Cyber Newsroom Feed
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Cybersecurity News
Privilege Escalation and Remote Code Execution Threaten Cisco Routers: No Updates Available
In a recent security advisory, Cisco revealed multiple vulnerabilities impacting its Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers, which could potentially expose busine ... Read more
-
Cybersecurity News
Redis Patches for Multi Flaws, Including Potential RCE (CVE-2024-31449)
Redis, a popular open-source data structure store often used as a database, cache, and message broker, has urged users to update their installations immediately following the discovery of three new se ... Read more
-
Cybersecurity News
CVE-2024-47191: Critical Flaw in OATH-Toolkit PAM Module Could Lead to Root Exploits
A serious vulnerability has been identified in the OATH-Toolkit’s PAM module, exposing systems to potential root-level exploits when handling one-time password (OTP) authentication. This issue, tracke ... Read more
-
Cybersecurity News
PoC Exploit Releases for CVE-2024-44193: Local Privilege Escalation Vulnerability in iTunes
Image: mbog14 Security researcher mbog14 has published the technical details and proof-of-concept for a critical local privilege escalation (LPE) vulnerability affecting iTunes version 12.13.2.3, iden ... Read more
-
Cybersecurity News
Active Exploits Target Zimbra Collaboration: Over 19K Systems Vulnerable to CVE-2024-45519
Image: The Shadowserver FoundationEnterprise security firm Proofpoint has issued a critical warning regarding active exploitation attempts against Synacor’s Zimbra Collaboration platform. A recently d ... Read more
-
Cybersecurity News
CyberVolk: From Hacktivism to Ransomware – Researcher Exposes New Threat
CyberVolk dialog window | Image: Rapid7Cybersecurity researchers at Rapid7 Labs have released a detailed report on CyberVolk, a politically motivated hacktivist group that transitioned into using rans ... Read more
-
Cybersecurity News
Researchers Detail Ruby-SAML/GitLab Flaw (CVE-2024-45409) Allows SAML Authentication Bypass
In a recent analysis conducted by Harsh Jaiswal and Rahul Maini at ProjectDiscovery, a critical vulnerability, CVE-2024-45409, was uncovered, exposing a flaw in Ruby-SAML and OmniAuth-SAML libraries, ... Read more
-
InfoSec Write-ups
High-Risk Vulnerabilities in Apache HTTP Server’s mod_proxy Encoding Problem Allow Authentication…
Apache HTTP Server — ACL BypassCVE-2024–38473 Overview:Description:The vulnerability is due to an encoding problem in mod_proxy, which allows request URLs with incorrect encoding to be sent to backend ... Read more
-
Critical Vulnerabilities in porte_plume plugin to Remote Exploits -$$$$ Bounty -CVE-2024–7954
Description:The porte_plume plugin, utilized by SPIP versions prior to 4.30-alpha2, 4.2.13, and 4.1.16, is susceptible to a critical arbitrary code execution (RCE) vulnerability. This flaw allows a re ... Read more
-
HTB | Editorial — SSRF and CVE-2022–24439
This is a Linux box. You can find it here.Skill LearnedSSRFgitCVE-2022–24439NMAPIP:10.10.11.11nmap -sT -p- --min-rate 10000 10.10.11.20nmap -sC -sV -p 22,80 10.10.11.20nmapPort 80let’s visit port 80po ... Read more