CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Cybersecurity News
RomCom Exploits Zero-Days in Firefox (CVE-2024-9680) & Windows (CVE-2024-49039) with No User Interaction
Exploit chain to compromise the victim | Image: ESETIn a recent cybersecurity report, ESET researchers have unveiled a coordinated attack by the Russia-aligned threat actor RomCom, exploiting zero-day ... Read more
-
Cybersecurity News
macOS Vulnerability (CVE-2023-32428) Grants Root Access, PoC Published
Image: GergelySecurity researcher Gergely Kalman has detailed a high-severity vulnerability in Apple’s MallocStackLogging framework that could allow attackers to gain local privilege escalation (LPE) ... Read more
-
TheCyberThrone
Russian RomCom exploiting twin bugs
Security researchers at ESET have uncovered an attack chain that exploitis multiple vulnerabilities to deploy the RomCom backdoor without requiring any user interaction.RomCom, also known as Tropical ... Read more
-
Cybersecurity News
CVE-2024-8114: GitLab Vulnerability Allows Privilege Escalation
GitLab has released critical security updates to address multiple vulnerabilities affecting its Community Edition (CE) and Enterprise Edition (EE) products. Versions 17.6.1, 17.5.3, and 17.4.5 contain ... Read more
-
Cybersecurity News
VMware Aria Operations Hit By Multiple Vulnerabilities
VMware has recently issued patches to address multiple vulnerabilities affecting its Aria Operations product. The vulnerabilities, responsibly reported to VMware, range in severity from Important to M ... Read more
-
Cybersecurity News
CVE-2024-21887 and More: How Earth Estries APT Group Exploits VPNs & Servers
Campaign Alpha overview | Image: Trend MicroIn a detailed report from Trend Micro, the Chinese advanced persistent threat (APT) group Earth Estries, also known by aliases like Salt Typhoon and GhostEm ... Read more
-
Cybersecurity News
CVE-2024-41779 (CVSS 9.8): IBM Rhapsody Model Manager Vulnerability Puts Systems at Risk
IBM has recently released a security bulletin addressing a critical vulnerability in IBM Engineering Systems Design Rhapsody – Model Manager (RMM). The vulnerability, identified as CVE-2024-41779 with ... Read more
-
BleepingComputer
New NachoVPN attack uses rogue VPN servers to install malicious updates
A set of vulnerabilities dubbed "NachoVPN" allows rogue VPN servers to install malicious updates when unpatched Palo Alto and SonicWall SSL-VPN clients connect to them. AmberWolf security researchers ... Read more
-
Dark Reading
'RomCom' APT Mounts Zero-Day, Zero-Click Browser Escapes in Firefox, Tor
Source: Collection Chrisophel via Alamy Stock PhotoFor a brief window of time in October, Russian hackers had the ability to launch arbitrary code against anyone in the world using Firefox or Tor.On O ... Read more
-
Dark Reading
Salt Typhoon Builds Out Malware Arsenal With GhostSpider
Source: 3D generator via Alamy Stock PhotoThe Chinese threat actor known as Salt Typhoon has been spying on some high-value government and telecommunications organizations for several years now, recen ... Read more