CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
The Cyber Express
CISA Adds Array Networks’ CVE-2023-28461 to KEV List: Critical Patching Urged
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a critical security flaw, CVE-2023-28461, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability i ... Read more
-
TheCyberThrone
PHP Patches Multiple Vulnerabilities Including CVE-2024-8932
The PHP development team has released patches to address multiple vulnerabilities affecting versions prior to 8.1.31, 8.2.26, and 8.3.14 potentially allowing attackers to leak sensitive information, e ... Read more
-
The Hacker News
RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks
Vulnerability / Cybercrime The Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows ... Read more
-
The Register
QNAP and Veritas dump 30-plus vulns over the weekend
Taiwanese NAS maker QNAP addressed 24 vulnerabilities across various products over the weekend. The flaws include two critical and nine "high" severity vulnerabilities, potentially resulting in code e ... Read more
-
The Hacker News
Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries
The China-linked threat actor known as Earth Estries has been observed using a previously undocumented backdoor called GHOSTSPIDER as part of its attacks targeting Southeast Asian telecommunications c ... Read more
-
security.nl
CISA meldt actief misbruik van kritiek lek in Array Networks ssl vpn gateways
Aanvallers maken actief misbruik van een kritieke kwetsbaarheid in de ssl vpn gateways van fabrikant Array Networks, zo meldt het Cybersecurity and Infrastructure Security Agency (CISA) van het Amerik ... Read more
-
Kaspersky
Analysis of Elpaco: a Mimic variant
Introduction In a recent incident response case, we dealt with a variant of the Mimic ransomware with some interesting customization features. The attackers were able to connect via RDP to the victim’ ... Read more
-
Help Net Security
RomCom hackers chained Firefox and Windows zero-days to deliver backdoor
Russia-aligned APT group RomCom was behind attacks that leveraged CVE-2024-9680, a remote code execution flaw in Firefox, and CVE-2024-49039, an elevation of privilege vulnerability in Windows Task Sc ... Read more
-
Kaspersky
Spoofing via CVE-2024-49040 | Kaspersky official blog
email The patch that fixes CVE-2024-49040 in Microsoft Exchange is temporarily unavailable. We’ve implemented heuristics that detect attempts to exploit it. November 26, 2024 Among the vulnerabilities ... Read more
-
Cybersecurity News
Keycloak Patches Multiple Vulnerabilities in Latest Update
Open-source identity and access management platform Keycloak has released important security updates to address multiple vulnerabilities, including risks of denial-of-service attacks, information disc ... Read more