CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
TheCyberThrone
CVE-2025-64155 – Critical RCE in Fortinet FortiSIEM
January 14, 2026Fortinet patched a severe unauthenticated remote command injection flaw in FortiSIEM on January 13, 2026, tracked as CVE-2025-64155 with CVSS 9.4.Discovered by Horizon3.ai in August 20 ...
-
CybersecurityNews
Microsoft Warns Secure Boot May Be Bypassed as Windows UEFI Certificates Expire
Microsoft has addressed a critical security feature bypass vulnerability in Windows Secure Boot certificates, tracked as CVE-2026-21265, through its January 2026 Patch Tuesday updates. The flaw stems ...
-
cert.pl
Vulnerability in Crazy Bubble Tea mobile application
Vulnerability in Crazy Bubble Tea mobile application CVE ID CVE-2025-14317 Publication date 14 January 2026 Vendor Emaintenance Product Crazy Bubble Tea Vulnerable versions All before 915 (Android) an ...
-
The Hacker News
Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution
Jan 14, 2026Ravie LakshmananVulnerability / Patch Management Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve ...
-
CybersecurityNews
Critical FortiSIEM Vulnerability Lets Attackers Run Arbitrary Commands via TCP Packets
Fortinet disclosed a critical OS command injection vulnerability in FortiSIEM on January 13, 2026, warning users of a high-risk flaw that lets unauthenticated attackers execute arbitrary code. Tracked ...
-
security.nl
Zevenduizend SmarterMail-servers missen update voor zeer kritiek lek
Ruim zevenduizend SmarterMail-servers, waarvan zo'n veertig in Nederland, missen een beveiligingsupdate voor een zeer kritieke kwetsbaarheid waardoor een ongeauthenticeerde aanvaller de server op afst ...
-
cert.pl
Vulnerability in Ysoft SafeQ 6 software
Vulnerability in Ysoft SafeQ 6 software CVE ID CVE-2025-13175 Publication date 14 January 2026 Vendor YSoft Product SafeQ 6 Vulnerable versions All before MU106 Vulnerability type (CWE) Missing Passwo ...
-
security.nl
Kritiek lek in Fortinet FortiFone geeft aanvaller toegang tot configuratie
Een kritieke kwetsbaarheid in Fortinet FortiFone kan een aanvaller toegang tot de lokale configuratiegegevens geven, zo laat Fortinet weten dat updates heeft uitgebracht om het probleem te verhelpen. ...
-
CybersecurityNews
Spring CLI Tool Vulnerability Enables Command Execution on the Users Machine
A command injection vulnerability in the Spring CLI VSCode extension poses a security risk to developers still using the outdated tool. The flaw, tracked as CVE-2026-22718, enables attackers to execut ...
-
CybersecurityNews
Elastic Patches Multiple Vulnerabilities That Enables Arbitrary File Theft and DoS Attacks
Elastic has released critical security updates addressing four significant vulnerabilities across its stack, including a high-severity flaw that permits arbitrary file disclosure through compromised c ...