CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Cybersecurity News
PoC Exploit Releases for CVE-2024-44193: Local Privilege Escalation Vulnerability in iTunes
Image: mbog14 Security researcher mbog14 has published the technical details and proof-of-concept for a critical local privilege escalation (LPE) vulnerability affecting iTunes version 12.13.2.3, iden ... Read more
-
Cybersecurity News
Active Exploits Target Zimbra Collaboration: Over 19K Systems Vulnerable to CVE-2024-45519
Image: The Shadowserver FoundationEnterprise security firm Proofpoint has issued a critical warning regarding active exploitation attempts against Synacor’s Zimbra Collaboration platform. A recently d ... Read more
-
Cybersecurity News
CyberVolk: From Hacktivism to Ransomware – Researcher Exposes New Threat
CyberVolk dialog window | Image: Rapid7Cybersecurity researchers at Rapid7 Labs have released a detailed report on CyberVolk, a politically motivated hacktivist group that transitioned into using rans ... Read more
-
Cybersecurity News
Researchers Detail Ruby-SAML/GitLab Flaw (CVE-2024-45409) Allows SAML Authentication Bypass
In a recent analysis conducted by Harsh Jaiswal and Rahul Maini at ProjectDiscovery, a critical vulnerability, CVE-2024-45409, was uncovered, exposing a flaw in Ruby-SAML and OmniAuth-SAML libraries, ... Read more
-
InfoSec Write-ups
High-Risk Vulnerabilities in Apache HTTP Server’s mod_proxy Encoding Problem Allow Authentication…
Apache HTTP Server — ACL BypassCVE-2024–38473 Overview:Description:The vulnerability is due to an encoding problem in mod_proxy, which allows request URLs with incorrect encoding to be sent to backend ... Read more
-
Critical Vulnerabilities in porte_plume plugin to Remote Exploits -$$$$ Bounty -CVE-2024–7954
Description:The porte_plume plugin, utilized by SPIP versions prior to 4.30-alpha2, 4.2.13, and 4.1.16, is susceptible to a critical arbitrary code execution (RCE) vulnerability. This flaw allows a re ... Read more
-
HTB | Editorial — SSRF and CVE-2022–24439
This is a Linux box. You can find it here.Skill LearnedSSRFgitCVE-2022–24439NMAPIP:10.10.11.11nmap -sT -p- --min-rate 10000 10.10.11.20nmap -sC -sV -p 22,80 10.10.11.20nmapPort 80let’s visit port 80po ... Read more
-
TheCyberThrone
Apple fixes critical bugs in iOS 18
If you have any Apple devices running iOS 18, then make sure they have the latest patches installed.Apple has released an urgent iOS 18.0.1 and iPadOS 18.0.1 updates to fix two vulnerabilities, respec ... Read more
-
Help Net Security
Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: October 2024 Patch Tuesday forecast: Recall can be recalled October arrived, and Microsoft started the ... Read more
-
TheCyberThrone
PoC for Microsoft Office Zeroday CVE-2024-38200 released
Security researcher Metin Yunus Kandemir have released the technical details and a PoC exploit that reveals a critical information disclosure flaw in Microsoft Office. This vulnerability, which affect ... Read more