CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
The Cyber Express
Active Exploitation of Command Injection Flaw Confirmed in Array AG Gateways
The Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) has confirmed that a command injection vulnerability affecting Array Networks AG Series secure access gateways has been activ ...
-
BleepingComputer
React2Shell critical flaw actively exploited in China-linked attacks
Multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and Next.js just hours after the max-severity issue was disclosed. React2Shell is an ...
-
The Cyber Express
‘React2Shell’ Flaw Exploited by China-Nexus Groups Within Hours of Disclosure, AWS Warns
The cycle of vulnerability disclosure and weaponization has shattered records once again. According to a new threat intel from Amazon Web Services (AWS), state-sponsored hacking groups linked to China ...
-
CybersecurityNews
China-Nexus Hackers Exploiting VMware vCenter Environments to Deploy Web Shells and Malware Implants
A new sophisticated threat actor has emerged in the cybersecurity landscape, targeting critical infrastructure across the United States. The adversary, operating under the name WARP PANDA, has demonst ...
-
CybersecurityNews
NVIDIA Triton Vulnerability Let Attackers Trigger DoS Attack Using Malicious Payload
Critical security updates have been released to fix two high-severity flaws in the Triton Inference Server that let attackers crash systems remotely from NVIDIA. Both flaws received a CVSS score of 7. ...
-
security.nl
'Kritiek React-lek paar uur na bekendmaking misbruikt bij aanvallen'
Een kritieke kwetsbaarheid in React is een paar uur na de bekendmaking actief misbruikt door aanvallers, zo stelt Amazon. Volgens het bedrijf hebben meerdere groepen aanvallers het beveiligingslek (CV ...
-
The Hacker News
CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People's ...
-
CybersecurityNews
Cacti Command Injection Vulnerability Let Attackers Execute Malicious Code Remotely
A critical command injection vulnerability in the open-source network monitoring tool Cacti allows authenticated attackers to execute arbitrary code remotely, potentially compromising the entire monit ...
-
CybersecurityNews
Splunk Enterprise Vulnerabilities Allows Privileges Escalation Via Incorrect File Permissions
A high-severity vulnerability has been disclosed in Splunk affecting its Enterprise and Universal Forwarder products for Windows, stemming from incorrect file permissions during installation and upgra ...
-
CrowdStrike.com
Unveiling WARP PANDA: A New Sophisticated China-Nexus Adversary
Throughout 2025, CrowdStrike has identified multiple intrusions targeting VMware vCenter environments at U.S.-based entities, in which newly identified China-nexus adversary WARP PANDA deployed BRICKS ...