CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Spring Patches Two Flaws: SpEL Injection (CVE-2025-41253) Leaks Secrets, STOMP CSRF Bypasses WebSocket Security
VMware Tanzu’s Spring team has released fixes for two vulnerabilities impacting Spring Cloud Gateway and the Spring Framework, one of which could allow attackers to expose sensitive environment variab ...
-
Daily CyberSecurity
Critical ConnectWise Automate Flaw (CVE-2025-11492, CVSS 9.6) Allows RMM Agent Man-in-the-Middle Attack
ConnectWise has released a critical security update for its Automate remote monitoring and management (RMM) platform, addressing two high-severity vulnerabilities that could allow attackers to interce ...
-
Daily CyberSecurity
Cisco Patches High-Severity CVE-2025-20350 DoS Flaw in Desk and IP Phones
Cisco has released security updates to patch two vulnerabilities (CVE-2025-20350 and CVE-2025-20351) affecting multiple Cisco Desk Phone and IP Phone models, including the 9800, 7800, 8800, and 8875 s ...
-
BleepingComputer
Hackers exploit Cisco SNMP flaw to deploy rootkit on switches
Threat actors exploited a recently patched remote code execution vulnerability (CVE-2025-20352) in older, unprotected Cisco networking devices to deploy a Linux rootkit and gain persistent access. The ...
-
Help Net Security
“Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253)
CISA has added CVE-2025-54253, a misconfiguration vulnerability in Adobe Experience Manager (AEM) Forms on Java Enterprise Edition (JEE), to its Known Exploited Vulnerabilities catalog, thus warning o ...
-
BleepingComputer
Gladinet fixes actively exploited zero-day in file-sharing software
Gladinet has released security updates for its CentreStack business solution to address a local file inclusion vulnerability (CVE-2025-11371) that threat actors have leveraged as a zero-day since late ...
-
TheCyberThrone
Operation Zero Disco: Cisco SNMP Vulnerability Exploited
October 16, 2025A new and highly sophisticated cyberattack campaign, dubbed Operation Zero Disco by Trend Micro researchers, is actively exploiting a critical vulnerability in Cisco network devices to ...
-
BleepingComputer
CISA: Maximum-severity Adobe flaw now exploited in attacks
CISA has warned that attackers are actively exploiting a maximum-severity vulnerability in Adobe Experience Manager to execute code on unpatched systems. Tracked as CVE-2025-54253, this critical secur ...
-
The Hacker News
LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets
Oct 16, 2025Ravie LakshmananVulnerability / Malware An investigation into the compromise of an Amazon Web Services (AWS)-hosted infrastructure has led to the discovery of a new GNU/Linux rootkit dub ...
-
CybersecurityNews
Mysterious Elephant APT Hackers Infiltrate Organization to Steal Sensitive Information
In recent months, a new advanced persistent threat (APT) group known as Mysterious Elephant has emerged as a formidable adversary targeting government and diplomatic institutions across the Asia-Pacif ...