CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Cybersecurity News
CVE-2024-12209 (CVSS 9.8): WP Umbrella Plugin Vulnerability Exposes 30,000 Websites to Compromise
A critical security vulnerability has been discovered in the popular WordPress plugin, WP Umbrella, which is used by over 30,000 websites. The flaw, identified as CVE-2024-12209 and assigned a CVSS sc ...
-
security.nl
QNAP verhelpt lek dat remote aanvaller commando's op NAS laat uitvoeren
QNAP heeft vandaag updates voor de eigen NAS-apparaten uitgebracht die meerdere kwetsbaarheden verhelpen,. waaronder een beveiligingslek dat een remote aanvaller de mogelijkheid geeft om willekeurige ...
-
TheCyberThrone
SonicWall addressed half a dozen vulnerabilities in SMA 100 series
SonicWall has released patches for several (six) vulnerabilities impacting its SMA 100 series SSL-VPN products. These flaws range from path traversal issues inherited from the Apache HTTP Server to cr ...
-
Cybersecurity News
Earth Minotaur: MOONSHINE Exploit Kit and DarkNimbus Backdoor Threaten Multi-Platform Security
A sophisticated cyber campaign orchestrated by the threat actor Earth Minotaur has been uncovered by Trend Micro researchers, exposing their reliance on the MOONSHINE exploit kit and a previously unre ...
-
security.nl
Google dicht kritieke kwetsbaarheden in cellular baseband Pixel-telefoons
Google heeft twee kritieke kwetsbaarheden in Pixel-telefoons verholpen waardoor een aanvaller op afstand toestellen kan overnemen. De beveiligingslekken die remote code execution mogelijk maken bevind ...
-
The Hacker News
Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks
Artificial Intelligence / Vulnerability Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, ...
-
cert.pl
Vulnerabilities in Tungsten Automation TotalAgility software
CVE ID CVE-2024-7874 Publication date 06 December 2024 Vendor Tungsten Automation Product TotalAgility Vulnerable versions All through 7.9.0.25.0.954 Vulnerability type (CWE) Improper Neutralization o ...
-
Cybersecurity News
Unpatched Zero-Day Vulnerability in Mitel MiCollab Exposes Businesses to Serious Security Risks
A newly disclosed zero-day vulnerability in the Mitel MiCollab collaboration platform has raised serious concerns regarding the security of sensitive business data. Discovered by security researchers ...
-
Kaspersky
Exploits and vulnerabilities in Q3 2024
Q3 2024 saw multiple vulnerabilities discovered in Windows and Linux subsystems that are not standard for cyberattacks. This is because operating system developers have been releasing new security mit ...
-
InfoSec Write-ups
From File Upload To LFI: A Journey To Exploitation
Recently I had a client that asked for a black-box pentest for a new web app that the company was about to release. The objective of this black-box penetration test is to assess the security posture o ...