CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
CybersecurityNews
2.15M Web Services Running Next.js Exposed Over Internet, Active Exploitation Underway – Patch Now
A critical unauthenticated remote code execution vulnerability dubbed “React2Shell” is actively being exploited in the wild, putting millions of web services at risk. On December 3, React disclosed CV ...
-
CybersecurityNews
Avast Antivirus Sandbox Vulnerabilities Let Attackers Escalate Privileges
Security researchers from the SAFA team have uncovered four kernel heap overflow vulnerabilities in Avast Antivirus, all traced to the aswSnx kernel driver. The flaws, now tracked collectively as CVE- ...
-
Daily CyberSecurity
Critical Step CA Flaw (CVE-2025-44005, CVSS 10.0) Allows Unauthenticated Bypass to Issue Fraudulent Certificates
A critical security vulnerability has been identified in Step CA, a popular online Certificate Authority tool used by developers to secure automated workflows. The flaw, which carries a perfect CVSS s ...
-
SentinelOne
From React to Remote Code – Protecting Against the Critical React2Shell RCE Exposure
A critical remote code execution (RCE) vulnerability, dubbed ‘React2Shell’, affecting React Server Components (RSC) and Next.js, is allowing unauthenticated attackers to perform server-side code attac ...
-
SentinelOne
From React to Remote Code – Protecting Against the Critical React2Shell RCE Exposure
A critical remote code execution (RCE) vulnerability, dubbed ‘React2Shell’, affecting React Server Components (RSC) and Next.js, is allowing unauthenticated attackers to perform server-side code attac ...
-
The Register
Cloudflare blames Friday outage on borked fix for React2shell vuln
Amid new reports of attackers pummeling a maximum security hole (CVE-2025-55182) in the React JavaScript library, Cloudflare's technology chief said his company took down its own network, forcing a wi ...
-
BleepingComputer
Barts Health NHS discloses data breach after Oracle zero-day hack
Barts Health NHS Trust, a major healthcare provider in England, announced that Clop ransomware actors have stolen files from one of its databases after exploiting a vulnerability in its Oracle E-busin ...
-
cybereason.com
CVE-2025-55182: Critical Vulnerability, React2Shell, Allows for Unauthenticated RCE
Cybereason is continuing to investigate. Check the Cybereason blog for additional updates. KEY TAKEAWAYS Critical vulnerability discovered on December 3, 2025 in React that could allow for unauthentic ...
-
SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 49
The Good | Authorities Jail WiFi Hacker, Seize €1.3B Crypto Mixer & Charge Two Malicious Insiders An Australian national has received just over seven years in prison for running “evil twin” WiFi netwo ...
-
SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 49
The Good | Authorities Jail WiFi Hacker, Seize €1.3B Crypto Mixer & Charge Two Malicious Insiders An Australian national has received just over seven years in prison for running “evil twin” WiFi netwo ...