CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
security.nl
Google dicht kritieke kwetsbaarheden in cellular baseband Pixel-telefoons
Google heeft twee kritieke kwetsbaarheden in Pixel-telefoons verholpen waardoor een aanvaller op afstand toestellen kan overnemen. De beveiligingslekken die remote code execution mogelijk maken bevind ... Read more
-
The Hacker News
Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks
Artificial Intelligence / Vulnerability Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, ... Read more
-
cert.pl
Vulnerabilities in Tungsten Automation TotalAgility software
CVE ID CVE-2024-7874 Publication date 06 December 2024 Vendor Tungsten Automation Product TotalAgility Vulnerable versions All through 7.9.0.25.0.954 Vulnerability type (CWE) Improper Neutralization o ... Read more
-
Cybersecurity News
Unpatched Zero-Day Vulnerability in Mitel MiCollab Exposes Businesses to Serious Security Risks
A newly disclosed zero-day vulnerability in the Mitel MiCollab collaboration platform has raised serious concerns regarding the security of sensitive business data. Discovered by security researchers ... Read more
-
Kaspersky
Exploits and vulnerabilities in Q3 2024
Q3 2024 saw multiple vulnerabilities discovered in Windows and Linux subsystems that are not standard for cyberattacks. This is because operating system developers have been releasing new security mit ... Read more
-
InfoSec Write-ups
From File Upload To LFI: A Journey To Exploitation
Recently I had a client that asked for a black-box pentest for a new web app that the company was about to release. The objective of this black-box penetration test is to assess the security posture o ... Read more
-
The Register
PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files
updated A zero-day arbitrary file read vulnerability in Mitel MiCollab can be chained with a now-patched critical bug in the same platform to give attackers access to sensitive files on vulnerable ins ... Read more
-
Help Net Security
December 2024 Patch Tuesday forecast: The secure future initiative impact
December 2024 Patch Tuesday is now live: Microsoft fixes exploited zero-day (CVE-2024-49138) It seems like 2024 just started, but the final Patch Tuesday of the year is almost here! In retrospect, it ... Read more
-
Cybersecurity News
Django Releases Patches for CVE-2024-53907 and CVE-2024-53908 to Mitigate DoS and SQLi Threats
The Django team has recently announced the release of Django 5.1.4, Django 5.0.10, and Django 4.2.17 to address two security vulnerabilities. All users are strongly encouraged to upgrade their Django ... Read more
-
Cybersecurity News
CVE-2024-43222 (CVSS 9.8): Critical Flaw in Sweet Date WordPress Theme Exposes Thousands of Sites to Potential Takeovers
A critical vulnerability (CVE-2024-43222) has been identified in the Sweet Date WordPress theme, a popular premium theme with nearly 10,000 sales. This vulnerability carries a CVSS score of 9.8, indic ... Read more