CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
CybersecurityNews
New FortiWeb 0-Day Command Injection Vulnerability Exploited in the Wild
Fortinet has released an urgent security advisory addressing a newly discovered zero-day vulnerability, CVE-2025-58034, in its FortiWeb web application firewall platform, after evidence emerged of act ...
-
The Hacker News
Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild
Nov 19, 2025Ravie LakshmananVulnerability / Network Security Fortinet has warned of a new security flaw in FortiWeb that it said has been exploited in the wild. The medium-severity vulnerability, tr ...
-
Daily CyberSecurity
CISA KEV Alert: FortiWeb RCE Flaw (CVE-2025-58034) Under Active Exploitation for Command Injection
Fortinet has issued an urgent advisory warning customers that a newly disclosed vulnerability in FortiWeb, tracked as CVE-2025-58034, is being actively exploited in the wild, prompting the U.S. Cybers ...
-
Daily CyberSecurity
AI-Generated Malware Attacks 230,000 Exposed Ray AI Clusters in Massive ShadowRay 2.0 Botnet Campaign
Security researchers at Oligo Security have uncovered a massive, fast-evolving cyberattack campaign hijacking exposed Ray AI clusters worldwide through the long-standing ShadowRay vulnerability (CVE-2 ...
-
Daily CyberSecurity
D-Link DIR-878 Reaches EOL: 3 Unpatched RCE Flaws Allow Unauthenticated Remote Command Execution
D-Link has issued a security advisory warning users of the DIR-878 router series that multiple newly disclosed vulnerabilities—including three unauthenticated remote command execution flaws—will not b ...
-
Daily CyberSecurity
Critical METZ CONNECT Flaws (CVSS 9.8) Allow Unauthenticated RCE and Admin Takeover on Industrial Controllers
METZ CONNECT GmbH, in coordination with CERT@VDE, has issued an urgent security advisory warning of multiple critical vulnerabilities affecting its EWIO-2 series, including Energy-Controlling EWIO2-M, ...
-
Daily CyberSecurity
9 Million Installs: Malicious Chrome VPN Extensions Hijack User Traffic Via Remote PAC Proxy Injection
One of the Malicious ‘Free Unlimited VPN’ in store | Image: LayerX Security researchers at LayerX Security have uncovered a long-running malicious campaign involving VPN and ad-blocking browser extens ...
-
Daily CyberSecurity
Critical SolarWinds Serv-U Flaws (CVSS 9.1) Allow Authenticated Admin RCE and Path Bypass
SolarWinds has released security updates addressing three critical vulnerabilities in Serv-U—its managed file transfer and FTP server platform—each carrying a CVSS score of 9.1 and enabling remote cod ...
-
Daily CyberSecurity
Stealth Stealer: New .NET Loader Hides LokiBot Payload in BMP/PNG Images Using Advanced Steganography
The Splunk Threat Research Team (STRT) has uncovered a new variant of a .NET steganographic malware loader that hides malicious payloads inside image files and ultimately deploys LokiBot, one of the m ...
-
The Register
Self-replicating botnet attacks Ray clusters
Malefactors are actively attacking internet-facing Ray clusters and abusing the open source AI framework to spread a self-replicating botnet that mines for cryptocurrency, steals data, and launches di ...