CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
BleepingComputer
RondoDox botnet exploits React2Shell flaw to breach Next.js servers
The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. First documented by Fortinet in July ...
-
CybersecurityNews
Critical IBM API Connect Vulnerability Let Attackers Bypass Logins
A critical security alert regarding a severe vulnerability in the IBM API Connect platform that could allow remote attackers to bypass authentication mechanisms. Discovered during internal testing, th ...
-
The Hacker News
IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass
Dec 31, 2025Ravie LakshmananAPI Security / Vulnerability IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application. The ...
-
hackread.com
30,000 Korean Air Employee Records Stolen as Cl0p Leaks Data Online
In a worrying turn of events for the aviation industry, Korean Air has confirmed that the personal details of roughly 30,000 current and former employees have been stolen. This news, shared on Decembe ...
-
BleepingComputer
IBM warns of critical API Connect auth bypass vulnerability
IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could allow attackers to access apps remotely. API Connect is an application pro ...
-
CybersecurityNews
Critical Apache StreamPipes Vulnerability Let Attackers Seize Admin Control
A security patch addressing a critical privilege escalation vulnerability that allows unauthorized users to gain administrative access to the data streaming platform. The flaw, tracked as CVE-2025-474 ...
-
The Cyber Express
Singapore CSA Warns of Critical SmarterMail Flaw Enabling Unauthenticated Remote Code Execution
The Cyber Security Agency of Singapore (CSA) has issued a high-priority alert warning organizations and system administrators about a critical security vulnerability affecting SmarterMail, an enterpri ...
-
Help Net Security
Security coverage is falling behind the way attackers behave
Cybercriminals keep tweaking their procedures, trying out new techniques, and shifting tactics across campaigns. Coverage that worked yesterday may miss how those behaviors appear today. The 2025 Thre ...
-
Daily CyberSecurity
CVE-2025-47411: Critical Apache StreamPipes Flaw Allows Standard Users to Seize Admin Control
The Apache Software Foundation has released a critical fix for StreamPipes, its self-service Industrial IoT toolbox designed to let non-technical users analyze complex data streams. A newly disclosed ...
-
The Register
An early end to the holidays: 'Heartbleed of MongoDB' is now under active exploit
A high-severity MongoDB Server vulnerability, for which proofs of concept emerged over Christmas week, is now under active exploitation, according to the US Cybersecurity and Infrastructure Security A ...