Author | Lightnews

Reposted by ethicalhack3r

CyberAlerts @cyberalerts.bsky.social · Jun 11

Unfortunately, CyberAlerts is not profitable as a business and it is time to shut it down.

This has not been an easy decision. After 6+ months of costs and no income, it is not sustainable.

Will be taken offline and your user data permanently deleted on June 30th, 2025.

1

ethicalhack3r @ethicalhack3r.bsky.social · May 27

Two CVEs have been assigned to the vulnerabilities in vBulletin 5.0.0 through 6.0.3 found by Karma(In)Security

• CVE-2025-48827
• CVE-2025-48828

These vulnerabilities were detected being exploited in the wild by the KEVIntel sensors on May 26th.

1 1

ethicalhack3r @ethicalhack3r.bsky.social · May 25

Shameful!

ethicalhack3r @ethicalhack3r.bsky.social · May 13

Great news! Added an extra 29 historical WordPress KEVs to KEVIntel!

If you have a Pro API subscription, these all have the "wordpress" tag.

Also, have you noticed CISA's next incremental number? Who's betting they only add just one new KEV next time? 😅

ethicalhack3r @ethicalhack3r.bsky.social · May 12

This morning I added 190 historical KEVs to KEVIntel, bringing the total count of KEVs to 1648. At the time of writing, that's 313 more than CISA.

Reposted by ethicalhack3r

Javvad Malik @j4vv4d.com · May 7

Meta just landed a $167M verdict against NSO Group for their WhatsApp hack
• NSO's Pegasus spyware infected 1,400 WhatsApp users
• Zero-click attack (phone to be ON)
• Damages awarded = 3x NSO's annual R&D budget
• Meta's sharing court depositions publicly
www.theregister.com/2025/05/06/n...

NSO Group must pay Meta $168M in WhatsApp spy case

: Don't f&#k with Zuck

www.theregister.com

1 4 4

ethicalhack3r @ethicalhack3r.bsky.social · May 7

Good morning!

Two new KEVs this morning:

- CVE-2024-6047
- CVE-2024-11120

Both Unauthenticated OS Command Injection affecting GeoVision EOL devices.

1

ethicalhack3r @ethicalhack3r.bsky.social · May 6

Top 5 Worst of Worst (WoW) vulnerabilities within the past month.

What I would consider the most likely to be exploited (not including the prevalence of the product, which would make a big difference).

You should definitely patch these!

1

ethicalhack3r @ethicalhack3r.bsky.social · May 2

“The cyber criminals claim to have the private information of 20 million people wo signed up to Co-op's membership scheme, but the firm would not confirm that number.”

www.bbc.com/news/article...

Co-op hackers stole 'significant' amount of customer data

The firm previously said there was 'no evidence that customer data was compromised'.

www.bbc.com

ethicalhack3r @ethicalhack3r.bsky.social · May 2

Ha! Nice DVWA meme in latest WatchTowr blog post

cc @digi.ninja

1 3

Reposted by ethicalhack3r

SteelCon @steelcon.info · May 2

Today is our last big ticket drop.

9am, 12pm, 7pm main event tickets

1pm kids track tickets

ti.to/steelcon/2025

You can see our speaker list here:

www.steelcon.info/the-event/ta...

Workshops tickets will be next week once the dust settles.

Talks | SteelCon

www.steelcon.info

7 5

ethicalhack3r @ethicalhack3r.bsky.social · May 1

Two new KEVs on KEVIntel this morning

- CVE-2024-38475 (Apache Software Foundation)
- CVE-2023-44221 (SonicWall)

kevintel.com

2

ethicalhack3r @ethicalhack3r.bsky.social · Apr 30

🚨 KEVIntel is live!

Known Exploited Vulnerabilities Intel

Open access via RSS, API, or CSV.

Enriched with EPSS scores, exploits, PoCs, and more.

Built for defenders.

🔗 Explore now: kevintel.com

#infosec #cybersecurity #threatintel

KEVIntel

kevintel.com

ethicalhack3r @ethicalhack3r.bsky.social · Apr 29

Known Exploited Vulnerabilities Intel

kevintel.com

ethicalhack3r @ethicalhack3r.bsky.social · Apr 28

New reading material

1

ethicalhack3r @ethicalhack3r.bsky.social · Apr 28

New reading material

2

ethicalhack3r @ethicalhack3r.bsky.social · Apr 28

Haha, thanks Justin

It’s Menorca. I would recommend it if you’re ever close by!

ethicalhack3r @ethicalhack3r.bsky.social · Apr 28

Not a bad place to take a couple of hours break from coding

1 2

Reposted by ethicalhack3r

CyberAlerts @cyberalerts.bsky.social · Apr 26

CVE-2025-32432: Craft CMS Allows Remote Code Execution

Marked as known exploited.

Metasploit module also available.

cyberalerts.io/vulnerabilit...

1 1

ethicalhack3r @ethicalhack3r.bsky.social · Apr 25

SAP NetWeaver missing authorization has been marked as known exploited in CyberAlerts KEV

CVE-2025-31324

cyberalerts.io/kev

ethicalhack3r @ethicalhack3r.bsky.social · Apr 25

Thanks! Will look into gas pump!

Kibana Alerting is disabled in T-POT by default, so going to look into how to enable it.

And maybe link some more sensors up in different geo locations.

1

ethicalhack3r @ethicalhack3r.bsky.social · Apr 24

cc: @hackdefendr.com @infosanity.bsky.social

1 1

ethicalhack3r @ethicalhack3r.bsky.social · Apr 24

For anyone using T-Pot Honeypot, any cool tips/tricks/hacks I should know about?

1 1

ethicalhack3r @ethicalhack3r.bsky.social · Apr 24

Why didnt they release a statement like this during the panic? 🤔

ethicalhack3r @ethicalhack3r.bsky.social · Apr 24

“Recent public reporting inaccurately implied the program was at risk due to a lack of funding. To set the record straight, there was no funding issue, but rather a contract administration issue that was resolved prior to a contract lapse.“ - CISA

www.cisa.gov/news-events/...

Statement from Matt Hartman on the CVE Program | CISA

www.cisa.gov

1