CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
CISA KEV Alert: GeoServer XXE Flaw Under Active Attack Risks Data Theft & Internal Network Scanning
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the widely used OSGeo GeoServer software to its Known Exploited Vulnerabilities (KEV) Catalog. ...
-
CybersecurityNews
New Vulnerabilities in React Server Components Allow DoS Attacks and Source Code Leaks
Less than a week after addressing a critical Remote Code Execution (RCE) vulnerability, the React team has disclosed three additional security flaws affecting React Server Components (RSC). Security r ...
-
Daily CyberSecurity
CVE-2025-64188 (CVSS 9.8): Critical “Soledad” Theme Flaw Lets Subscribers Take Over WordPress Sites
A critical security vulnerability has been discovered in Soledad, one of the most popular general-purpose WordPress themes on the market with over 57,000 active sales. The flaw, which carries a near-m ...
-
BleepingComputer
Hackers exploit Gladinet CentreStack cryptographic flaw in RCE attacks
Hackers are exploiting a new, undocumented vulnerability in the implementation of the cryptographic algorithm present in Gladinet's CentreStack and Triofox products for secure remote file access and s ...
-
The Register
Google fixes super-secret 8th Chrome 0-day
Google issued an emergency fix for a Chrome vulnerability already under exploitation, which marks the world's most popular browser's eighth zero-day bug of 2025. We have even fewer than usual details ...
-
The Register
LastPass hammered with £1.2M fine for 2022 breach fiasco
The UK's Information Commissioner's Office (ICO) says LastPass must cough up £1.2 million ($1.6 million) after its two-part 2022 data breach compromised information from up to 1.6 million UK users. In ...
-
The Cloudflare Blog
React2Shell and related RSC vulnerabilities threat brief: early exploitation activity and threat actor techniques
2025-12-117 min readOn December 3, 2025, immediately following the public disclosure of the critical, maximum-severity React2Shell vulnerability (CVE-2025-55182), the Cloudforce One Threat Intelligenc ...
-
TheCyberThrone
Google Fixes two Medium Severity Bugs in Chrome
December 11, 2025Google Chrome recently addressed two medium-severity vulnerabilities, CVE-2025-14372 and CVE-2025-14373, in its Stable channel update to version 143.0.7499.109, released around Decemb ...
-
CybersecurityNews
Gogs 0-Day Vulnerability Exploited in the Wild to Hack 700+ Instances
A critical zero-day vulnerability in Gogs, a widely used self-hosted Git service, is currently being exploited in the wild. Designated as CVE-2025-8110, this flaw allows authenticated users to execute ...
-
The Hacker News
ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit — and 20 More Stories
This week's cyber stories show how fast the online world can turn risky. Hackers are sneaking malware into movie downloads, browser add-ons, and even software updates people trust. Tech giants and gov ...