Cyber Newsroom Feed
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Dark Reading
Meta Wins Lawsuit Against Spyware Vendor NSO Group
Source: Pictures Now via Alamy Stock PhotoIn a lawsuit spanning more than five years, Meta has finally come out the victor, winning nearly $168 million in damages yesterday from NSO Group, an Israeli ... Read more
-
Dark Reading
Play Ransomware Group Used Windows Zero-Day
Source: DD Images via ShutterstockMore than one ransomware actor appears to have exploited a recently disclosed Windows privilege escalation bug before Microsoft issued a patch for it in its April 202 ... Read more
-
Zero Day Initiative
CVE-2024-44236: Remote Code Execution vulnerability in Apple macOS
In this excerpt of a Trend Vulnerability Research Service vulnerability report, Nikolai Skliarenko and Yazhi Wang of the Trend™ Research Team detail a recently patched code execution vulnerability in ... Read more
-
BleepingComputer
Hackers exploit OttoKit WordPress plugin flaw to add admin accounts
Hackers are exploiting a critical unauthenticated privilege escalation vulnerability in the OttoKit WordPress plugin to create rogue admin accounts on targeted sites. OttoKit (formerly SureTriggers) i ... Read more
-
Cyber Security News
PoC Tool Released for Max Severity Apache Parquet Vulnerability to Detect Affected Servers
A proof-of-concept (PoC) exploit tool has been publicly released for a maximum severity vulnerability in Apache Parquet, enabling security teams to easily identify affected servers. The vulnerability, ... Read more
-
Cyber Security News
SysAid ITSM Platform Vulnerabilities Allows Pre-authenticated Remote Command Execution
A critical vulnerability chain in SysAid’s On-Premise IT Service Management (ITSM) platform that allows attackers to achieve pre-authenticated Remote Command Execution (RCE). The findings detail how m ... Read more
-
BleepingComputer
Play ransomware exploited Windows logging flaw in zero-day attacks
The Play ransomware gang has exploited a high-severity Windows Common Log File System flaw in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems. The vulnerability, t ... Read more
-
BleepingComputer
NSO Group fined $167M for spyware attacks on 1,400 WhatsApp users
A U.S. federal jury has ordered Israeli spyware vendor NSO Group to pay WhatsApp $167,254,000 in punitive damages and $444,719 in compensatory damages for a 2019 campaign that targeted 1,400 users of ... Read more
-
The Hacker News
OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws
Vulnerability / Web Security A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild. The vulnerability, tracked as CVE-202 ... Read more
-
Help Net Security
PoC exploit for SysAid pre-auth RCE released, upgrade quickly!
WatchTowr researchers have released a proof-of-concept (PoC) exploit that chains two vulnerabilities in SysAid On-Prem – the self-hosted version of the platform behind SysAid’s popular IT service mana ... Read more