CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Apache APISIX Flaw (CVE-2025-46647): Token Issuer Bypass in OpenID Connect Allows Cross-Issuer Access
Apache APISIX, a high-performance and AI-ready API gateway trusted for managing traffic across microservices and LLM-based applications, has been found vulnerable to a token issuer validation flaw in ... Read more
-
Daily CyberSecurity
Exposed JDWP Debug Ports Under Attack: Cryptominers Infiltrating Java Apps in Hours
The Wiz Research Team has uncovered a stealthy and rapidly executed exploitation chain leveraging a misconfigured Java Debug Wire Protocol (JDWP) interface to deploy crypto-mining malware in TeamCity ... Read more
-
Daily CyberSecurity
Critical Lucee Flaw (CVE-2025-34074, CVSS 9.4): Authenticated RCE Via Scheduled Task Abuse, Metasploit Module Out
A critical security flaw has been discovered in Lucee, the high-performance, open-source CFML (ColdFusion Markup Language) application server. Tracked as CVE-2025-34074 and carrying a CVSS score of 9. ... Read more
-
BleepingComputer
Grafana releases critical security update for Image Renderer plugin
Grafana Labs has addressed four Chromium vulnerabilities in critical security updates for the Grafana Image Renderer plugin and Synthetic Monitoring Agent. Although the issues impact Chromium and were ... Read more
-
Cyber Security News
Apache Tomcat and Camel Vulnerabilities Actively Exploited in The Wild
Critical vulnerabilities in Apache Tomcat and Apache Camel are being actively exploited by cybercriminals worldwide, with security researchers documenting over 125,000 attack attempts across more than ... Read more
-
Cyber Security News
Urgent Update: Microsoft Edge Fixes Actively Exploited Chromium Vulnerability
Microsoft has released a critical security update for Edge Stable Channel on July 1, 2025, addressing a severe vulnerability that cybercriminals have actively exploited. The latest Microsoft Edge Stab ... Read more
-
Cyber Security News
Anthropic’s MCP Server Vulnerability Allowed Attackers to Escape Sandbox and Execute Code
Two high-severity vulnerabilities in Anthropic’s Model Context Protocol (MCP) Filesystem Server enable attackers to escape sandbox restrictions and execute arbitrary code on host systems. The vulnerab ... Read more
-
Help Net Security
Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309)
Cisco has found a backdoor account in yet another of its software solutions: CVE-2025-20309, stemming from default credentials for the root account, could allow unauthenticated remote attackers to log ... Read more
-
Cyber Security News
213% Increase in Ransomware Attacks Targeting Organizations With First Quarter of 2025
The first quarter of 2025 has witnessed an unprecedented surge in ransomware attacks, with 2,314 victims listed across 74 unique data leak sites, representing a staggering 213% increase compared to th ... Read more
-
CrowdStrike.com
June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs
Microsoft has addressed 66 vulnerabilities in its June 2025 security update release. This month's patches include fixes for one actively exploited zero-day vulnerability and nine Critical vulnerabilit ... Read more