CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Critical Flaw (CVE-2025-22470, CVSS 9.8) in SATO Industrial Label Printers Allow Remote Root Takeover
JPCERT/CC has issued a vulnerability note detailing two critical security flaws in SATO Corporation’s widely deployed industrial label printers—CL4/6NX Plus and CL4/6NX-J Plus series. These vulnerabil ... Read more
-
Daily CyberSecurity
CISA Warns of “ToolShell”: Critical Exploit Chain Hits SharePoint Servers, Bypasses Authentication
The Cybersecurity and Infrastructure Security Agency (CISA) has released an in-depth Malware Analysis Report warning of a sophisticated exploitation campaign targeting on-premises Microsoft SharePoint ... Read more
-
Daily CyberSecurity
CVE-2025-52709: Critical PHP Object Injection Flaw in Everest Forms Plugin Affects 100,000+ Sites
A critical security vulnerability has been discovered in the Everest Forms plugin, a widely used WordPress plugin with over 100,000 active installations. Known for its versatile contact, payment, and ... Read more
-
Daily CyberSecurity
NVIDIA: “No Backdoors, No Kill Switches,” Rejecting Calls for Government Hardware Controls
As the global reliance on high-performance computing deepens, NVIDIA GPUs have become the invisible engines powering everything from MRI machines and DNA sequencers to autonomous vehicles and AI data ... Read more
-
Daily CyberSecurity
BYOVD Attack: A New AV Killer Exploits a Legitimate Driver to Neutralize Defenses for MedusaLocker Ransomware
Incident flow | Image: Kaspersky Labs A recent incident response operation in Brazil has revealed a stealthy and destructive threat abusing the trusted architecture of the Windows kernel. In its lates ... Read more
-
Daily CyberSecurity
The WhatsApp Kill Switch: New npm Packages Use Developer’s Phone Number to Wipe Systems
Socket’s Threat Research Team has uncovered two malicious npm packages—naya-flore and nvlore-hsc—designed to target developers building WhatsApp integrations. Far from mere spyware or adware, these pa ... Read more
-
Daily CyberSecurity
CISA Alert: Critical Flaws in Tigo Energy Solar Devices Allow Remote Takeover of Solar Systems
In a critical advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), newly discovered vulnerabilities in Tigo Energy’s Cloud Connect Advanced (CCA) device could allow attacker ... Read more
-
Daily CyberSecurity
The Candiru Files: New Infrastructure Exposes Stealthy Surveillance Clusters in Hungary, Saudi Arabia, and Indonesia
Network diagram of Cluster 1 | Source: Recorded Future In a reminder of the persistent threat posed by commercial spyware vendors, Insikt Group has uncovered new operational infrastructure tied to Can ... Read more
-
Daily CyberSecurity
CERT-UA Exposes UAC-0099: New Backdoor Toolkit Targets Ukraine’s Defense with Phishing & Stealthy Malware
In a concerning escalation of cyber aggression, Ukraine’s National Cyber Security Incidents Response Team (CERT-UA) has uncovered a sophisticated new campaign by the threat group UAC-0099 targeting go ... Read more
-
CrowdStrike.com
CrowdStrike Falcon Prevents Supply Chain Attack Involving Compromised NPM Packages
Recently, five popular NPM (Node Package Manager) packages were compromised and modified to deliver a malicious DLL, dubbed “Scavenger”. The malware pushed via these compromised NPM packages executes ... Read more