CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
CybersecurityNews
CISA Warns of OpenPLC ScadaBR File Upload Vulnerability Exploited in Attacks
Critical vulnerability has been added to CISA’s Known Exploited Vulnerabilities list, warning organizations about a dangerous file-upload flaw in OpenPLC ScadaBR systems. The vulnerability allows remo ...
-
BleepingComputer
Critical React, Next.js flaw lets hackers execute code on servers
A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications. Th ...
-
The Register
Microsoft quietly shuts down Windows shortcut flaw after years of espionage abuse
Microsoft has quietly closed off a critical Windows shortcut file bug long abused by espionage and cybercrime networks. The flaw, tracked as CVE-2025-9491, allows malicious .lnk shortcut files to hide ...
-
hackread.com
WebXR Flaw Hits 4 Billion Chromium Users, Update Your Browser Now
A serious security vulnerability in the underlying technology for most of the world’s web was recently discovered in the underlying code for most of the world’s web browsers, putting over 4 billion de ...
-
CybersecurityNews
PickleScan 0-Day Vulnerabilities Enable Arbitrary Code Execution via Malicious PyTorch Models
Multiple critical zero‑day vulnerabilities in PickleScan, a popular open‑source tool used to scan machine learning models for malicious code. PickleScan is widely used in the AI world, including by Hu ...
-
CybersecurityNews
iOS Zero-Day Exploit Chain Leveraged by Mercenary Spyware for Device Surveillance
A new iOS zero-day exploit chain has been linked to mercenary spyware used for silent device surveillance against high‑risk users. The operation, attributed to the commercial surveillance vendor Intel ...
-
Help Net Security
Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182)
A critical vulnerability (CVE-2025-55182) in React Server Components (RSC) may allow unauthenticated attackers to achieve remote code exection on the application server, the React development team war ...
-
The Hacker News
5 Threats That Reshaped Web Security This Year [2025]
As 2025 draws to a close, security professionals face a sobering realization: the traditional playbook for web security has become dangerously obsolete. AI-powered attacks, evolving injection techniqu ...
-
TheCyberThrone
King Addons vulnerability CVE-2025-8489 for Elementor Plugin
December 4, 2025A critical security vulnerability, tracked as CVE-2025-8489, has been discovered in the popular King Addons for Elementor WordPress plugin, affecting versions from 24.12.92 through 51. ...
-
CybersecurityNews
Hackers Leverage Velociraptor DFIR Tool for Stealthy C2 & Ransomware Delivery
Legitimate administrative tools are increasingly becoming the weapon of choice for sophisticated threat actors aiming to blend in with normal network activity. A recent campaign has highlighted this d ...