CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Cybersecurity News
CVE-2024-20412: Unauthorized Access to Cisco Firepower Devices via Static Credentials
Cisco has recently published a security advisory regarding a critical vulnerability in its Firepower Threat Defense (FTD) software. This vulnerability, identified as CVE-2024-20412, presents a signifi ...
-
Cybersecurity News
CVE-2024-20329 (CVSS 9.9): Critical Cisco ASA SSH Flaw Allows for Complete System Takeover
Cisco has issued a critical security advisory warning of a vulnerability in the SSH subsystem of its Adaptive Security Appliance (ASA) Software. This vulnerability, tracked as CVE-2024-20329 and assig ...
-
The Register
Samsung phone users under attack, Google warns
A nasty bug in Samsung's mobile chips is being exploited by miscreants as part of an exploit chain to escalate privileges and then remotely execute arbitrary code, according to Google security researc ...
-
Trend Micro
Understanding the Initial Stages of Web Shell and VPN Threats: An MXDR Analysis
MXDR case 2: VPN compromise leading to lateral movement A VPN account compromise occurs when a malicious actor gains access to a VPN account through methods such as phishing, exploiting vulnerabilitie ...
-
The Register
Warning! FortiManager critical vulnerability under active attack
Fortinet has gone public with news of a critical flaw in its software management platform. The security vendor apparently began informing customers privately about the issue a few days ago but has sin ...
-
Dark Reading
Lazarus Group Exploits Chrome Zero-Day in Latest Campaign
Source: MAHATHIR MOHD YASIN via ShutterstockNorth Korea's infamous Lazarus Group is using a well-designed fake game website, a now-patched Chrome zero-day bug, professional LinkedIn accounts, AI-gener ...
-
Google Cloud
Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575)
Written by: Foti Castelan, Max Thauer, JP Glab, Gabby Roncone, Tufail Ahmed, Jared Wilson Summary In October 2024, Mandiant collaborated with Fortinet to investigate the mass exploitation of FortiMana ...
-
Dark Reading
Microsoft SharePoint Vuln Is Under Active Exploit
Source: Ascannio via Alamy Stock PhotoA high-severity flaw in Microsoft SharePoint, tracked as CVE-2024-38094, is under active exploit.The bug is a deserialization vulnerability, which is often used a ...
-
The Register
Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch
A Microsoft SharePoint bug that can allow an attacker to remotely inject code into vulnerable versions is under active exploitation, according to the US Cybersecurity and Infrastructure Security Agenc ...
-
BleepingComputer
Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day
The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. K ...