CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
The Cyber Express
December 2024 Cyble Report: Malware, Phishing, and IoT Vulnerabilities on the Rise
The latest Sensor Intelligence Report from Cyble, dated December 4–10, 2024, sheds light on a troubling increase in cyber threats, including malware intrusions, phishing scams, and attacks targeting v ... Read more
-
Cybersecurity News
CVE-2024-38819: Spring Framework Path Traversal PoC Exploit Released
A critical vulnerability in the Spring Framework, tracked as CVE-2024-38819 (CVSS score 7.5), has been publicly disclosed, along with a proof-of-concept (PoC) exploit. This flaw allows attackers to co ... Read more
-
Cybersecurity News
Open Sesame Attack: Ruijie Networks Devices Vulnerable to Remote Takeover
In a critical revelation highlighting the vulnerabilities of IoT ecosystems, Team82 has published a report detailing 10 security flaws in Ruijie Networks’ Reyee cloud management platform and its assoc ... Read more
-
Cybersecurity News
CVE-2024-45337: Golang Crypto Library Flawed, Risks Authorization Bypass
A critical security vulnerability, tracked as CVE-2024-45337 (CVSS 9.1), has been discovered in the Golang cryptography library. This flaw stems from the misuse of the ServerConfig.PublicKeyCallback f ... Read more
-
Cybersecurity News
CVE-2024-55884 (CVSS 9.0): Critical Vulnerability Found in Mullvad VPN
X41 D-Sec GmbH, a leading cybersecurity firm, has completed a white-box penetration test of the Mullvad VPN application, revealing several vulnerabilities, including one rated as “critical” and two ra ... Read more
-
Cybersecurity News
336,000 Prometheus Servers at Risk: Urgent Security Alert
In a recent investigation, Aqua Nautilus uncovered alarming security vulnerabilities within the Prometheus ecosystem. Their research highlights critical flaws spanning information disclosure, denial-o ... Read more
-
Cybersecurity News
Multiple Critical Vulnerabilities Expose GLPI to Widespread Attacks
A series of critical security vulnerabilities have been discovered in GLPI (Gestionnaire Libre de Parc Informatique), a widely used open-source IT asset management and service desk software. These vul ... Read more
-
The Register
Are your Prometheus servers and exporters secure? Probably not
Infosec in brief There's a problem of titanic proportions brewing for users of the Prometheus open source monitoring toolkit: hundreds of thousands of servers and exporters are exposed to the internet ... Read more
-
BleepingComputer
Clop ransomware claims responsibility for Cleo data theft attacks
12/16/24 update: Article updated to include new information about Cleo CVE-2024-50623 and CVE-2024-55956 flaws. The Clop ransomware gang has confirmed to BleepingComputer that they are behind the rece ... Read more
-
Cybersecurity News
Citrix Alerts on Global Password Spraying Campaigns Targeting NetScaler Appliances
Citrix has issued an advisory highlighting an increase in password spraying attacks aimed at NetScaler appliances worldwide. These attacks exploit authentication endpoints, causing significant operati ... Read more