ethicalhack3r's Avatar

ethicalhack3r

@ethicalhack3r.bsky.social

Founder of Damn Vulnerable Web App (DVWA) Founder of WPScan (acquired by Automattic) Check out my new project! https://kevintel.com

195 Followers  |  137 Following  |  134 Posts  |  Joined: 13.11.2024  |  2.2093

Latest posts by ethicalhack3r.bsky.social on Bluesky

Unfortunately, CyberAlerts is not profitable as a business and it is time to shut it down.

This has not been an easy decision. After 6+ months of costs and no income, it is not sustainable.

Will be taken offline and your user data permanently deleted on June 30th, 2025.

11.06.2025 09:49 β€” πŸ‘ 0    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

Two CVEs have been assigned to the vulnerabilities in vBulletin 5.0.0 through 6.0.3 found by Karma(In)Security

β€’ CVE-2025-48827
β€’ CVE-2025-48828

These vulnerabilities were detected being exploited in the wild by the KEVIntel sensors on May 26th.

27.05.2025 10:51 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

Shameful!

25.05.2025 10:31 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Great news! Added an extra 29 historical WordPress KEVs to KEVIntel!

If you have a Pro API subscription, these all have the "wordpress" tag.

Also, have you noticed CISA's next incremental number? Who's betting they only add just one new KEV next time? πŸ˜…

13.05.2025 14:36 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

This morning I added 190 historical KEVs to KEVIntel, bringing the total count of KEVs to 1648. At the time of writing, that's 313 more than CISA.

12.05.2025 09:19 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
NSO Group must pay Meta $168M in WhatsApp spy case : Don't f&#k with Zuck

Meta just landed a $167M verdict against NSO Group for their WhatsApp hack
β€’ NSO's Pegasus spyware infected 1,400 WhatsApp users
β€’ Zero-click attack (phone to be ON)
β€’ Damages awarded = 3x NSO's annual R&D budget
β€’ Meta's sharing court depositions publicly
www.theregister.com/2025/05/06/n...

07.05.2025 15:03 β€” πŸ‘ 5    πŸ” 5    πŸ’¬ 1    πŸ“Œ 0
Post image

Good morning!

Two new KEVs this morning:

- CVE-2024-6047
- CVE-2024-11120

Both Unauthenticated OS Command Injection affecting GeoVision EOL devices.

07.05.2025 07:23 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Top 5 Worst of Worst (WoW) vulnerabilities within the past month.

What I would consider the most likely to be exploited (not including the prevalence of the product, which would make a big difference).

You should definitely patch these!

06.05.2025 12:15 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Co-op hackers stole 'significant' amount of customer data The firm previously said there was 'no evidence that customer data was compromised'.

β€œThe cyber criminals claim to have the private information of 20 million people wo signed up to Co-op's membership scheme, but the firm would not confirm that number.”

www.bbc.com/news/article...

02.05.2025 17:58 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Ha! Nice DVWA meme in latest WatchTowr blog post

cc @digi.ninja

02.05.2025 14:59 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Talks | SteelCon

Today is our last big ticket drop.

9am, 12pm, 7pm main event tickets

1pm kids track tickets

ti.to/steelcon/2025

You can see our speaker list here:

www.steelcon.info/the-event/ta...

Workshops tickets will be next week once the dust settles.

02.05.2025 07:13 β€” πŸ‘ 5    πŸ” 7    πŸ’¬ 0    πŸ“Œ 1
Post image

Two new KEVs on KEVIntel this morning

- CVE-2024-38475 (Apache Software Foundation)
- CVE-2023-44221 (SonicWall)

kevintel.com

01.05.2025 09:16 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 1
KEVIntel

🚨 KEVIntel is live!

Known Exploited Vulnerabilities Intel

Open access via RSS, API, or CSV.

Enriched with EPSS scores, exploits, PoCs, and more.

Built for defenders.

πŸ”— Explore now: kevintel.com

#infosec #cybersecurity #threatintel

30.04.2025 14:04 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Known Exploited Vulnerabilities Intel

kevintel.com

29.04.2025 14:58 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

New reading material

28.04.2025 19:37 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

New reading material

28.04.2025 19:29 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Haha, thanks Justin

It’s Menorca. I would recommend it if you’re ever close by!

28.04.2025 19:27 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Not a bad place to take a couple of hours break from coding

28.04.2025 12:15 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

CVE-2025-32432: Craft CMS Allows Remote Code Execution

Marked as known exploited.

Metasploit module also available.

cyberalerts.io/vulnerabilit...

26.04.2025 10:03 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

SAP NetWeaver missing authorization has been marked as known exploited in CyberAlerts KEV

CVE-2025-31324

cyberalerts.io/kev

25.04.2025 14:07 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Thanks! Will look into gas pump!

Kibana Alerting is disabled in T-POT by default, so going to look into how to enable it.

And maybe link some more sensors up in different geo locations.

25.04.2025 06:27 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

cc: @hackdefendr.com @infosanity.bsky.social

24.04.2025 22:01 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

For anyone using T-Pot Honeypot, any cool tips/tricks/hacks I should know about?

24.04.2025 21:48 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Why didnt they release a statement like this during the panic? πŸ€”

24.04.2025 06:28 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Statement from Matt Hartman on the CVE Program | CISA

β€œRecent public reporting inaccurately implied the program was at risk due to a lack of funding. To set the record straight, there was no funding issue, but rather a contract administration issue that was resolved prior to a contract lapse.β€œ - CISA

www.cisa.gov/news-events/...

24.04.2025 06:27 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
2025 Data Breach Investigations Report The 2025 Data Breach Investigations Report (DBIR) from Verizon is here! Get the latest updates on real-world breaches and help safeguard your organization from cybersecurity attacks.

Verizon #DBIR 2025 is ready!

Didn’t notice anything ground breaking from a quick skim through.

What did stand out was 20% increase in breaches due to vulnerabilities.

Anyone else find anything interesting or surprising?

www.verizon.com/business/res...

23.04.2025 06:54 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

Another great example of CyberAlerts.io early warning and alerting.

In this case, we alerted our users 14 hours before CISA KEV, to an actively exploited Apple iOS vulnerability.

We’ve also made changes so that this will be even earlier in the future!

cyberalerts.io/vulnerabilit...

17.04.2025 18:23 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

🚨 CyberAlerts adds two Apple iOS Known Exploited Vulnerabilities (KEV) to their database not yet in CISA KEV

- CVE-2025-31200
- CVE-2025-31201

Update to tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1

cyberalerts.io/kev

17.04.2025 09:10 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

CVE Status Good!

cyberalerts.io/cve_tracker

16.04.2025 11:21 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
CyberAlerts Stay one step ahead of the latest threats and vulnerabilities with vulnerability alerts and threat alerts. Cut through the noise and focus on what matters to your business with advanced alert filterin...

CyberAlerts MITRE CVE Tracker 2025

Keep an eye on the CVE database

cyberalerts.io/cve_tracker

16.04.2025 09:02 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

@ethicalhack3r is following 20 prominent accounts