CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
TheCyberThrone
CISA KEV Catalog Update Part I – February 2025
The Cybersecurity and Infrastructure Security Agency (CISA) recently updated its Known Exploited Vulnerabilities (KEV) catalog on February 4, 2025, adding four new vulnerabilities that have been activ ... Read more
-
The Register
Google: How to make any AMD Zen CPU always generate 4 as a random number
Googlers have not only figured out how to break AMD's security – allowing them to load unofficial microcode into its processors to modify the silicon's behavior as they wish – but also demonstrated th ... Read more
-
seclists.org
KL-001-2025-002: Checkmk NagVis Remote Code Execution
Full Disclosure mailing list archives KL-001-2025-002: Checkmk NagVis Remote Code Execution From: KoreLogic Disclosures via Fulldisclosure <fulldisclosure () seclists org> Date: Tue, 4 Feb 2025 16:11: ... Read more
-
seclists.org
KL-001-2025-001: Checkmk NagVis Reflected Cross-site Scripting
Full Disclosure mailing list archives From: KoreLogic Disclosures via Fulldisclosure <fulldisclosure () seclists org> Date: Tue, 4 Feb 2025 16:08:25 -0600 KL-001-2025-001: Checkmk NagVis Reflected Cro ... Read more
-
BleepingComputer
Zyxel won’t patch newly exploited flaws in end-of-life routers
Zyxel has issued a security advisory about actively exploited flaws in CPE Series devices, warning that it has no plans to issue fixing patches and urging users to move to actively supported models. V ... Read more
-
Kaspersky
The biggest supply chain attacks in 2024 | Kaspersky official blog
A supply-chain attack can totally thwart all a targeted company’s efforts to protect its infrastructure. Preventing such attacks is extremely difficult because a significant portion of an attack occur ... Read more
-
security.nl
'Kwetsbaarheid in 7-Zip sinds september actief misbruikt bij aanvallen'
Een kwetsbaarheid in de populaire archiveringssoftware 7-Zip is sinds vorig jaar september actief misbruikt bij aanvallen, toen er nog geen beveiligingsupdate beschikbaar was om het probleem te verhel ... Read more
-
BleepingComputer
7-Zip MotW bypass exploited in zero-day attacks against Ukraine
A 7-Zip vulnerability allowing attackers to bypass the Mark of the Web (MotW) Windows security feature was exploited by Russian hackers as a zero-day since September 2024. According to Trend Micro res ... Read more
-
0patch.com
Micropatches Released for Windows Task Scheduler Elevation of Privilege Vulnerability (CVE-2024-49039)
November 2024 Windows updates brought a fix for CVE-2024-49039, a local privilege escalation issue allowing low-integrity code running on the computer to execute arbitrary medium-integrity code as the ... Read more
-
Help Net Security
Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)
CVE-2025-0411, a Mark-of-the-Web bypass vulnerability in the open-source archiver tool 7-Zip that was fixed in November 2024, has been exploited in zero-day attacks to deliver malware to Ukrainian ent ... Read more