CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Elastic Fixes Multiple High-Severity Vulnerabilities in Kibana and Elasticsearch
Elastic has issued five security advisories addressing five vulnerabilities affecting its Kibana and Elasticsearch components, including three critical Cross-Site Scripting (XSS) issues and two inform ... Read more
-
Daily CyberSecurity
Oracle EBS Zero-Day (CVE-2025-61882) Under Active RCE Exploitation by GRACEFUL SPIDER
CrowdStrike has sounded the alarm on an ongoing mass exploitation campaign targeting Oracle E-Business Suite (EBS) applications through a previously unknown zero-day vulnerability. The flaw, now track ... Read more
-
CybersecurityNews
13-year-old Critical Redis RCE Vulnerability Let Attackers Gain Full Access to Host System
A 13-year-old critical remote code execution (RCE) vulnerability in Redis, dubbed RediShell, allows attackers to gain full access to the underlying host system. The flaw, tracked as CVE-2025-49844, wa ... Read more
-
Daily CyberSecurity
Critical Flaw CVE-2025-59159 (CVSS 9.7) in SillyTavern Allows Full Remote Control of Local AI Instances
The developers of SillyTavern, a popular locally hosted interface for large language models (LLMs) and AI tools, have issued a security advisory warning users of a critical web interface vulnerability ... Read more
-
Daily CyberSecurity
Critical RCE (CVE-2025-10035) in GoAnywhere MFT Used by Medusa Ransomware Group
Microsoft Threat Intelligence has issued a warning following the discovery of active exploitation of a newly disclosed critical vulnerability in GoAnywhere Managed File Transfer (MFT) software by the ... Read more
-
Daily CyberSecurity
Critical Flaw CVE-2025-36356 (CVSS 9.3) in IBM Security Verify Access Allows Root Privilege Escalation
IBM has released fixes for three security vulnerabilities affecting its IBM Security Verify Access and IBM Verify Identity Access products, warning that the issues could lead to privilege escalation, ... Read more
-
Daily CyberSecurity
Rapid7 Details Cisco ASA Zero-Day Exploit Chain (CVE-2025-20362 & CVE-2025-20333)
Security researchers at Rapid7 have published a detailed technical analysis uncovering how a pair of zero-day vulnerabilities in Cisco Secure Firewall ASA and FTD software were exploited in-the-wild t ... Read more
-
Daily CyberSecurity
Snipe-IT Flaw Chained: XSS (CVE-2025-59712) to RCE (CVE-2025-59713) Achieves Full Server Compromise, PoC Released
Image: Synacktiv Cybersecurity researchers at Synacktiv have uncovered two critical vulnerabilities in Snipe-IT, an open-source IT asset management system, that can be chained together to achieve remo ... Read more
-
The Register
Microsoft blames Medusa ransomware affiliates for GoAnywhere exploits while Fortra keeps head buried
Medusa ransomware affiliates are among those exploiting a maximum-severity bug in Fortra's GoAnywhere managed file transfer (MFT) product, according to Microsoft Threat Intelligence. Fortra disclosed ... Read more
-
BleepingComputer
Microsoft: Critical GoAnywhere bug exploited in ransomware attacks
A cybercrime group, tracked as Storm-1175, has been actively exploiting a maximum severity GoAnywhere MFT vulnerability in Medusa ransomware attacks for nearly a month. Tracked as CVE-2025-10035, this ... Read more