Cyber Newsroom Feed
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
InfoSec Write-ups
PDF.js Arbitrary JavaScript Code Execution (CVE-2024-4367)
Hello everyone, Today we’re going to look at CVE-2024–4367, a serious vulnerability in PDF.js that allows attackers to run arbitrary JavaScript code. Let’s take a closer look at vulnerabilities unders ... Read more
-
The Hacker News
LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers
Windows Server / Threat Mitigation A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger ... Read more
-
Cybersecurity News
iTerm2 Patches Critical Security Vulnerability Exposing User Input and Output
A critical security vulnerability has been discovered and patched in iTerm2, a popular terminal emulator for macOS. The flaw, present in versions 3.5.6 through 3.5.10, as well as beta versions of 3.5. ... Read more
-
Cybersecurity News
SysBumps: Breaking Kernel Address Space Layout Randomization on macOS for Apple Silicon
In a recent study, researchers from Korea University have unveiled “SysBumps,” the first successful Kernel Address Space Layout Randomization (KASLR) break attack targeting macOS systems running on Ap ... Read more
-
Cybersecurity News
Patched But Still Vulnerable: Windows BitLocker Encryption Bypassed Again
A revelation emerged from the Chaos Communication Congress (CCC) last week, shaking the foundations of Windows’ trusted BitLocker encryption. Security researcher Thomas Lambertz, in his presentation “ ... Read more
-
Cybersecurity News
CVE-2024-12912 & CVE-2024-13062: ASUS Routers at Risk
ASUS has issued a security advisory warning users of critical vulnerabilities affecting several router models. Two flaws, tracked as CVE-2024-12912 and CVE-2024-13062, could allow attackers to execute ... Read more
-
Dark Reading
Unpatched Active Directory Flaw Can Crash Any Microsoft Server
Source: Andriy Popov via Alamy Stock PhotoOne of two critical Active Directory Domain Controller vulnerabilities patched by Microsoft last month goes beyond the original denial-of-service (DoS) attack ... Read more
-
HTB | Sea — CVE-2023–41425
This is a Linux box. You can find it here.You can watch the video walkthrough hereSkill LearnedCVE-2023–41425Port ForwardingUnauthenticated Information leak & command InjectionNMAPIP:10.10.11.28nmap - ... Read more
-
TheCyberThrone
CVE-2024-12108: Progress WhatsUp Gold Vulnerability
CVE-2024-12108 with a CVSS score of 9.6 is a critical security vulnerability affecting WhatsUp Gold, a network monitoring software developed by Progress Software Corporation.Affected VersionsThe vulne ... Read more
-
TheCyberThrone
CVE-2024-49112 POC Code Released
The CVE-2024-49112 vulnerability, identified as LDAPNightmare, has seen the release of a Proof-of-Concept (PoC) code by SafeBreach Labs. This particular security flaw is critical as it affects the Win ... Read more