CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
CVE-2025-6463: Unauthenticated Arbitrary File Deletion in Forminator Plugin Exposes Over 600,000 WordPress Sites to Remote Takeover
A newly disclosed high-severity vulnerability in the popular Forminator plugin threatens the security of hundreds of thousands of WordPress websites. Tracked as CVE-2025-6463, this arbitrary file dele ... Read more
-
Daily CyberSecurity
Chinese Student Jailed for Smishing: Operated Covert “SMS Blaster” in Car for Mass Phishing
A Chinese student has been sentenced to over a year in prison by Inner London Crown Court for orchestrating a mobile SMS-based phishing (smishing) campaign using a covert “SMS Blaster” system hidden i ... Read more
-
Daily CyberSecurity
ANSSI Exposes “Houken”: China-Linked Threat Actor Exploiting Ivanti CSA Zero-Days & Deploying Linux Rootkits
The French cybersecurity agency ANSSI has exposed a sophisticated threat actor dubbed Houken. First observed exploiting zero-day vulnerabilities in Ivanti Cloud Service Appliance (CSA) devices in Sept ... Read more
-
Daily CyberSecurity
Multi DataEase Flaws: RCE & Bypass Vulnerabilities Threaten BI Platform via JDBC
DataEase, an open-source business intelligence (BI) platform known for its ease of use and data visualization capabilities, has been found to contain several critical vulnerabilities in its database c ... Read more
-
Daily CyberSecurity
Graylog Flaw (CVE-2025-53106, CVSS 8.8): Privilege Escalation Via API Token Abuse
A vulnerability was found in Graylog—a popular Security Information and Event Management (SIEM) solution. Tracked as CVE-2025-53106 and scoring 8.8 on the CVSS v4 scale, this critical flaw allows priv ... Read more
-
Daily CyberSecurity
Security Flaws in Frappe Framework Expose Self-Hosted ERPNext Users to Takeovers, XSS, and SQL Injection
The Frappe Framework, a widely used full-stack application platform that powers ERPNext, has been found vulnerable to three security issues, potentially affecting thousands of self-hosted deployments. ... Read more
-
Daily CyberSecurity
Pilz IndustrialPI 4 Alert: Critical Flaws (CVE-2025-41656 CVSS 10.0 RCE, CVE-2025-41648 Auth Bypass) Expose Industrial PCs
Two critical vulnerabilities recently disclosed by CERT@VDE, in coordination with industrial automation company Pilz, highlight a sobering reality: even industry-grade systems meant to power factories ... Read more
-
CrowdStrike.com
How Falcon Next-Gen SIEM Protects Enterprises from VMware vCenter Attacks
Internet-facing assets are targeted for many reasons, such as to establish persistence, evade defensive capabilities, and access sensitive networks. According to the search engine Shodan, approximatel ... Read more
-
CrowdStrike.com
June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs
Microsoft has addressed 66 vulnerabilities in its June 2025 security update release. This month's patches include fixes for one actively exploited zero-day vulnerability and nine Critical vulnerabilit ... Read more
-
CrowdStrike.com
How Falcon Next-Gen SIEM Protects Enterprises from VMware vCenter Attacks
Internet-facing assets are targeted for many reasons, such as to establish persistence, evade defensive capabilities, and access sensitive networks. According to the search engine Shodan, approximatel ... Read more