Cyber Newsroom Feed
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.

-
BleepingComputer
CISA warns of actively exploited Apache HugeGraph-Server bug
The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a remote code execution (RCE) flaw impacting Apache Hu ... Read more

-
Dark Reading
GitLab Warns of Max Severity Authentication Bypass Bug
Source: T. Schneider via ShutterstockOrganizations with self-hosted GitLab instances configured for SAML-based authentication might want to update immediately to new versions of the DevOps platform th ... Read more

-
The Cyber Express
Iran’s Passive Backdoors Lurk in Middle Eastern Networks
UNC1860, an Iranian state-sponsored threat actor, has emerged as a formidable cyber force in the Middle East. Likely tied to Iran’s Ministry of Intelligence and Security (MOIS), UNC1860 group is known ... Read more

-
Dark Reading
1 PoC Exploit for Critical RCE Flaw, but 2 Patches From Veeam
Source: Postmodern Studio via Alamy Stock PhotoA researcher has released a proof-of-concept (PoC) exploit and analysis for a critical vulnerability, tracked as CVE-2024-40711, used in Veeam's backup a ... Read more

-
BleepingComputer
Ivanti warns of another critical CSA flaw exploited in attacks
Image: MidjourneyToday, Ivanti warned that threat actors are exploiting another Cloud Services Appliance (CSA) security flaw in attacks targeting a limited number of customers. Tracked as CVE-2024-896 ... Read more

-
Zero Day Initiative
Exploiting Exchange PowerShell After ProxyNotShell: Part 3 – DLL Loading Chain for RCE
As you may know, I recently presented my Exchange-related talk during OffensiveCon 2024. This series of 4 blog posts is meant to supplement the talk and provide additional technical details. In this a ... Read more

-
TheCyberThrone
Atlassian fixes DoS vulnerabilities in its Products
Atlassian releases patches for high-severity vulnerabilities in Bamboo, Bitbucket, Confluence, and Crowd.There are four vulnerabilities addressed in these products, all four allowing attackers to caus ... Read more

-
0patch.com
Micropatches for "MadLicense" Windows Remote Desktop Licensing Service Remote Code Execution (CVE-2024-38077)
July 2024 Windows Updates brought a patch for CVE-2024-38077, a memory corruption vulnerability in Remote Desktop Licensing Service that could potentially allow an attacker in a Windows network to rem ... Read more

-
TheCyberThrone
GitLab fixes critical vulnerability CVE-2024-45409
GitLab has released security patches for a critical vulnerability that affects both GitLab Community Edition (CE) and Enterprise Edition (EE) that allows a threat actor to bypass authentication check ... Read more

-
Google Cloud
UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks
Written by: Stav Shulman, Matan Mimran, Sarah Bock, Mark Lechtik Executive Summary UNC1860 is a persistent and opportunistic Iranian state-sponsored threat actor that is likely affiliated with Iran’s ... Read more