CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
CybersecurityNews
13-year-old Critical Redis RCE Vulnerability Let Attackers Gain Full Access to Host System
A 13-year-old critical remote code execution (RCE) vulnerability in Redis, dubbed RediShell, allows attackers to gain full access to the underlying host system. The flaw, tracked as CVE-2025-49844, wa ... Read more
-
Daily CyberSecurity
Critical Flaw CVE-2025-59159 (CVSS 9.7) in SillyTavern Allows Full Remote Control of Local AI Instances
The developers of SillyTavern, a popular locally hosted interface for large language models (LLMs) and AI tools, have issued a security advisory warning users of a critical web interface vulnerability ... Read more
-
Daily CyberSecurity
Critical RCE (CVE-2025-10035) in GoAnywhere MFT Used by Medusa Ransomware Group
Microsoft Threat Intelligence has issued a warning following the discovery of active exploitation of a newly disclosed critical vulnerability in GoAnywhere Managed File Transfer (MFT) software by the ... Read more
-
Daily CyberSecurity
Critical Flaw CVE-2025-36356 (CVSS 9.3) in IBM Security Verify Access Allows Root Privilege Escalation
IBM has released fixes for three security vulnerabilities affecting its IBM Security Verify Access and IBM Verify Identity Access products, warning that the issues could lead to privilege escalation, ... Read more
-
Daily CyberSecurity
Rapid7 Details Cisco ASA Zero-Day Exploit Chain (CVE-2025-20362 & CVE-2025-20333)
Security researchers at Rapid7 have published a detailed technical analysis uncovering how a pair of zero-day vulnerabilities in Cisco Secure Firewall ASA and FTD software were exploited in-the-wild t ... Read more
-
Daily CyberSecurity
Snipe-IT Flaw Chained: XSS (CVE-2025-59712) to RCE (CVE-2025-59713) Achieves Full Server Compromise, PoC Released
Image: Synacktiv Cybersecurity researchers at Synacktiv have uncovered two critical vulnerabilities in Snipe-IT, an open-source IT asset management system, that can be chained together to achieve remo ... Read more
-
The Register
Microsoft blames Medusa ransomware affiliates for GoAnywhere exploits while Fortra keeps head buried
Medusa ransomware affiliates are among those exploiting a maximum-severity bug in Fortra's GoAnywhere managed file transfer (MFT) product, according to Microsoft Threat Intelligence. Fortra disclosed ... Read more
-
BleepingComputer
Microsoft: Critical GoAnywhere bug exploited in ransomware attacks
A cybercrime group, tracked as Storm-1175, has been actively exploiting a maximum severity GoAnywhere MFT vulnerability in Medusa ransomware attacks for nearly a month. Tracked as CVE-2025-10035, this ... Read more
-
The Register
Level-10 vuln lurking in Redis source code for 13 years could allow remote code execution
A 13-year-old critical flaw in Redis servers, rated a perfect 10 out of 10 in severity, can let an authenticated user trigger remote code execution. For anyone using Redis Cloud, the service has alrea ... Read more
-
BleepingComputer
Redis warns of critical flaw impacting thousands of instances
The Redis security team has released patches for a maximum severity vulnerability that could allow attackers to gain remote code execution on thousands of vulnerable instances. Redis (short for Remote ... Read more