Cyber Newsroom Feed
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
The Register
'Hadooken' Linux malware targets Oracle WebLogic servers
An unknown attacker is exploiting weak passwords to break into Oracle WebLogic servers and deploy an emerging Linux malware called Hadooken, according to researchers from cloud security outfit Aqua. i ... Read more
-
Cybersecurity News
CVE-2024-35783 (CVSS 9.4): Critical-Severity Flaw Exposes Siemens Industrial Systems
Siemens has issued a critical security advisory regarding a remote code execution (RCE) vulnerability in several of its SIMATIC products, including SIMATIC Process Historian, SIMATIC PCS 7, and SIMATI ... Read more
-
Dark Reading
When Startup Founders Should Start Thinking About Cybersecurity
Source: Illia Uriadnikov via Alamy Stock PhotoIt was a tale of two startups."A company that I invested in — about, oh, five years ago — happened to be in the proptech [property technology] space," sai ... Read more
-
MacRumors
Apple Fixes Vision Pro Security Flaw That Could Expose What You Typed
As reported by WIRED today, a group of six computer scientists this year discovered a security vulnerability with the Apple Vision Pro that allowed them to reconstruct what people were typing, includi ... Read more
-
The Register
Adobe patches Acrobat bug, neglects to mention whole zero-day, exploit thing
Adobe's patch for a remote code execution (RCE) bug in Acrobat this week doesn't mention that the vulnerability is considered a zero-day nor that a proof-of-concept (PoC) exploit exists, a researcher ... Read more
-
TheCyberThrone
PaloAlto fixes CVE-2024-8686 and CVE-2024-8687
Palo Alto released patches to address several vulnerabilities discovered in their products, if exploited, could allow unauthorized access, data breaches, and disruption of services.A range of vulnerab ... Read more
-
BleepingComputer
Hackers targeting WhatsUp Gold with public exploit since August
Hackers have been leveraging publicly available exploit code for two critical vulnerabilities in the WhatsUp Gold network availability and performance monitoring solution from Progress Software. The t ... Read more
-
The Hacker News
Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution
DevSecOps / Vulnerability GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary u ... Read more
-
Zero Day Initiative
Exploiting Exchange PowerShell After ProxyNotShell: Part 2 - ApprovedApplicationCollection
In part 2, I describe the ApprovedApplicationCollection gadget, which was available for abuse because it did not appear on the deny list and could therefore be accessed via MultiValuedProperty. I am a ... Read more
-
TheCyberThrone
GitLab fixes several vulnerabilities including CVE-2024-6678
GitLab has released critical security patches for its Community Edition (CE) and Enterprise Edition (EE) that could allow an attacker to execute arbitrary code.Vulnerability detailsCVE-2024-6678 with ... Read more