CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Cybersecurity News
Jenkins Users Beware: Multiple Security Vulnerabilities Discovered
Jenkins, the widely-used open-source automation server, has issued a security advisory addressing multiple vulnerabilities impacting both its core system and associated plugins. These flaws, ranging f ...
-
Cybersecurity News
XorBot Botnet Resurfaces with Advanced Evasion and Exploits, Threatens IoT Devices
NSFOCUS has identified a resurgence of the XorBot botnet, a potent threat to Internet of Things (IoT) devices worldwide. First observed in late 2023, XorBot has evolved significantly, introducing adva ...
-
Cybersecurity News
SMOKEDHAM Backdoor: UNC2465’s Stealth Weapon for Extortion and Ransomware Campaigns
A comprehensive analysis by TRAC Labs has shed light on the SMOKEDHAM backdoor, a malicious tool leveraged by the financially motivated threat actor UNC2465. Active since 2019, SMOKEDHAM plays a centr ...
-
The Register
Salt Typhoon's surge extends far beyond US telcos
The reach of the China-linked Salt Typhoon gang extends beyond telecommunications giants in the United States, and its arsenal includes several backdoors – including a brand-new malware dubbed GhostSp ...
-
BleepingComputer
Microsoft re-releases Exchange updates after fixing mail delivery
Microsoft has re-released the November 2024 security updates for Exchange Server after pulling them earlier this month due to email delivery issues on servers using custom mail flow rules. The compan ...
-
BleepingComputer
Hackers exploit ProjectSend flaw to backdoor exposed servers
Threat actors are using public exploits for a critical authentication bypass flaw in ProjectSend to upload webshells and gain remote access to servers. The flaw, tracked as CVE-2024-11680, is a critic ...
-
seclists.org
SEC Consult SA-20241127-0 :: Stored Cross-Site Scripting in Omada Identity (CVE-2024-52951)
Full Disclosure mailing list archives SEC Consult SA-20241127-0 :: Stored Cross-Site Scripting in Omada Identity (CVE-2024-52951) From: SEC Consult Vulnerability Lab via Fulldisclosure <fulldisclosure ...
-
seclists.org
SEC Consult SA-20241125-0 :: Unlocked JTAG interface and buffer overflow in Siemens SM-2558 Protocol Element, Siemens CP-2016 & CP-2019
Full Disclosure mailing list archives From: SEC Consult Vulnerability Lab via Fulldisclosure <fulldisclosure () seclists org> Date: Mon, 25 Nov 2024 08:32:17 +0000 SEC Consult Vulnerability Lab Securi ...
-
seclists.org
Re: Local Privilege Escalations in needrestart
Qualys Security Advisory LPEs in needrestart (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003) ====================================================================== ...
-
Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News
Russian Hackers Exploit Firefox and Windows 0-Days to Deploy Backdoor
SUMMARY RomCom Exploits Double Zero-Day: RomCom, a Russia-linked group used previously unknown vulnerabilities in Firefox and Windows in a sophisticated attack campaign. Attack Chain: Visiting a malic ...