CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
CybersecurityNews
Hackers Target TP-Link Routers With Mirai Malware in CVE-2023-33538 Exploitation Attempts
A known security flaw in several end-of-life TP-Link Wi-Fi routers is being actively targeted by hackers trying to install Mirai-based botnet malware on vulnerable devices. The vulnerability, tracked ...
-
The Register
CISA tells feds to patch 13-year-old Apache ActiveMQ bug under active attack
CISA is sounding the alarm on a newly-exploited Apache ActiveMQ bug, ordering federal agencies to patch within two weeks as attackers circle a flaw that's been quietly lurking for more than a decade. ...
-
CybersecurityNews
Attackers Weaponize CVE-2026-39987 to Spread Blockchain-Based Backdoor Via Hugging Face
A critical vulnerability in the marimo Python notebook platform is now being actively used by attackers to deploy a blockchain-powered backdoor on developer systems. The flaw, tracked as CVE-2026-3998 ...
-
cert.pl
Vulnerabilities in PAC4J software
Vulnerabilities in PAC4J software CVE ID CVE-2026-40458 Publication date 17 April 2026 Vendor PAC4J Product PAC4J Vulnerable versions From 5.0 to 5.7.10 From 6.0 to 6.4.1 Vulnerability type (CWE) Cros ...
-
0patch.com
Micropatches released for Windows Error Reporting Service Elevation of Privilege Vulnerability (CVE-2026-20817)
January 2026 Windows Updates brought a patch for CVE-2026-20817, a local privilege elevation vulnerability in Windows Error Reporting Service, allowing a local non-admin attacker to execute arbitrary ...
-
Daily CyberSecurity
Critical 9.1 SSTI Flaws Unmasked in Thymeleaf Template Engine
Thymeleaf, a widely-used modern server-side Java template engine for both web and standalone environments, has released a critical security update. The update addresses two high-severity vulnerabiliti ...
-
The Hacker News
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploi ...
-
security.nl
CISA meldt actief misbruik van kritiek lek in Apache ActiveMQ
Een kritieke kwetsbaarheid in Apache ActiveMQ wordt actief misbruikt, zo waarschuwt het Cybersecurity and Infrastructure Security Agency (CISA) van het Amerikaanse ministerie van Homeland Security. De ...
-
Daily CyberSecurity
Critical Command Injection Flaw Hits upKeeper Instant Privilege Access
A critical security vulnerability has been unmasked in upKeeper Instant Privilege Access, a tool designed to give users temporary administrative rights in a controlled, traceable manner. The flaw, tra ...
-
cert.pl
Vulnerability in GREENmod software
Vulnerability in GREENmod software CVE ID CVE-2026-5131 Publication date 17 April 2026 Vendor Nomios Poland Product GREENmod Vulnerable versions All before 2.8.33 Vulnerability type (CWE) Server-Side ...