CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
The Register
How to jailbreak ChatGPT and trick the AI into writing exploit code using hex encoding
OpenAI's language model GPT-4o can be tricked into writing exploit code by encoding the malicious instructions in hexadecimal, which allows an attacker to jump the model's built-in security guardrails ... Read more
-
Dark Reading
Recurring Windows Flaw Could Expose User Credentials
Source: tdhster via ShutterstockAll versions of Windows clients, from Windows 7 through current Windows 11 versions, contain a 0-day vulnerability that could allow attackers to capture NTLM authentica ... Read more
-
BleepingComputer
New Windows Themes zero-day gets free, unofficial patches
Free unofficial patches are now available for a new Windows Themes zero-day vulnerability that allows attackers to steal a target's NTLM credentials remotely. NTLM has been extensively exploited in NT ... Read more
-
BleepingComputer
QNAP fixes NAS backup software zero-day exploited at Pwn2Own
QNAP has fixed a critical zero-day vulnerability exploited by security researchers on Thursday to hack a TS-464 NAS device during the Pwn2Own Ireland 2024 competition. Tracked as CVE-2024-50388, the s ... Read more
-
security.nl
QNAP dicht kritiek Pwn2Own-lek dat remote aanvaller NAS laat overnemen
QNAP heeft een beveiligingsupdate uitgebracht voor een kritieke kwetsbaarheid waardoor NAS-apparaten van de fabrikant door een remote aanvaller zijn over te nemen. Via het beveiligingslek, aangeduid a ... Read more
-
The Register
Admins better Spring into action over latest critical open source vuln
If you're running an application built using the Spring development framework, now is a good time to check it's fully updated – a new, critical-severity vulnerability has just been disclosed. Tracked ... Read more
-
The Hacker News
Researchers Uncover Vulnerabilities in Open-Source AI and ML Models
AI Security / Vulnerability A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which c ... Read more
-
Help Net Security
Patching problems: The “return” of a Windows Themes spoofing vulnerability
Despite two patching attempts, a security issue that may allow attackers to compromise Windows user’s NTLM (authentication) credentials via a malicious Windows themes file still affects Microsoft’s op ... Read more
-
0patch.com
We Patched CVE-2024-38030, Found Another Windows Themes Spoofing Vulnerability (0day)
TL;DR: While patching CVE-2024-38030, we found another similar issue, reported it to Microsoft and created free micropatches for 0patch users on both legacy and still-supported Windows versions so the ... Read more
-
TheCyberThrone
Spring Security fixes Critical Vulnerability CVE-2024-38821
Spring Security has disclosed a critical vulnerability impacting WebFlux applications, enables an authorization bypass under specific conditions. If exploited, this vulnerability could potentially all ... Read more