CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Cybersecurity News
CVE-2024-5932 (CVSS 10): Critical RCE Vulnerability Impacts 100k+ WordPress Sites
A critical security flaw (CVE-2024-5932) in the popular GiveWP WordPress plugin has left over 100,000 websites vulnerable to remote code execution and unauthorized file deletion. This vulnerability, s ... Read more
-
Cybersecurity News
F5 Issues Security Advisories for NGINX Plus (CVE-2024-39792) & BIG-IP Next Central Manager (CVE-2024-39809)
F5, a prominent provider of application delivery and security solutions, has recently released security advisories addressing vulnerabilities in two of its products: NGINX Plus and BIG-IP Next Central ... Read more
-
Cybersecurity News
PrestaShop Websites Under Attack: GTAG Websocket Skimmer Steals Credit Card Data
Security researchers at Sucuri have discovered a new credit card skimmer exploiting a vulnerability in PrestaShop websites. This sophisticated attack uses a WebSocket connection to pilfer sensitive cu ... Read more
-
TheCyberThrone
CISA adds Jenkins bug CVE-2024-23897 to its KEV Catalog
The U.S. CISA added a Jenkins Command Line Interface (CLI) Path Traversal vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.Jenkins has addressed the vulnerability tracked as CVE-2024 ... Read more
-
Ars Technica
Windows 0-day was exploited by North Korea to install advanced rootkit
LAZARUS STRIKES AGAIN — FudModule rootkit burrows deep into Windows, where it can bypass key security defenses. Getty Images A Windows zero-day vulnerability recently patched by Microsoft was explo ... Read more
-
BleepingComputer
CISA warns of Jenkins RCE bug exploited in ransomware attacks
CISA has added a critical Jenkins vulnerability that can be exploited to gain remote code execution to its catalog of security bugs, warning that it's actively exploited in attacks. Jenkins is a wide ... Read more
-
The Register
Multiple flaws in Microsoft macOS apps unpatched despite potential risks
Cisco Talos says eight vulnerabilities in Microsoft's macOS apps could be abused by nefarious types to record video and sound from a user's device, access sensitive data, log user input, and escalate ... Read more
-
cloudsecurityalliance.org
Return of the RCE: Addressing the regreSSHion Vulnerability – CVE-2024-6378
Originally published by Pentera. A Regrettable Resurgence On July 1, 2024, the Qualys Threat Research Unit (TRU) published their discovery of an unauthenticated remote code execution (RCE) vulnerabili ... Read more
-
TheCyberThrone
PoC for IvantiTM vulnerability CVE-2024-7593 released
To limit the exploitability of this vulnerability, Ivanti recommends limiting Admin Access to the Management Interface internal to the network through the private / corporate network.The researchers a ... Read more
-
Cyber Security News
New Kubernetes Vulnerability Allows Attackers to Access Clusters Remotely
A critical vulnerability tracked as CVE-2024-7646, has been uncovered in the widely used ingress-nginx Kubernetes controller. The flaw allows attackers to bypass annotation validation, poses a signifi ... Read more