CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
CISA KEV Alert: GeoServer XXE Flaw Under Active Attack Risks Data Theft & Internal Network Scanning
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the widely used OSGeo GeoServer software to its Known Exploited Vulnerabilities (KEV) Catalog. ...
-
CybersecurityNews
New Vulnerabilities in React Server Components Allow DoS Attacks and Source Code Leaks
Less than a week after addressing a critical Remote Code Execution (RCE) vulnerability, the React team has disclosed three additional security flaws affecting React Server Components (RSC). Security r ...
-
Daily CyberSecurity
CVE-2025-64188 (CVSS 9.8): Critical “Soledad” Theme Flaw Lets Subscribers Take Over WordPress Sites
A critical security vulnerability has been discovered in Soledad, one of the most popular general-purpose WordPress themes on the market with over 57,000 active sales. The flaw, which carries a near-m ...
-
BleepingComputer
Hackers exploit Gladinet CentreStack cryptographic flaw in RCE attacks
Hackers are exploiting a new, undocumented vulnerability in the implementation of the cryptographic algorithm present in Gladinet's CentreStack and Triofox products for secure remote file access and s ...
-
AttackIQ
Ransom Tales: Volume VI — Throwback Edition! Emulating Ryuk, Conti, and BlackCat Ransomware
On July 22, 2025, AttackIQ introduced Ransom Tales, an initiative focused on routinely emulating the Tactics, Techniques, and Procedures (TTPs) associated with the prolific ransomware families current ...
-
The Register
Google fixes super-secret 8th Chrome 0-day
Google issued an emergency fix for a Chrome vulnerability already under exploitation, which marks the world's most popular browser's eighth zero-day bug of 2025. We have even fewer than usual details ...
-
The Register
LastPass hammered with £1.2M fine for 2022 breach fiasco
The UK's Information Commissioner's Office (ICO) says LastPass must cough up £1.2 million ($1.6 million) after its two-part 2022 data breach compromised information from up to 1.6 million UK users. In ...
-
The Cloudflare Blog
React2Shell and related RSC vulnerabilities threat brief: early exploitation activity and threat actor techniques
2025-12-117 min readOn December 3, 2025, immediately following the public disclosure of the critical, maximum-severity React2Shell vulnerability (CVE-2025-55182), the Cloudforce One Threat Intelligenc ...
-
TheCyberThrone
Google Fixes two Medium Severity Bugs in Chrome
December 11, 2025Google Chrome recently addressed two medium-severity vulnerabilities, CVE-2025-14372 and CVE-2025-14373, in its Stable channel update to version 143.0.7499.109, released around Decemb ...
-
CybersecurityNews
Gogs 0-Day Vulnerability Exploited in the Wild to Hack 700+ Instances
A critical zero-day vulnerability in Gogs, a widely used self-hosted Git service, is currently being exploited in the wild. Designated as CVE-2025-8110, this flaw allows authenticated users to execute ...