CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Apache Under Attack: Critical RCE Flaws in Tomcat & Camel Spark Thousands of Exploit Attempts
In a recent deep-dive analysis, Palo Alto Networks’ Unit 42 revealed disturbing insights into a surge of cyberattacks targeting critical vulnerabilities in Apache Tomcat and Apache Camel. These flaws, ... Read more
-
Daily CyberSecurity
Critical HIKVISION applyCT Flaw (CVE-2025-34067, CVSS 10.0): Unauthenticated RCE Via Fastjson
Image: PeiQi0 A newly disclosed vulnerability in HIKVISION’s widely deployed security management platform, applyCT (previously known as HikCentral), has put countless surveillance and monitoring infra ... Read more
-
Daily CyberSecurity
Anthropic MCP Server Flaws: Path Traversal & Symlink Attacks Allow RCE
Image: Cymulate Cymulate Research Labs has revealed Anthropic’s Filesystem MCP Server vulnerabilities. Two newly disclosed flaws—CVE-2025-53110 and CVE-2025-53109—exposes systems to unauthorized acces ... Read more
-
Daily CyberSecurity
Apache APISIX Flaw (CVE-2025-46647): Token Issuer Bypass in OpenID Connect Allows Cross-Issuer Access
Apache APISIX, a high-performance and AI-ready API gateway trusted for managing traffic across microservices and LLM-based applications, has been found vulnerable to a token issuer validation flaw in ... Read more
-
Daily CyberSecurity
Exposed JDWP Debug Ports Under Attack: Cryptominers Infiltrating Java Apps in Hours
The Wiz Research Team has uncovered a stealthy and rapidly executed exploitation chain leveraging a misconfigured Java Debug Wire Protocol (JDWP) interface to deploy crypto-mining malware in TeamCity ... Read more
-
Daily CyberSecurity
Critical Lucee Flaw (CVE-2025-34074, CVSS 9.4): Authenticated RCE Via Scheduled Task Abuse, Metasploit Module Out
A critical security flaw has been discovered in Lucee, the high-performance, open-source CFML (ColdFusion Markup Language) application server. Tracked as CVE-2025-34074 and carrying a CVSS score of 9. ... Read more
-
BleepingComputer
Grafana releases critical security update for Image Renderer plugin
Grafana Labs has addressed four Chromium vulnerabilities in critical security updates for the Grafana Image Renderer plugin and Synthetic Monitoring Agent. Although the issues impact Chromium and were ... Read more
-
Cyber Security News
Apache Tomcat and Camel Vulnerabilities Actively Exploited in The Wild
Critical vulnerabilities in Apache Tomcat and Apache Camel are being actively exploited by cybercriminals worldwide, with security researchers documenting over 125,000 attack attempts across more than ... Read more
-
Cyber Security News
Urgent Update: Microsoft Edge Fixes Actively Exploited Chromium Vulnerability
Microsoft has released a critical security update for Edge Stable Channel on July 1, 2025, addressing a severe vulnerability that cybercriminals have actively exploited. The latest Microsoft Edge Stab ... Read more
-
Cyber Security News
Anthropic’s MCP Server Vulnerability Allowed Attackers to Escape Sandbox and Execute Code
Two high-severity vulnerabilities in Anthropic’s Model Context Protocol (MCP) Filesystem Server enable attackers to escape sandbox restrictions and execute arbitrary code on host systems. The vulnerab ... Read more