Cyber Newsroom Feed
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
0patch.com
Free Micropatches For Microsoft Access Forced Authentication Through Firewall (0day)
Update 2/14/2024: Either January 30 or February 1 Office update brought a fix for this issue: now, Access warns the user for any ODBC connection to SQL Server. Our patch only shows a warning when such ... Read more
-
0patch.com
We Patched CVE-2023-28244 Before It Was Cool
How Our Patch For CVE-2022-33647 Fixed CVE-2023-28244 Five Months In Advance By Blaz Satler of 0patch TeamThe Initial Vulnerability - CVE-2022-33647 In September 2022, Microsoft released patches for C ... Read more
-
0patch.com
Micropatches Released For Microsoft WordPad Information Disclosure (CVE-2023-36563)
October 2023 Windows Updates brought a patch for CVE-2023-36563, an "Information Disclosure" vulnerability in WordPad that was found by Microsoft Threat Intelligence as being exploited in the wild. A ... Read more
-
huntress.com
Critical Vulnerability: SysAid CVE-2023-47246 | Huntress
On November 8, 2023, SysAid published an advisory expressing that their on-premise server software had a previously undisclosed vulnerability and is aware of public in-the-wild exploitation. Days prio ... Read more
-
cert.pl
Vulnerability in Apereo CAS software
CVE ID CVE-2023-4612 Publication date 03 November 2023 Vendor Apereo Foundation Product CAS Vulnerable versions All through 7.0.0-RC7 Vulnerability type (CWE) Improper Authentication (CWE-287) Report ... Read more
-
huntress.com
Critical Vulnerability: Exploitation of Apache ActiveMQ CVE-2023-46604 | Huntress
A partner recently deployed Huntress agents on October 30, 2023, after experiencing a “HelloKitty” ransomware attack on October 27. This ransomware attack followed closely with what was described by R ... Read more
-
0patch.com
Micropatches Released For Microsoft Office Security Feature Bypass (CVE-2023-33150) - Plus a Small 0day
In July 2023, Microsoft released a patch for CVE-2023-33150, a vulnerability in Microsoft Office that allowed an attacker to create a malicious Word document which would not open in Protected View eve ... Read more
-
Google
Government-backed actors exploiting WinRAR vulnerability
K Kate Morgan Threat Analysis Group In recent weeks, Google’s Threat Analysis Group’s (TAG) has observed multiple government-backed hacking groups exploiting the known vulnerability, CVE-2023-38831, i ... Read more
-
cert.pl
Vulnerability in SmodBIP software
CVE ID CVE-2023-4837 Publication date 10 October 2023 Vendor Jan Syski Product SmodBIP Vulnerable versions All Vulnerability type (CWE) Cross-Site Request Forgery (CWE-352) Report source Own research ... Read more
-
0patch.com
Micropatches Released For Two Windows CNG Key Isolation Service Vulnerabilities (CVE-2023-28229, CVE-2023-36906)
Last month, security researcher @k0shl of Cyber Kunlun published a proof-of-concept for CVE-2023-28229, an elevation of privilege vulnerability in CNG Key Isolation Service. The same POC also demonstr ... Read more