CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Huntress
Velociraptor Misuse, Pt. II: The Eye of the Storm
Acknowledgements: Special thanks to Ben Folland, Anna Pham, Michael Tigges, and Anton Ovrutsky for contributing to this investigation and writeup. We recently outlined an incident on November 12 where ...
-
Daily CyberSecurity
Critical ACF Extended Flaw (CVE-2025-13486, CVSS 9.8) Allows Unauthenticated RCE on 100K WordPress Sites
A critical security vulnerability carrying a near-maximum severity score has been discovered in “Advanced Custom Fields: Extended,” a popular WordPress utility plugin installed on over 100,000 website ...
-
CybersecurityNews
Chrome 143 Released With Fix for 13 Vulnerabilities that Enables Arbitrary Code Execution
Google has officially promoted Chrome 143 to the Stable channel, rolling out version 143.0.7499.40 for Linux and 143.0.7499.40/41 for Windows and Mac. This significant update addresses 13 security vul ...
-
Daily CyberSecurity
CISA Warns: Critical Longwatch RCE Flaw (CVE-2025-13658, CVSS 9.8) Allows Unauthenticated SYSTEM Takeover of OT Surveillance
A critical security vulnerability has been identified in the Longwatch video surveillance and monitoring system developed by Industrial Video & Control (IV&C), posing a severe risk to industrial opera ...
-
TheCyberThrone
Android Framework Zero-Days Hit CISA KEV
December 3, 2025CISA added two high-severity Android Framework vulnerabilities—CVE-2025-48572 and CVE-2025-48633—to its Known Exploited Vulnerabilities (KEV) catalog on December 1, 2025, confirming li ...
-
Daily CyberSecurity
Chrome 143 Stable Fixes 13 Flaws: High-Severity V8 Type Confusion Earns $11,000 Bounty
Google has officially promoted Chrome 143 to the stable channel for Windows, macOS, and Linux, rolling out a critical security update that addresses 13 vulnerabilities. The release, versioned as 143.0 ...
-
Daily CyberSecurity
Django Flaw (CVE-2025-13372) Allows SQL Injection in PostgreSQL FilteredRelation
The maintainers of Django, the high-level Python web framework that powers some of the internet’s largest sites, have released an important security update addressing two distinct vulnerabilities. The ...
-
Daily CyberSecurity
CISA Warns: Critical Iskra iHUB Flaw (CVE-2025-13510) Allows Unauthenticated Smart Metering Takeover
A critical security vacuum has been discovered in smart metering infrastructure, potentially leaving utility networks exposed to remote takeover. The Cybersecurity and Infrastructure Security Agency ( ...
-
Daily CyberSecurity
Critical Elementor Plugin Flaw (CVE-2025-8489, CVSS 9.8) Under Active Exploitation Allows Unauthenticated Admin Takeover
A critical security flaw in a popular WordPress plugin has triggered a massive wave of exploitation attempts, with threat actors actively trying to seize control of vulnerable websites by registering ...
-
Daily CyberSecurity
High-Severity Angular Flaw (CVE-2025-66412) Allows Stored XSS via SVG and MathML Bypass
The maintainers of Angular, the popular platform for building mobile and desktop web applications, have released an important security advisory regarding a high-severity vulnerability in the Angular T ...