Cyber Newsroom Feed
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Google
Government-backed actors exploiting WinRAR vulnerability
K Kate Morgan Threat Analysis Group In recent weeks, Google’s Threat Analysis Group’s (TAG) has observed multiple government-backed hacking groups exploiting the known vulnerability, CVE-2023-38831, i ... Read more
-
cert.pl
Vulnerability in SmodBIP software
CVE ID CVE-2023-4837 Publication date 10 October 2023 Vendor Jan Syski Product SmodBIP Vulnerable versions All Vulnerability type (CWE) Cross-Site Request Forgery (CWE-352) Report source Own research ... Read more
-
0patch.com
Micropatches Released For Two Windows CNG Key Isolation Service Vulnerabilities (CVE-2023-28229, CVE-2023-36906)
Last month, security researcher @k0shl of Cyber Kunlun published a proof-of-concept for CVE-2023-28229, an elevation of privilege vulnerability in CNG Key Isolation Service. The same POC also demonstr ... Read more
-
cert.pl
Vulnerability in UptimeDC software
CVE ID CVE-2023-4997 Publication date 04 October 2023 Vendor ProIntegra S.A Product UptimeDC Vulnerable versions All below 2.0.0.33940 Vulnerability type (CWE) Missing Authorization (CWE-862) Report s ... Read more
-
0patch.com
Micropatches Released For Windows Error Reporting Service Elevation of Privilege (CVE-2023-36874)
With July 2023 Windows Updates, Microsoft brought a fix for CVE-2023-36874, a local privilege escalation vulnerability in Windows Error Reporting Service that was found both by Google TAG and CrowdStr ... Read more
-
0patch.com
Micropatches Released For Windows Search Remote Code Execution (CVE-2023-36884)
Alongside July 2023 Windows Updates, Microsoft revealed the existence of a 0day that was detected in the wild and assigned it CVE-2023-36884. Without issuing a patch, they titled their original adviso ... Read more
-
cert.pl
Vulnerability in lua-http library
CVE ID CVE-2023-4540 Publication date 05 September 2023 Vendor Daurnimator Product lua-http Vulnerable versions All including 0.4 before ddab283 commit Vulnerability type (CWE) Improper Handling of Ex ... Read more
-
0patch.com
Micropatches Released For Denial of Service in Microsoft Message Queuing (CVE-2023-28302, CVE-2023-21769)
April 2023 Windows Updates brought fixes for a number of vulnerabilities in Microsoft Message Queuing Service. We first issued patches for the "Queuejumper" remote code execution vulnerability (CVE-20 ... Read more
-
0patch.com
Micropatches Released For DHCP Server Service Remote Code Execution (CVE-2023-28231)
April 2023 Windows Updates brought a fix for CVE-2023-28231, a remote code execution vulnerability in DHCP Server service. The vulnerability was reported to Microsoft by security researcher YanZiShuan ... Read more
-
curatedintel.org
CL0P likes to MOVEit MOVEit
CL0P likes to MOVEit MOVEit BackgroundFor the last couple of years, the threat actors associated with the CL0P ransomware group have occasionally ditched encryption in favour of exploiting file transf ... Read more