CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
The Cyber Express
CISA Adds Oracle Identity Manager Vulnerability to KEV Database
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added an Oracle Identity Manager vulnerability to its Known Exploited Vulnerabilities database after the SANS Internet Storm Center ...
-
CybersecurityNews
PoC released for W3 Total Cache Vulnerability that Exposes 1+ Million Websites to RCE Attacks
A proof-of-concept exploit has been publicly released for CVE-2025-9501, a critical, unauthenticated command-injection vulnerability affecting W3 Total Cache, one of WordPress’s most widely deployed c ...
-
The Register
Years-old bugs in open source tool left every major cloud open to disruption
A series of "trivial-to-exploit" vulnerabilities in Fluent Bit, an open source log collection tool that runs in every major cloud and AI lab, was left open for years, giving attackers an exploit chain ...
-
The Hacker News
New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions
Nov 24, 2025Ravie LakshmananVulnerability / Container Security Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit, an open-source and lightweight telemetry agent, that coul ...
-
The Cloudflare Blog
Get better visibility for the WAF with payload logging
2025-11-247 min readAs the surface area for attacks on the web increases, Cloudflare’s Web Application Firewall (WAF) provides a myriad of solutions to mitigate these attacks. This is great for our c ...
-
CybersecurityNews
Tenda N300 Vulnerabilities Let Attacker to Execute Arbitrary Commands as Root User
Tenda N300 wireless routers and 4G03 Pro portable LTE devices face severe security threats from multiple command injection vulnerabilities that allow attackers to execute arbitrary commands with root ...
-
The Hacker News
⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More
Nov 24, 2025Ravie LakshmananCybersecurity / Hacking News This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS to ...
-
The Register
CISA orders feds to patch Oracle Identity Manager zero-day after signs of abuse
CISA has ordered US federal agencies to patch against an actively exploited Oracle Identity Manager (OIM) flaw within three weeks – a scramble made more urgent by evidence that attackers may have been ...
-
The Cyber Express
Grafana Flags Maximum-Severity SCIM Vulnerability Enabling Privilege Escalation
Grafana Labs has issued a warning regarding a maximum-severity security flaw, identified as CVE-2025-41115, affecting its Enterprise product. The vulnerability can allow attackers to impersonate admin ...
-
CybersecurityNews
vLLM Vulnerability Enables Remote Code Execution Via Malicious Payloads
A critical memory corruption vulnerability in vLLM versions 0.10.2 and later allows attackers to achieve remote code execution through the Completions API endpoint by sending maliciously crafted promp ...