CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Cyber Security News
PoC Exploit Released for Windows 0-Day Downgrade Attack
A proof-of-concept (PoC) exploit has been publicly released for a pair of critical zero-day vulnerabilities in Microsoft Windows that enable a novel “downgrade attack.” The flaws tracked as CVE-2024-3 ...
-
BleepingComputer
Windows driver zero-day exploited by Lazarus hackers to install rootkit
Image: Midjourney The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. ...
-
Cybersecurity News
PoC Exploit for Windows 0-Day Flaws CVE-2024-38202 and CVE-2024-21302 Released
Researchers have published the technical details and proof-of-concept (PoC) exploit code for two critical zero-day vulnerabilities in Windows, tracked as CVE-2024-38202 and CVE-2024-21302. These vulne ...
-
Cybersecurity News
CVE-2024-5932 (CVSS 10): Critical RCE Vulnerability Impacts 100k+ WordPress Sites
A critical security flaw (CVE-2024-5932) in the popular GiveWP WordPress plugin has left over 100,000 websites vulnerable to remote code execution and unauthorized file deletion. This vulnerability, s ...
-
Cybersecurity News
F5 Issues Security Advisories for NGINX Plus (CVE-2024-39792) & BIG-IP Next Central Manager (CVE-2024-39809)
F5, a prominent provider of application delivery and security solutions, has recently released security advisories addressing vulnerabilities in two of its products: NGINX Plus and BIG-IP Next Central ...
-
Cybersecurity News
PrestaShop Websites Under Attack: GTAG Websocket Skimmer Steals Credit Card Data
Security researchers at Sucuri have discovered a new credit card skimmer exploiting a vulnerability in PrestaShop websites. This sophisticated attack uses a WebSocket connection to pilfer sensitive cu ...
-
Ars Technica
Windows 0-day was exploited by North Korea to install advanced rootkit
LAZARUS STRIKES AGAIN — FudModule rootkit burrows deep into Windows, where it can bypass key security defenses. Getty Images A Windows zero-day vulnerability recently patched by Microsoft was explo ...
-
BleepingComputer
CISA warns of Jenkins RCE bug exploited in ransomware attacks
CISA has added a critical Jenkins vulnerability that can be exploited to gain remote code execution to its catalog of security bugs, warning that it's actively exploited in attacks. Jenkins is a wide ...
-
The Register
Multiple flaws in Microsoft macOS apps unpatched despite potential risks
Cisco Talos says eight vulnerabilities in Microsoft's macOS apps could be abused by nefarious types to record video and sound from a user's device, access sensitive data, log user input, and escalate ...
-
cloudsecurityalliance.org
Return of the RCE: Addressing the regreSSHion Vulnerability – CVE-2024-6378
Originally published by Pentera. A Regrettable Resurgence On July 1, 2024, the Qualys Threat Research Unit (TRU) published their discovery of an unauthenticated remote code execution (RCE) vulnerabili ...