CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Researcher Details Critical Authentication Bypasses in WSO2 API Manager and Identity Server
Security researcher Crnkovic has disclosed three critical vulnerabilities — CVE-2025-9152, CVE-2025-10611, and CVE-2025-9804 — in WSO2 API Manager and WSO2 Identity Server, each scoring 9.8 on the CVS ...
-
Daily CyberSecurity
TEE.fail: Researchers Break Intel SGX/TDX and AMD SEV-SNP with Sub-$1,000 DDR5 Memory Bus Attack
In a study titled “TEE.fail: Breaking Trusted Execution Environments via DDR5 Memory Bus Interposition,” researchers from Georgia Tech and Purdue University have demonstrated that even the latest Inte ...
-
Daily CyberSecurity
Researcher Details Windows Cloud Files Mini Filter Driver Elevation of Privilege Flaw (CVE-2025-55680)
Researchers from Exodus Intelligence, led by Michele Campa, have disclosed a privilege-escalation vulnerability in Microsoft’s Cloud Files Minifilter driver (cldflt.sys) that affects all versions of W ...
-
BleepingComputer
WordPress security plugin exposes private data to site subscribers
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposi ...
-
hackread.com
Hackers Hijack Corporate XWiki Servers for Crypto Mining
A critical security flaw is being actively exploited by cybercriminals to compromise corporate XWiki servers for cryptomining. This is an urgent threat targeting unpatched installations of the open-so ...
-
CybersecurityNews
WordPress Plugin Vulnerability Exposes 7 Million Sites to XSS Attack
A critical cross-site scripting (XSS) vulnerability has been discovered in the popular LiteSpeed Cache plugin for WordPress, affecting millions of websites worldwide. The vulnerability, tracked as CVE ...
-
CybersecurityNews
Hikvision Exploiter – An Automated Exploitation Toolkit Targeting Hikvision IP Cameras
A new open-source tool called HikvisionExploiter has emerged, designed to automate attacks on vulnerable Hikvision IP cameras. Released on GitHub in mid-2024 but gaining renewed attention amid 2025’s ...
-
The Hacker News
Experts Reports Sharp Increase in Automated Botnet Attacks Targeting PHP Servers and IoT Devices
Oct 29, 2025Ravie LakshmananVulnerability / Internet of Things Cybersecurity researchers are calling attention to a spike in automated attacks targeting PHP servers, IoT devices, and cloud gateways ...
-
CybersecurityNews
PoC Exploit Released for BIND 9 Vulnerability that Let Attackers Forge DNS Records
A public exploit code demonstrating how attackers could exploit CVE-2025-40778, a critical vulnerability in BIND 9 that enables DNS cache poisoning. The Internet Systems Consortium (ISC) initially dis ...
-
security.nl
Kritiek XWiki-lek actief gebruikt voor installeren van cryptominers
Aanvallers maken actief misbruik van een kritieke kwetsbaarheid in XWiki voor het installeren van cryptominers, zo laat securitybedrijf VulnCheck in een analyse weten. Een beveiligingsupdate voor de k ...