CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Ars Technica
Secure Boot-neutering PKfail debacle is more prevalent than anyone knew
THIS IS NOT A TEST — Keys were marked "DO NOT TRUST." More devices than previously known used them anyway. Getty Images A supply chain failure that compromises Secure Boot protections on computing ...
-
Dark Reading
'Void Banshee' Exploits Second Microsoft Zero-Day
Source: Anucha Cheechang via ShutterstockMicrosoft has recategorized a bug that the company fixed in this month's Patch Tuesday update as a zero-day vulnerability, which the "Void Banshee" advanced pe ...
-
Dark Reading
Ivanti Cloud Bug Goes Under Exploit After Alarms Are Raised
Source: NicoElNino via Alamy Stock PhotoJust days after Ivanti released an advisory regarding a high-severity vulnerability in its Cloud Service Appliance (CSA), the company is alerting customers that ...
-
BleepingComputer
CISA warns of Windows flaw used in infostealer malware attacks
CISA has ordered U.S. federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day bug exploited by the Void Banshee APT hacking group. The vulnerability (CVE- ...
-
BleepingComputer
Exploit code released for critical Ivanti RCE flaw, patch now
A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices. The ...
-
BleepingComputer
D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers
D-Link has fixed critical vulnerabilities in three popular wireless router models that allow remote attackers to execute arbitrary code or access the devices using hardcoded credentials. The impacted ...
-
TheCyberThrone
Spring Framework Vulnerability CVE-2024-38816 fixed
A high severity vulnerability has been discovered in the Spring Framework, that allows attackers to gain unauthorized access to sensitive files on the server, posing a significant risk of data breache ...
-
Help Net Security
Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)
CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack chain re ...
-
Cybersecurity News
Multiple Critical Vulnerabilities Found in D-Link WiFi Routers: Immediate Firmware Updates Advised
Multiple critical vulnerabilities in D-Link routers have been disclosed, potentially affecting millions of users worldwide. TWCERT/CC, Taiwan’s cybersecurity agency, has issued urgent advisories, urgi ...
-
security.nl
D-Link wifi-routers via kritieke kwetsbaarheden op afstand over te nemen
Kritieke kwetsbaarheden maken het mogelijk om verschillende type wifi-routers van fabrikant D-Link op afstand over te nemen. Het gaat onder andere om een 'verborgen functie' waardoor Telnet wordt inge ...