CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
CybersecurityNews
Hackers Exploit Next.js React2Shell Flaw to Steal Credentials From 766 Hosts in 24 Hours
A dangerous cyberattack campaign is actively hitting web applications across the internet at a frightening speed. Hackers are exploiting a critical security flaw called React2Shell, targeting websites ...
-
TheCyberThrone
CVE-2025-59528: Flowise CustomMCP Code Injection RCE
April 7, 2026Status: Actively exploited | CVSS: 10.0 (Critical) | EPSS: 99.25% | Exposure: 12,000+ internet-facing instancesVulnerability SummaryCVE-2025-59528 affects Flowise, a drag & drop interface ...
-
The Hacker News
Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign
The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn the ...
-
Help Net Security
Russian hackers hijack internet traffic using vulnerable routers
The Russian state cyber group APT28 has been compromising routers to hijack web traffic and spy on victims, the UK’s The National Cyber Security Centre (NCSC) has warned. Attackers are exploiting vuln ...
-
The Hacker News
Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The vulnerability, tracke ...
-
Daily CyberSecurity
Budibase Patches Critical RCE and SSRF Vulnerabilities
Budibase, the popular open-source low-code platform used by engineers to rapidly build internal tools, has released urgent security patches to address two critical vulnerabilities. The flaws, which in ...
-
Kaspersky
The dangers of telehealth: data breaches, phishing, and spam | Kaspersky official blog
privacy Telehealth services and apps are blowing up in popularity right now, making the availability of medical services better than ever. But just how safe is telemedicine, and what kind of risks doe ...
-
Daily CyberSecurity
10.0 CVSS Flaw in Kestra Grants Full Server Control
A critical security vulnerability has been unmasked in Kestra, the popular open-source, event-driven orchestration platform. The flaw, tracked as CVE-2026-34612, carries a maximum CVSS score of 10.0, ...
-
Daily CyberSecurity
Critical JWT Bypass in Convoy Panel Allows Full Account Takeover
A critical security vulnerability has been unmasked in Convoy, the modern KVM server management panel used by businesses to manage virtualized infrastructure. The flaw, tracked as CVE-2026-33746, carr ...
-
cert.pl
Vulnerabilities in Mlflow software
Vulnerabilities in Mlflow software CVE ID CVE-2026-33865 Publication date 07 April 2026 Vendor Mlflow Product Mlflow Vulnerable versions All through 3.10.1 Vulnerability type (CWE) Improper Neutraliza ...