CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Public Flaws in Cisco IOx Allow Unauthenticated Log Injection and Admin XSS
Cisco has issued security advisories regarding two vulnerabilities in its Cisco IOx application hosting environment for Cisco IOS XE Software. The flaws, which include a stored cross-site scripting (X ...
-
Daily CyberSecurity
The Backup Backdoor: How a Simple File Edit Grants Full SYSTEM Control in IDrive for Windows
A critical local privilege escalation vulnerability has been discovered in the IDrive Cloud Backup Client for Windows, potentially allowing low-privileged users to seize full control of an affected ma ...
-
Trend Micro
Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities
Key takeaways: Prolific Russia-aligned Advanced Persistent Threat (APT) group Pawn Storm has been using PRISMEX, a collection of interconnected malware components to target the defense supply chain of ...
-
Trend Micro
Your AI Gateway Was a Backdoor: Inside the LiteLLM Supply Chain Compromise
Artificial Intelligence (AI) TeamPCP orchestrated one of the most sophisticated multi-ecosystem supply chain campaigns publicly documented to date that cascaded through developer tooling and compromis ...
-
Kaspersky
Trojanization of Trivy, Checkmarx, and LiteLLM solutions | Kaspersky official blog
Millions of automated software development pipelines rely on security tools, such as Trivy and Checkmarx AST, integrated into the build process. It is precisely these trusted solutions recently became ...
-
CybersecurityNews
Node.js Patches Multiple Vulnerabilities That Enable DoS Attacks and Process Crashes
The Node.js project released a critical security update on March 24, 2026, for the Long-Term Support (LTS) branch, designating version 20.20.2 ‘Iron’ as a security release. The update resolves seven t ...
-
Daily CyberSecurity
F5 Out-of-Band Security Alert: Multiple Vulnerabilities Unveiled in NGINX Plus and Open Source
In a significant out-of-band security notification released on March 24, 2026, F5 has disclosed several critical and high-severity vulnerabilities affecting both NGINX Plus and NGINX Open Source. The ...
-
Daily CyberSecurity
Node.js Issues Security Updates: High-Severity DoS and Permission Bypasses Patched
The Node.js project has released a critical sweep of security updates across its 20.x, 22.x, 24.x, and 25.x release lines. The updates address a total of nine vulnerabilities, including two High-sever ...
-
CybersecurityNews
F5 NGINX Plus and Open Source Vulnerability Allow Attackers to Execute Code Using MP4 file
A high-severity vulnerability has been disclosed affecting both NGINX Open Source and NGINX Plus. Tracked formally as CVE-2026-32647, this security flaw carries a CVSS v4.0 base score of 8.5 and a CVS ...
-
CybersecurityNews
Firefox 149 Released With Patch for 37 Vulnerabilities that Enables Remote Attacks
Mozilla released Firefox 149 on March 24, 2026, delivering one of the largest security advisories in the browser’s recent history, addressing 37 vulnerabilities spanning memory corruption, sandbox esc ...