CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
 
                                                - 
                                                            
                                                                The Register 
Devices with insecure SSH services are everywhere, say infosec duo
Black Hat A funny thing happened to security researchers at attack surface management company runZero when they were digging into the xz backdoor earlier this year: They found a whole bunch of vulnera ... Read more
 
                                                - 
                                                            
                                                                BleepingComputer 
Windows Update downgrade attack "unpatches" fully-updated systems
SafeBreach security researcher Alon Leviev revealed at Black Hat 2024 that two zero-days could be exploited in downgrade attacks to "unpatch" fully updated Windows 10, Windows 11, and Windows Server s ... Read more
 
                                                - 
                                                            
                                                                The Register 
Your Windows updates can all be downgraded, says security researcher
Black Hat Security researchers from SafeBreach have found what they say is a Windows downgrade attack that's invisible, persistent, irreversible and maybe even more dangerous than last year's BlackLot ... Read more
 
                                                - 
                                                            
                                                                BleepingComputer 
Critical Progress WhatsUp RCE flaw now under active exploitation
Threat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks. The vulnerabil ... Read more
 
                                                - 
                                                            
                                                                Cybersecurity News 
CVE-2024-43044: Critical Jenkins Vulnerability Exposes Servers to RCE Attacks
Today, Jenkins, the popular open-source automation server, has issued an urgent advisory detailing two vulnerabilities, one with a critical severity rating. These vulnerabilities, identified as CVE-20 ... Read more
 
                                                - 
                                                            
                                                                The Hacker News 
Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords
Email Security / Vulnerability Cybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute malicious JavaScript in a victim' ... Read more
 
                                                - 
                                                            
                                                                Cyber Security News 
1Password Vulnerability Let Attackers Exfiltrate Vault Items
A critical vulnerability, designated as CVE-2024-42219, has been identified in 1Password 8 for Mac. This flaw allows malicious actors to exfiltrate vault items by bypassing the app’s platform security ... Read more
 
                                                - 
                                                            
                                                                Cyber Security News 
Apache Cloudstack Vulnerability Exposes API & Secret Keys to Admin Accounts
The Apache CloudStack project has announced the release of long-term support (LTS) security updates, versions 4.18.2.3 and 4.19.1.1, which address two critical vulnerabilities, CVE-2024-42062 and CVE- ... Read more
 
                                                - 
                                                            
                                                                cert.pl 
Vulnerabilities in EZD RP software
CVE ID CVE-2024-7265 Publication date 07 August 2024 Vendor Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy Product EZD RP Vulnerable versions From 15 to 15.84, from 16 before 16.1 ... Read more
 
                                                - 
                                                            
                                                                security.nl 
Google dicht weer kritiek Chrome-lek dat aanvaller code laat uitvoeren
Google heeft een week na de vorige update weer een kritieke kwetsbaarheid in Chrome verholpen waardoor een aanvaller willekeurige code op systemen kan uitvoeren en die in de ergste gevallen kan overne ... Read more
 
                         
                         
                         
                                             
                                            