttar Pradesh on May 28, 2025, as part of
Source: TheHackerNews
June 6th, 2025 (28 days ago)
Empower Users and Protect Against GenAI Data Loss
Description: When generative AI tools became widely available in late 2022, it wasn’t just technologists who paid attention. Employees across all industries immediately recognized the potential of generative AI to boost productivity, streamline communication and accelerate work. Like so many waves of consumer-first IT innovation before it—file sharing, cloud storage and collaboration platforms—AI landed in
Source: TheHackerNews
June 6th, 2025 (28 days ago)

CVE-2025-5766
code-projects Laundry System cross-site request forgery
Description: A vulnerability was found in code-projects Laundry System 1.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In code-projects Laundry System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion. Durch Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 0.03%

Source: CVE
June 6th, 2025 (28 days ago)

CVE-2025-5765
code-projects Laundry System edit_laundry.php cross site scripting
Description: A vulnerability was found in code-projects Laundry System 1.0. It has been classified as problematic. This affects an unknown part of the file /data/edit_laundry.php. The manipulation of the argument Customer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in code-projects Laundry System 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /data/edit_laundry.php. Durch das Manipulieren des Arguments Customer mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (3.5)

EPSS Score: 0.03%

Source: CVE
June 6th, 2025 (28 days ago)

CVE-2025-5764
code-projects Laundry System insert_laundry.php cross site scripting
Description: A vulnerability was found in code-projects Laundry System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /data/insert_laundry.php. The manipulation of the argument Customer leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in code-projects Laundry System 1.0 gefunden. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /data/insert_laundry.php. Mittels Manipulieren des Arguments Customer mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.1)

EPSS Score: 0.03%

Source: CVE
June 6th, 2025 (28 days ago)