CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
 
                                                - 
                                                            
                                                                Zero Day Initiative 
Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 3
To wrap up this blog series we wanted to include one more technique that you can use when exploiting this class of vulnerabilities. This technique, introduced to us by Abdelhamid Naceri, becomes usefu ... Read more
 
                                                - 
                                                            
                                                                Cyber Security News 
Specula Tool Leveraging Registry to Turn Outlook Into a C2 Server
Specula tool utilizes a Registry to turn Microsoft Outlook Into a C2 Server capable of executing arbitrary commands. Fundamentally, Specula is a C2 framework that uses the Outlook home page feature. ... Read more
 
                                                - 
                                                            
                                                                TheCyberThrone 
Apache OfBiz Vulnerability CVE-2024-32113 Exploited in wild
Security researchers have observed up ticking reconnaissance attempts for the CVE-2024-32113 vulnerability in Apache OFBiz. The vulnerability, described as a path traversal issue, poses significant ri ... Read more
 
                                                - 
                                                            
                                                                AttackIQ 
Emulating the Politically Motivated North Korean Adversary Andariel – Part 2
On December 11, 2023, Cisco Talos reported the discovery of an activity led by Andariel, a North Korean state-sponsored known to be a subgroup of the notorious Lazarus group, which employed three new ... Read more
 
                                                - 
                                                            
                                                                Zero Day Initiative 
Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 2
The number of vulnerabilities that we see through the program provides significant insight into the attack surfaces of each product that we purchase bugs in. These submissions sometimes reveal not onl ... Read more
 
                                                - 
                                                            
                                                                Cyber Security News 
20,275 VMware ESXi Vulnerable Instances Exposed, Microsoft Warns of Massive Exploitation
Microsoft has issued a significant security alert regarding a vulnerability in VMware ESXi hypervisors, which ransomware operators have actively exploited. According to the Shadowserver Foundation, th ... Read more
 
                                                - 
                                                            
                                                                Dark Reading 
Dangerous XSS Bugs in RedCAP Threaten Academic & Scientific Research
Source: Yuri Arcurs via Alamy Stock PhotoResearchers have discovered three cross-site scripting (XSS) vulnerabilities in Research Electronic Data Capture (REDCap), a Web application developed by Vande ... Read more
 
                                                - 
                                                            
                                                                SentinelOne 
More From Our Main Blog: Singularity Cloud Native Security | Eliminate False Positives and Focus On What Matters
Over the past few years, cloud computing has emerged as the de facto infrastructure of choice for the majority of new digital workloads created by organizations. The ease of use, scalability, and dive ... Read more
 
                                                - 
                                                            
                                                                SentinelOne 
More From Our Main Blog: Singularity Cloud Native Security | Eliminate False Positives and Focus On What Matters
Over the past few years, cloud computing has emerged as the de facto infrastructure of choice for the majority of new digital workloads created by organizations. The ease of use, scalability, and dive ... Read more
 
                                                - 
                                                            
                                                                Cyber Security News 
Hackers Actively Exploiting GeoServer RCE Flaw, 6635 Servers Vulnerable
A critical vulnerability in GeoServer, an open-source Java-based software server, has put thousands of servers at risk. The flaw, CVE-2024-36401, allows unauthenticated users to execute remote code, p ... Read more
 
                         
                         
                         
                                             
                                            