CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
seclists.org
APPLE-SA-12-12-2025-1 iOS 26.2 and iPadOS 26.2
Full Disclosure mailing list archives From: Apple Product Security via Fulldisclosure <fulldisclosure () seclists org> Date: Fri, 12 Dec 2025 14:54:58 -0700 -----BEGIN PGP SIGNED MESSAGE----- Hash: SH ...
-
Daily CyberSecurity
Critical OpenShift GitOps Flaw Risks Cluster Takeover (CVE-2025-13888) via Privilege Escalation to Root
A critical vulnerability has been uncovered in Red Hat OpenShift GitOps, exposing Kubernetes clusters to a complete takeover by users with limited privileges. Tracked as CVE-2025-13888 with a severity ...
-
Daily CyberSecurity
Critical ScreenConnect Flaw (CVE-2025-14265) Risks Config Exposure & Untrusted Extension Installation
ConnectWise has issued an important security update for its widely used remote support software, ScreenConnect, addressing a critical vulnerability that could expose sensitive configuration data. The ...
-
Daily CyberSecurity
Enterprise Alert: Windows 10 Update KB5071546 Breaks MSMQ Service with Insufficient Permissions
Microsoft has recently published documentation confirming that installing the extended security update KB5071546 on Windows 10 can cause failures in Microsoft Message Queuing (MSMQ). MSMQ is a service ...
-
Daily CyberSecurity
Critical FortiGate SSO Flaw Under Active Exploitation: Attackers Bypass Auth and Exfiltrate Configs
A critical security crisis is unfolding for Fortinet administrators this week. Just days after the vendor disclosed two high-severity vulnerabilities, threat actors have begun actively exploiting them ...
-
Daily CyberSecurity
5-Year Threat: Malicious NuGet Package Used Homoglyphs and Typosquatting to Steal Crypto Wallets
Image: Socket A malicious NuGet package masquerading as a popular .NET logging tool has been caught stealing cryptocurrency wallet data for over five years. The package, Tracer.Fody.NLog, successfully ...
-
Daily CyberSecurity
macOS LPE Flaw Resurfaces: .localized Directory Exploited to Hijack Installers and Gain Root Access
A stubborn vulnerability in macOS third-party installers has resurfaced, allowing attackers to hijack privileged processes and gain root access to a system. Discovered by security researcher Csaba Fit ...
-
Daily CyberSecurity
BlackForce PhaaS Weaponizes React and Stateful Sessions to Bypass MFA & Steal Credentials
A sophisticated new player has entered the Phishing-as-a-Service (PhaaS) market, offering cybercriminals a powerful toolset designed to bypass modern security controls with alarming ease. Dubbed Black ...
-
Daily CyberSecurity
From Cisco Student Rivalry to Global Hackers: Salt Typhoon Breaches 80+ Telecos for Intelligence
A new report from SentinelLabs sheds light on the origins of “Salt Typhoon,” the hacking group responsible for one of the most brazen intelligence collection efforts of the last decade. The operators, ...
-
Daily CyberSecurity
Data Disaster: Claude AI Executes rm -rf ~/ and Wipes Developer’s Mac Home Directory
An increasing number of developers are turning to AI-assisted tools to streamline their workflows. Yet as adoption grows, so too do reports of catastrophic failures caused by these tools. In one earli ...