CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
BleepingComputer
SmarterMail auth bypass flaw now exploited to hijack admin accounts
Hackers began exploiting an authentication bypass vulnerability in SmarterTools' SmarterMail email server and collaboration tool that allows resetting admin passwords. An authentication bypass vulnera ...
-
The Hacker News
New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack
Cybersecurity researchers have disclosed details of a new ransomware family called Osiris that targeted a major food service franchisee operator in Southeast Asia in November 2025. The attack leverage ...
-
The Hacker News
Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access
A critical security flaw has been disclosed in the GNU InetUtils telnet daemon (telnetd) that went unnoticed for nearly 11 years. The vulnerability, tracked as CVE-2026-24061, is rated 9.8 out of 10.0 ...
-
The Register
FortiGate firewalls hit by silent SSO intrusions and config theft
FortiGate firewalls are getting quietly reconfigured and stripped down by miscreants who've figured out how to sidestep SSO protections and grab sensitive settings right out of the box. That's accordi ...
-
The Hacker News
ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories
Most of this week's threats didn't rely on new tricks. They relied on familiar systems behaving exactly as designed, just in the wrong hands. Ordinary files, routine services, and trusted workflows we ...
-
CybersecurityNews
Critical Vivotek Vulnerability Allows Remote Users to Inject Arbitrary Code
A critical remote code injection vulnerability in Vivotek legacy firmware that enables unauthenticated attackers to execute arbitrary commands with root privileges. The vulnerability, tracked as CVE-2 ...
-
cert.pl
TCC Bypass vulnerability in Inkscape application for MacOS
TCC Bypass vulnerability in Inkscape application for MacOS CVE ID CVE-2025-15523 Publication date 22 January 2026 Vendor Inkscape Product Inkscape Vulnerable versions All before 1.4.3 (MacOS only) Vul ...
-
CybersecurityNews
FortiGate Firewalls Hacked in Automated Attacks to Steal Configuration Data
A new cluster of automated malicious activity targeting FortiGate firewall devices. Beginning January 15, 2026, threat actors have been observed executing unauthorized configuration changes, establish ...
-
security.nl
NCSC verwacht misbruik van kritiek lek bij publiek toegankelijke telnet-servers
Het Nationaal Cyber Security Centrum (NCSC) verwacht dat aanvallers op korte termijn misbruik zullen maken van een kritieke kwetsbaarheid om publiek toegankelijke telnet-servers aan te vallen. Het bev ...
-
CybersecurityNews
CISA Warns of Cisco Unified CM 0-Day RCE Vulnerability Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert after confirming active exploitation of a zero-day remote code execution (RCE) vulnerability in multiple Cis ...