CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
TheCyberThrone
TheCyberThrone Security Weekly Review – February 08, 2025
Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, February 08, 2025.CVE-2025-21293 PoC Exp ... Read more
-
Help Net Security
Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) CVE-2025-0411, a Mark-of-t ... Read more
-
InfoSec Write-ups
Fixing stdlib 1.18.2 Vulnerabilities in Docker Images: A PostgreSQL Implementation Guide
IntroductionInformation from Docker Hub on PostgreSQL Docker Official Image as you can see on the image below [1].[1] Informations based on docker official imageAs you know that Docker official images ... Read more
-
TheCyberThrone
Apache James Denial-of-Service Vulnerabilities
The Apache James Mail Server has recently been identified as vulnerable to two distinct Denial-of-Service (DoS) attacks, tracked as CVE-2024-45626 and CVE-2024-37358 These vulnerabilities pose signifi ... Read more
-
Shellshock — A deep dive into CVE-2014–6271
I created a lab to demonstrate this vulnerabilitySource: Photo by BittenTech on YoutubeWhat is Shellshock?Shellshock is a critical vulnerability discovered in 2014 affecting the GNU/Bash shell. It all ... Read more
-
TheCyberThrone
CVE-2025-24503 impacts Symantec PAM
CVE-2025-24503 is a critical security vulnerability affecting Privileged Access Manager (PAM) solutions, specifically those provided by Symantec. This vulnerability, if exploited, can have severe cons ... Read more
-
The Cloudflare Blog
Resolving a Mutual TLS session resumption vulnerability
2025-02-075 min readOn January 23, 2025, Cloudflare was notified via its Bug Bounty Program of a vulnerability in Cloudflare’s Mutual TLS (mTLS) implementation. The vulnerability affected customers wh ... Read more
-
BleepingComputer
Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers
Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial networ ... Read more
-
0patch.com
Micropatches Released for Active Directory Certificate Services Elevation of Privilege Vulnerability (CVE-2024-49019)
November 2024 Windows updates brought a fix for CVE-2024-49019, a privilege escalation vulnerability allowing, under specific conditions, a domain user to create a certificate for another domain user, ... Read more
-
The Register
UK Home Office silent on alleged Apple backdoor order
The UK's Home Office refuses to either confirm or deny reports that it recently ordered Apple to create a backdoor allowing the government to access any user's cloud data. Such a mechanism would enabl ... Read more