ethicalhack3r
@ethicalhack3r.bsky.social
Founder of Damn Vulnerable Web App (DVWA)
Founder of WPScan (acquired by Automattic)
Check out my new project! https://kevintel.com
Founder of WPScan (acquired by Automattic)
Check out my new project! https://kevintel.com
Reposted by ethicalhack3r
Unfortunately, CyberAlerts is not profitable as a business and it is time to shut it down.
This has not been an easy decision. After 6+ months of costs and no income, it is not sustainable.
Will be taken offline and your user data permanently deleted on June 30th, 2025.
This has not been an easy decision. After 6+ months of costs and no income, it is not sustainable.
Will be taken offline and your user data permanently deleted on June 30th, 2025.
June 11, 2025 at 9:49 AM
Unfortunately, CyberAlerts is not profitable as a business and it is time to shut it down.
This has not been an easy decision. After 6+ months of costs and no income, it is not sustainable.
Will be taken offline and your user data permanently deleted on June 30th, 2025.
This has not been an easy decision. After 6+ months of costs and no income, it is not sustainable.
Will be taken offline and your user data permanently deleted on June 30th, 2025.
Two CVEs have been assigned to the vulnerabilities in vBulletin 5.0.0 through 6.0.3 found by Karma(In)Security
• CVE-2025-48827
• CVE-2025-48828
These vulnerabilities were detected being exploited in the wild by the KEVIntel sensors on May 26th.
• CVE-2025-48827
• CVE-2025-48828
These vulnerabilities were detected being exploited in the wild by the KEVIntel sensors on May 26th.
May 27, 2025 at 10:51 AM
Two CVEs have been assigned to the vulnerabilities in vBulletin 5.0.0 through 6.0.3 found by Karma(In)Security
• CVE-2025-48827
• CVE-2025-48828
These vulnerabilities were detected being exploited in the wild by the KEVIntel sensors on May 26th.
• CVE-2025-48827
• CVE-2025-48828
These vulnerabilities were detected being exploited in the wild by the KEVIntel sensors on May 26th.
Great news! Added an extra 29 historical WordPress KEVs to KEVIntel!
If you have a Pro API subscription, these all have the "wordpress" tag.
Also, have you noticed CISA's next incremental number? Who's betting they only add just one new KEV next time? 😅
If you have a Pro API subscription, these all have the "wordpress" tag.
Also, have you noticed CISA's next incremental number? Who's betting they only add just one new KEV next time? 😅
May 13, 2025 at 2:37 PM
Great news! Added an extra 29 historical WordPress KEVs to KEVIntel!
If you have a Pro API subscription, these all have the "wordpress" tag.
Also, have you noticed CISA's next incremental number? Who's betting they only add just one new KEV next time? 😅
If you have a Pro API subscription, these all have the "wordpress" tag.
Also, have you noticed CISA's next incremental number? Who's betting they only add just one new KEV next time? 😅
This morning I added 190 historical KEVs to KEVIntel, bringing the total count of KEVs to 1648. At the time of writing, that's 313 more than CISA.
May 12, 2025 at 9:19 AM
This morning I added 190 historical KEVs to KEVIntel, bringing the total count of KEVs to 1648. At the time of writing, that's 313 more than CISA.
Reposted by ethicalhack3r
Meta just landed a $167M verdict against NSO Group for their WhatsApp hack
• NSO's Pegasus spyware infected 1,400 WhatsApp users
• Zero-click attack (phone to be ON)
• Damages awarded = 3x NSO's annual R&D budget
• Meta's sharing court depositions publicly
www.theregister.com/2025/05/06/n...
• NSO's Pegasus spyware infected 1,400 WhatsApp users
• Zero-click attack (phone to be ON)
• Damages awarded = 3x NSO's annual R&D budget
• Meta's sharing court depositions publicly
www.theregister.com/2025/05/06/n...
NSO Group must pay Meta $168M in WhatsApp spy case
: Don't f&#k with Zuck
www.theregister.com
May 7, 2025 at 3:03 PM
Meta just landed a $167M verdict against NSO Group for their WhatsApp hack
• NSO's Pegasus spyware infected 1,400 WhatsApp users
• Zero-click attack (phone to be ON)
• Damages awarded = 3x NSO's annual R&D budget
• Meta's sharing court depositions publicly
www.theregister.com/2025/05/06/n...
• NSO's Pegasus spyware infected 1,400 WhatsApp users
• Zero-click attack (phone to be ON)
• Damages awarded = 3x NSO's annual R&D budget
• Meta's sharing court depositions publicly
www.theregister.com/2025/05/06/n...
Good morning!
Two new KEVs this morning:
- CVE-2024-6047
- CVE-2024-11120
Both Unauthenticated OS Command Injection affecting GeoVision EOL devices.
Two new KEVs this morning:
- CVE-2024-6047
- CVE-2024-11120
Both Unauthenticated OS Command Injection affecting GeoVision EOL devices.
