CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
“React2Shell” Crisis: Critical Vulnerability Triggers Global Cyberattacks by State-Sponsored Groups
A critical security flaw in the popular React web framework has ignited a wave of cyberattacks, with state-sponsored actors and cybercriminals rushing to exploit the vulnerability before organizations ...
-
Daily CyberSecurity
Makop Ransomware Evolves: GuLoader and BYOVD EDR Killers Used to Attack RDP-Exposed Networks
A familiar threat has returned with new tricks, proving that cybercriminals don’t need sophisticated custom code to cause widespread damage—they just need the right off-the-shelf tools. A new report f ...
-
Daily CyberSecurity
DeadLock Ransomware Deploys BYOVD EDR Killer by Exploiting Baidu Driver for Kernel-Level Defense Bypass
DeadLock’s ransom note file | Image: Cisco Talos A financially motivated threat group is deploying a new ransomware strain known as “DeadLock,” utilizing advanced “Bring Your Own Vulnerable Driver” (B ...
-
Daily CyberSecurity
Critical PCIe 6.0 Flaws Risk Secure Data Integrity via Stale Data Injection in IDE Mechanism
The secure foundations of high-speed data transfer have developed a crack. The CERT Coordination Center (CERT/CC) has released a vulnerability note detailing three specification-level flaws in the PCI ...
-
Trend Micro
SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics
Phishing In November, a targeted spear-phishing campaign was observed using Trend Micro-themed lures against various industries, but this was quickly detected and thwarted by the Trend Vision One™ pla ...
-
The Register
700+ self-hosted Gits battered in 0-day attacks with no fix imminent
Attackers are actively exploiting a zero-day bug in Gogs, a popular self-hosted Git service, and the open source project doesn't yet have a fix. More than 700 instances have been compromised in the on ...
-
The Hacker News
React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors
React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components (RSC) to deliver cryptocurrency miners and an array of ...
-
The Hacker News
.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL
Dec 10, 2025Ravie LakshmananEnterprise Security / Web Services New research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications ...
-
The Cyber Express
Microsoft Patch Tuesday December 2025: One Zero-Day, Six High-Risk Flaws Fixed
Microsoft patched 57 vulnerabilities in its Patch Tuesday December 2025 update, including one exploited zero-day and six high-risk vulnerabilities. The exploited zero-day is CVE-2025-62221, a 7.8-rate ...
-
CybersecurityNews
Critical Ivanti EPM Vulnerability Allows Admin Session Hijacking via Stored XSS
A critical stored cross-site scripting vulnerability in Ivanti Endpoint Manager (“EPM”) versions 2024 SU4 and below, that could enable attackers to hijack administrator sessions without authentication ...