menu
Feed The Dev

Security

Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability
Microsoft has released security fixes to address a massive set of 126 flaws affecting its software products, including one vulnerability that it said has been actively exploited in the wild. Of the 126 vulnerabilities, 11 are rated Critical, 112 are ra...
2025-04-09 12:36
local_offer
News Security
Microsoft Patches 125 Flaws Including Actively Exploited Windows CLFS Vulnerability
Microsoft has released security fixes to address a massive set of 125 flaws affecting its software products, including one vulnerability that it said has been actively exploited in the wild. Of the 125 vulnerabilities, 11 are rated Critical, 112 are ra...
2025-04-09 12:36
local_offer
News Security
Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered
Adobe has released security updates to fix a fresh set of security flaws, including multiple critical-severity bugs in ColdFusion versions 2025, 2023 and 2021 that could result in arbitrary file read and code execution. Of the 30 flaws in the product...
2025-04-09 08:42
local_offer
News Security
Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw
Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes. The vulnerability, tracked as CVE-2024-48887, carries a CVSS score of 9.3 out of a max...
2025-04-08 23:23
local_offer
News Security
Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal
Cybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager (SSM) Agent that, if successfully exploited, could permit an attacker to achieve privilege escalation and code execution. The vulne...
2025-04-08 22:26
local_offer
News Security
Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings
Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge, a popular software hosting service, under the guise of cracked versions of legitimate applications like Microsoft Office....
2025-04-08 21:37
local_offer
News Security
Agentic AI in the SOC - Dawn of Autonomous Alert Triage
Security Operations Centers (SOCs) today face unprecedented alert volumes and increasingly sophisticated threats. Triaging and investigating these alerts are costly, cumbersome, and increases analyst fatigue, burnout, and attrition. While artificial in...
2025-04-08 16:30
local_offer
News Security
UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine
The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new set of cyber attacks targeting Ukrainian institutions with information-stealing malware. The activity is aimed at military formations, law enforcement agencies, and local self...
2025-04-08 15:42
local_offer
News Security
CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation
A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog after reports emerged of active exploitation in the w...
2025-04-08 13:41
local_offer
News Security
Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities
Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild. The two high-severity vulnerabilities are listed below - CVE-2024-53150 (CVSS score: 7.8) - An out-of-bounds flaw in the USB sub-component of Kerne...
2025-04-08 09:35
local_offer
News Security
CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks
Cybersecurity agencies from Australia, Canada, New Zealand, and the United States have published a joint advisory about the risks associated with a technique called fast flux that has been adopted by threat actors to obscure a command-and-control (C2) ...
2025-04-07 19:10
local_offer
News Security
⚡ Weekly Recap: VPN Exploits, Oracle's Silent Breach, ClickFix Comeback and More
Today, every unpatched system, leaked password, and overlooked plugin is a doorway for attackers. Supply chains stretch deep into the code we trust, and malware hides not just in shady apps — but in job offers, hardware, and cloud services we rely on...
2025-04-07 16:55
local_offer
News Security
⚡ Weekly Recap: VPN Exploits, Oracle's Silent Breach, ClickFix Surge and More
Today, every unpatched system, leaked password, and overlooked plugin is a doorway for attackers. Supply chains stretch deep into the code we trust, and malware hides not just in shady apps — but in job offers, hardware, and cloud services we rely on...
2025-04-07 16:55
local_offer
News Security
Security Theater: Vanity Metrics Keep You Busy - and Exposed
After more than 25 years of mitigating risks, ensuring compliance, and building robust security programs for Fortune 500 companies, I’ve learned that looking busy isn’t the same as being secure.  It’s an easy trap for busy cybersecurity leaders ...
2025-04-07 16:30
local_offer
News Security
PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks
A malicious campaign dubbed PoisonSeed is leveraging compromised credentials associated with customer relationship management (CRM) tools and bulk email providers to send spam messages containing cryptocurrency seed phrases in an attempt to drain victi...
2025-04-07 12:59
local_offer
News Security
Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws
A likely lone wolf actor behind the EncryptHub persona was acknowledged by Microsoft for discovering and reporting two security flaws in Windows last month, painting a picture of a "conflicted" individual straddling a legitimate career in cybersecurity...
2025-04-05 21:20
local_offer
News Security
North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages
The North Korean threat actors behind the ongoing Contagious Interview campaign are spreading their tentacles on the npm ecosystem by publishing more malicious packages that deliver the BeaverTail malware, as well as a new remote access trojan (RAT) lo...
2025-04-05 19:53
local_offer
News Security
Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data
Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) repository that are designed to steal sensitive information. Two of the packages, bitcoinlibdbfix and bitcoinlib-dev, masquerade as fixes for recent issues ...
2025-04-05 14:08
local_offer
News Security
SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the "tj-actions/changed-files" GitHub Action has been traced further back to the theft of a personal access token (PAT) related to...
2025-04-04 17:58
local_offer
News Security
Have We Reached a Distroless Tipping Point?
There’s a virtuous cycle in technology that pushes the boundaries of what’s being built and how it’s being used. A new technology development emerges and captures the world's attention. People start experimenting and discover novel applications, ...
2025-04-04 16:27
local_offer
News Security

About Feed The Dev

Feed The Dev is a simple news aggragator for developers created by Alex Seifert. It collects news from various sources and displays them in one place.

Find out more on the about page.

Add a Feed

If there is a news source that you would like to see on Feed The Dev, please see this Github repository for instructions.

Popular Tags

News Operating Systems Microsoft Windows Open Source Apple iOS macOS iPad iPhone Mac Hardware

Support Feed The Dev

If you enjoy using Feed The Dev, please consider a donation to help keep the site running and the content coming!

Feed The Dev