CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
High-Severity lz4-java Flaw (CVE-2025-66566) Leaks Uninitialized Memory During Decompression
A high-severity vulnerability has been unearthed in lz4-java, a widely used Java library for the LZ4 compression algorithm. Tracked as CVE-2025-66566, the flaw carries a CVSS score of 8.2, signaling a ...
-
Daily CyberSecurity
Critical Cal.com Flaw (CVE-2025-66489, CVSS 9.9) Allows Authentication Bypass by Submitting Fake TOTP Codes
A severe security vulnerability has been uncovered in Cal.com, the popular open-source scheduling platform positioned as the successor to Calendly. The flaw, which carries a near-maximum severity rati ...
-
Daily CyberSecurity
High-Severity WatchGuard Flaws Risk VPN DoS and RCE via IKEv2 Memory Corruption
WatchGuard Technologies has released a critical series of security advisories addressing five high-severity vulnerabilities across its Firebox product line. The flaws, which affect the Fireware OS, co ...
-
Daily CyberSecurity
Spyware Vendor Intellexa Used 15 Zero-Days Since 2021, Deploying Predator via “smack” iOS Exploit Chain
The mercenary spyware industry remains a persistent and adaptable threat, with the notorious vendor Intellexa continuing to expand its arsenal despite facing significant geopolitical headwinds. A new ...
-
The Register
Apache warns of 10.0-rated flaw in Tika metadata ingestion tool
Infosec in Brief The Apache Foundation last week warned of a 10.0-rated flaw in its Tika toolkit. Tika detects and extracts metadata from over 1,000 different file formats. Last August, Apache reporte ...
-
Daily CyberSecurity
urllib3 Flaws Risk Client DoS via Unbounded Decompression and Streaming Resource Exhaustion
The maintainers of urllib3, the ubiquitous HTTP client for Python, have issued a security advisory detailing two high-severity vulnerabilities that could allow malicious servers to crash client applic ...
-
objective-see.org
A Remote Pre-Authentication Overflow in LLDB's debugserver
When Good /bins Go Bad A Remote Pre-Authentication Overflow in LLDB's debugserver by: Nathaniel Oh / December 7, 2025 The Objective-See Foundation is supported by: Note:In this guest blog post, Nathan ...
-
nextron-systems.com
React Server Components & Next.js Vulnerabilities – Status of Nextron Products
Over the past days, many of our customers have seen reports about a critical remote code execution vulnerability in React Server Components (CVE-2025-55182) and the related Next.js vulnerability (CVE- ...
-
CybersecurityNews
Cybersecurity News Weekly Newsletter – 29.7 Tbps DDoS Attack, Chrome 143, React2Shell Vulnerabilities, and Cloudflare Outage
This week’s cybersecurity landscape featured a record-breaking 29.7 Tbps DDoS attack on a financial institution, leveraging IoT botnets and UDP floods that overwhelmed European networks until mitigate ...
-
Help Net Security
Week in review: React, Node.js flaw patched, ransomware intrusion exposes espionage foothold
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Creative cybersecurity strategies for resource-constrained institutions In this Help Net Security inte ...