CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
The Register
700+ self-hosted Gits battered in 0-day attacks with no fix imminent
Attackers are actively exploiting a zero-day bug in Gogs, a popular self-hosted Git service, and the open source project doesn't yet have a fix. More than 700 instances have been compromised in the on ...
-
The Hacker News
React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors
React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components (RSC) to deliver cryptocurrency miners and an array of ...
-
The Hacker News
.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL
Dec 10, 2025Ravie LakshmananEnterprise Security / Web Services New research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications ...
-
The Cyber Express
Microsoft Patch Tuesday December 2025: One Zero-Day, Six High-Risk Flaws Fixed
Microsoft patched 57 vulnerabilities in its Patch Tuesday December 2025 update, including one exploited zero-day and six high-risk vulnerabilities. The exploited zero-day is CVE-2025-62221, a 7.8-rate ...
-
CybersecurityNews
Critical Ivanti EPM Vulnerability Allows Admin Session Hijacking via Stored XSS
A critical stored cross-site scripting vulnerability in Ivanti Endpoint Manager (“EPM”) versions 2024 SU4 and below, that could enable attackers to hijack administrator sessions without authentication ...
-
CybersecurityNews
Over 644,000 Domains Exposed to Critical React Server Components Vulnerability
The Shadowserver Foundation has released alarming new data regarding the exposure of web applications to CVE-2025-55182, a critical vulnerability affecting React Server Components. Following significa ...
-
hackread.com
North Korean Hackers Deploy EtherRAT Malware in React2Shell Exploits
A team of cybersecurity researchers at Sysdig, a firm specialising in protecting cloud and container-based apps, has found a new malware called EtherRAT being deployed to exploit the severe CVE-2025-5 ...
-
security.nl
Ivanti brengt update uit voor kritieke XSS-kwetsbaarheid in Endpoint Manager
woensdag 10 december 2025, 16:50 door Redactie, 0 reactiesLaatst bijgewerkt: Vandaag, 17:01 Softwarebedrijf Ivanti heeft een beveiligingsupdate uitgebracht voor een kritieke cross-site scripting (XSS) ...
-
TheCyberThrone
CVE-2025-6218 and CVE-2025-62221 Hit CISA KEV
December 10, 2025CISA has added CVE-2025-6218 and CVE-2025-62221 to its Known Exploited Vulnerabilities (KEV) catalog, signaling active real-world exploitation and immediate remediation requirements f ...
-
The Hacker News
Three PCIe Encryption Weaknesses Expose PCIe 5.0+ Systems to Faulty Data Handling
Dec 10, 2025Ravie LakshmananHardware Security / Vulnerability Three security vulnerabilities have been disclosed in the Peripheral Component Interconnect Express (PCIe) Integrity and Data Encryption ...