CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
The Hacker News
ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack
Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack after unknown threat actors managed to tamper with the official release channels and push backdoor code. "Attacke ...
-
The Hacker News
Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants
Cybersecurity researchers have disclosed details of four vulnerabilities in Dify, an open-source agentic workflow platform with more than 146,000 GitHub stars, that could allow attackers to stealthily ...
-
The Hacker News
29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests
A heap over-read in the Squid web proxy can leak another user's cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the sa ...
-
The Hacker News
Stop Your Legacy Infrastructure from Hijacking Your AI Agents
Earlier this month, I spoke at the Gartner Security & Risk Management Summit about a blind spot most security programs are still not accounting for - how attackers are circumventing AI security progra ...
-
The Hacker News
⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More
It’s Monday again. This week’s threat list looks painfully familiar: abused integrations, fake tools, poisoned websites, ransomware crews trying to shut down security tools, and mobile malware asking ...
-
The Hacker News
AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network
A new malware family is turning forgotten home routers into a distributed reconnaissance and proxy network, not the DDoS botnet these devices usually end up in. QiAnXin's XLab calls it AryStinger and ...
-
The Hacker News
Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 (CVSS scor ...
-
The Hacker News
AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution
Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution. Steer the agent to load an attacker's web page, ...
-
The Cyber Express
The Cyber Express Weekly Roundup: Cybersecurity Weekly Round on Emerging Threats, Data Breaches, and Global Policy Shifts
This week’s weekly roundup of cybersecurity developments highlights an expanding intersection of cyber risk, regulatory action, and enterprise vulnerability. Across healthcare, technology platforms, g ...
-
The Cyber Express
CVE-2026-48907 and LiteSpeed cPanel Plugin Flaws Come Under Active Attack
Security researchers and software vendors warn that attackers are actively exploiting vulnerabilities in both Joomla and the LiteSpeed cPanel plugin, posing significant risks to website administrators ...