Open Source Alerts

China accuses US of exploiting Microsoft zero-day in cyberattack

China has accused U.S. intelligence agencies of conducting cyberattacks on two Chinese military enterprises, including the exploitation of a Microsoft Exchange zero-day vulnerability.

Luxembourg probes reported attack on Huawei tech that caused nationwide telecoms outage

Luxembourg experienced a nationwide telecommunications outage lasting over three hours, reportedly due to a cyberattack targeting Huawei router software within POST Luxembourg’s infrastructure.

Florida prison exposes visitor contact info to every inmate

A data breach at a Florida prison has exposed the personal contact information of prison visitors to all inmates, raising significant concerns about potential extortion, harassment, and physical threats to both inmates and their families.

AI-powered Cursor IDE vulnerable to prompt-injection attacks

A critical prompt-injection vulnerability, identified as CVE-2025-54135 and dubbed "CurXecute", affects almost all versions of the AI-powered Cursor IDE prior to version 1.3. This flaw allows remote code execution with developer privileges.

Pi-hole discloses data breach triggered by WordPress plugin flaw

Pi-hole, a widely-used network-level ad-blocker, has disclosed a data breach caused by a vulnerability in the GiveWP WordPress donation plugin. The flaw exposed donor names and email addresses to the public via the webpage's source code.

Staggering 800% Rise in Infostealer Credential Theft

Flashpoint’s Global Threat Intelligence Index: 2025 Midyear Edition, analyzing over 3.6 petabytes of data, reports an 800% surge in credential theft, with 1.8 billion credentials stolen from 5.8 million infected devices.

Android Malware Targets Banking Users Through Discord Channels

A new variant of the DoubleTrouble trojan is actively targeting users across Europe, posing a significant threat to financial data security. Initially spread via phishing websites, the malware now leverages Discord-hosted APKs for distribution.

Attackers actively exploit critical zero-day in Alone WordPress Theme

A critical zero-day vulnerability (CVE-2025-5394, CVSS 9.8) in the Alone – Charity Multipurpose Non-profit WordPress Theme is being actively exploited by threat actors. The theme has over 9,000 installations.

Back Up With Care, But Neglecting Patches can Leave You in Despair!

CVE-2024-7348 is a race condition vulnerability in PostgreSQL's `pg_dump` utility that allows attackers with sufficient privileges to execute arbitrary SQL commands as the user running the dump, often a superuser.

Kremlin goons caught abusing local ISPs to spy on diplomats

Microsoft has confirmed that the Russian state-sponsored threat group Secret Blizzard (aka Turla, VENOMOUS BEAR) is conducting cyber-espionage operations against foreign embassies in Moscow by exploiting local ISPs.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags