Cyber Newsroom Feed
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
- Cybersecurity News
Unmasking “Marko Polo”: The Infostealer Gang Targeting Thousands
Marko Polo infection chain (Source: Recorded Future)Researchers at Recorded Future have uncovered a large-scale cyberattack affecting tens of thousands of devices worldwide. It was later revealed that ... Read more
- Cybersecurity News
Acronis Backup Plugins Hit by CVE-2024-8767: CVSS 9.9 Severity Alert
In a recent advisory published on September 16th, data protection powerhouse Acronis disclosed a critical security vulnerability in its popular backup plugins for server management platforms like cPan ... Read more
- Trend Micro
How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections
Highlights: The group, Trend Micro tracked this group as Water Bakunawa, behind the RansomHub ransomware employs various anti-EDR techniques to play a high-stakes game of hide and seek with security s ... Read more
- BleepingComputer
CISA warns of actively exploited Apache HugeGraph-Server bug
The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a remote code execution (RCE) flaw impacting Apache Hu ... Read more
- Dark Reading
GitLab Warns of Max Severity Authentication Bypass Bug
Source: T. Schneider via ShutterstockOrganizations with self-hosted GitLab instances configured for SAML-based authentication might want to update immediately to new versions of the DevOps platform th ... Read more
- The Cyber Express
Iran’s Passive Backdoors Lurk in Middle Eastern Networks
UNC1860, an Iranian state-sponsored threat actor, has emerged as a formidable cyber force in the Middle East. Likely tied to Iran’s Ministry of Intelligence and Security (MOIS), UNC1860 group is known ... Read more
- Dark Reading
1 PoC Exploit for Critical RCE Flaw, but 2 Patches From Veeam
Source: Postmodern Studio via Alamy Stock PhotoA researcher has released a proof-of-concept (PoC) exploit and analysis for a critical vulnerability, tracked as CVE-2024-40711, used in Veeam's backup a ... Read more
- BleepingComputer
Ivanti warns of another critical CSA flaw exploited in attacks
Image: MidjourneyToday, Ivanti warned that threat actors are exploiting another Cloud Services Appliance (CSA) security flaw in attacks targeting a limited number of customers. Tracked as CVE-2024-896 ... Read more
- Zero Day Initiative
Exploiting Exchange PowerShell After ProxyNotShell: Part 3 – DLL Loading Chain for RCE
As you may know, I recently presented my Exchange-related talk during OffensiveCon 2024. This series of 4 blog posts is meant to supplement the talk and provide additional technical details. In this a ... Read more
- TheCyberThrone
Atlassian fixes DoS vulnerabilities in its Products
Atlassian releases patches for high-severity vulnerabilities in Bamboo, Bitbucket, Confluence, and Crowd.There are four vulnerabilities addressed in these products, all four allowing attackers to caus ... Read more