May 7, 2025 at 7:23 AM
Good morning!
Two new KEVs this morning:
- CVE-2024-6047
- CVE-2024-11120
Both Unauthenticated OS Command Injection affecting GeoVision EOL devices.
Two new KEVs this morning:
- CVE-2024-6047
- CVE-2024-11120
Both Unauthenticated OS Command Injection affecting GeoVision EOL devices.
Top 5 Worst of Worst (WoW) vulnerabilities within the past month.
What I would consider the most likely to be exploited (not including the prevalence of the product, which would make a big difference).
You should definitely patch these!
What I would consider the most likely to be exploited (not including the prevalence of the product, which would make a big difference).
You should definitely patch these!
May 6, 2025 at 12:15 PM
Top 5 Worst of Worst (WoW) vulnerabilities within the past month.
What I would consider the most likely to be exploited (not including the prevalence of the product, which would make a big difference).
You should definitely patch these!
What I would consider the most likely to be exploited (not including the prevalence of the product, which would make a big difference).
You should definitely patch these!
“The cyber criminals claim to have the private information of 20 million people wo signed up to Co-op's membership scheme, but the firm would not confirm that number.”
www.bbc.com/news/article...
www.bbc.com/news/article...
Co-op hackers stole 'significant' amount of customer data
The firm previously said there was 'no evidence that customer data was compromised'.
www.bbc.com
May 2, 2025 at 5:58 PM
“The cyber criminals claim to have the private information of 20 million people wo signed up to Co-op's membership scheme, but the firm would not confirm that number.”
www.bbc.com/news/article...
www.bbc.com/news/article...
May 2, 2025 at 2:59 PM
Reposted by ethicalhack3r
Today is our last big ticket drop.
9am, 12pm, 7pm main event tickets
1pm kids track tickets
ti.to/steelcon/2025
You can see our speaker list here:
www.steelcon.info/the-event/ta...
Workshops tickets will be next week once the dust settles.
9am, 12pm, 7pm main event tickets
1pm kids track tickets
ti.to/steelcon/2025
You can see our speaker list here:
www.steelcon.info/the-event/ta...
Workshops tickets will be next week once the dust settles.
Talks | SteelCon
www.steelcon.info
May 2, 2025 at 7:13 AM
Today is our last big ticket drop.
9am, 12pm, 7pm main event tickets
1pm kids track tickets
ti.to/steelcon/2025
You can see our speaker list here:
www.steelcon.info/the-event/ta...
Workshops tickets will be next week once the dust settles.
9am, 12pm, 7pm main event tickets
1pm kids track tickets
ti.to/steelcon/2025
You can see our speaker list here:
www.steelcon.info/the-event/ta...
Workshops tickets will be next week once the dust settles.
Two new KEVs on KEVIntel this morning
- CVE-2024-38475 (Apache Software Foundation)
- CVE-2023-44221 (SonicWall)
kevintel.com
- CVE-2024-38475 (Apache Software Foundation)
- CVE-2023-44221 (SonicWall)
kevintel.com
May 1, 2025 at 9:16 AM
Two new KEVs on KEVIntel this morning
- CVE-2024-38475 (Apache Software Foundation)
- CVE-2023-44221 (SonicWall)
kevintel.com
- CVE-2024-38475 (Apache Software Foundation)
- CVE-2023-44221 (SonicWall)
kevintel.com
🚨 KEVIntel is live!
Known Exploited Vulnerabilities Intel
Open access via RSS, API, or CSV.
Enriched with EPSS scores, exploits, PoCs, and more.
Built for defenders.
🔗 Explore now: kevintel.com
#infosec #cybersecurity #threatintel
Known Exploited Vulnerabilities Intel
Open access via RSS, API, or CSV.
Enriched with EPSS scores, exploits, PoCs, and more.
Built for defenders.
🔗 Explore now: kevintel.com
#infosec #cybersecurity #threatintel
KEVIntel
kevintel.com
April 30, 2025 at 2:04 PM
🚨 KEVIntel is live!
Known Exploited Vulnerabilities Intel
Open access via RSS, API, or CSV.
Enriched with EPSS scores, exploits, PoCs, and more.
Built for defenders.
🔗 Explore now: kevintel.com
#infosec #cybersecurity #threatintel
Known Exploited Vulnerabilities Intel
Open access via RSS, API, or CSV.
Enriched with EPSS scores, exploits, PoCs, and more.
Built for defenders.
🔗 Explore now: kevintel.com
#infosec #cybersecurity #threatintel
April 29, 2025 at 2:58 PM
New reading material
April 28, 2025 at 7:38 PM
New reading material
New reading material
April 28, 2025 at 7:30 PM
New reading material
Not a bad place to take a couple of hours break from coding
April 28, 2025 at 12:15 PM
Not a bad place to take a couple of hours break from coding
Reposted by ethicalhack3r
CVE-2025-32432: Craft CMS Allows Remote Code Execution
Marked as known exploited.
