CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Senior Dating - 765,517 breached accounts
Description: In 2024, the 40+ dating website Senior Dating suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 766k users of the service including email addresses, photos, genders, links to Facebook accounts, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down after the breach was acknowledged by the site operator in December, along with a breach of the "ladies.com" website run by the same organisation.
Source: HaveIBeenPwnedLatestBreaches
December 9th, 2024 (7 months ago)
Anna Jaques Hospital ransomware breach exposed data of 300K patients
Description: Anna Jaques Hospital has confirmed on its website that a ransomware attack it suffered almost precisely a year ago, on December 25, 2023, has exposed sensitive health data for over 316,000 patients. [...]
Source: BleepingComputer
December 8th, 2024 (7 months ago)
Blue Yonder SaaS giant breached by Termite ransomware gang
Description: ​The Termite ransomware gang has officially claimed responsibility for the November breach of software as a service (SaaS) provider Blue Yonder. [...]
Source: BleepingComputer
December 6th, 2024 (7 months ago)
U.S. org suffered four month intrusion by Chinese hackers
Description: A large U.S. organization with significant presence in China has been reportedly breached by China-based threat actors who persisted on its networks from April to August 2024. [...]
Source: BleepingComputer
December 5th, 2024 (7 months ago)
US arrests Scattered Spider suspect linked to telecom hacks
Description: ​U.S. authorities have arrested a 19-year-old teenager linked to the notorious Scattered Spider cybercrime gang who is now charged with breaching a U.S. financial institution and two unnamed telecommunications firms. [...]
Source: BleepingComputer
December 5th, 2024 (7 months ago)

CVE-2024-3656
Keycloak: unguarded admin rest api endpoints allows low privilege users to use administrative functionalities
Description: A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.

EPSS Score: 0.09%

Source: CVE
December 5th, 2024 (7 months ago)
White House: Salt Typhoon hacked telcos in dozens of countries
Description: ​Chinese state hackers, known as Salt Typhoon, have breached telecommunications companies in dozens of countries, President Biden's deputy national security adviser Anne Neuberger said today. [...]
Source: BleepingComputer
December 4th, 2024 (7 months ago)
Misconfigured WAFs Heighten DoS, Breach Risks
Description: Organizations that rely on their content delivery network provider for Web application firewall services may be inadvertently leaving themselves open to attack.
Source: Dark Reading
December 3rd, 2024 (7 months ago)
US shares tips to block hackers behind recent telecom breaches
Description: ​CISA released guidance today to help network defenders harden their systems against attacks coordinated by the Salt Typhoon Chinese threat group that breached multiple major global telecommunications providers earlier this year. [...]
Source: BleepingComputer
December 3rd, 2024 (7 months ago)
[ezsystems/ezplatform-http-cache] ezsystems/ezplatform-http-cache affected by Breach with Varnish VCL
Description: Impact This is not a vulnerability in the code per se, but included Varnish VCL templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix disables compression in these templates. Please make sure to make the same change in your configuration files, see the release notes for specific instructions. Please check your web server configuration as well. Patches See "Patched versions". https://github.com/ezsystems/ezplatform-http-cache/commit/ca8a5cf69b2c14fbec90412aeeef5c755c51457b Workarounds Make sure HTTP compression is disabled for REST API requests and other communication that might contain secrets. References Advisory: https://developers.ibexa.co/security-advisories/ibexa-sa-2024-006-vulnerabilities-in-content-name-pattern-commerce-shop-and-varnish-vhost-templates Release notes: https://doc.ibexa.co/en/latest/update_and_migration/from_3.3/update_from_3.3/#v3341 https://github.com/ibexa/post-install/security/advisories/GHSA-4h8f-c635-25p7 https://github.com/ibexa/http-cache/security/advisories/GHSA-fh7v-q458-7vmw https://www.breachattack.com/ References https://github.com/ezsystems/ezplatform-http-cache/security/advisories/GHSA-mgfg-7533-7jf6 https://github.com/ibexa/http-cache/security/advisories/GHSA-fh7v-q458-7vmw https://github.com/ibexa/post-install/security/advisories/GHSA-4h8f-c635-25p7 https://github.com/e...
Source: Github Advisory Database (Composer)
December 3rd, 2024 (7 months ago)