CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Cybersecurity News
Critical Vulnerability Found in Flatpak: CVE-2024-42472 (CVSS 10) Exposes Files Outside Sandbox
Please enable JavaScriptA serious security flaw has been discovered in Flatpak, a popular system for distributing and running sandboxed desktop applications on Linux. The vulnerability, tracked as CVE ... Read more
-
Cybersecurity News
Unpatched Kubernetes Flaw Leaves Clusters Open to Exploitation: Researcher Unveils Command Injection Vulnerability
Akamai researcher Tomer Peled has uncovered a concerning design flaw within Kubernetes’ git-sync project. This flaw could potentially enable attackers to execute commands or exfiltrate sensitive data, ... Read more
-
Cybersecurity News
CISA Warns of Active Exploitation in SolarWinds Web Help Desk Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of a critical security vulnerability affecting SolarWinds Web Help Desk (WHD), a widely used IT help desk software. This vulnera ... Read more
-
Cybersecurity News
CVE-2024-43360: SQLi Flaw Discovered in Popular Surveillance Software ZoneMinder
ZoneMinder, a widely used open-source video surveillance solution, has been found to contain a critical SQL injection vulnerability that could allow attackers to gain unauthorized access to sensitive ... Read more
-
Cybersecurity News
Last Mile Reassembly Attacks Bypass Leading Secure Web Gateways
SquareX, along with its founder Vivek Ramachandran, a renowned cybersecurity expert, recently uncovered a vulnerability in Secure Web Gateway (SWG) systems, which are employed to safeguard corporate n ... Read more
-
Cybersecurity News
CVE-2024-33533 to 33536: Zimbra Users at Risk of XSS and LFI Attacks
Zimbra Collaboration, a widely adopted email and collaboration platform disclosed three new security vulnerabilities. These flaws, identified as CVE-2024-33533, CVE-2024-33535, and CVE-2024-33536, imp ... Read more
-
Dark Reading
SolarWinds: Critical RCE Bug Requires Urgent Patch
Source: SOPA Images Limited via Alamy Stock PhotoSolarWinds is urging its customers to patch a critical vulnerability that was discovered in its Web Help Desk platform, tracked as CVE-2024-28986.This ... Read more
-
Zero Day Initiative
CVE-2024-38213: Copy2Pwn Exploit Evades Windows Web Protections
Zero Day Initiative threat researchers discovered CVE-2024-38213, a simple and effective way to bypass Windows mark-of-the-web protections leading to remote code execution.In March 2024, Trend Micro’s ... Read more
-
BleepingComputer
Microsoft disables BitLocker security fix, advises manual mitigation
Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode. ... Read more
-
TheCyberThrone
IBM fixes several QRadar vulnerabilities
IBM recently disclosed critical vulnerabilities affecting its QRadar Suite Software and IBM Cloud Pak for Security. On successful exploitation, it could allow attackers to execute arbitrary code remot ... Read more