CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Cybersecurity News
Open Sesame Attack: Ruijie Networks Devices Vulnerable to Remote Takeover
In a critical revelation highlighting the vulnerabilities of IoT ecosystems, Team82 has published a report detailing 10 security flaws in Ruijie Networks’ Reyee cloud management platform and its assoc ... Read more
-
Cybersecurity News
CVE-2024-45337: Golang Crypto Library Flawed, Risks Authorization Bypass
A critical security vulnerability, tracked as CVE-2024-45337 (CVSS 9.1), has been discovered in the Golang cryptography library. This flaw stems from the misuse of the ServerConfig.PublicKeyCallback f ... Read more
-
Cybersecurity News
CVE-2024-55884 (CVSS 9.0): Critical Vulnerability Found in Mullvad VPN
X41 D-Sec GmbH, a leading cybersecurity firm, has completed a white-box penetration test of the Mullvad VPN application, revealing several vulnerabilities, including one rated as “critical” and two ra ... Read more
-
Cybersecurity News
336,000 Prometheus Servers at Risk: Urgent Security Alert
In a recent investigation, Aqua Nautilus uncovered alarming security vulnerabilities within the Prometheus ecosystem. Their research highlights critical flaws spanning information disclosure, denial-o ... Read more
-
Cybersecurity News
Multiple Critical Vulnerabilities Expose GLPI to Widespread Attacks
A series of critical security vulnerabilities have been discovered in GLPI (Gestionnaire Libre de Parc Informatique), a widely used open-source IT asset management and service desk software. These vul ... Read more
-
The Register
Are your Prometheus servers and exporters secure? Probably not
Infosec in brief There's a problem of titanic proportions brewing for users of the Prometheus open source monitoring toolkit: hundreds of thousands of servers and exporters are exposed to the internet ... Read more
-
BleepingComputer
Clop ransomware claims responsibility for Cleo data theft attacks
12/16/24 update: Article updated to include new information about Cleo CVE-2024-50623 and CVE-2024-55956 flaws. The Clop ransomware gang has confirmed to BleepingComputer that they are behind the rece ... Read more
-
Cybersecurity News
Citrix Alerts on Global Password Spraying Campaigns Targeting NetScaler Appliances
Citrix has issued an advisory highlighting an increase in password spraying attacks aimed at NetScaler appliances worldwide. These attacks exploit authentication endpoints, causing significant operati ... Read more
-
Help Net Security
Week in review: Microsoft fixes exploited 0-day, top cybersecurity books for your holiday gift list
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes exploited zero-day (CVE-2024-49138) On December 2024 Patch Tuesday, Microsoft resolved ... Read more
-
TheCyberThrone
TheCyberThrone Security BiWeekly Review – December 14, 2024
Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the weeks ending Saturday, November 30, 2024.Jenkins fixes multiple ... Read more