Lucene search
K

220 matches found

Snyk
Snyk
added 2025/09/15 7:39 a.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

9.8CVSS7AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/09/15 7:39 a.m.8 views

@crowdstrike/alloy-react (>=0.0.2 <=0.0.5) potentially affected by unknown CVE via @crowdstrike/foundry-js (=0.17.1)

@crowdstrike/foundry-js NPM version =0.17.1 is affected by a known vulnerability. The following packages have a transitive dependency on @crowdstrike/foundry-js and may be impacted: - @crowdstrike/alloy-react =0.0.2, =0.0.5 Source cves: unknown CVE Source advisory:...

5.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/07/28 12:0 a.m.10 views

The vulnerability of the TLS protocol implementation in the Crowdstrike Falcon endpoint protection software allows a attacker to execute a “man-in-the-middle” attack.

The vulnerability of the TLS protocol implementation in the Crowdstrike Falcon endpoint protection software is related to the lack of trust chain tracking during certificate verification. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” attack...

8.1CVSS5.7AI score0.00269EPSS
Exploits0References4Affected Software3
Wired Threat Level
Wired Threat Level
added 2025/07/19 3:54 p.m.7 views

At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds

Of those, more than 200 appear to have had outages of services related to patient care following CrowdStrike’s disastrous crash, researchers have revealed...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/09 11:0 a.m.6 views

How To Automate Ticket Creation, Device Identification and Threat Triage With Tines

Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform's Community Edition. A recent standout is a workflow that...

7.5AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2025/06/02 4:0 p.m.9 views

Announcing a new strategic collaboration to bring clarity to threat actor naming

In today’s cyberthreat landscape, even seconds of delay can mean the difference between stopping a cyberattack or falling victim to ransomware. One major cause of delayed response is understanding threat actor attribution, which is often slowed by inaccurate or incomplete data as well as...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 1:0 a.m.10 views

CVE-2022-2841

A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.15610/6.44.15806. It has been classified as problematic. Affected is an unknown function of the component Uninstallation Handler. The manipulation leads to missing authorization. It is possible to launch the attack remotely. The...

2.7CVSS6.8AI score0.03672EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/02/14 7:22 p.m.6 views

CVE-2025-1146

CrowdStrike uses industry-standard TLS transport layer security to secure communications from the Falcon sensor to the CrowdStrike cloud. CrowdStrike has identified a validation logic error in the Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor where o...

8.1CVSS6.9AI score0.00269EPSS
Exploits0References3
NVD
NVD
added 2025/02/12 7:15 p.m.27 views

CVE-2025-1146

CrowdStrike uses industry-standard TLS transport layer security to secure communications from the Falcon sensor to the CrowdStrike cloud. CrowdStrike has identified a validation logic error in the Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor where o...

8.1CVSS0.00269EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/12 6:27 p.m.17 views

CVE-2025-1146 CrowdStrike Falcon Sensor for Linux TLS Issue

CrowdStrike uses industry-standard TLS transport layer security to secure communications from the Falcon sensor to the CrowdStrike cloud. CrowdStrike has identified a validation logic error in the Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor where o...

8.1CVSS8AI score0.00269EPSS
Exploits0References1
CVE
CVE
added 2025/02/12 6:27 p.m.267 views

CVE-2025-1146

CVE-2025-1146 affects CrowdStrike Falcon Sensor family for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor. A validation logic error in the TLS connection routine can cause server certificate handling to be processed incorrectly, potentially enabling a man-in-the-middle...

8.1CVSS8AI score0.00269EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/12 6:27 p.m.15 views

CVE-2025-1146 CrowdStrike Falcon Sensor for Linux TLS Issue

CrowdStrike uses industry-standard TLS transport layer security to secure communications from the Falcon sensor to the CrowdStrike cloud. CrowdStrike has identified a validation logic error in the Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor where o...

8.1CVSS0.00269EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.5 views

PT-2025-6837 · Crowdstrike · Falcon Sensor For Linux +2

Name of the Vulnerable Software and Affected Versions: Falcon Sensor for Linux versions prior to 7.06 Falcon Kubernetes Admission Controller versions prior to 7.06 Falcon Container Sensor versions prior to 7.06 Description: The issue is related to a validation logic error in the TLS connection...

8.1CVSS6.3AI score0.00269EPSS
Exploits0References20
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.3 views

CrowdStrike Falcon 安全漏洞

CrowdStrike Falcon is an endpoint, cloud and identity protection product from CrowdStrike, Inc. in the United States. A security vulnerability exists in CrowdStrike Falcon that stems from an error in the TLS connection routine validation logic, which can lead to a man-in-the-middle attack. The...

8.1CVSS6.5AI score0.00269EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/01/15 12:43 a.m.350 views

Exploit for Heap-based Buffer Overflow in Microsoft

CVE-2024-49138-POC Proof of Concept that exploits CVE-2024-4...

7.8CVSS8.9AI score0.25414EPSS
Exploits4
HackRead
HackRead
added 2025/01/11 2:36 p.m.2 views

Fake CrowdStrike Recruiters Distribute Malware Via Phishing Emails

SUMMARY Cybercriminals are deploying a tricky new phishing campaign impersonating the cybersecurity firm CrowdStrike's recruiters to distribute a…...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/01/10 9:9 a.m.16 views

CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer

Cybersecurity company CrowdStrike is alerting of a phishing campaign that exploits its own branding to distribute a cryptocurrency miner that's disguised as an employee CRM application as part of a supposed recruitment process. "The attack begins with a phishing email impersonating CrowdStrike...

7.5CVSS9.6AI score0.83642EPSS
Exploits6
The Hacker News
The Hacker News
added 2024/12/13 11:30 a.m.5 views

How to Generate a CrowdStrike RFM Report With AI in Tines

Run by the team at orchestration, AI, and automation platform Tines, the Tines library contains pre-built workflows shared by real security practitioners from across the community, all of which are free to import and deploy via the Community Edition of the platform. Their bi-annual "You Did What...

7.2AI score
Exploits0
Securelist
Securelist
added 2024/12/09 10:0 a.m.29 views

Story of the Year: global IT outages and supply chain attacks

A faulty update by cybersecurity firm CrowdStrike triggered one of the largest IT outages in history, impacting approximately 8.5 million systems worldwide. This incident serves as a stark reminder of the critical risks posed by global IT disruptions and supply chain weaknesses. With large-scale...

7.8CVSS7.6AI score0.51865EPSS
Exploits13
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/01 4:23 p.m.5 views

Malicious code in crowdstrike-foundry (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 89a436ce955b3eb01df1e23a27f7b9d0091b3720818f31559038c7af44bca276 The package looks like a beginning for a further work. In fact, the uploader has shortly published a few similar packages appearing to be e.g. an integration f...

7.1AI score
Exploits0References1
Rows per page
Query Builder