CVEFeed Newsroom – Latest Cybersecurity Updates

The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.

  • CybersecurityNews
Hackers Exploit Next.js React2Shell Flaw to Steal Credentials From 766 Hosts in 24 Hours

A dangerous cyberattack campaign is actively hitting web applications across the internet at a frightening speed. Hackers are exploiting a critical security flaw called React2Shell, targeting websites ...

Published Date: Apr 07, 2026 (2 hours, 2 minutes ago)
  • TheCyberThrone
CVE-2025-59528: Flowise CustomMCP Code Injection RCE

April 7, 2026Status: Actively exploited | CVSS: 10.0 (Critical) | EPSS: 99.25% | Exposure: 12,000+ internet-facing instancesVulnerability SummaryCVE-2025-59528 affects Flowise, a drag & drop interface ...

Published Date: Apr 07, 2026 (3 hours, 38 minutes ago)
  • The Hacker News
Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign

The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn the ...

Published Date: Apr 07, 2026 (3 hours, 55 minutes ago)
  • Help Net Security
Russian hackers hijack internet traffic using vulnerable routers

The Russian state cyber group APT28 has been compromising routers to hijack web traffic and spy on victims, the UK’s The National Cyber Security Centre (NCSC) has warned. Attackers are exploiting vuln ...

Published Date: Apr 07, 2026 (4 hours, 25 minutes ago)
  • The Hacker News
Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access

A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The vulnerability, tracke ...

Published Date: Apr 07, 2026 (5 hours, 28 minutes ago)
  • Daily CyberSecurity
Budibase Patches Critical RCE and SSRF Vulnerabilities

Budibase, the popular open-source low-code platform used by engineers to rapidly build internal tools, has released urgent security patches to address two critical vulnerabilities. The flaws, which in ...

Published Date: Apr 07, 2026 (6 hours, 13 minutes ago)
  • Kaspersky
The dangers of telehealth: data breaches, phishing, and spam | Kaspersky official blog

privacy Telehealth services and apps are blowing up in popularity right now, making the availability of medical services better than ever. But just how safe is telemedicine, and what kind of risks doe ...

Published Date: Apr 07, 2026 (6 hours, 35 minutes ago)
  • Daily CyberSecurity
10.0 CVSS Flaw in Kestra Grants Full Server Control

A critical security vulnerability has been unmasked in Kestra, the popular open-source, event-driven orchestration platform. The flaw, tracked as CVE-2026-34612, carries a maximum CVSS score of 10.0, ...

Published Date: Apr 07, 2026 (6 hours, 41 minutes ago)
  • Daily CyberSecurity
Critical JWT Bypass in Convoy Panel Allows Full Account Takeover

A critical security vulnerability has been unmasked in Convoy, the modern KVM server management panel used by businesses to manage virtualized infrastructure. The flaw, tracked as CVE-2026-33746, carr ...

Published Date: Apr 07, 2026 (7 hours, 40 minutes ago)
  • cert.pl
Vulnerabilities in Mlflow software

Vulnerabilities in Mlflow software CVE ID CVE-2026-33865 Publication date 07 April 2026 Vendor Mlflow Product Mlflow Vulnerable versions All through 3.10.1 Vulnerability type (CWE) Improper Neutraliza ...

Published Date: Apr 07, 2026 (7 hours, 48 minutes ago)

Filters

Filter news that are affecting your technology stack
Showing 10 of 10632 Results