Cyber Newsroom Feed
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Google Cloud
APT45: North Korea’s Digital Military Machine
Written by: Taylor Long, Jeff Johnson, Alice Revelli, Fred Plan, Michael Barnhart Executive Summary APT45 is a long-running, moderately sophisticated North Korean cyber operator that has carried out e ... Read more
-
objective-see.org
CVE-2015-3673: Goodbye Rootpipe...(for now?)
This Meeting Should Have Been an Email 07/15/2024 A DPRK stealer, dubbed BeaverTail, targets users via a trojanized meeting app. Let's analyze it comprehensively! continue reading »Apple Gets an 'F' f ... Read more
-
objective-see.org
From the Top to the Bottom; Tracking down CVE-2017-7149
From the Top to the Bottom › tracking down the cause of CVE-2017-7149, from the UI level 11/25/2017 love these blog posts? support my tools & writing on patreon! Mahalo :) In this blog, we'll take a d ... Read more
-
objective-see.org
Rootpipe Reborn (Part II)
Rootpipe Reborn (Part II) CVE-2019-8565 feedback assistant race condition, leads to root April 22, 2019 In this guest blog post, the talented @CodeColorist writes about yet another neat macOS vulnerab ... Read more
-
objective-see.org
Sniffing Authentication References on macOS
Sniffing Authentication References on macOS details of a privilege-escalation vulnerability (CVE-2017-7170) by: Patrick Wardle / March 16, 2020 Our research, tools, and writing, are supported by the " ... Read more
-
TheCyberThrone
Progress fixes Critical Vulnerability in Telerik -CVE-2024-6327
Progress Software’s has fixed two vulnerabilities in Telerik Reporting tools that could lead to full system compromise and allow attackers to remotely execute code or inject malicious objects into aff ... Read more
-
Help Net Security
Docker fixes critical auth bypass flaw, again (CVE-2024-41110)
A critical-severity Docker Engine vulnerability (CVE-2024-41110) may be exploited by attackers to bypass authorization plugins (AuthZ) via specially crafted API request, allowing them to perform unaut ... Read more
-
Cyber Security News
6600+ Vulnerable GeoServer instances Exposed to the Internet
Security analysts have identified 6,635 GeoServer instances exposed to the Internet, which makes them vulnerable to critical remote code execution (RCE) attacks. A recent tweet from the Shadowserver F ... Read more
-
Cyber Security News
Progress Telerik Report Server Flaw Let Attackers Execute Remote Code
A critical security vulnerability has been discovered in the Progress® Telerik® Report Server, potentially allowing attackers to execute remote code on affected systems. The flaw, identified as CVE-20 ... Read more
-
Cyber Security News
GitLab Patched XSS Vulnerability that Lets Attackers to Execute Arbitrary Code
GitLab has released new Community Edition (CE) and Enterprise Edition (EE) versions to address multiple vulnerabilities. Among these, a high-severity cross-site scripting (XSS) vulnerability has garne ... Read more