CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Cybersecurity News
Wget Vulnerability (CVE-2024-10524) Opens Door to SSRF Attacks
A newly discovered vulnerability in the popular Wget download utility could allow attackers to launch server-side request forgery (SSRF) attacks.Security researcher Goni Golan from JFrog has identifie ... Read more
-
Cybersecurity News
CVE-2024-47208 & CVE-2024-48962: Apache OFBiz Exposed to Remote Code Execution
The Apache Software Foundation has released important security updates to address two critical vulnerabilities in Apache OFBiz, a popular open-source suite of business applications. These vulnerabilit ... Read more
-
BleepingComputer
Apple fixes two zero-days used in attacks on Intel-based Macs
Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. "Apple is aware of a report that this issue may have been explo ... Read more
-
BleepingComputer
CISA tags Progress Kemp LoadMaster flaw as exploited in attacks
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progr ... Read more
-
Cybersecurity News
CVE-2024-44308 and CVE-2024-44309: Apple Addresses Zero-Day Vulnerabilities
Apple users are urged to update their devices immediately following the discovery of two critical zero-day vulnerabilities actively exploited in the wild. These vulnerabilities, CVE-2024-44308 and CVE ... Read more
-
BleepingComputer
Oracle warns of Agile PLM file disclosure flaw exploited in attacks
Oracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024-21287, which was actively exploited as a zero-day to download files. Ora ... Read more
-
BleepingComputer
D-Link urges users to retire VPN routers impacted by unfixed RCE flaw
D-Link is warning customers to replace end-of-life VPN router models after a critical unauthenticated, remote code execution vulnerability was discovered that will not be fixed on these devices. The f ... Read more
-
TheCyberThrone
Broadcom repatched VMware bugs for the second time
Vmware vulnerabilities have been exploited in attacks after the initial released patches failed to fix the flawThe vulnerabilities are tracked as CVE-2024-38812 and CVE-2024-38813, released on Septem ... Read more
-
BleepingComputer
Helldown ransomware exploits Zyxel VPN flaw to breach networks
The new 'Helldown' ransomware operation is believed to target vulnerabilities in Zyxel firewalls to breach corporate networks, allowing them to steal data and encrypt devices. French cybersecurity fir ... Read more
-
The Register
Palo Alto Networks tackles firewall-busting zero-days with critical patches
Palo Alto Networks (PAN) finally released a CVE identifier and patch for the zero-day exploit that caused such a fuss last week. The vendor dropped details of two vulnerabilities exploited as zero-day ... Read more