Cyber Newsroom Feed
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
seclists.org
KL-001-2024-005: Open WebUI Stored Cross-Site Scripting
Full Disclosure mailing list archives KL-001-2024-005: Open WebUI Stored Cross-Site Scripting From: KoreLogic Disclosures via Fulldisclosure <fulldisclosure () seclists org> Date: Wed, 7 Aug 2024 18:4 ... Read more
-
The Register
Devices with insecure SSH services are everywhere, say infosec duo
Black Hat A funny thing happened to security researchers at attack surface management company runZero when they were digging into the xz backdoor earlier this year: They found a whole bunch of vulnera ... Read more
-
BleepingComputer
Windows Update downgrade attack "unpatches" fully-updated systems
SafeBreach security researcher Alon Leviev revealed at Black Hat 2024 that two zero-days could be exploited in downgrade attacks to "unpatch" fully updated Windows 10, Windows 11, and Windows Server s ... Read more
-
The Register
Your Windows updates can all be downgraded, says security researcher
Black Hat Security researchers from SafeBreach have found what they say is a Windows downgrade attack that's invisible, persistent, irreversible and maybe even more dangerous than last year's BlackLot ... Read more
-
BleepingComputer
Critical Progress WhatsUp RCE flaw now under active exploitation
Threat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks. The vulnerabil ... Read more
-
Cybersecurity News
CVE-2024-43044: Critical Jenkins Vulnerability Exposes Servers to RCE Attacks
Today, Jenkins, the popular open-source automation server, has issued an urgent advisory detailing two vulnerabilities, one with a critical severity rating. These vulnerabilities, identified as CVE-20 ... Read more
-
The Hacker News
Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords
Email Security / Vulnerability Cybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute malicious JavaScript in a victim' ... Read more
-
Cyber Security News
1Password Vulnerability Let Attackers Exfiltrate Vault Items
A critical vulnerability, designated as CVE-2024-42219, has been identified in 1Password 8 for Mac. This flaw allows malicious actors to exfiltrate vault items by bypassing the app’s platform security ... Read more
-
Cyber Security News
Apache Cloudstack Vulnerability Exposes API & Secret Keys to Admin Accounts
The Apache CloudStack project has announced the release of long-term support (LTS) security updates, versions 4.18.2.3 and 4.19.1.1, which address two critical vulnerabilities, CVE-2024-42062 and CVE- ... Read more
-
cert.pl
Vulnerabilities in EZD RP software
CVE ID CVE-2024-7265 Publication date 07 August 2024 Vendor Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy Product EZD RP Vulnerable versions From 15 to 15.84, from 16 before 16.1 ... Read more