CVEFeed Newsroom – Latest Cybersecurity Updates

The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.

  • The Hacker News
Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

Dec 06, 2025Ravie LakshmananAI Security / Vulnerability Over 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated Development Environments (IDEs ...

Published Date: Dec 06, 2025 (1 hour, 26 minutes ago)
  • The Hacker News
Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation

Dec 06, 2025Ravie LakshmananVulnerability / Patch Management The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React Server ...

Published Date: Dec 06, 2025 (5 hours, 10 minutes ago)
  • TheCyberThrone
Apache Tika CVE-2025-66516 Scores Perfect 10

December 6, 2025CVE-2025-66516, a critical XXE vulnerability in Apache Tika’s core with CVSS 10.0, exposes organizations to data exfiltration and SSRF through malicious PDF uploads, affecting document ...

Published Date: Dec 06, 2025 (5 hours, 22 minutes ago)
  • CybersecurityNews
2.15M Web Services Running Next.js Exposed Over Internet, Active Exploitation Underway – Patch Now

A critical unauthenticated remote code execution vulnerability dubbed “React2Shell” is actively being exploited in the wild, putting millions of web services at risk. On December 3, React disclosed CV ...

Published Date: Dec 06, 2025 (9 hours, 2 minutes ago)
  • CybersecurityNews
Avast Antivirus Sandbox Vulnerabilities Let Attackers Escalate Privileges

Security researchers from the SAFA team have uncovered four kernel heap overflow vulnerabilities in Avast Antivirus, all traced to the aswSnx kernel driver. The flaws, now tracked collectively as CVE- ...

Published Date: Dec 06, 2025 (13 hours, 17 minutes ago)
  • Daily CyberSecurity
Critical Step CA Flaw (CVE-2025-44005, CVSS 10.0) Allows Unauthenticated Bypass to Issue Fraudulent Certificates

A critical security vulnerability has been identified in Step CA, a popular online Certificate Authority tool used by developers to secure automated workflows. The flaw, which carries a perfect CVSS s ...

Published Date: Dec 06, 2025 (16 hours, 44 minutes ago)
  • SentinelOne
From React to Remote Code – Protecting Against the Critical React2Shell RCE Exposure

A critical remote code execution (RCE) vulnerability, dubbed ‘React2Shell’, affecting React Server Components (RSC) and Next.js, is allowing unauthenticated attackers to perform server-side code attac ...

Published Date: Dec 05, 2025 (17 hours, 15 minutes ago)
  • SentinelOne
From React to Remote Code – Protecting Against the Critical React2Shell RCE Exposure

A critical remote code execution (RCE) vulnerability, dubbed ‘React2Shell’, affecting React Server Components (RSC) and Next.js, is allowing unauthenticated attackers to perform server-side code attac ...

Published Date: Dec 05, 2025 (17 hours, 15 minutes ago)
  • The Register
Cloudflare blames Friday outage on borked fix for React2shell vuln

Amid new reports of attackers pummeling a maximum security hole (CVE-2025-55182) in the React JavaScript library, Cloudflare's technology chief said his company took down its own network, forcing a wi ...

Published Date: Dec 05, 2025 (19 hours, 4 minutes ago)
  • BleepingComputer
Barts Health NHS discloses data breach after Oracle zero-day hack

Barts Health NHS Trust, a major healthcare provider in England, announced that Clop ransomware actors have stolen files from one of its databases after exploiting a vulnerability in its Oracle E-busin ...

Published Date: Dec 05, 2025 (21 hours, 55 minutes ago)

Filters

Filter news that are affecting your technology stack
Showing 10 of 8421 Results