Cyber Newsroom Feed
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Cybersecurity News
Dell Warns of Critical Flaws in Enterprise Products, Including CVE-2024-37143 (CVSS 10)
Dell has released a critical security update to address multiple vulnerabilities impacting several of its enterprise products, including PowerFlex, InsightIQ, and Data Lakehouse. These vulnerabilities ... Read more
-
Cybersecurity News
Citrix NetScaler Under Siege: Significant Increase in Brute Force Attacks Observed
A significant increase in brute-force attacks targeting outdated and misconfigured Citrix NetScaler devices has been observed in Germany, prompting warnings from cybersecurity experts and organization ... Read more
-
Cybersecurity News
CVE-2024-55633: Apache Superset Vulnerability Exposes Sensitive Data to Unauthorized Modification
A newly discovered vulnerability in Apache Superset, a popular open-source business intelligence platform, could allow attackers to gain unauthorized write access to sensitive data. Tracked as CVE-202 ... Read more
-
Cybersecurity News
Gamaredon APT Deploys Two Russian Android Spyware Families: BoneSpy and PlainGnome
Researchers at the Lookout Threat Lab have uncovered two sophisticated Android spyware families, BoneSpy and PlainGnome, attributed to the Russian-aligned Advanced Persistent Threat (APT) group Gamare ... Read more
-
Cybersecurity News
Active Exploitation Observed for CVE-2024-11972 (CVSS 9.8): WordPress Plugin Flaw Exposes 10,000+ Sites to Backdoor Attacks
A serious vulnerability in the Hunk Companion plugin for WordPress, tracked as CVE-2024-11972 (CVSS 9.8), has been discovered by the WPScan team. This flaw, present in versions below 1.9.0, allows una ... Read more
-
Cybersecurity News
Modular Java Backdoor Emerges in Cleo Exploitation Campaign (CVE-2024-50623)
Rapid7 Labs and its Managed Detection and Response (MDR) team uncovered a sophisticated modular Java-based Remote Access Trojan (RAT) deployed in a multi-stage attack targeting Cleo file transfer soft ... Read more
-
Cybersecurity News
$5 Million Reward Offered After Indictment of North Korean Cyber Operatives
A federal court in St. Louis, Missouri, has indicted 14 nationals of the Democratic People’s Republic of Korea (DPRK) for a series of long-running conspiracies involving sanctions violations, wire fra ... Read more
-
Cybersecurity News
APT-C-60 Exploits Legitimate Services in Sophisticated Malware Attack Targeting Japanese Organizations
In August 2024, JPCERT/CC confirmed a targeted attack against a Japanese organization, believed to be the work of the threat group APT-C-60. This advanced campaign utilized legitimate services like Go ... Read more
-
Trend Micro
Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion
Cyber Threats In this blog entry, we discuss a social engineering attack that tricked the victim into installing a remote access tool, triggering DarkGate malware activities and an attempted C&C conne ... Read more
-
Ars Technica
Critical WordPress plugin vulnerability under active exploit threatens thousands
Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of ... Read more