Profile avatar
ethicalhack3r.bsky.social
Founder of Damn Vulnerable Web App (DVWA) Founder of WPScan (acquired by Automattic) Check out my new project! https://kevintel.com
134 posts 188 followers 137 following
Prolific Poster
Conversation Starter
Posts 38 Comments 12

Two CVEs have been assigned to the vulnerabilities in vBulletin 5.0.0 through 6.0.3 found by Karma(In)Security • CVE-2025-48827 • CVE-2025-48828 These vulnerabilities were detected being exploited in the wild by the KEVIntel sensors on May 26th.

submitted 13 days ago • 0 comments

Great news! Added an extra 29 historical WordPress KEVs to KEVIntel! If you have a Pro API subscription, these all have the "wordpress" tag. Also, have you noticed CISA's next incremental number? Who's betting they only add just one new KEV next time? 😅

submitted 26 days ago • 0 comments

This morning I added 190 historical KEVs to KEVIntel, bringing the total count of KEVs to 1648. At the time of writing, that's 313 more than CISA.

submitted 28 days ago • 0 comments

Meta just landed a $167M verdict against NSO Group for their WhatsApp hack • NSO's Pegasus spyware infected 1,400 WhatsApp users • Zero-click attack (phone to be ON) • Damages awarded = 3x NSO's annual R&D budget • Meta's sharing court depositions publicly www.theregister.com/2025/05/06/n...

submitted 32 days ago • 1 comment

Good morning! Two new KEVs this morning: - CVE-2024-6047 - CVE-2024-11120 Both Unauthenticated OS Command Injection affecting GeoVision EOL devices.

submitted 33 days ago • 0 comments

Top 5 Worst of Worst (WoW) vulnerabilities within the past month. What I would consider the most likely to be exploited (not including the prevalence of the product, which would make a big difference). You should definitely patch these!

submitted 34 days ago • 0 comments

“The cyber criminals claim to have the private information of 20 million people wo signed up to Co-op's membership scheme, but the firm would not confirm that number.” www.bbc.com/news/article...

submitted 37 days ago • 0 comments

Ha! Nice DVWA meme in latest WatchTowr blog post cc @digi.ninja

submitted 37 days ago • 0 comments

Today is our last big ticket drop. 9am, 12pm, 7pm main event tickets 1pm kids track tickets ti.to/steelcon/2025 You can see our speaker list here: www.steelcon.info/the-event/ta... Workshops tickets will be next week once the dust settles.

submitted 38 days ago • 0 comments

Two new KEVs on KEVIntel this morning - CVE-2024-38475 (Apache Software Foundation) - CVE-2023-44221 (SonicWall) kevintel.com

submitted 39 days ago • 0 comments

🚨 KEVIntel is live! Known Exploited Vulnerabilities Intel Open access via RSS, API, or CSV. Enriched with EPSS scores, exploits, PoCs, and more. Built for defenders. 🔗 Explore now: kevintel.com #infosec #cybersecurity #threatintel

submitted 39 days ago • 0 comments

Known Exploited Vulnerabilities Intel kevintel.com

submitted 40 days ago • 0 comments

New reading material

submitted 41 days ago • 0 comments

New reading material

submitted 41 days ago • 0 comments

Not a bad place to take a couple of hours break from coding

submitted 42 days ago • 1 comment

CVE-2025-32432: Craft CMS Allows Remote Code Execution Marked as known exploited. Metasploit module also available. cyberalerts.io/vulnerabilit...

submitted 44 days ago • 0 comments

SAP NetWeaver missing authorization has been marked as known exploited in CyberAlerts KEV CVE-2025-31324 cyberalerts.io/kev

submitted 44 days ago • 0 comments

For anyone using T-Pot Honeypot, any cool tips/tricks/hacks I should know about?

