CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Zero Day Initiative
CVE-2024-37079: VMware vCenter Server Integer Underflow Code Execution Vulnerability
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Grigory Dorodnov and Guy Lederfein of the Trend Micro Research Team detail a recently patched code execution vulne ... Read more
-
Dark Reading
Hitachi Energy Vulnerabilities Plague SCADA Power Systems
Source: Panchenko Vladimir via ShutterstockHitachi Energy is urging customers of its MicroSCADA X SYS600 product for monitoring and controlling utility power systems to immediately upgrade to a newly ... Read more
-
The Hacker News
APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor
Cyber Attack / Vulnerability A South Korea-aligned cyber espionage has been linked to the zero-day exploitation of a now-patched critical remote code execution flaw in Kingsoft WPS Office to deploy a ... Read more
-
cert.pl
Vulnerabilities in HyperView Geoportal Toolkit software
CVE ID CVE-2024-6449 Publication date 28 August 2024 Vendor HyperView Product Geoportal Toolkit Vulnerable versions All through 8.2.4 Vulnerability type (CWE) Permissive Cross-domain Policy with Untru ... Read more
-
security.nl
Apache OFBiz ERP-systemen opnieuw doelwit van aanvallen
Apache OFBiz ERP-systemen zijn opnieuw het doelwit van aanvallen, zo waarschuwt het Cybersecurity and Infrastructure Security Agency (CISA) van het Amerikaanse ministerie van Homeland Security. OFBiz ... Read more
-
cert.pl
Vulnerability in ConnX ESP HR Management software
CVE ID CVE-2024-7269 Publication date 28 August 2024 Vendor ConnX Product ESP HR Management Vulnerable versions All before 6.6 Vulnerability type (CWE) Improper Neutralization of Input During Web Page ... Read more
-
The Hacker News
BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave
The threat actors behind the BlackByte ransomware group have been observed likely exploiting a recently patched security flaw impacting VMware ESXi hypervisors, while also leveraging various vulnerabl ... Read more
-
Help Net Security
BlackByte affiliates use new encryptor and new TTPs
BlackByte, the ransomware-as-a-service gang believed to be one of Conti’s splinter groups, has (once again) created a new iteration of its encryptor. “Talos observed some differences in the recent Bla ... Read more
-
Dark Reading
Hundreds of LLM Servers Expose Corporate, Health & Other Online Data
Source: AddMeshCube via Alamy Stock PhotoHundreds of open source large language model (LLM) builder servers and dozens of vector databases are leaking highly sensitive information to the open Web.As c ... Read more
-
Cybersecurity News
ESET Uncovers Zero-Day Vulnerabilities in WPS Office, Exploited by APT-C-60
Overview of the exploit’s control flow | Image: ESETESET researchers have identified two severe vulnerabilities in WPS Office for Windows, widely exploited by the APT-C-60 cyberespionage group, which ... Read more