CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Zero Day Initiative
CVE-2024-44236: Remote Code Execution vulnerability in Apple macOS
In this excerpt of a Trend Vulnerability Research Service vulnerability report, Nikolai Skliarenko and Yazhi Wang of the Trend™ Research Team detail a recently patched code execution vulnerability in ... Read more
-
BleepingComputer
Hackers exploit OttoKit WordPress plugin flaw to add admin accounts
Hackers are exploiting a critical unauthenticated privilege escalation vulnerability in the OttoKit WordPress plugin to create rogue admin accounts on targeted sites. OttoKit (formerly SureTriggers) i ... Read more
-
Cyber Security News
PoC Tool Released for Max Severity Apache Parquet Vulnerability to Detect Affected Servers
A proof-of-concept (PoC) exploit tool has been publicly released for a maximum severity vulnerability in Apache Parquet, enabling security teams to easily identify affected servers. The vulnerability, ... Read more
-
Cyber Security News
SysAid ITSM Platform Vulnerabilities Allows Pre-authenticated Remote Command Execution
A critical vulnerability chain in SysAid’s On-Premise IT Service Management (ITSM) platform that allows attackers to achieve pre-authenticated Remote Command Execution (RCE). The findings detail how m ... Read more
-
BleepingComputer
Play ransomware exploited Windows logging flaw in zero-day attacks
The Play ransomware gang has exploited a high-severity Windows Common Log File System flaw in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems. The vulnerability, t ... Read more
-
BleepingComputer
NSO Group fined $167M for spyware attacks on 1,400 WhatsApp users
A U.S. federal jury has ordered Israeli spyware vendor NSO Group to pay WhatsApp $167,254,000 in punitive damages and $444,719 in compensatory damages for a 2019 campaign that targeted 1,400 users of ... Read more
-
The Hacker News
OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws
Vulnerability / Web Security A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild. The vulnerability, tracked as CVE-202 ... Read more
-
Help Net Security
PoC exploit for SysAid pre-auth RCE released, upgrade quickly!
WatchTowr researchers have released a proof-of-concept (PoC) exploit that chains two vulnerabilities in SysAid On-Prem – the self-hosted version of the platform behind SysAid’s popular IT service mana ... Read more
-
security.nl
Symantec: Windows-lek voor uitkomen patch gebruikt bij malware-aanval
Een kwetsbaarheid in Windows waarvoor op 8 april een beveiligingsupdate verscheen is al voor het uitkomen van de patch gebruikt voor het verspreiden van malware, zo stelt Symantec. Eerder maakte Micro ... Read more
-
Kaspersky
Safeguarding your browsing history | Kaspersky official blog
In April, the release of version 136 of Google Chrome finally addressed a privacy issue for the browser that’s been widely known about since 2002 (which issue, btw, is also present in all other major ... Read more