CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
TheCyberThrone
CISA adds Jenkins bug CVE-2024-23897 to its KEV Catalog
The U.S. CISA added a Jenkins Command Line Interface (CLI) Path Traversal vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.Jenkins has addressed the vulnerability tracked as CVE-2024 ... Read more
-
Ars Technica
Windows 0-day was exploited by North Korea to install advanced rootkit
LAZARUS STRIKES AGAIN — FudModule rootkit burrows deep into Windows, where it can bypass key security defenses. Getty Images A Windows zero-day vulnerability recently patched by Microsoft was explo ... Read more
-
BleepingComputer
CISA warns of Jenkins RCE bug exploited in ransomware attacks
CISA has added a critical Jenkins vulnerability that can be exploited to gain remote code execution to its catalog of security bugs, warning that it's actively exploited in attacks. Jenkins is a wide ... Read more
-
The Register
Multiple flaws in Microsoft macOS apps unpatched despite potential risks
Cisco Talos says eight vulnerabilities in Microsoft's macOS apps could be abused by nefarious types to record video and sound from a user's device, access sensitive data, log user input, and escalate ... Read more
-
cloudsecurityalliance.org
Return of the RCE: Addressing the regreSSHion Vulnerability – CVE-2024-6378
Originally published by Pentera. A Regrettable Resurgence On July 1, 2024, the Qualys Threat Research Unit (TRU) published their discovery of an unauthenticated remote code execution (RCE) vulnerabili ... Read more
-
TheCyberThrone
PoC for IvantiTM vulnerability CVE-2024-7593 released
To limit the exploitability of this vulnerability, Ivanti recommends limiting Admin Access to the Management Interface internal to the network through the private / corporate network.The researchers a ... Read more
-
Cyber Security News
New Kubernetes Vulnerability Allows Attackers to Access Clusters Remotely
A critical vulnerability tracked as CVE-2024-7646, has been uncovered in the widely used ingress-nginx Kubernetes controller. The flaw allows attackers to bypass annotation validation, poses a signifi ... Read more
-
Cyber Security News
Microsoft macOS Apps Vulnerability Allows Hackers to Record Audio/Video
Cisco Talos has identified eight security vulnerabilities in Microsoft applications running on the macOS operating system, raising concerns about potential exploitation by adversaries. These vulnerabi ... Read more
-
Cyber Security News
Windows Secure Channel RCE Vulnerability Let Attackers Inject Malicious Files Remotely
A recent analysis of a security vulnerability in Microsoft’s Secure Channel revealed a critical flaw that could be exploited for remote code execution. The vulnerability was initially identified as an ... Read more
-
Cyber Security News
Linux Kernal Vulnerability Let Attackers Bypass CPU & Write on Memory
Researchers uncovered a vulnerability in the Linux kernel’s dmam_free_coherent() function, which stems from a race condition caused by the improper order of operations when freeing DMA (Direct Memory ... Read more