CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
TheCyberThrone
CISA adds Cleo Vulnerability CVE-2024-50623 to KEV Catalog
The US CISA adds Cleo vulnerability to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitation reported.Security vendor Huntress was the first to publicize the attacks ... Read more
-
Cybersecurity News
Over 15,000 Sites at Risk: Woffice WordPress Theme Vulnerabilities Could Lead to Full Site Takeovers
Patchstack has disclosed two critical vulnerabilities in the widely used Woffice WordPress theme, a premium intranet/extranet solution with over 15,000 sales. Developed by Xtendify, the Woffice theme ... Read more
-
Cybersecurity News
Abusing Microsoft’s UI Automation Framework: The New Evasion Technique Bypassing EDR
Akamai security researcher Tomer Peled has unveiled a novel attack technique exploiting Microsoft’s legacy UI Automation framework, a tool originally designed to enhance computer accessibility. The fi ... Read more
-
Dark Reading
Cleo MFT Zero-Day Exploits Are About to Escalate, Analysts Warn
Source: Allstar Picture Library Ltd. via Alamy Stock PhotoAn active ransomware campaign against the Cleo managed file transfer tool is about to ramp up now that a proof-of-concept exploit for a zero-d ... Read more
-
BleepingComputer
CISA confirms critical Cleo bug exploitation in ransomware attacks
CISA confirmed today that a critical security vulnerability in Cleo Harmony, VLTrader, and LexiCom file transfer software is being exploited in ransomware attacks. This flaw (tracked as CVE-2024-5062 ... Read more
-
The Hacker News
Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection
A security flaw has been disclosed in OpenWrt's Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, ... Read more
-
SentinelOne
More From Our Main Blog: The Good, the Bad and the Ugly in Cybersecurity – Week 50
The Good | Ragnarok Ransomware Operators & DDoS-For-Hire Servers Disrupted by LEAs Law enforcement agencies this week took decisive action to disrupt a Chinese firm for its involvement in a series of ... Read more
-
SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 50
The Good | Ragnarok Ransomware Operators & DDoS-For-Hire Servers Disrupted by LEAs Law enforcement agencies this week took decisive action to disrupt a Chinese firm for its involvement in a series of ... Read more
-
TheCyberThrone
Gitlab fixes CVE-2024-11274 and CVE-2024-8233
GitLab has released a crucial security update to address multiple vulnerabilities impacting various versions of its platform. This update, applicable to versions 17.6.2, 17.5.4, and 17.4.6 for both Co ... Read more
-
security.nl
Kritiek lek in Apache Struts 2 maakt remote code execution mogelijk
Een kritieke kwetsbaarheid in Apache Struts 2 maakt remote code execution mogelijk en overheidsinstanties roepen beheerders en organisaties op om de beschikbaar gestelde beveiligingsupdate te installe ... Read more