CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Cybersecurity News
Exploitable PoC Released for CVE-2024-38077: 0-Click RCE Threatens All Windows Servers
Security researchers Ver, Lewis Lee, and Zhiniang Peng have detailed and published a proof-of-concept (PoC) exploit code for a critical vulnerability, designated as CVE-2024-38077 (CVSS 9.8) and refer ...
-
Cybersecurity News
CVE-2024-5290: Wi-Fi Flaw Leaves Millions Vulnerable to Root Takeover
Security researchers have uncovered a critical vulnerability in wpa_supplicant, a ubiquitous software component responsible for managing Wi-Fi connections on countless devices. The flaw, dubbed CVE-20 ...
-
Cybersecurity News
MongoDB Patches High-Severity Windows Vulnerability (CVE-2024-7553) in Multiple Products
MongoDB, the popular NoSQL database provider, announced the patching of a high-severity vulnerability affecting multiple versions of its server and driver products. The flaw, tracked as CVE-2024-7553 ...
-
Cybersecurity News
1Password Updates macOS App to Fix Vulnerabilities CVE-2024-42218 and CVE-2024-42219
1Password, a leading password manager, has released security updates to address two vulnerabilities (CVE-2024-42218 and CVE-2024-42219) discovered in its macOS app. These vulnerabilities could potenti ...
-
Cybersecurity News
CVE-2024-42458 (CVSS 9.8) – New Security Vulnerability in Neat VNC: Urgent Patch Released
Neat VNC, a popular open-source VNC server library used for remote desktop access and screen sharing, has been found vulnerable to a security vulnerability (CVE-2024-42458, CVSS 9.8). This flaw could ...
-
The Register
Hello? Are you talking on a Cisco SPA300 or SPA500 IP phone? Now's the time to junk 'em
A boffin from British defence contractor BAE has found three critical flaws in Cisco's Small Business SPA300 and SPA500 IP phones – and another couple of nasties – none of which will be fixed or mitig ...
-
The Cyber Express
SEC Won’t Bring Charges Against Progress Software Over MOVEit Supply Chain Attack
In a surprising move, the U.S. Securities and Exchange Commission (SEC) has decided not to bring charges against Progress Software over last year’s MOVEit software supply chain attack that exposed the ...
-
The Cyber Express
Downgrade Attacks Could Affect Fully Updated Windows Systems With Previously Patched Vulnerabilities
A security researcher has uncovered a new threat within the Windows operating system that challenges the very notion of a fully-patched system. The new threat demonstrated by the researcher-built tool ...
-
BleepingComputer
Cisco warns of critical RCE zero-days in end of life IP phones
Cisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 and SPA 500 series IP phones. The vendor has not m ...
-
BleepingComputer
CISA warns about actively exploited Apache OFBiz RCE flaw
The U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting Apache OFBiz. Apache OFBiz (Open For Business) is a ...