CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
CybersecurityNews
Windows Defender Firewall Vulnerabilities Let Attackers Escalate Privileges
Microsoft has addressed four elevation of privilege vulnerabilities in its Windows Defender Firewall service, all rated as “Important” in severity. The security flaws were detailed in Microsoft’s Sept ...
-
The Hacker News
Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories
A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a maliciously crafted repository is opened using the progra ...
-
Daily CyberSecurity
Apple Issues New Spyware Alerts for French Officials and Journalists
Apple occasionally issues spyware attack notifications, publicly disclosing on its website which countries or regions have received such warnings. However, some spyware campaigns may remain undisclose ...
-
Daily CyberSecurity
CVE-2025-10127 (CVSS 9.8): Critical Daikin Flaw Could Give Hackers Full System Access
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory about a critical flaw in Daikin Security Gateway devices that could allow attackers to bypass authentication ...
-
Daily CyberSecurity
CVE-2025-58754: Axios Vulnerability Puts Node.js Processes at Risk of DoS Attacks
The Axios project has released a security advisory for a newly discovered vulnerability affecting its popular promise-based HTTP client for Node.js and browsers. Tracked as CVE-2025-58754 with a CVSS ...
-
Daily CyberSecurity
CISA Urges Immediate Patching: Critical Dassault Systèmes Flaw (CVE-2025-5086) Actively Exploited
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Dassault Systèmes DELMIA Apriso to its Known Exploited Vulnerabilities (KEV) Catalog, following confirmed evide ...
-
Daily CyberSecurity
Unveiling VoidProxy: The Phishing-as-a-Service That Bypasses MFA
Domain pattern for Google phishing pages | Image: Okta Okta Threat Intelligence has published a detailed analysis of VoidProxy, a previously unreported Phishing-as-a-Service (PhaaS) platform that repr ...
-
Daily CyberSecurity
PyInstaller Flaw : Are Your Python Apps Vulnerable to Hijacking?
The PyInstaller project has released fixes for a local privilege escalation vulnerability that affected applications packaged with versions prior to 6.0.0. Tracked as CVE-2025-59042 with a CVSS score ...
-
BleepingComputer
Apple warns customers targeted in recent spyware attacks
Apple warned customers last week that their devices were targeted in a new series of spyware attacks, according to the French national Computer Emergency Response Team (CERT-FR). CERT-FR is operated b ...
-
BleepingComputer
Akira ransomware exploiting critical SonicWall SSLVPN bug again
The Akira ransomware gang is actively exploiting CVE-2024-40766, a year-old critical-severity access control vulnerability, to gain unauthorized access to SonicWall devices. The hackers are leverging ...