CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Cybersecurity News
CVE-2024-55633: Apache Superset Vulnerability Exposes Sensitive Data to Unauthorized Modification
A newly discovered vulnerability in Apache Superset, a popular open-source business intelligence platform, could allow attackers to gain unauthorized write access to sensitive data. Tracked as CVE-202 ...
-
Cybersecurity News
Gamaredon APT Deploys Two Russian Android Spyware Families: BoneSpy and PlainGnome
Researchers at the Lookout Threat Lab have uncovered two sophisticated Android spyware families, BoneSpy and PlainGnome, attributed to the Russian-aligned Advanced Persistent Threat (APT) group Gamare ...
-
Cybersecurity News
Active Exploitation Observed for CVE-2024-11972 (CVSS 9.8): WordPress Plugin Flaw Exposes 10,000+ Sites to Backdoor Attacks
A serious vulnerability in the Hunk Companion plugin for WordPress, tracked as CVE-2024-11972 (CVSS 9.8), has been discovered by the WPScan team. This flaw, present in versions below 1.9.0, allows una ...
-
Cybersecurity News
Modular Java Backdoor Emerges in Cleo Exploitation Campaign (CVE-2024-50623)
Rapid7 Labs and its Managed Detection and Response (MDR) team uncovered a sophisticated modular Java-based Remote Access Trojan (RAT) deployed in a multi-stage attack targeting Cleo file transfer soft ...
-
Cybersecurity News
$5 Million Reward Offered After Indictment of North Korean Cyber Operatives
A federal court in St. Louis, Missouri, has indicted 14 nationals of the Democratic People’s Republic of Korea (DPRK) for a series of long-running conspiracies involving sanctions violations, wire fra ...
-
Cybersecurity News
APT-C-60 Exploits Legitimate Services in Sophisticated Malware Attack Targeting Japanese Organizations
In August 2024, JPCERT/CC confirmed a targeted attack against a Japanese organization, believed to be the work of the threat group APT-C-60. This advanced campaign utilized legitimate services like Go ...
-
Trend Micro
Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion
Cyber Threats In this blog entry, we discuss a social engineering attack that tricked the victim into installing a remote access tool, triggering DarkGate malware activities and an attempted C&C conne ...
-
Ars Technica
Critical WordPress plugin vulnerability under active exploit threatens thousands
Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of ...
-
Dark Reading
IoT Cloud Cracked by 'Open Sesame' Over-the-Air Attack
Source: Hilke Maunder via Alamy Stock PhotoInternet of Things (IoT) vendor Ruijie Networks has shored up its Reyee cloud management platform against 10 newly discovered vulnerabilities that could have ...
-
seclists.org
APPLE-SA-12-11-2024-9 Safari 18.2
Full Disclosure mailing list archives From: Apple Product Security via Fulldisclosure <fulldisclosure () seclists org> Date: Wed, 11 Dec 2024 16:41:02 -0700 -----BEGIN PGP SIGNED MESSAGE----- Hash: SH ...