submitted 45 days ago • 1 comment

“Recent public reporting inaccurately implied the program was at risk due to a lack of funding. To set the record straight, there was no funding issue, but rather a contract administration issue that was resolved prior to a contract lapse.“ - CISA www.cisa.gov/news-events/...

submitted 46 days ago • 1 comment

Verizon #DBIR 2025 is ready! Didn’t notice anything ground breaking from a quick skim through. What did stand out was 20% increase in breaches due to vulnerabilities. Anyone else find anything interesting or surprising? www.verizon.com/business/res...

submitted 47 days ago • 1 comment

Another great example of CyberAlerts.io early warning and alerting. In this case, we alerted our users 14 hours before CISA KEV, to an actively exploited Apple iOS vulnerability. We’ve also made changes so that this will be even earlier in the future! cyberalerts.io/vulnerabilit...

submitted 52 days ago • 0 comments

🚨 CyberAlerts adds two Apple iOS Known Exploited Vulnerabilities (KEV) to their database not yet in CISA KEV - CVE-2025-31200 - CVE-2025-31201 Update to tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1 cyberalerts.io/kev

submitted 53 days ago • 0 comments

CVE Status Good! cyberalerts.io/cve_tracker

submitted 54 days ago • 0 comments

CyberAlerts MITRE CVE Tracker 2025 Keep an eye on the CVE database cyberalerts.io/cve_tracker

submitted 54 days ago • 0 comments

The MITRE CVE letter’s intentions is unclear and lacks context. The US government is making drastic cuts, and are bat shit crazy right now. But even so, I very much doubt anyone would scrap CVE with one days notice.

submitted 54 days ago • 1 comment

We've just added an API endpoint for our CyberAlerts KEV! Completely free, just need to register for a token.

submitted 55 days ago • 0 comments

BreachForums is down!

submitted 55 days ago • 0 comments

What Open Source multi-protocol Honey Pot software is everyone using nowadays?

submitted 57 days ago • 2 comments

New CyberAlerts KEV CVE-2025-3248: Langflow Unauthenticated RCE Patch now or be pwnd! Nuclei template available. Reference: isc.sans.edu/diary/31850 cyberalerts.io/vulnerabilit...

submitted 57 days ago • 0 comments

Taking bets for how long until spotted exploited in the wild: cyberalerts.io/vulnerabilit...

submitted 59 days ago • 0 comments

cyberalerts.io/vulnerabilit...

submitted 59 days ago • 0 comments

New "Show Not in CISA KEV" toggle in CyberAlerts KEV

submitted 59 days ago • 0 comments

CISA added 2 of them yesterday. Seems we were just ahead of them for these 2. - CVE-2024-53150 - CVE-2024-53197

submitted 60 days ago • 0 comments

Since we started collecting data (around 4 months ago), the CyberAlerts KEV includes 6 vulnerabilities exploited in the wild, not listed in CISA KEV. We expect this to be around 12 or more by the end of the year. blog.cyberalerts.io/cyberalerts-...

submitted 61 days ago • 2 comments

Introducing the CyberAlerts Known Exploited Vulnerabilities (KEV)! We use a many sources and a variety of methods to determine if a vulnerability is exploited in the wild. Check it out and let me know what you think! cyberalerts.io/kev

submitted 62 days ago • 0 comments

Looking to keep an eye on actively exploited vulnerabilities? The "worst of the worst" in terms of risk? 👉 cyberalerts.io/vulnerabilit...

submitted 62 days ago • 0 comments

Ok this worked out great last time, let's see if it works again! I'm looking for another support engineer for my WordPress plugin - Search & Filter - fully remote. Please share for reach 😁

submitted 62 days ago • 1 comment

🚨 Reported Data Breach 🚨 🇨🇭 Switzerland - Brack.CH User Dulnex claims to be selling the full database of brack.ch, one of the most well-known online stores in Switzerland. The database allegedly contains phone number, email, firstname, lastname, invoice, item purchased, unpaid item, and more.

submitted 63 days ago • 0 comments