CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Actively Exploited: Critical Flaw CVE-2025-6388 (CVSS 9.8) Allows Authentication Bypass in WordPress Plugin
A newly disclosed vulnerability in the Spirit Framework plugin for WordPress has put thousands of websites at immediate risk of compromise. Tracked as CVE-2025-6388, the flaw carries a CVSS score of 9 ... Read more
-
Daily CyberSecurity
Yoast SEO Premium Flaw: Stored XSS Bug (CVE-2025-11241) Exposes Millions of WordPress Sites
A new vulnerability has been disclosed in the widely used Yoast SEO Premium plugin for WordPress, potentially exposing millions of websites to cross-site scripting (XSS) attacks. Tracked as CVE-2025-1 ... Read more
-
Daily CyberSecurity
GreyNoise Detects Coordinated Surge Exploiting Grafana Path Traversal Flaw (CVE-2021-43798)
Recently, GreyNoise observed a sudden and highly coordinated wave of exploitation attempts targeting CVE-2021-43798, a Grafana path traversal vulnerability that allows arbitrary file reads. The surge, ... Read more
-
Daily CyberSecurity
Confucius APT Evolves: Espionage Group Shifts from WooperStealer to Advanced Python Backdoor AnonDoor
The Confucius group, a long-running cyber-espionage actor first identified in 2013, has resurfaced with a new wave of operations across South Asia. In its latest analysis, FortiGuard Labs highlights h ... Read more
-
Daily CyberSecurity
Researcher Details Zero-Day Linux/Android Kernel Flaw (CVE-2025-38352)
Security researcher StreyPaws has published an in-depth analysis of CVE-2025-38352, a Time-of-Check to Time-of-Use (TOCTOU) race condition in the Linux/Android kernel’s POSIX CPU Timer subsystem. The ... Read more
-
seclists.org
Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Full Disclosure mailing list archives From: josephgoyd via Fulldisclosure <fulldisclosure () seclists org> Date: Thu, 02 Oct 2025 21:45:21 +0000 Updated repo location: https://github.com/JGoyd/Glass-C ... Read more
-
seclists.org
Re: [FD] Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Full Disclosure mailing list archives Re: [FD] Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft From: josephgoyd via Ful ... Read more
-
The Cyber Express
Hackers Claim Breach of Red Hat Customer Data
Hackers claim to have breached a Red Hat GitHub instance and stolen sensitive customer data. The claims were made in Telegram posts by a group calling itself “Crimson Collective,” which said it exfilt ... Read more
-
BleepingComputer
DrayTek warns of remote code execution bug in Vigor routers
Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow remote, unauthenticated actors to execute perform arbitrar ... Read more
-
Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
$20 YoLink IoT Gateway Vulnerabilities Put Home Security at Risk
Cybersecurity researchers at Bishop Fox have revealed security vulnerabilities in the popular, inexpensive YoLink Smart Hub (v0382), leaving users exposed to remote attackers. The hub that costs just ... Read more