CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Apache Tomcat Patches URL Rewrite Bypass (CVE-2025-55752) Risking RCE and Console ANSI Injection
The Apache Software Foundation has released multiple security patches for Apache Tomcat, addressing three newly disclosed vulnerabilities — CVE-2025-55752, CVE-2025-55754, and CVE-2025-61795 — affecti ...
-
The Register
WSUS attacks hit 'multiple' orgs as Google and other infosec sleuths ring Redmond’s alarm bell
More threat intel teams are sounding the alarm about a critical Windows Server Update Services (WSUS) remote code execution vulnerability, tracked as CVE-2025-59287 and now under active exploitation, ...
-
BleepingComputer
QNAP warns of critical ASP.NET flaw in its Windows backup software
QNAP warned customers to patch a critical ASP.NET Core vulnerability that also impacts the company's NetBak PC Agent, a Windows utility for backing up data to a QNAP network-attached storage (NAS) dev ...
-
BleepingComputer
Italian spyware vendor linked to Chrome zero-day attacks
A zero-day vulnerability in Google Chrome, exploited in Operation ForumTroll earlier this year, delivered malware linked to Italian spyware vendor Memento Labs, born after IntheCyber Group acquired ...
-
CybersecurityNews
Ubiquiti UniFi Door Access App Vulnerability Exposes API Management Without Authentication
Ubiquiti’s UniFi Access application has been found vulnerable to a critical flaw that leaves its management API exposed without authentication. Discovered by Catchify Security, this issue allows malic ...
-
BleepingComputer
CISA orders feds to patch actively exploited Windows Server WSUS flaw
The Cybersecurity and Infrastructure Security Agency (CISA) ordered U.S. government agencies to patch a critical-severity Windows Server Update Services (WSUS) vulnerability after adding it to its cat ...
-
The Hacker News
⚡ Weekly Recap: WSUS Exploited, LockBit 5.0 Returns, Telegram Backdoor, F5 Breach Widens
Oct 27, 2025Ravie LakshmananCybersecurity / Hacking News Security, trust, and stability — once the pillars of our digital world — are now the tools attackers turn against us. From stolen accounts to ...
-
CybersecurityNews
Hackers Actively Exploiting WordPress Arbitrary Installation Vulnerabilities in The Wild
Threat actors have launched a significant mass exploitation campaign targeting critical vulnerabilities in two popular WordPress plugins, GutenKit and Hunk Companion, affecting hundreds of thousands o ...
-
The Cyber Express
New BIND 9 Security Flaw (CVE-2025-40778) Threatens Global DNS Infrastructure
A newly disclosed security flaw has put more than 706,000 BIND 9 DNS resolvers worldwide at risk of cache poisoning attacks, according to an advisory published by the Internet Systems Consortium (ISC) ...
-
CybersecurityNews
Chrome 0-Day Vulnerability Actively Exploited in Attacks by Notorious Hacker Group
The notorious Mem3nt0 mori hacker group has been actively exploiting a zero-day vulnerability in Google Chrome, compromising high-profile targets across Russia and Belarus. Dubbed CVE-2025-2783, this ...