CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
A Single Packet Can Crash a DHCP Server: High-Severity Flaw CVE-2025-40779 Found in Kea
The Internet Systems Consortium (ISC) has released a security advisory addressing a high-severity vulnerability in its widely used Kea DHCP server. The flaw, tracked as CVE-2025-40779 with a CVSS scor ...
-
Daily CyberSecurity
Beyond Lobbying: Meta Creates a Super PAC to Shape AI Policy in California
Meta is reportedly preparing to establish a new Super Political Action Committee (Super PAC) named “Mobilizing Economic Transformation Across (META) California,” aimed at shaping California’s local po ...
-
Daily CyberSecurity
NVIDIA Issues Security Update for NeMo Framework: Multiple High-Severity Vulnerabilities Patched
NVIDIA has released a new software update for its NeMo Framework, addressing multiple high-severity vulnerabilities that could allow attackers to execute arbitrary code, escalate privileges, steal sen ...
-
CybersecurityNews
28,000+ Citrix Servers Exposed to Active 0-Day RCE Vulnerability Exploited in the Wild
A critical zero-day remote code execution (RCE) vulnerability, tracked as CVE-2025-7775, is affecting over 28,000 Citrix instances worldwide. The flaw is being actively exploited in the wild, promptin ...
-
CybersecurityNews
PoC Exploit Released for CrushFTP 0-day Vulnerability (CVE-2025-54309)
A weaponized proof-of-concept exploit has been publicly released targeting CVE-2025-54309, a severe authentication bypass vulnerability affecting CrushFTP file transfer servers. The flaw enables remot ...
-
AttackIQ
Emulating the Expedited Warlock Ransomware
Introduction Warlock is a ransomware strain operating under the Ransomware-as-a-Service (RaaS) model that emerged in June 2025, following an advertisement on the Russian Anonymous Marketplace (RAMP) w ...
-
BleepingComputer
Global Salt Typhoon hacking campaigns linked to Chinese tech firms
The U.S. National Security Agency (NSA), the UK's National Cyber Security Centre (NCSC), and partners from over a dozen countries have linked the Salt Typhoon global hacking campaigns to three China-b ...
-
CybersecurityNews
IPFire Web-Based Firewall Interface Allows Authenticated Administrator to Inject Persistent JavaScript
A stored cross-site scripting (XSS) flaw identified in IPFire 2.29’s web-based firewall interface (firewall.cgi). Tracked as CVE-2025-50975, the vulnerability allows any authenticated administrator to ...
-
CybersecurityNews
NVIDIA NeMo AI Curator Enables Code Execution and Privilege Escalation
NVIDIA has issued a critical security bulletin addressing a high-severity vulnerability in its NeMo Curator platform that could allow attackers to execute malicious code and escalate privileges on aff ...
-
CybersecurityNews
CISA releases New ICS Advisories Surrounding Vulnerabilities and Exploits
CISA released three significant Industrial Control Systems (ICS) advisories on August 26, 2025, alerting organizations to critical vulnerabilities affecting widely-deployed automation systems. These a ...