CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
CybersecurityNews
PoC Exploit Released for Windows Server Update Services Remote Code Execution Vulnerability
A proof-of-concept (PoC) exploit has been released for a critical vulnerability in Microsoft’s Windows Server Update Services (WSUS), enabling unauthenticated attackers to execute remote code with SYS ...
-
Daily CyberSecurity
Critical Squid Proxy Flaw (CVE-2025-62168, CVSS 10.0) Leaks HTTP Credentials and Security Tokens via Error Handling
The developers of Squid, the widely used open-source caching proxy for web traffic acceleration, have disclosed and patched a critical information disclosure vulnerability tracked as CVE-2025-62168 (C ...
-
Daily CyberSecurity
GlassWorm Supply Chain Worm Uses Invisible Unicode and Solana Blockchain for Stealth C2
Cybersecurity researchers at Koi Security have discovered the world’s first self-propagating malware targeting VS Code extensions on the OpenVSX Marketplace. Dubbed GlassWorm, the threat marks a histo ...
-
Daily CyberSecurity
Critical Moxa Flaw (CVE-2025-6950, CVSS 9.9) Allows Unauthenticated Admin Takeover via Hard-Coded JWT Secret
Moxa, a leading manufacturer of industrial networking and security appliances, has released an urgent security advisory addressing five critical vulnerabilities affecting multiple product series, incl ...
-
Daily CyberSecurity
Critical Keras 3 RCE Flaw (CVE-2025-49655, CVSS 9.8) Allows Code Execution on Model Load
Researchers at HiddenLayer have disclosed a critical arbitrary code execution vulnerability in the Keras 3 deep learning framework (CVE-2025-49655, CVSS 9.8), which affects the Torch backend of Keras ...
-
CybersecurityNews
PoC Exploit Released for Linux-PAM Vulnerability Allowing Root Privilege Escalation
A high-severity vulnerability in the Pluggable Authentication Modules (PAM) framework was assigned the identifier CVE-2025-8941. This vulnerability stems from the heart of Linux operating systems, ena ...
-
CybersecurityNews
WatchGuard VPN Vulnerability Let Remote Attacker Execute Arbitrary Code
WatchGuard has disclosed a critical out-of-bounds write vulnerability in its Fireware OS, enabling remote unauthenticated attackers to execute arbitrary code via IKEv2 VPN connections. Designated CVE- ...
-
Help Net Security
Week in review: F5 data breach, Microsoft patches three actively exploited zero-days
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Building a healthcare cybersecurity strategy that works In this Help Net Security interview, Wayman Cu ...
-
seclists.org
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
Full Disclosure mailing list archives CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS From: Thomas Weber | CyberDanube via Fulldisclosure <fulldisclos ...
-
CybersecurityNews
American Airlines Subsidiary Envoy Compromised in Oracle Hacking Campaign
Envoy Air, a wholly owned subsidiary of American Airlines, has confirmed it fell victim to a hacking campaign exploiting vulnerabilities in Oracle’s E-Business Suite (EBS). The breach, first highlight ...