CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Cyber Security News
Zimbra XSS Flaw Allows Hackers to Execute Malicious JavaScript Code
A critical security flaw has been discovered in the Zimbra Collaboration Suite (ZCS), potentially allowing hackers to execute malicious JavaScript code. This cross-site scripting (XSS) flaw, identifie ... Read more
-
Cybersecurity News
Critical Vulnerability Found in Flatpak: CVE-2024-42472 (CVSS 10) Exposes Files Outside Sandbox
Please enable JavaScriptA serious security flaw has been discovered in Flatpak, a popular system for distributing and running sandboxed desktop applications on Linux. The vulnerability, tracked as CVE ... Read more
-
Cybersecurity News
Unpatched Kubernetes Flaw Leaves Clusters Open to Exploitation: Researcher Unveils Command Injection Vulnerability
Akamai researcher Tomer Peled has uncovered a concerning design flaw within Kubernetes’ git-sync project. This flaw could potentially enable attackers to execute commands or exfiltrate sensitive data, ... Read more
-
Cybersecurity News
CISA Warns of Active Exploitation in SolarWinds Web Help Desk Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of a critical security vulnerability affecting SolarWinds Web Help Desk (WHD), a widely used IT help desk software. This vulnera ... Read more
-
Cybersecurity News
CVE-2024-43360: SQLi Flaw Discovered in Popular Surveillance Software ZoneMinder
ZoneMinder, a widely used open-source video surveillance solution, has been found to contain a critical SQL injection vulnerability that could allow attackers to gain unauthorized access to sensitive ... Read more
-
Cybersecurity News
Last Mile Reassembly Attacks Bypass Leading Secure Web Gateways
SquareX, along with its founder Vivek Ramachandran, a renowned cybersecurity expert, recently uncovered a vulnerability in Secure Web Gateway (SWG) systems, which are employed to safeguard corporate n ... Read more
-
Cybersecurity News
CVE-2024-33533 to 33536: Zimbra Users at Risk of XSS and LFI Attacks
Zimbra Collaboration, a widely adopted email and collaboration platform disclosed three new security vulnerabilities. These flaws, identified as CVE-2024-33533, CVE-2024-33535, and CVE-2024-33536, imp ... Read more
-
Dark Reading
SolarWinds: Critical RCE Bug Requires Urgent Patch
Source: SOPA Images Limited via Alamy Stock PhotoSolarWinds is urging its customers to patch a critical vulnerability that was discovered in its Web Help Desk platform, tracked as CVE-2024-28986.This ... Read more
-
Zero Day Initiative
CVE-2024-38213: Copy2Pwn Exploit Evades Windows Web Protections
Zero Day Initiative threat researchers discovered CVE-2024-38213, a simple and effective way to bypass Windows mark-of-the-web protections leading to remote code execution.In March 2024, Trend Micro’s ... Read more
-
BleepingComputer
Microsoft disables BitLocker security fix, advises manual mitigation
Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode. ... Read more