Cyber Newsroom Feed
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
- Cybersecurity News
Divulge, Dedsec, and Duck: The Rise of Advanced Stealer Malware
CYFIRMA has recently exposed a trio of malicious stealers—Divulge, Dedsec, and Duck Stealers—highlighting their proliferation across GitHub, Discord, and Telegram. These stealers, leveraging advanced ... Read more
- Trend Micro
Attacker Abuses Victim Resources to Reap Rewards from Titan Network
Cyber Threats In this blog entry, we discuss how an attacker took advantage of the Atlassian Confluence vulnerability CVE-2023-22527 to connect servers to the Titan Network for cryptomining purposes. ... Read more
- The Register
How to jailbreak ChatGPT and trick the AI into writing exploit code using hex encoding
OpenAI's language model GPT-4o can be tricked into writing exploit code by encoding the malicious instructions in hexadecimal, which allows an attacker to jump the model's built-in security guardrails ... Read more
- Dark Reading
Recurring Windows Flaw Could Expose User Credentials
Source: tdhster via ShutterstockAll versions of Windows clients, from Windows 7 through current Windows 11 versions, contain a 0-day vulnerability that could allow attackers to capture NTLM authentica ... Read more
- BleepingComputer
New Windows Themes zero-day gets free, unofficial patches
Free unofficial patches are now available for a new Windows Themes zero-day vulnerability that allows attackers to steal a target's NTLM credentials remotely. NTLM has been extensively exploited in NT ... Read more
- BleepingComputer
QNAP fixes NAS backup software zero-day exploited at Pwn2Own
QNAP has fixed a critical zero-day vulnerability exploited by security researchers on Thursday to hack a TS-464 NAS device during the Pwn2Own Ireland 2024 competition. Tracked as CVE-2024-50388, the s ... Read more
- security.nl
QNAP dicht kritiek Pwn2Own-lek dat remote aanvaller NAS laat overnemen
QNAP heeft een beveiligingsupdate uitgebracht voor een kritieke kwetsbaarheid waardoor NAS-apparaten van de fabrikant door een remote aanvaller zijn over te nemen. Via het beveiligingslek, aangeduid a ... Read more
- The Register
Admins better Spring into action over latest critical open source vuln
If you're running an application built using the Spring development framework, now is a good time to check it's fully updated – a new, critical-severity vulnerability has just been disclosed. Tracked ... Read more
- The Hacker News
Researchers Uncover Vulnerabilities in Open-Source AI and ML Models
AI Security / Vulnerability A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which c ... Read more
- Help Net Security
Patching problems: The “return” of a Windows Themes spoofing vulnerability
Despite two patching attempts, a security issue that may allow attackers to compromise Windows user’s NTLM (authentication) credentials via a malicious Windows themes file still affects Microsoft’s op ... Read more