CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
CybersecurityNews
Critical Vulnerability in VM2 Sandbox Library for Node.js Let Attackers run Untrusted Code
A critical sandbox escape vulnerability has been identified in vm2. This widely used Node.js library provides sandbox isolation for executing untrusted code. The flaw, tracked as CVE-2026-22709 (GHSA- ...
-
TheCyberThrone
CVE-2026-24858: Fortinet FortiCloud SSO Zero-Day Under Active Exploitation
January 28, 2026A critical authentication bypass vulnerability, CVE-2026-24858, impacts multiple Fortinet products via flawed FortiCloud SSO controls. Fortinet confirmed active exploitation by malicio ...
-
Daily CyberSecurity
Router Takeover: High-Severity Command Injection Flaw Hits TP-Link Archer MR600
TP-Link has issued a security advisory for its popular Archer MR600 4G+ LTE router, warning of a high-severity vulnerability that could allow attackers to seize control of the device. The flaw, tracke ...
-
Help Net Security
Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858)
Fortinet has begun releasing FortiOS versions that fix CVE-2026-24858, a critical zero-day vulnerability that allowed attackers to log into targeted organizations’ FortiGate firewalls. “This vulnerabi ...
-
Daily CyberSecurity
The AI Throne Reclaimed? Samsung Nears Final NVIDIA “Seal of Approval” for Game-Changing HBM4
Samsung Electronics, which has been laboring to close the yawning chasm in the artificial intelligence memory theater, has finally received promising intelligence. According to reports from Bloomberg ...
-
BleepingComputer
Fortinet blocks exploited FortiCloud SSO zero day until patch is ready
Fortinet has confirmed a new, actively exploited critical FortiCloud single sign-on (SSO) authentication bypass vulnerability, tracked as CVE-2026-24858, and says it has mitigated the zero-day attacks ...
-
BleepingComputer
WinRAR path traversal flaw still exploited by numerous hackers
Multiple threat actors, both state-sponsored and financially motivated, are exploiting the CVE-2025-8088 high-severity vulnerability in WinRAR for initial access and to deliver various malicious paylo ...
-
Kaspersky
Fake apps, NFC skimming attacks, and other Android issues in 2026 | Kaspersky official blog
The year 2025 saw a record-breaking number of attacks on Android devices. Scammers are currently riding a few major waves: the hype surrounding AI apps, the urge to bypass site blocks or age checks, t ...
-
BleepingComputer
Critical sandbox escape flaw discovered in popular vm2 NodeJS library
A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system. The open-source ...
-
security.nl
OpenSSL-lek kan remote code execution mogelijk maken
Een kwetsbaarheid in OpenSSL kan in bepaalde gevallen remote code execution mogelijk maken. Er zijn nieuwe versies van de software beschikbaar gesteld waarin het probleem, aangeduid als CVE-2025-15467 ...