CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Cybersecurity News
CVE-2020-12271 Exploited: FBI Seeks Chinese Hacker Behind 81,000 Device Breach
The US Department of Justice announced the unsealing of an indictment against Guan Tianfeng, a Chinese national associated with Sichuan Silence Information Technology Co. Ltd., for his alleged role in ... Read more
-
BleepingComputer
Hunk Companion WordPress plugin exploited to install vulnerable plugins
Hackers are exploiting a critical vulnerability in the "Hunk Companion" plugin to install and activate other plugins with exploitable flaws directly from the WordPress.org repository. By installing ou ... Read more
-
Dark Reading
Chinese Hacker Pwns 81K Sophos Devices With Zero-Day Bug
Source: B Christopher via Alamy Stock PhotoNEWS BRIEFThe US government unsealed charges yesterday against a Chinese national who allegedly broke into approximately 81,000 of Sophos firewall devices ar ... Read more
-
BleepingComputer
Russian Turla hackers hit Starlink-connected devices in Ukraine
Russian cyber-espionage group Turla, aka "Secret Blizzard," is utilizing other threat actors' infrastructure to target Ukrainian military devices connected via Starlink. Microsoft and Lumen recently e ... Read more
-
BleepingComputer
Russian cyber spies hide behind other hackers to target Ukraine
Russian cyber-espionage group Turla, aka "Secret Blizzard," is utilizing other threat actors' infrastructure to target Ukrainian military devices connected via Starlink. Microsoft and Lumen recently e ... Read more
-
TheCyberThrone
Apache Superset 4.1.0 released with bug fixes
The Apache Software Foundation has announced the release of Apache Superset 4.1.0 with several bug fixes that could potentially allow attackers to bypass security controls, access sensitive data, and ... Read more
-
The Cyber Express
Microsoft December Patch Tuesday 2024: 71 Vulnerabilities Addressed, Including Critical Zero-Day Flaws
Microsoft’s December Patch Tuesday update, the last one of 2024, addresses a massive number of vulnerabilities, including 71 newly identified flaws across various products. As part of the regular Dece ... Read more
-
Help Net Security
Microsoft enforces defenses preventing NTLM relay attacks
Since making Kerberos the default Windows authentication protocol in 2000, Microsoft has been working on eventually retiring NTLM, its less secure and obsolete counterpart. Until NTLM gets disabled by ... Read more
-
The Register
Three more vulns spotted in Ivanti CSA, all critical, one 10/10
Ivanti just put out a security advisory warning of three critical vulnerabilities in its Cloud Services Application (CSA), including a perfect 10. CSA is a tempting target for cyberattacks because of ... Read more
-
Darktrace
Darktrace’s view on Operation Lunar Peek: Exploitation of Palo Alto firewall devices (CVE 2024-2012 and 2024-9474)
Darktrace’s Threat Research team investigated a major campaign exploiting vulnerabilities in Palo Alto firewall devices (CVE 2024-2012 and 2024-9474). Learn about the spike in post-exploitation activi ... Read more