CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Zero Day Initiative
Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 1
The number of link following vulnerabilities submitted to the Trend Micro ZDI program has been increasing rapidly over the past several years. These submissions have provided us with insight into how ... Read more
-
cert.pl
Vulnerability in Stackposts Social Marketing Tool software
CVE ID CVE-2024-7127 Publication date 30 July 2024 Vendor Stackposts Product Social Marketing Tool Vulnerable versions All Vulnerability type (CWE) Improper Neutralization of Input During Web Page Gen ... Read more
-
Cyber Security News
New MOVEit File Transfer Vulnerability Let Attackers Escalate Privileges
Progress Software has disclosed a new high-severity vulnerability in its MOVEit Transfer file transfer solution that could allow attackers to escalate privileges through improper authentication. The v ... Read more
-
Help Net Security
VMware ESXi auth bypass zero-day exploited by ransomware operators (CVE-2024-37085)
Ransomware operators have been leveraging CVE-2024-37085, an authentication bypass vulnerability affecting Active Directory domain-joined VMware ESXi hypervisors, to gain full administrative access to ... Read more
-
The Hacker News
VMware ESXi Flaw Exploited by Ransomware Groups for Admin Access
A recently patched security flaw impacting VMware ESXi hypervisors has been actively exploited by "several" ransomware groups to gain elevated permissions and deploy file-encrypting malware. The attac ... Read more
-
Cyber Security News
Ransomware Gangs Exploiting VMware ESXi Auth Bypass Flaw for Mass Attacks
Microsoft researchers have found a critical vulnerability in VMware’s ESXi hypervisors. Ransomware operators are using this problem to attack systems. This vulnerability, CVE-2024-37085, allows threat ... Read more
-
seclists.org
Bunch of IoT CVEs
Full Disclosure mailing list archives From: Willem Westerhof | Secura <Willem.Westerhof () secura com> Date: Fri, 26 Jul 2024 13:11:06 +0000 Hi all, A list of CVE’s in a bunch of IoT devices that neve ... Read more
-
The Cyber Express
Ransomware Actors Exploit VMware ESXi Hypervisor Bug: Microsoft
Microsoft researchers have observed multiple ransomware operators exploiting a recently patched vulnerability in ESXi hypervisors to gain full administrative control over domain-joined ESXi servers. T ... Read more
-
Ars Technica
Hackers exploit VMware vulnerability that gives them hypervisor admin
AUTHENTICATION NOT REQUIRED — Create new group called "ESX Admins" and ESXi automatically gives it admin rights. Getty Images Microsoft is urging users of VMware’s ESXi hypervisor to take immediate ... Read more
-
The Cyber Express
Weekly Vulnerability Report: Cyble Urges Fixes in SolarWinds, Cisco, Ivanti & Microsoft
Cyble Research & Intelligence Labs (CRIL) researchers have analyzed more than 100 security vulnerabilities in the last two weeks, with flaws in IT products from SolarWinds, Cisco, Ivanti, Microsoft, E ... Read more