Cyber Newsroom Feed
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Cybersecurity News
CVE-2024-55633: Apache Superset Vulnerability Exposes Sensitive Data to Unauthorized Modification
A newly discovered vulnerability in Apache Superset, a popular open-source business intelligence platform, could allow attackers to gain unauthorized write access to sensitive data. Tracked as CVE-202 ... Read more
-
Cybersecurity News
Gamaredon APT Deploys Two Russian Android Spyware Families: BoneSpy and PlainGnome
Researchers at the Lookout Threat Lab have uncovered two sophisticated Android spyware families, BoneSpy and PlainGnome, attributed to the Russian-aligned Advanced Persistent Threat (APT) group Gamare ... Read more
-
Cybersecurity News
Active Exploitation Observed for CVE-2024-11972 (CVSS 9.8): WordPress Plugin Flaw Exposes 10,000+ Sites to Backdoor Attacks
A serious vulnerability in the Hunk Companion plugin for WordPress, tracked as CVE-2024-11972 (CVSS 9.8), has been discovered by the WPScan team. This flaw, present in versions below 1.9.0, allows una ... Read more
-
Cybersecurity News
Modular Java Backdoor Emerges in Cleo Exploitation Campaign (CVE-2024-50623)
Rapid7 Labs and its Managed Detection and Response (MDR) team uncovered a sophisticated modular Java-based Remote Access Trojan (RAT) deployed in a multi-stage attack targeting Cleo file transfer soft ... Read more
-
Cybersecurity News
$5 Million Reward Offered After Indictment of North Korean Cyber Operatives
A federal court in St. Louis, Missouri, has indicted 14 nationals of the Democratic People’s Republic of Korea (DPRK) for a series of long-running conspiracies involving sanctions violations, wire fra ... Read more
-
Cybersecurity News
APT-C-60 Exploits Legitimate Services in Sophisticated Malware Attack Targeting Japanese Organizations
In August 2024, JPCERT/CC confirmed a targeted attack against a Japanese organization, believed to be the work of the threat group APT-C-60. This advanced campaign utilized legitimate services like Go ... Read more
-
Trend Micro
Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion
Cyber Threats In this blog entry, we discuss a social engineering attack that tricked the victim into installing a remote access tool, triggering DarkGate malware activities and an attempted C&C conne ... Read more
-
Ars Technica
Critical WordPress plugin vulnerability under active exploit threatens thousands
Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of ... Read more
-
Dark Reading
IoT Cloud Cracked by 'Open Sesame' Over-the-Air Attack
Source: Hilke Maunder via Alamy Stock PhotoInternet of Things (IoT) vendor Ruijie Networks has shored up its Reyee cloud management platform against 10 newly discovered vulnerabilities that could have ... Read more
-
seclists.org
APPLE-SA-12-11-2024-9 Safari 18.2
Full Disclosure mailing list archives From: Apple Product Security via Fulldisclosure <fulldisclosure () seclists org> Date: Wed, 11 Dec 2024 16:41:02 -0700 -----BEGIN PGP SIGNED MESSAGE----- Hash: SH ... Read more