Metasploit module also available.
cyberalerts.io/vulnerabilit...
Marked as known exploited.
Metasploit module also available.
cyberalerts.io/vulnerabilit...
April 26, 2025 at 10:03 AM
CVE-2025-32432: Craft CMS Allows Remote Code Execution
Marked as known exploited.
Metasploit module also available.
cyberalerts.io/vulnerabilit...
Marked as known exploited.
Metasploit module also available.
cyberalerts.io/vulnerabilit...
SAP NetWeaver missing authorization has been marked as known exploited in CyberAlerts KEV
CVE-2025-31324
cyberalerts.io/kev
CVE-2025-31324
cyberalerts.io/kev
April 25, 2025 at 2:07 PM
SAP NetWeaver missing authorization has been marked as known exploited in CyberAlerts KEV
CVE-2025-31324
cyberalerts.io/kev
CVE-2025-31324
cyberalerts.io/kev
For anyone using T-Pot Honeypot, any cool tips/tricks/hacks I should know about?
April 24, 2025 at 9:48 PM
For anyone using T-Pot Honeypot, any cool tips/tricks/hacks I should know about?
“Recent public reporting inaccurately implied the program was at risk due to a lack of funding. To set the record straight, there was no funding issue, but rather a contract administration issue that was resolved prior to a contract lapse.“ - CISA
www.cisa.gov/news-events/...
www.cisa.gov/news-events/...
Statement from Matt Hartman on the CVE Program | CISA
www.cisa.gov
April 24, 2025 at 6:27 AM
“Recent public reporting inaccurately implied the program was at risk due to a lack of funding. To set the record straight, there was no funding issue, but rather a contract administration issue that was resolved prior to a contract lapse.“ - CISA
www.cisa.gov/news-events/...
www.cisa.gov/news-events/...
Verizon #DBIR 2025 is ready!
Didn’t notice anything ground breaking from a quick skim through.
What did stand out was 20% increase in breaches due to vulnerabilities.
Anyone else find anything interesting or surprising?
www.verizon.com/business/res...
Didn’t notice anything ground breaking from a quick skim through.
What did stand out was 20% increase in breaches due to vulnerabilities.
Anyone else find anything interesting or surprising?
www.verizon.com/business/res...
2025 Data Breach Investigations Report
The 2025 Data Breach Investigations Report (DBIR) from Verizon is here! Get the latest updates on real-world breaches and help safeguard your organization from cybersecurity attacks.
www.verizon.com
April 23, 2025 at 6:54 AM
Verizon #DBIR 2025 is ready!
Didn’t notice anything ground breaking from a quick skim through.
What did stand out was 20% increase in breaches due to vulnerabilities.
Anyone else find anything interesting or surprising?
www.verizon.com/business/res...
Didn’t notice anything ground breaking from a quick skim through.
What did stand out was 20% increase in breaches due to vulnerabilities.
Anyone else find anything interesting or surprising?
www.verizon.com/business/res...
Another great example of CyberAlerts.io early warning and alerting.
In this case, we alerted our users 14 hours before CISA KEV, to an actively exploited Apple iOS vulnerability.
We’ve also made changes so that this will be even earlier in the future!
cyberalerts.io/vulnerabilit...
In this case, we alerted our users 14 hours before CISA KEV, to an actively exploited Apple iOS vulnerability.
We’ve also made changes so that this will be even earlier in the future!
cyberalerts.io/vulnerabilit...
April 17, 2025 at 6:23 PM
Another great example of CyberAlerts.io early warning and alerting.
In this case, we alerted our users 14 hours before CISA KEV, to an actively exploited Apple iOS vulnerability.
We’ve also made changes so that this will be even earlier in the future!
cyberalerts.io/vulnerabilit...
In this case, we alerted our users 14 hours before CISA KEV, to an actively exploited Apple iOS vulnerability.
We’ve also made changes so that this will be even earlier in the future!
cyberalerts.io/vulnerabilit...
Reposted by ethicalhack3r
🚨 CyberAlerts adds two Apple iOS Known Exploited Vulnerabilities (KEV) to their database not yet in CISA KEV
- CVE-2025-31200
- CVE-2025-31201
Update to tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1
cyberalerts.io/kev
- CVE-2025-31200
- CVE-2025-31201
Update to tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1
cyberalerts.io/kev
April 17, 2025 at 9:10 AM
🚨 CyberAlerts adds two Apple iOS Known Exploited Vulnerabilities (KEV) to their database not yet in CISA KEV
- CVE-2025-31200
- CVE-2025-31201
Update to tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1
cyberalerts.io/kev
- CVE-2025-31200
- CVE-2025-31201
Update to tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1
cyberalerts.io/kev
April 16, 2025 at 11:21 AM
