CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Cybersecurity News
CVE-2024-52308: GitHub CLI Vulnerability Could Allow Remote Code Execution
A critical security vulnerability (CVE-2024-52308) in the GitHub Command Line Interface (CLI) has been identified, potentially enabling remote code execution (RCE) on users’ workstations. This vulnera ... Read more
-
Cybersecurity News
LibreNMS Vulnerability (CVE-2024-51092): Mitigating the Risk of Server Compromise
A recent security advisory from the LibreNMS project has revealed a severe vulnerability (CVE-2024-51092) affecting versions up to 24.9.1 of the widely-used network monitoring platform. The flaw, rate ... Read more
-
Cybersecurity News
Actively Exploited VMware Vulnerabilities (CVE-2024-38812 & CVE-2024-38813) Threaten Virtualized Infrastructure
Broadcom has updated an urgent security advisory following confirmation of in-the-wild exploitation of two critical vulnerabilities affecting its vCenter Server platform: CVE-2024-38812 and CVE-2024-3 ... Read more
-
Cybersecurity News
Trio of Apache Tomcat Flaws Disclosed: Authentication Bypass, HTTP/2 Request Mix-Up, and XSS Flaw
The Apache Software Foundation has recently disclosed three new vulnerabilities affecting Apache Tomcat, a widely-used open-source web server and servlet container. These vulnerabilities, ranging from ... Read more
-
Cybersecurity News
CVE-2024-31141: Apache Kafka Vulnerability Exposes User Data to Potential Attackers
A newly discovered vulnerability in Apache Kafka, the popular open-source event streaming platform, could allow attackers to gain unauthorized access to sensitive information. The vulnerability, track ... Read more
-
Cybersecurity News
Critical Vulnerabilities Found in Baxter Life2000 Ventilation System
The Baxter Life2000 Ventilation System, a key healthcare device used in critical infrastructure sectors, has been found to contain multiple severe vulnerabilities. These issues, detailed in a recent s ... Read more
-
Trend Micro
Spot the Difference: Earth Kasha's New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella
This blog is based on a presentation by the authors at Virus Bulletin 2024. Introduction LODEINFO is a malware used in attacks targeting mainly Japan since 2019. Trend Micro has been tracking the grou ... Read more
-
The Register
Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble
Two VMware vCenter server bugs, including a critical heap-overflow vulnerability that leads to remote code execution (RCE), have been exploited in attacks after Broadcom’s first attempt to fix the fla ... Read more
-
BleepingComputer
Palo Alto Networks patches two firewall zero-days used in attacks
Palo Alto Networks has finally released security updates for two actively exploited zero-day vulnerabilities in its Next-Generation Firewalls (NGFW). The first flaw, tracked as CVE-2024-0012, is an au ... Read more
-
BleepingComputer
Critical RCE bug in VMware vCenter Server now exploited in attacks
Broadcom warned today that attackers are now exploiting two VMware vCenter Server vulnerabilities, one of which is a critical remote code execution flaw. TZL security researchers reported the RCE vul ... Read more