CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Hacker News•added 2024/04/18 2:25 p.m.•27 views

OfflRouter Malware Evades Detection in Ukraine for Almost a Decade

Select Ukrainian government networks have remained infected with a malware called OfflRouter since 2015. Cisco Talos said its findings are based on an analysis of over 100 confidential documents that were infected with the VBA macro virus and uploaded to the VirusTotal malware scanning platform...

7.6AI score

Securelist•added 2024/04/18 10:0 a.m.•34 views

DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware

Introduction In February 2024, we discovered a new malware campaign targeting government entities in the Middle East. We dubbed it "DuneQuixote"; and our investigation uncovered over 30 DuneQuixote dropper samples actively employed in the campaign. These droppers, which exist in two versions –...

7.8AI score

Talos Blog•added 2024/04/17 11:59 a.m.•29 views

OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal

During a threat-hunting exercise, Cisco Talos discovered documents with potentially confidential information originating from Ukraine. The documents contained malicious VBA code, indicating they may be used as lures to infect organizations. The results of the investigation have shown that the...

7AI score

HackRead•added 2024/04/16 12:8 a.m.•28 views

IntelBroker Claims Space-Eyes Breach, Targeting US National Security Data

By Waqas Hacker "IntelBroker" claims to have breached Space-Eyes, a geospatial intelligence firm, exposing US national security data. Authorities investigate the claim that could impact sensitive government operations. This is a post from HackRead.com Read the original post: IntelBroker Claims...

7.2AI score

Krebs on Security•added 2024/04/15 2:51 p.m.•24 views

Crickets from Chirp Systems in Smart Lock Key Leak

The U.S. government is warning that "smart locks" securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The locks maker Chirp Systems remains unresponsive, even though it was first notified about the critical...

7AI score

Wired Threat Level•added 2024/04/15 10:30 a.m.•21 views

The US Government Has a Microsoft Problem

Microsoft has stumbled through a series of major cybersecurity failures over the past few years. Experts say the US government’s reliance on its systems means the company continues to get a free pass...

7.2AI score

Openbugbounty•added 2024/04/13 2:29 p.m.•14 views

bangladesh.gov.bd Cross Site Scripting vulnerability OBB-3917764

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Circl•added 2024/04/10 8:8 p.m.•1 views

CVE-2024-3385

creationtimestamp| type| source ---|---|--- 2024-04-10 20:08:42+00:00| seen| Telegram/KYIaGGUUECfiFFhr1hRQaqqeF1Mr1zoJwWDvL7eDPVKrWpg 2024-04-15 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1270...

7.5CVSS7.3AI score0.03089EPSS

Circl•added 2024/04/10 8:8 p.m.•1 views

CVE-2024-3386

5.3CVSS5.5AI score0.0035EPSS

Circl•added 2024/04/10 8:8 p.m.•0 views

CVE-2024-3388

5CVSS5.3AI score0.00196EPSS

Circl•added 2024/04/10 8:8 p.m.•2 views

CVE-2024-3382

7.5CVSS7.3AI score0.00437EPSS

Circl•added 2024/04/10 8:8 p.m.•0 views

CVE-2024-3383

9.1CVSS8.5AI score0.00249EPSS

Openbugbounty•added 2024/04/09 9:16 a.m.•6 views

customs.gov.dm Cross Site Scripting vulnerability OBB-3911589

The Hacker News•added 2024/04/06 9:43 a.m.•81 views

Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites

Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 CVSS score: 9.1, which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way f...

9.1CVSS8.3AI score0.07195EPSS

The Hacker News•added 2024/04/04 3:30 p.m.•21 views

New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware

An updated version of an information-stealing malware called Rhadamanthys is being used in phishing campaigns targeting the oil and gas sector. "The phishing emails use a unique vehicle incident lure and, in later stages of the infection chain, spoof the Federal Bureau of Transportation in a PDF...

6.8AI score

Openbugbounty•added 2024/04/04 12:10 p.m.•9 views

navigator.nt.gov.au Cross Site Scripting vulnerability OBB-3901658

Circl•added 2024/04/04 11:29 a.m.•2 views

CVE-2024-22052

creationtimestamp| type| source ---|---|--- 2024-04-04 11:29:08+00:00| seen| https://t.me/truesecator/5600 2024-04-05 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1264 2024-06-27 09:11:07+00:00| seen| Telegram/x9JS41Sa9eM8fwvN1jTJaAVhqN0YoMCl-PIDyzwY8LMJZQ 2025-05-12...

7.5CVSS6.9AI score0.04148EPSS

Exploits0References3

Circl•added 2024/04/04 7:3 a.m.•1 views

CVE-2024-21894

creationtimestamp| type| source ---|---|--- 2024-04-04 07:03:45+00:00| seen| Telegram/HJZjl4zcHzNkK9qESQes7pHD5yDJiNFx4NpOCqZMnHaQAGE 2024-04-04 07:26:12+00:00| seen| Telegram/x9KHbxgX9Frqda1uh6jS8zt0AD5sLEGypR32VYhAt0rpRA 2024-04-04 07:26:13+00:00| seen| https://t.me/tengkorakcybercrewz/4933...

9.8CVSS7.4AI score0.07942EPSS

Exploits0References12

Openbugbounty•added 2024/04/02 3:35 p.m.•11 views

nepal.gov.np Cross Site Scripting vulnerability OBB-3896580