CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
The Register
Amazon security boss blames Russia's GRU for years-long energy-sector hacks
Russia's Main Intelligence Directorate (GRU) is behind a years-long campaign targeting energy, telecommunications, and tech providers, stealing credentials and compromising misconfigured devices hoste ...
-
BleepingComputer
PornHub extorted after hackers steal Premium member activity data
Adult video platform PornHub is being extorted by the ShinyHunters extortion gang after the search and watch history of its Premium members was reportedly stolen in a recent Mixpanel data breach. Last ...
-
BleepingComputer
PornHub extorted after hackers steal Premium member activity data
Adult video platform PornHub is being extorted by the ShinyHunters extortion gang after the search and watch history of its Premium members was reportedly stolen in a recent Mixpanel data breach. Last ...
-
CybersecurityNews
ZnDoor Malware Exploiting React2Shell Vulnerability to Compromise Network Devices
Since December 2025, a concerning trend has emerged across Japanese organizations as attackers exploit a critical vulnerability in React/Next.js applications. The vulnerability, tracked as CVE-2025-55 ...
-
The Register
China, Iran are having a field day with React2Shell, Google warns
At least five more Chinese spy crews, Iran-linked goons, and financially motivated criminals are now attacking the React2Shell, a maximum-severity flaw in the widely used React JavaScript library, acc ...
-
CybersecurityNews
New PCPcat Exploiting React2Shell Vulnerability to compromise 59,000+ Servers
A new malware campaign called PCPcat has successfully compromised more than 59,000 servers in under 48 hours through targeted exploitation of critical vulnerabilities in Next.js and React frameworks. ...
-
CybersecurityNews
JumpCloud Remote Assist for Windows Agent Flaw Let Attackers Escalate Privilege
The JumpCloud Remote Assist vulnerability (CVE-2025-34352) exposes Windows systems to local privilege escalation and denial-of-service attacks. Discovered by XM Cyber researcher Hillel Pinto, the flaw ...
-
hackread.com
GitHub Scanner for React2Shell (CVE-2025-55182) Turns Out to Be Malware
A GitHub repository posing as a vulnerability scanner for CVE-2025-55182, also referred to as “React2Shell,” was exposed as malicious after spreading malware. The project, named React2shell-scanner, w ...
-
TheCyberThrone
Apple fixes two Webkit Vulnerabilities
Apple has rolled out emergency patches across its ecosystem to fix two WebKit zero-day vulnerabilities, CVE-2025-43529 and CVE-2025-14174, that were already being exploited in highly targeted attacks ...
-
CybersecurityNews
NVIDIA Merlin Vulnerabilities Let Attackers Execute Malicious Code and Trigger DoS Condition
Security patches for the Merlin framework addressing two high-severity deserialization vulnerabilities. That could allow attackers to execute arbitrary code and launch denial-of-service attacks on aff ...