CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
CVE-2025-54831: Apache Airflow Bug Exposes Sensitive Connection Passwords to Read-Only Users
The Apache Software Foundation has released a fix for Apache Airflow, a popular open-source platform for authoring, scheduling, and monitoring workflows. The update addresses CVE-2025-54831, an import ... Read more
-
Daily CyberSecurity
GitLab Fixes High-Severity DoS Flaws: Unauthenticated Attackers Could Crash Instances
GitLab has released security updates for versions 18.4.1, 18.3.3, and 18.2.7 of its Community Edition (CE) and Enterprise Edition (EE). The company urges all self-managed users to upgrade immediately, ... Read more
-
Daily CyberSecurity
NVIDIA Patches High-Severity Code Injection Flaws in Megatron-LM AI Framework
Nvidia has issued an important security update addressing multiple high-severity vulnerabilities in its open-source Megatron-LM project, a large language model (LLM) framework widely used in AI resear ... Read more
-
Daily CyberSecurity
LNK Stomping: Attackers Bypass Windows Security by Stripping the ‘Mark of the Web’
Executing the lnk file using the LNK Stomping attack technique Windows shortcut files (.LNK) were designed to simplify user navigation, but for years, they’ve been a favorite tool in the attacker’s ar ... Read more
-
seclists.org
SEC Consult SA-20250925-0 :: Multiple Vulnerabilities in iMonitorSoft EAM employee monitoring #CVE-2025-10540 #CVE-2025-10541 #CVE-2025-10542
Full Disclosure mailing list archives From: SEC Consult Vulnerability Lab via Fulldisclosure <fulldisclosure () seclists org> Date: Thu, 25 Sep 2025 11:59:35 +0000 SEC Consult Vulnerability Lab Securi ... Read more
-
seclists.org
SEC Consult SA-20250923-0 :: Missing Certificate Validation leading to RCE in CleverControl employee monitoring software #CVE-2025-10548
Full Disclosure mailing list archives From: SEC Consult Vulnerability Lab via Fulldisclosure <fulldisclosure () seclists org> Date: Tue, 23 Sep 2025 07:58:36 +0000 SEC Consult Vulnerability Lab Securi ... Read more
-
seclists.org
CyberDanube Security Research 20250919-0 | Multiple Vulnerabilities in Novakon P series
Full Disclosure mailing list archives CyberDanube Security Research 20250919-0 | Multiple Vulnerabilities in Novakon P series From: Thomas Weber | CyberDanube via Fulldisclosure <fulldisclosure () sec ... Read more
-
seclists.org
CyberDanube Security Research 20250909-0 | Cross-Site Scripting in Schneider ATV 630
Full Disclosure mailing list archives CyberDanube Security Research 20250909-0 | Cross-Site Scripting in Schneider ATV 630 From: Thomas Weber | CyberDanube via Fulldisclosure <fulldisclosure () seclis ... Read more
-
The Hacker News
Urgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive
Sep 25, 2025Ravie LakshmananZero-Day / Vulnerability Cisco is urging customers to patch two security flaws impacting the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Sof ... Read more
-
BleepingComputer
CISA orders agencies to patch Cisco flaws exploited in zero-day attacks
CISA has issued a new emergency directive ordering U.S. federal agencies to secure their Cisco firewall devices against two flaws that have been exploited in zero-day attacks. Emergency Directive 25-0 ... Read more