CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
CybersecurityNews
The Gentlemen Ransomware Group Uses Fortinet Exploits, AI, and Custom C2 Frameworks
A Russian-speaking ransomware crew known as The Gentlemen has quickly risen to become one of the most active threats in 2026, ranking second only to Qilin in ransomware activity. Their toolkit combine ...
-
The Hacker News
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the same ...
-
CybersecurityNews
WordPress Plugin Vulnerability Exposes 500,000+ Websites to Privilege Escalation Attacks
A critical security flaw in the widely used Kirki WordPress plugin has exposed over 500,000 websites to potential account takeover attacks, with researchers warning that approximately 150,000 sites ar ...
-
The Hacker News
Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)
Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI t ...
-
CybersecurityNews
Critical Apache ActiveMQ Vulnerability Allows Malicious Security Header Injections
A critical vulnerability in Apache ActiveMQ has been disclosed, allowing attackers to inject malicious HTTP security headers through improperly handled message properties, potentially leading to cross ...
-
CybersecurityNews
Ivanti ITSM Vulnerability Lets Attackers Gain Admin Privilege
Ivanti has disclosed a high-severity vulnerability in its Ivanti Neurons for ITSM platform that could allow attackers with valid credentials to escalate privileges and gain full administrative access. ...
-
CybersecurityNews
Laravel CRLF Injection Vulnerability Enables an Attacker to Interfere with Outbound Email Processing
A high-severity CRLF injection vulnerability in the Laravel framework, tracked as CVE-2026-48019, could allow attackers to interfere with outbound email processing in affected applications. The issue ...
-
cert.pl
Vulnerabilities in school-management-system software
Vulnerabilities in school-management-system software CVE ID CVE-2026-47324 Publication date 03 June 2026 Vendor ProjectsAndPrograms Product school-management-system Vulnerable versions 6b6fae5 Vulnera ...
-
The Hacker News
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user's NTLMv2 hash to the attacker. Like in the case of CVE-2026-33829, which impacted the ...
-
The Hacker News
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerabil ...